static int nixio_tls_ctx_set_cert(lua_State *L) {
SSL_CTX *ctx = nixio__checktlsctx(L);
const char *cert = luaL_checkstring(L, 2);
- return nixio__tls_pstatus(L, SSL_CTX_use_certificate_chain_file(ctx, cert));
+ const char *type = luaL_optstring(L, 3, "chain");
+ int ktype;
+
+ if (!strcmp(type, "chain")) {
+ return nixio__tls_pstatus(L,
+ SSL_CTX_use_certificate_chain_file(ctx, cert));
+ } else if (!strcmp(type, "pem")) {
+ ktype = SSL_FILETYPE_PEM;
+ } else if (!strcmp(type, "asn1")) {
+ ktype = SSL_FILETYPE_ASN1;
+ } else {
+ return luaL_argerror(L, 3, "supported values: chain, pem, asn1");
+ }
+
+ return nixio__tls_pstatus(L,
+ SSL_CTX_use_certificate_file(ctx, cert, ktype));
+}
+
+static int nixio_tls_ctx_set_verify_locations(lua_State *L) {
+ SSL_CTX *ctx = nixio__checktlsctx(L);
+ const char *CAfile = luaL_optstring(L, 2, NULL);
+ const char *CApath = luaL_optstring(L, 3, NULL);
+ return nixio__tls_pstatus(L, SSL_CTX_load_verify_locations(ctx,
+ CAfile, CApath));
}
static int nixio_tls_ctx_set_key(lua_State *L) {
SSL_CTX *ctx = nixio__checktlsctx(L);
const char *cert = luaL_checkstring(L, 2);
- const int ktype = SSL_FILETYPE_PEM;
+ const char *type = luaL_optstring(L, 3, "pem");
+ int ktype;
+
+ if (!strcmp(type, "pem")) {
+ ktype = SSL_FILETYPE_PEM;
+ } else if (!strcmp(type, "asn1")) {
+ ktype = SSL_FILETYPE_ASN1;
+ } else {
+ return luaL_argerror(L, 3, "supported values: pem, asn1");
+ }
+
return nixio__tls_pstatus(L, SSL_CTX_use_PrivateKey_file(ctx, cert, ktype));
}
/* ctx function table */
static const luaL_reg CTX_M[] = {
{"set_cert", nixio_tls_ctx_set_cert},
+ {"set_verify_locations", nixio_tls_ctx_set_verify_locations},
{"set_key", nixio_tls_ctx_set_key},
{"set_ciphers", nixio_tls_ctx_set_ciphers},
{"set_verify", nixio_tls_ctx_set_verify},