From 444e1b2490339670c16b52775fca6eba3da9b5f0 Mon Sep 17 00:00:00 2001 From: nilfinx Date: Fri, 6 Mar 2026 14:35:47 +0900 Subject: [PATCH 1/7] Add handshake buffer as an option --- deps/secure-socket/biowrap.lua | 6 +++++- deps/secure-socket/init.lua | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/deps/secure-socket/biowrap.lua b/deps/secure-socket/biowrap.lua index 56efb98..7b7e29c 100644 --- a/deps/secure-socket/biowrap.lua +++ b/deps/secure-socket/biowrap.lua @@ -26,7 +26,8 @@ end -- writeCipher is called when ssl needs something written on the socket -- handshakeComplete is called when the handhake is complete and it's safe -- onPlain is called when plaintext comes out. -return function (ctx, isServer, socket, handshakeComplete, servername) +-- buffer is the data that will be read before any data that the stream receives. +return function (ctx, isServer, socket, handshakeComplete, servername, buffer) local bin, bout = openssl.bio.mem(8192), openssl.bio.mem(8192) local ssl = ctx:ssl(bin, bout, isServer) @@ -134,6 +135,9 @@ return function (ctx, isServer, socket, handshakeComplete, servername) end handshake() + if buffer then + onCipher(nil, buffer) + end socket:read_start(onCipher) end diff --git a/deps/secure-socket/init.lua b/deps/secure-socket/init.lua index af1e74c..b1c7fc1 100644 --- a/deps/secure-socket/init.lua +++ b/deps/secure-socket/init.lua @@ -34,7 +34,7 @@ return function (socket, options, callback) end bioWrap(ctx, options.server, socket, callback or function (err, ssocket) return assertResume(thread, ssocket, err) - end, options.servername) + end, options.servername, options.buffer) if not callback then return coroutine.yield() end From 8c1234a78d97c25f3a79145308f6bbd78a83bae4 Mon Sep 17 00:00:00 2001 From: nilfinx Date: Fri, 6 Mar 2026 14:42:20 +0900 Subject: [PATCH 2/7] Remove note about writeCipher Was this left out when creationix was trying to migrate from coro-tls? Is this a planned feature? I have zero clue. --- deps/secure-socket/biowrap.lua | 1 - 1 file changed, 1 deletion(-) diff --git a/deps/secure-socket/biowrap.lua b/deps/secure-socket/biowrap.lua index 7b7e29c..ab8cef1 100644 --- a/deps/secure-socket/biowrap.lua +++ b/deps/secure-socket/biowrap.lua @@ -23,7 +23,6 @@ local function closeSocket(socket) end end --- writeCipher is called when ssl needs something written on the socket -- handshakeComplete is called when the handhake is complete and it's safe -- onPlain is called when plaintext comes out. -- buffer is the data that will be read before any data that the stream receives. From 5d297384021713ef4908128effeb979092a69373 Mon Sep 17 00:00:00 2001 From: nilfinx Date: Fri, 6 Mar 2026 15:55:28 +0900 Subject: [PATCH 3/7] Allow writing a table with chunks --- deps/secure-socket/biowrap.lua | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/deps/secure-socket/biowrap.lua b/deps/secure-socket/biowrap.lua index ab8cef1..0dcc2fb 100644 --- a/deps/secure-socket/biowrap.lua +++ b/deps/secure-socket/biowrap.lua @@ -110,7 +110,13 @@ return function (ctx, isServer, socket, handshakeComplete, servername, buffer) -- When requested to write plain data, encrypt it and write to socket function ssocket.write(_, plain, callback) - ssl:write(plain) + if type(plain) == "string" then + ssl:write(plain) + else + for i=1, #plain do + ssl:write(plain[i]) + end + end return flush(callback) end From 1ab3ff2f24d0d0a5ae4f87316d485f23ff8be66a Mon Sep 17 00:00:00 2001 From: nilfinx Date: Fri, 6 Mar 2026 19:53:44 +0900 Subject: [PATCH 4/7] Add ssocket.close_reset --- deps/secure-socket/biowrap.lua | 3 +++ 1 file changed, 3 insertions(+) diff --git a/deps/secure-socket/biowrap.lua b/deps/secure-socket/biowrap.lua index 0dcc2fb..305da21 100644 --- a/deps/secure-socket/biowrap.lua +++ b/deps/secure-socket/biowrap.lua @@ -132,6 +132,9 @@ return function (ctx, isServer, socket, handshakeComplete, servername, buffer) function ssocket.close(_, ...) return socket:close(...) end + function ssocket.close_reset(_, ...) + return socket:close_reset(...) + end function