{ "classes": [ { "constants": [], "types": [ { "lua_type": "type CertificateInfo = {\n subject: string,\n issuer: string,\n validFrom: string,\n validTo: string,\n serial: string,\n version: number,\n info: string,\n}", "name": "CertificateInfo", "tags": [], "source": { "path": "", "line": 142 }, "fields": [ { "lua_type": "subject: string", "name": "subject", "desc": "" }, { "lua_type": "issuer: string", "name": "issuer", "desc": "" }, { "lua_type": "validFrom: string", "name": "validFrom", "desc": "" }, { "lua_type": "validTo: string", "name": "validTo", "desc": "" }, { "lua_type": "serial: string", "name": "serial", "desc": "" }, { "lua_type": "version: number", "name": "version", "desc": "" }, { "lua_type": "info: string", "name": "info", "desc": "" } ], "desc": "Structured information about an X.509 certificate, as returned by\n[[parseCertificate]].\n" } ], "name": "@eryx/_ssl", "tags": [], "functions": [ { "source": { "path": "", "line": 167 }, "is_method": false, "signature": "_ssl.createDefaultContext() → (\n SslContext -- A client-mode TLS context. \n)", "owner": "_ssl", "desc": "Creates a new [[SslContext]] with sensible defaults for **client** mode.\n\nThe context is preconfigured with system CA certificates and requires\nTLS 1.2 or later. Server certificate verification is enabled by default.\n\n```luau\nlocal ctx = _ssl.createDefaultContext()\nlocal ssock = ctx:wrapSocket(sock, \"example.com\")\n```\n", "tags": [], "name": "createDefaultContext", "return_str": "SslContext", "function_type": "Function", "returns": [ { "lua_type": "SslContext", "desc": "A client-mode TLS context. " } ], "params": [] }, { "source": { "path": "", "line": 180 }, "is_method": false, "signature": "_ssl.createServerContext(\n certfile: string, -- Path to the PEM certificate chain file.\n keyfile: string, -- Path to the PEM private key file.\n password: string? -- Passphrase for encrypted private keys.\n) → (\n SslContext -- A server-mode TLS context. \n)", "owner": "_ssl", "desc": "Creates a new [[SslContext]] configured for **server** mode by loading\na certificate chain and private key from PEM files on disk.\n", "tags": [], "name": "createServerContext", "return_str": "SslContext", "function_type": "Function", "returns": [ { "lua_type": "SslContext", "desc": "A server-mode TLS context. " } ], "params": [ { "lua_type": "string", "name": "certfile", "desc": "Path to the PEM certificate chain file." }, { "lua_type": "string", "name": "keyfile", "desc": "Path to the PEM private key file." }, { "lua_type": "string?", "name": "password", "desc": "Passphrase for encrypted private keys." } ] }, { "source": { "path": "", "line": 194 }, "is_method": false, "signature": "_ssl.createServerContextPem(\n certPem: string, -- PEM-encoded certificate chain string.\n keyPem: string, -- PEM-encoded private key string.\n password: string? -- Passphrase for encrypted private keys.\n) → (\n SslContext -- A server-mode TLS context. \n)", "owner": "_ssl", "desc": "Creates a new [[SslContext]] configured for **server** mode from PEM\nstrings rather than files. Useful when certificates are generated\nat runtime or stored in memory.\n", "tags": [], "name": "createServerContextPem", "return_str": "SslContext", "function_type": "Function", "returns": [ { "lua_type": "SslContext", "desc": "A server-mode TLS context. " } ], "params": [ { "lua_type": "string", "name": "certPem", "desc": "PEM-encoded certificate chain string." }, { "lua_type": "string", "name": "keyPem", "desc": "PEM-encoded private key string." }, { "lua_type": "string?", "name": "password", "desc": "Passphrase for encrypted private keys." } ] }, { "source": { "path": "", "line": 212 }, "is_method": false, "signature": "_ssl.wrapSocket(\n sock: any, -- A connected `_socket.Socket`.\n hostname: string? -- Hostname for SNI and certificate verification.\n) → (\n SslSocket -- The wrapped TLS socket. \n)", "owner": "_ssl", "desc": "Convenience function that creates a default client context and wraps\na socket in a single call.\n\nEquivalent to:\n```luau\nlocal ctx = _ssl.createDefaultContext()\nlocal ssock = ctx:wrapSocket(sock, hostname)\n```\n", "tags": [], "name": "wrapSocket", "return_str": "SslSocket", "function_type": "Function", "returns": [ { "lua_type": "SslSocket", "desc": "The wrapped TLS socket. " } ], "params": [ { "lua_type": "any", "name": "sock", "desc": "A connected `_socket.Socket`." }, { "lua_type": "string?", "name": "hostname", "desc": "Hostname for SNI and certificate verification." } ] }, { "source": { "path": "", "line": 228 }, "is_method": false, "signature": "_ssl.generateKey(\n type: (\"rsa\" | \"ec\")?, -- Key type - `\"rsa\"` (default) or `\"ec\"` (secp256r1).