From ba2214876b9c9b787a1fd8b713ea104cb4101257 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C5=81ukasz=20Magiera?= <magik6k@gmail.com>
Date: Wed, 24 Feb 2016 23:01:08 +0100
Subject: [PATCH] Stub code for SSL

---
 src/c/internet.c | 81 +++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 80 insertions(+), 1 deletion(-)

diff --git a/src/c/internet.c b/src/c/internet.c
index 1a52612..9f19864 100644
--- a/src/c/internet.c
+++ b/src/c/internet.c
@@ -19,7 +19,9 @@
 #include <openssl/ssl.h>
 #include <openssl/conf.h>
 
-static int l_open(lua_State *L) { //TODO: Any mem leaks?
+SSL_CTX* ctx = NULL;
+
+static int l_open(lua_State *L) { /* TODO: Any mem leaks? */
   const char* hostaddr = lua_tostring(L, 1);
   int port = lua_tonumber(L, 2);
 
@@ -111,9 +113,86 @@ static int l_read(lua_State *L) {
   return 1;
 }
 
+/* NOTE THAT AT THIS STAGE THIS IS DEVELOPED IS A WAY THAT WILL /JUST WORK/ AND WON'T BE NECESSARILY SECURE */
+
+struct sslInfo {
+  BIO *web;
+  BIO *out;
+  SSL *ssl;
+};
+
+static int l_sslOpen(lua_State *L) {
+  const char* hostaddr = lua_tostring(L, 1);
+  const char* hostname = lua_tostring(L, 2);
+  struct sslInfo* info;
+  BIO *web = NULL, *out = NULL;
+  SSL *ssl = NULL;
+  int res = 0;
+
+  web = BIO_new_ssl_connect(ctx);
+  if(web == NULL) goto fail;
+
+  res = BIO_set_conn_hostname(web, hostaddr);
+  if(res != 1) goto fail;
+
+  BIO_get_ssl(web, &ssl);
+  if(ssl == NULL) goto fail;
+
+  const char* const PREFERRED_CIPHERS = "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4";
+  res = SSL_set_cipher_list(ssl, PREFERRED_CIPHERS);
+  if(res != 1) goto fail;
+
+  res = SSL_set_tlsext_host_name(ssl, hostname);
+  if(res != 1) goto fail;
+
+  out = BIO_new_fp(stdout, BIO_NOCLOSE);
+  if(NULL == out) goto fail;
+
+  res = BIO_do_connect(web);
+  if(res != 1) goto fail;
+
+  res = BIO_do_handshake(web);
+  if(res != 1) goto fail;
+
+  X509* cert = SSL_get_peer_certificate(ssl);
+  if(cert) { X509_free(cert); }
+  if(NULL == cert) goto fail;
+
+  res = SSL_get_verify_result(ssl);
+  if(res != X509_V_OK) goto fail;
+
+  goto nofail;
+
+fail:
+  lua_pushnil(L);
+  lua_pushstring(L, "Couldn't setup new SSL connection");
+  if(web) BIO_free_all(web);
+  return 2;
+
+nofail:
+  info = lua_newuserdata(L, sizeof(struct sslInfo));
+  info->web = web;
+  info->out = out;
+  info->ssl = ssl;
+  return 1;
+}
+
+static int ssl_verify(int depth, X509_STORE_CTX *sctx) {
+  return 1;
+}
+
 static void ssl_init() {
+  /* https://wiki.openssl.org/index.php/SSL/TLS_Client */
+
   (void)SSL_library_init();
   SSL_load_error_strings();
+
+  const SSL_METHOD* method = SSLv23_method();
+  ctx = SSL_CTX_new(method);
+  SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, ssl_verify);
+  SSL_CTX_set_verify_depth(ctx, 4);
+  const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION;
+  SSL_CTX_set_options(ctx, flags);
 }
 
 void internet_start(lua_State *L) {