lua-openssl

• Index

Contents

• Functions
• Class x509

Modules

• asn1
• bio
• bn
• callback
• cipher
• cms
• compat
• dh
• digest
• dsa
• ec
• engine
• hmac
• kdf
• lhash
• mac
• misc
• ocsp
• openssl
• param
• pkcs12
• pkcs7
• pkey
• rsa
• srp
• ssl
• th-lock
• ts
• util
• x509
• x509.algor
• x509.attribute
• x509.crl
• x509.extension
• x509.name
• x509.req
• x509.store

Topics

• README

Module x509

x509 modules to create, parse, process X509 objects, sign CSR.

Usage:

x509 = require'openssl'.x509

Functions

purpose ([purpose])	get special purpose info as table or return all supported purposes
certtypes ([type='standard'])	get support certtypes
verify_cert_error_string (verify_result)	get certificate verify result string message
read (input[, format='auto'])	read x509 from string or bio input
new ([serial[, csr[, subject[, extensions[, attributes]]]]])	create or generate a new x509 object.

Class x509

x509:export ([format='pem'])	export x509_req to string
x509:parse ([default=true])	parse x509 object as table
x509:pubkey ()	get public key of x509
x509:pubkey (pubkey)	set public key of x509
x509:check (cacerts, untrusted[, purpose])	check x509 with ca certchian and option purpose purpose can be one of: ssl_client, ssl_server, ns_ssl_server, smime_sign, smime_encrypt, crl_sign, any, ocsp_helper, timestamp_sign
x509:check (pkey)	check x509 with evp_pkey
x509:check_host (host)	check x509 for host (only for openssl 1.0.2 or greater)
x509:check_email (email)	check x509 for email address (only for openssl 1.0.2 or greater)
x509:check_ip_asc (ip)	check x509 for ip address (ipv4 or ipv6, only for openssl 1.0.2 or greater)
x509:subject ()	get subject name of x509
x509:subject (subject)	set subject name of x509
x509:issuer ([asobject=false])	get issuer name of x509
x509:issuer (name)	set issuer name of x509
x509:digest ([md_alg='sha1'])	get digest of x509 object
x509:notbefore ()	get notbefore valid time of x509
x509:notbefore (notbefore)	set notbefore valid time of x509
x509:notafter ()	get notafter valid time of x509
x509:notafter (notafter)	set notafter valid time of x509
x509:validat ([time])	check x509 valid
x509:validat (notbefore, notafter)	set valid time, notbefore and notafter
x509:serial ([asobject=true])	get serial number of x509
x509:serial (serail)	set serial number of x509
x509:version ()	get version number of x509
x509:version (version)	set version number of x509
x509:extensions ([asobject=false])	get extensions of x509 object
x509:extensions (extensions)	set extension of x509 object
x509:sign (pkey, cacert[, md_alg='sha1WithRSAEncryption'])	sign x509
x509:verify ([key])	verify X509 certificate signature
x509:equal (other)	compare two X509 certificates for equality

Functions

purpose ([purpose])

get special purpose info as table or return all supported purposes

Parameters:

• purpose number or string purpose id or short name (optional) (optional)

Returns:

table purpose info table or table of all purposes if no parameter given

certtypes ([type='standard'])

get support certtypes

Parameters:

• type string support ‘standard’,‘netscape’,‘extend’ (default 'standard')

Returns:

table

if type is ‘standard’ or ‘netscape’, contains node with {lname=…,sname=…,bitname=…},

           if type is 'extend', contains node with {lname=...,sname=...,nid=...}

verify_cert_error_string (verify_result)

get certificate verify result string message

Parameters:

• verify_result number

Returns:

string result message

read (input[, format='auto'])

read x509 from string or bio input

Parameters:

• input bio or string input data
• format string support ‘auto’,‘pem’,‘der’ (default 'auto')

Returns:

x509 certificate object

new ([serial[, csr[, subject[, extensions[, attributes]]]]])

create or generate a new x509 object.