\n bits: number? -- Key size in bits. Defaults to 2048 for RSA, 256 for EC.\n) → (\n string -- PEM-encoded private key. \n)", "owner": "_ssl", "desc": "Generates a new private key and returns it as a PEM string.\n\n```luau\nlocal rsa_key = _ssl.generateKey(\"rsa\", 4096)\nlocal ec_key = _ssl.generateKey(\"ec\")\n```\n", "tags": [], "name": "generateKey", "return_str": "string", "function_type": "Function", "returns": [ { "lua_type": "string", "desc": "PEM-encoded private key. " } ], "params": [ { "lua_type": "(\"rsa\" | \"ec\")?", "name": "type", "desc": "Key type - `\"rsa\"` (default) or `\"ec\"` (secp256r1)." }, { "lua_type": "number?", "name": "bits", "desc": "Key size in bits. Defaults to 2048 for RSA, 256 for EC." } ] }, { "source": { "path": "", "line": 248 }, "is_method": false, "signature": "_ssl.generateSelfSignedCert(\n options: { key: string, subject: string?, days: number?, san: { string }?, isCa: boolean? } -- Certificate generation options.\n) → (\n string -- PEM-encoded certificate. \n)", "owner": "_ssl", "desc": "Generates a self-signed X.509 certificate and returns it as a PEM string.\n\n```luau\nlocal key = _ssl.generateKey()\nlocal cert = _ssl.generateSelfSignedCert({\n key = key,\n subject = \"CN=localhost,O=Dev\",\n days = 365,\n san = { \"localhost\", \"127.0.0.1\" },\n})\n```\n", "tags": [], "name": "generateSelfSignedCert", "return_str": "string", "function_type": "Function", "returns": [ { "lua_type": "string", "desc": "PEM-encoded certificate. " } ], "params": [ { "lua_type": "{ key: string, subject: string?, days: number?, san: { string }?, isCa: boolean? }", "name": "options", "desc": "Certificate generation options." } ] }, { "source": { "path": "", "line": 270 }, "is_method": false, "signature": "_ssl.parseCertificate(\n pem: string -- PEM-encoded certificate string.\n) → (\n CertificateInfo -- Parsed certificate fields. \n)", "owner": "_ssl", "desc": "Parses a PEM-encoded certificate string and returns structured\ninformation about it.\n\n```luau\nlocal info = _ssl.parseCertificate(certPem)\nprint(info.subject, info.validFrom, info.validTo)\n```\n", "tags": [], "name": "parseCertificate", "return_str": "CertificateInfo", "function_type": "Function", "returns": [ { "lua_type": "CertificateInfo", "desc": "Parsed certificate fields. " } ], "params": [ { "lua_type": "string", "name": "pem", "desc": "PEM-encoded certificate string." } ] } ], "properties": [], "source": { "path": "", "line": 0 }, "desc": "TLS/SSL support for Luau, powered by Mbed TLS.\n\nProvides encrypted communication over sockets using TLS 1.2+. Includes\nboth client and server context creation, certificate generation, and\ncertificate parsing utilities.\n\n:::tip\nFor most use cases, prefer `@eryx/http` which handles TLS automatically.\nUse `_ssl` directly when you need fine-grained control over TLS\nsettings or are building a custom protocol.\n:::\n\n```luau\nlocal _socket = require(\"@eryx/_socket\")\nlocal _ssl = require(\"@eryx/_ssl\")\n\nlocal sock = _socket.socket(_socket.AF_INET, _socket.SOCK_STREAM)\nsock:connect(\"example.com\", 443)\n\nlocal ctx = _ssl.createDefaultContext()\nlocal ssock = ctx:wrapSocket(sock, \"example.com\")\nssock:sendAll(buffer.fromstring(\"GET / HTTP/1.0\\r\\nHost: example.com\\r\\n\\r\\n\"))\nlocal data = ssock:recv(4096)\nprint(buffer.tostring(data))\nssock:close()\n```\n" }, { "is_primary_export": false, "source": { "path": "", "line": 34 }, "tags": [], "properties": [], "desc": "A TLS context that holds configuration (trusted CAs, verification\nmode) and can wrap raw sockets into encrypted [[SslSocket]] connections.\n", "name": "SslContext", "functions": [ { "source": { "path": "", "line": 46 }, "is_method": true, "signature": "SslContext:wrapSocket(\n sock: any, -- A connected `_socket.Socket`.\n serverHostname: string? -- Hostname for SNI and certificate verification.\n) → (\n SslSocket -- The wrapped TLS socket. \n)", "desc": "Wraps an existing connected [[_socket.Socket]] into a TLS connection.\n\nThe `SslSocket` takes ownership of the underlying file descriptor.\nFor client connections, pass `serverHostname` to enable SNI\n(Server Name Indication) and certificate hostname verification.