ssocket.unref(_, ...) return socket:unref(...) end From c18f0c7094d08a87c6dfc1f3bfeb7960d2162883 Mon Sep 17 00:00:00 2001 From: nilfinx Date: Fri, 6 Mar 2026 20:40:45 +0900 Subject: [PATCH 5/7] Check for table, not string --- deps/secure-socket/biowrap.lua | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deps/secure-socket/biowrap.lua b/deps/secure-socket/biowrap.lua index 305da21..cfcde4c 100644 --- a/deps/secure-socket/biowrap.lua +++ b/deps/secure-socket/biowrap.lua @@ -110,12 +110,12 @@ return function (ctx, isServer, socket, handshakeComplete, servername, buffer) -- When requested to write plain data, encrypt it and write to socket function ssocket.write(_, plain, callback) - if type(plain) == "string" then - ssl:write(plain) - else + if type(plain) == "table" then for i=1, #plain do ssl:write(plain[i]) end + else + ssl:write(plain) end return flush(callback) end From d06eba3510e5efdd7777089f1c4ebb1345733282 Mon Sep 17 00:00:00 2001 From: nilfinx Date: Fri, 6 Mar 2026 21:07:28 +0900 Subject: [PATCH 6/7] Use ipairs instead of i=1,#plain loop --- deps/secure-socket/biowrap.lua | 10 +++++----- deps/secure-socket/init.lua | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/deps/secure-socket/biowrap.lua b/deps/secure-socket/biowrap.lua index cfcde4c..d243577 100644 --- a/deps/secure-socket/biowrap.lua +++ b/deps/secure-socket/biowrap.lua @@ -25,8 +25,8 @@ end -- handshakeComplete is called when the handhake is complete and it's safe -- onPlain is called when plaintext comes out. --- buffer is the data that will be read before any data that the stream receives. -return function (ctx, isServer, socket, handshakeComplete, servername, buffer) +-- initialData is the data that will be read before any data that the stream receives. +return function (ctx, isServer, socket, handshakeComplete, servername, initialData) local bin, bout = openssl.bio.mem(8192), openssl.bio.mem(8192) local ssl = ctx:ssl(bin, bout, isServer) @@ -111,7 +111,7 @@ return function (ctx, isServer, socket, handshakeComplete, servername, buffer) -- When requested to write plain data, encrypt it and write to socket function ssocket.write(_, plain, callback) if type(plain) == "table" then - for i=1, #plain do + for i in ipairs(plain) do ssl:write(plain[i]) end else @@ -143,8 +143,8 @@ return function (ctx, isServer, socket, handshakeComplete, servername, buffer) end handshake() - if buffer then - onCipher(nil, buffer) + if initialData then + onCipher(nil, initialData) end socket:read_start(onCipher) diff --git a/deps/secure-socket/init.lua b/deps/secure-socket/init.lua index b1c7fc1..1150534 100644 --- a/deps/secure-socket/init.lua +++ b/deps/secure-socket/init.lua @@ -34,7 +34,7 @@ return function (socket, options, callback) end bioWrap(ctx, options.server, socket, callback or function (err, ssocket) return assertResume(thread, ssocket, err) - end, options.servername, options.buffer) + end, options.servername, options.initialData) if not callback then return coroutine.yield() end From 1f12a35d0c5d70c599b77d357757767d9e50dd39 Mon Sep 17 00:00:00 2001 From: nilfinx Date: Sat, 7 Mar 2026 23:54:46 +0900 Subject: [PATCH 7/7] Put the old changes back again Force pushing is bad. --- deps/secure-socket/biowrap.lua | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deps/secure-socket/biowrap.lua b/deps/secure-socket/biowrap.lua index d243577..fe51fb8 100644 --- a/deps/secure-socket/biowrap.lua +++ b/deps/secure-socket/biowrap.lua @@ -111,8 +111,8 @@ return function (ctx, isServer, socket, handshakeComplete, servername, initialDa -- When requested to write plain data, encrypt it and write to socket function ssocket.write(_, plain, callback) if type(plain) == "table" then - for i in ipairs(plain) do - ssl:write(plain[i]) + for _, chunk in ipairs(plain) do + ssl:write(chunk) end else ssl:write(plain) @@ -143,9 +143,9 @@ return function (ctx, isServer, socket, handshakeComplete, servername, initialDa end handshake() + socket:read_start(onCipher) if initialData then onCipher(nil, initialData) end - socket:read_start(onCipher) end