Parameters:

• serial openssl.bn serial number (optional)
• csr x509_req ,copy x509_name, pubkey and extension to new object (optional)
• subject x509_name subject name set to x509_req (optional)
• extensions stack_of_x509_extension add to x509 (optional)
• attributes stack_of_x509_attribute add to x509 (optional)

Returns:

x509 certificate object

Class x509

x509:export ([format='pem'])

export x509_req to string

Parameters:

• format string , ‘der’ or ‘pem’ default (default 'pem')

Returns:

string

x509:parse ([default=true])

parse x509 object as table

Parameters:

• default shortname will use short object name (default true)

Returns:

table result which all x509 information

x509:pubkey ()

get public key of x509

Returns:

evp_pkey public key

x509:pubkey (pubkey)

set public key of x509

Parameters:

• pubkey evp_pkey public key set to x509

Returns:

boolean result, true for success

x509:check (cacerts, untrusted[, purpose])

check x509 with ca certchian and option purpose purpose can be one of: ssl_client, ssl_server, ns_ssl_server, smime_sign, smime_encrypt, crl_sign, any, ocsp_helper, timestamp_sign

Parameters:

• cacerts x509_store
• untrusted x509_store certs containing a bunch of certs that are not trusted but may be useful in validating the certificate.
• purpose string to check supported (optional)

Returns:

1. boolean result true for check pass
2. integer verify result

See also:

verify_cert_error_string

x509:check (pkey)

check x509 with evp_pkey

Parameters:

• pkey evp_pkey private key witch match with x509 pubkey

Returns:

boolean result true for check pass

x509:check_host (host)

check x509 for host (only for openssl 1.0.2 or greater)

Parameters:

• host string hostname to check for match match with x509 subject

Returns:

boolean result true if host is present and matches the certificate

x509:check_email (email)

check x509 for email address (only for openssl 1.0.2 or greater)

Parameters:

• email string to check for match match with x509 subject

Returns:

boolean result true if host is present and matches the certificate

x509:check_ip_asc (ip)

check x509 for ip address (ipv4 or ipv6, only for openssl 1.0.2 or greater)

Parameters:

• ip string to check for match match with x509 subject

Returns:

boolean result true if host is present and matches the certificate

x509:subject ()

get subject name of x509

Returns:

x509_name subject name

x509:subject (subject)

set subject name of x509

Parameters:

• subject x509_name

Returns:

boolean result true for success

x509:issuer ([asobject=false])

get issuer name of x509

Parameters:

• asobject boolean , true for return as x509_name object, or as table (default false)

Returns:

1. x509_name issuer
2. table issuer name as table

x509:issuer (name)

set issuer name of x509

Parameters:

• name x509_name

Returns:

boolean result true for success

x509:digest ([md_alg='sha1'])

get digest of x509 object

Parameters:

• md_alg evp_digest or string , default use ‘sha1’ (default 'sha1')

Returns:

string digest result

x509:notbefore ()

get notbefore valid time of x509

Returns:

string notbefore time string

x509:notbefore (notbefore)

set notbefore valid time of x509

Parameters:

• notbefore string or number

x509:notafter ()

get notafter valid time of x509

Returns:

string notafter time string

x509:notafter (notafter)

set notafter valid time of x509

Parameters:

• notafter string or number

x509:validat ([time])

check x509 valid

Parameters:

• time number , default will use now time (optional)

Returns:

1. boolean result true for valid, or for invalid
2. string notbefore
3. string notafter

x509:validat (notbefore, notafter)

set valid time, notbefore and notafter

Parameters:

• notbefore number
• notafter number

Returns:

boolean result, true for success

x509:serial ([asobject=true])

get serial number of x509

Parameters:

• asobject boolean (default true)

Returns:

bn object

Or

string result

x509:serial (serail)

set serial number of x509

Parameters:

• serail string, number or bn

Returns:

boolean result true for success

x509:version ()

get version number of x509

Returns:

number version of x509

x509:version (version)

set version number of x509

Parameters:

• version number

Returns:

boolean result true for result

x509:extensions ([asobject=false])

get extensions of x509 object

Parameters:

• asobject boolean , true for return as stack_of_x509_extension or as table (default false)

Returns:

stack_of_x509_extension object when param set true

Or

table contain all x509_extension when param set false or nothing

x509:extensions (extensions)

set extension of x509 object

Parameters:

• extensions stack_of_x509_extension

Returns:

boolean result true for success

x509:sign (pkey, cacert[, md_alg='sha1WithRSAEncryption'])

sign x509

Parameters:

• pkey evp_pkey private key to sign x509
• cacert x509 or x509_name or cacert x509_name
• md_alg string or md_digest (default 'sha1WithRSAEncryption')

Returns:

boolean result true for check pass

x509:verify ([key])

verify X509 certificate signature

Parameters:

• key evp_pkey or x509 public key or CA certificate to verify with (optional)

Returns:

boolean true if verification succeeds, false otherwise

x509:equal (other)

compare two X509 certificates for equality

Parameters:

• other x509 X509 certificate to compare with

Returns:

boolean true if certificates are equal, false otherwise