wahern · Mehgugs · Jul 24, 2021 · Aug 1, 2021 · Oct 14, 2024 · daurnimator
diff --git a/doc/luaossl.pdf b/doc/luaossl.pdf
diff --git a/doc/luaossl.tex b/doc/luaossl.tex
@@ -1069,6 +1069,10 @@ \section{Modules}
 
 \emph{Only supported since OpenSSL 1.0.2.}
 
+\subsubsection[\fn{context:setCertificateChainFromFile}]{\fn{context:setCertificateChainFromFile($filepath$[, $format$])}}
+
+Sets the X.509 certificate chain \module{openssl.x509.chain} object to send during SSL connection instance handshakes, load the certificate chain from the file $filepath$. $format$ is either ``ASN1'' or ``PEM'' (default).
+
 \subsubsection[\fn{context:setCertificateChain}]{\fn{context:setCertificateChain($chain$)}}
 
 Sets the X.509 certificate chain \module{openssl.x509.chain} object $chain$ to send during SSL connection instance handshakes.
@@ -1081,6 +1085,10 @@ \section{Modules}
 
 \emph{Only supported since OpenSSL 1.0.2.}
 
+\subsubsection[\fn{context:setPrivateKeyFromFile}]{\fn{context:setPrivateKeyFromFile($filepath$[, $format$])}}
+
+Sets the private key \module{openssl.pkey} object to send during SSL connection instance handshakes, load the key from the file $filepath$. $format$ is either ``ASN1'' or ``PEM'' (default).
+
 \subsubsection[\fn{context:setPrivateKey}]{\fn{context:setPrivateKey($key$)}}
 
 Sets the private key \module{openssl.pkey} object $key$ for use during SSL connection instance handshakes.
@@ -1286,20 +1294,32 @@ \section{Modules}
 Sets the X.509 certificate \module{openssl.x509} object $crt$ to send during SSL connection instance handshakes.
 See \fn{openssl.ssl.context:setCertificate}.
 
+\subsubsection[\fn{ssl:setCertificateChainFromFile}]{\fn{ssl:setCertificateChainFromFile($filepath$[, $format$])}}
+
+Sets the X.509 certificate chain \module{openssl.x509.chain} object to send during SSL connection instance handshakes, load the certificate chain from the file $filepath$. $format$ is either ``ASN1'' or ``PEM'' (default).
+See \fn{openssl.ssl.context:setCertificateChainFromFile}.
+
+\emph{Only supported since OpenSSL 1.1.0.}
+
 \subsubsection[\fn{ssl:setCertificateChain}]{\fn{ssl:setCertificateChain($chain$)}}
 
 Sets the X.509 certificate chain \module{openssl.x509.chain} object $chain$ to send during SSL connection instance handshakes.
 See \fn{openssl.ssl.context:setCertificateChain}.
 
 \emph{Only supported since OpenSSL 1.0.2.}
 
-\subsubsection[\fn{context:getCertificateChain}]{\fn{context:getCertificateChain()}}
+\subsubsection[\fn{ssl:getCertificateChain}]{\fn{ssl:getCertificateChain()}}
 
 Returns the X.509 certificate chain \module{openssl.x509.chain} object to be sent during SSL connection instance handshakes.
 See \fn{openssl.ssl.context:getCertificateChain}.
 
 \emph{Only supported since OpenSSL 1.0.2.}
 
+\subsubsection[\fn{ssl:setPrivateKeyFromFile}]{\fn{ssl:setPrivateKeyFromFile($filepath$[, $format$])}}
+
+Sets the private key \module{openssl.pkey} object to send during SSL connection instance handshakes, load the key from the file $filepath$. $format$ is either ``ASN1'' or ``PEM'' (default).
+See \fn{openssl.ssl.context:setPrivateKeyFromFile}.
+
 \subsubsection[\fn{ssl:setPrivateKey}]{\fn{ssl:setPrivateKey($key$)}}
 
 Sets the private key \module{openssl.pkey} object $key$ for use during SSL connection instance handshakes.

