Support SSL_CTX_use_certificate_chain_file and SSL_CTX_use_private_key_file

[Mehgugs]

• ctx:setCertificateFromFile calls SSL_CTX_use_certificate_chain_file
  to add a certificate chain from a pem encoded file specified by the string argument path.

• ctx:setPrivateKeyFromFile calls SSL_CTX_use_private_key_file
  to add a private key from a PEM or ASN1 encoded file using the string argument path
  and filetype integer flag argument. The filetype is optional and will default to PEM if not
  specified.

• openssl.filetypes is a new table in the openssl module which contains the
  two filetypes used by setPrivateKeyFromFile. The .PEM field is the value of SSL_FILETYPE_PEM and
  the .ASN1 field is the value of SSL_FILETYPE_ASN1.

[daurnimator]

Have you tested this against old OpenSSL?

Do operations exist to do the same thing on an SSL object?

Please add new functions to docs

[daurnimator]

please realign the section

[Mehgugs]

Attempted to realign the reg declarations in keeping with the current style.

[Mehgugs]

I'll do another commit adding tex when I'm finished with the code.

Support for DER encoded private keys (SSL_FILETYPE_ASN1) in SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file() was added in 0.9.8.

Will this need to be reflected with a version pre-req somehow?

[daurnimator]

Could you add the new methods to the docs?

[daurnimator]

This is old enough we can likely count on it

[daurnimator]

This should probably take a string rather than an integer option? (luaL_checkoption)

[Simon-L]

Hello, in the meantime how can one load a certificate and a key from files on the current version available from Luarocks?

[Mehgugs]

Hello, in the meantime how can one load a certificate and a key from files on the current version available from Luarocks?

local Pkey        = require "openssl.pkey"
local Crt         = require "openssl.x509"
local Chain       = require"openssl.x509.chain"

local function decode_fullchain(crtfile, iscontent)
    local crtf  = assert(io.open(crtfile, "r"))
    local crttxt = crtf:read"a"
    crtf:close()

    local crts, pos = {}, 1

    repeat
        local st, ed = crttxt:find("-----BEGIN CERTIFICATE-----", pos, true)
        if st then
            local st2, ed2 = crttxt:find("-----END CERTIFICATE-----", ed + 1, true)
            if st2 then
                table.insert(crts, crttxt:sub(st, ed2))
                pos = ed2+1
            end
        end
    until st == nil

    local chain = Chain.new()
    local primary = asserts(Crt.new(crts[1]))
    for i = 2, #crts do
        local crt = asserts(Crt.new(crts[i]))
        chain:add(crt)
    end
    return primary,chain
end

function example_usage(ctx, crtpath, keypath) 
    local keyfile = asserts(openf(keypath, "r"))
    local primary,crt = decode_fullchain(crtpath)
    asserts(ctx:setPrivateKey(Pkey.new(keyfile:read"a")))
    asserts(ctx:setCertificate(primary))
    asserts(ctx:setCertificateChain(crt))
    keyfile:close()
end

This is my "good enough" solution but it doesnt really address all the situtations covered by these two functions.

Apologies for not continuing to develop this PR further; I am a consumer of this library by way of lua-http and cqueues and it was easier for me to set up a reverse proxy to handle all the https and have the lua processes all run behind that.

[Mehgugs]

@rprevot Has made a PR against my branch to address the requested changes -- which I have merged -- although there might be some further work to do in the tex files(?)

Depending on the changes it might be easier to close this and open a new pull request against a fork @rprevot owns 😅