diff --git a/src/openssl.c b/src/openssl.c
@@ -501,6 +501,10 @@
 #define HAVE_SSL_SET1_CHAIN OPENSSL_PREREQ(1,0,2)
 #endif
 
+#ifndef HAVE_SSL_USE_CHAIN_FILE
+#define HAVE_SSL_USE_CHAIN_FILE (OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,3,3))
+#endif
+
 #ifndef HAVE_SSL_SET1_PARAM
 #define HAVE_SSL_SET1_PARAM (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,5,1))
 #endif
@@ -613,6 +617,10 @@
 #define HMAC_INIT_EX_INT OPENSSL_PREREQ(1,0,0)
 #endif
 
+#ifndef HAVE_USE_CERTIFICATE_CHAIN_FILE
+#define HAVE_USE_CERTIFICATE_CHAIN_FILE (OPENSSL_PREREQ(0,9,4) || LIBRESSL_PREREQ(2,0,0))
+#endif
+
 #if HAVE_EVP_PKEY_CTX_KDF || HAVE_EVP_KDF_CTX
 #include <openssl/kdf.h>
 #endif
@@ -852,6 +860,25 @@ static int optencoding(lua_State *L, int index, const char *def, int allow) {
 	return type;
 } /* optencoding() */
 
+static int optfiletype(lua_State *L, int index, const char *def) {
+	static const char *const opts[] = { "pem", "asn1", NULL };
+	int type = 0;
+
+	switch (auxL_checkoption(L, index, def, opts, 1)) {
+	case 0:
+		type = SSL_FILETYPE_PEM;
+		break;
+	case 1:
+		type = SSL_FILETYPE_ASN1;
+		break;
+	}
+
+	if (!type) {
+		luaL_argerror(L, index, lua_pushfstring(L, "invalid option %s", luaL_checkstring(L, index)));
+	}
+
+	return type;
+}
 
 static _Bool rawgeti(lua_State *L, int index, int n) {
 	lua_rawgeti(L, index, n);
@@ -9482,6 +9509,20 @@ static int sx_setCertificateChain(lua_State *L) {
 #endif
 
 
+#if HAVE_USE_CERTIFICATE_CHAIN_FILE
+static int sx_setCertificateChainFromFile(lua_State* L) {
+	SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
+	const char *filepath = luaL_checkstring(L, 2);
+
+	if (!SSL_CTX_use_certificate_chain_file(ctx, filepath))
+		return auxL_error(L, auxL_EOPENSSL, "ssl.context:setCertificateChainFromFile");
+
+	lua_pushboolean(L, 1);
+	return 1;
+} /* sx_setCertificateChainFromFile() */
+#endif
+
+
 #if HAVE_SSL_CTX_GET0_CHAIN_CERTS
 static int sx_getCertificateChain(lua_State *L) {
 	SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
@@ -9519,6 +9560,20 @@ static int sx_setPrivateKey(lua_State *L) {
 } /* sx_setPrivateKey() */
 
 
+static int sx_setPrivateKeyFromFile(lua_State* L) {
+	SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
+	const char* filepath = luaL_checkstring(L, 2);
+	int type = optfiletype(L, 3, "PEM");
+
+	if (!SSL_CTX_use_PrivateKey_file(ctx, filepath, type))
+		return auxL_error(L, auxL_EOPENSSL, "ssl.context:setPrivateKeyFromFile");
+
+	lua_pushboolean(L, 1);
+
+	return 1;
+} /* sx_setPrivateKeyFromFile() */
+
+
 static int sx_setCipherList(lua_State *L) {
 	SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
 	const char *ciphers = luaL_checkstring(L, 2);
@@ -10270,7 +10325,6 @@ static int sx__gc(lua_State *L) {
 	return 0;
 } /* sx__gc() */
 
-
 static const auxL_Reg sx_methods[] = {
 	{ "setOptions",       &sx_setOptions },
 	{ "getOptions",       &sx_getOptions },
@@ -10293,8 +10347,12 @@ static const auxL_Reg sx_methods[] = {
 #if HAVE_SSL_CTX_GET0_CHAIN_CERTS
 	{ "getCertificateChain", &sx_getCertificateChain },
 #endif
-	{ "setPrivateKey",    &sx_setPrivateKey },
-	{ "setCipherList",    &sx_setCipherList },
+#if HAVE_USE_CERTIFICATE_CHAIN_FILE
+	{ "setCertificateChainFromFile", &sx_setCertificateChainFromFile },
+#endif
+	{ "setPrivateKey",          &sx_setPrivateKey },
+	{ "setPrivateKeyFromFile",  &sx_setPrivateKeyFromFile },
+	{ "setCipherList",          &sx_setCipherList },
 #if HAVE_SSL_CTX_SET_CIPHERSUITES
 	{ "setCipherSuites",  &sx_setCipherSuites },
 #endif
@@ -10791,6 +10849,21 @@ static int ssl_setCertificateChain(lua_State *L) {
 #endif
 
 
+#if HAVE_SSL_USE_CHAIN_FILE
+static int ssl_setCertificateChainFromFile(lua_State *L) {
+	SSL *ssl = checksimple(L, 1, SSL_CLASS);
+	const char *filepath = luaL_checkstring(L, 2);
+
+	if (!SSL_use_certificate_chain_file(ssl, filepath))
+		return auxL_error(L, auxL_EOPENSSL, "ssl:setCertificateChainFromFile");
+
+	lua_pushboolean(L, 1);
+
+	return 1;
+} /* ssl_setCertificateChainFromFile() */
+#endif
+
+
 #if HAVE_SSL_GET0_CHAIN_CERTS
 static int ssl_getCertificateChain(lua_State *L) {
 	SSL *ssl = checksimple(L, 1, SSL_CLASS);
@@ -10827,6 +10900,21 @@ static int ssl_setPrivateKey(lua_State *L) {
 } /* ssl_setPrivateKey() */
 
 
+static int ssl_setPrivateKeyFromFile(lua_State* L) {
+	SSL *ssl = checksimple(L, 1, SSL_CLASS);
+	const char* filepath = luaL_checkstring(L, 2);
+	int type = optfiletype(L, 3, "PEM");
+
+	if (!SSL_use_PrivateKey_file(ssl, filepath, type))
+		return auxL_error(L, auxL_EOPENSSL, "ssl:setPrivateKeyFromFile");
+
+	lua_pushboolean(L, 1);
+
+	return 1;
+} /* ssl_setPrivateKeyFromFile() */
+
+
+
 static int ssl_getCertificate(lua_State *L) {
 	SSL *ssl = checksimple(L, 1, SSL_CLASS);
 	X509 *x509;
@@ -11219,15 +11307,19 @@ static const auxL_Reg ssl_methods[] = {
 #if HAVE_SSL_SET1_CHAIN
 	{ "setCertificateChain", &ssl_setCertificateChain },
 #endif
+#if HAVE_SSL_USE_CHAIN_FILE
+	{ "setCertificateChainFromFile", &ssl_setCertificateChainFromFile},
+#endif
 #if HAVE_SSL_GET0_CHAIN_CERTS
 	{ "getCertificateChain", &ssl_getCertificateChain },
 #endif
-	{ "setPrivateKey",    &ssl_setPrivateKey },
-	{ "getCertificate",   &ssl_getCertificate },
-	{ "getPeerCertificate", &ssl_getPeerCertificate },
-	{ "getPeerChain",     &ssl_getPeerChain },
-	{ "getCipherInfo",    &ssl_getCipherInfo },
-	{ "setCipherList",    &ssl_setCipherList },
+	{ "setPrivateKey",          &ssl_setPrivateKey },
+	{ "setPrivateKeyFromFile",  &ssl_setPrivateKeyFromFile },
+	{ "getCertificate",         &ssl_getCertificate },
+	{ "getPeerCertificate",     &ssl_getPeerCertificate },
+	{ "getPeerChain",           &ssl_getPeerChain },
+	{ "getCipherInfo",          &ssl_getCipherInfo },
+	{ "setCipherList",          &ssl_setCipherList },
 #if HAVE_SSL_SET_CIPHERSUITES
 	{ "setCipherSuites",  &ssl_setCipherSuites },
 #endif