\n", "tags": [], "name": "wrapSocket", "return_str": "SslSocket", "function_type": "Method", "returns": [ { "lua_type": "SslSocket", "desc": "The wrapped TLS socket. " } ], "params": [ { "lua_type": "any", "name": "sock", "desc": "A connected `_socket.Socket`." }, { "lua_type": "string?", "name": "serverHostname", "desc": "Hostname for SNI and certificate verification." } ] }, { "source": { "path": "", "line": 57 }, "is_method": true, "signature": "SslContext:loadVerifyLocations(\n cafile: string -- Path to a PEM file containing one or more CA certificates. \n) → ()", "desc": "Loads a PEM-encoded CA certificate file for server certificate\nverification.\n\nCall this to trust a custom CA instead of (or in addition to) the\nsystem certificate store.\n", "tags": [], "name": "loadVerifyLocations", "return_str": "()", "function_type": "Method", "returns": [], "params": [ { "lua_type": "string", "name": "cafile", "desc": "Path to a PEM file containing one or more CA certificates. " } ] }, { "source": { "path": "", "line": 69 }, "is_method": true, "signature": "SslContext:setVerify(\n mode: number -- Verification mode - `VERIFY_NONE` or `VERIFY_REQUIRED`. \n) → ()", "desc": "Sets the certificate verification mode.\n\nUse `_ssl.VERIFY_REQUIRED` (the default for contexts created with\n[[createDefaultContext]]) to require a valid, trusted server\ncertificate. Use `_ssl.VERIFY_NONE` to skip verification\n(not recommended for production).\n", "tags": [], "name": "setVerify", "return_str": "()", "function_type": "Method", "returns": [], "params": [ { "lua_type": "number", "name": "mode", "desc": "Verification mode - `VERIFY_NONE` or `VERIFY_REQUIRED`. " } ] } ], "metamethods": [], "types": [] }, { "is_primary_export": false, "source": { "path": "", "line": 78 }, "tags": [], "properties": [], "desc": "An encrypted socket wrapping an underlying TCP connection.\n\nProvides the same `send`/`recv`/`close` interface as [[_socket.Socket]],\nbut all data is transparently encrypted and decrypted via TLS.\n", "name": "SslSocket", "functions": [ { "source": { "path": "", "line": 86 }, "is_method": true, "signature": "SslSocket:send(\n data: buffer -- The data to send.\n) → (\n number -- Number of bytes sent. \n)", "desc": "Sends data over the encrypted connection. Returns the number of\nbytes actually written, which may be less than the full buffer.\n", "tags": [], "name": "send", "return_str": "number", "function_type": "Method", "returns": [ { "lua_type": "number", "desc": "Number of bytes sent. " } ], "params": [ { "lua_type": "buffer", "name": "data", "desc": "The data to send." } ] }, { "source": { "path": "", "line": 94 }, "is_method": true, "signature": "SslSocket:sendAll(\n data: buffer -- The data to send. \n) → ()", "desc": "Sends all data in the buffer, retrying internally until every byte\nhas been transmitted or an error occurs.\n", "tags": [], "name": "sendAll", "return_str": "()", "function_type": "Method", "returns": [], "params": [ { "lua_type": "buffer", "name": "data", "desc": "The data to send. " } ] }, { "source": { "path": "", "line": 105 }, "is_method": true, "signature": "SslSocket:recv(\n bufsize: number -- Maximum number of bytes to receive.\n) → (\n buffer -- The received data. \n)", "desc": "Receives up to `bufsize` bytes from the encrypted connection.\n\nReturns a buffer containing the received data. An empty buffer\n(length 0) indicates the remote end has closed the connection.\n", "tags": [], "name": "recv", "return_str": "buffer", "function_type": "Method", "returns": [ { "lua_type": "buffer", "desc": "The received data. " } ], "params": [ { "lua_type": "number", "name": "bufsize", "desc": "Maximum number of bytes to receive." } ] }, { "source": { "path": "", "line": 111 }, "is_method": true, "signature": "SslSocket:close() → ()", "desc": "Performs a TLS shutdown and closes the underlying socket, releasing\nall associated resources.\n", "tags": [], "name": "close", "return_str": "()", "function_type": "Method", "returns": [], "params": [] }, { "source": { "path": "", "line": 119 }, "is_method": true, "signature": "SslSocket:getPeerName() → (\n string, -- The remote IP address.\n number -- The remote port. \n)", "desc": "Returns the remote address and port of the connected peer.\n", "tags": [], "name": "getPeerName", "return_str": "(string, number)", "function_type": "Method", "returns": [ { "lua_type": "string", "desc": "The remote IP address." }, { "lua_type": "number", "desc": "The remote port. " } ], "params": [] }, { "source": { "path": "", "line": 127 }, "is_method": true, "signature": "SslSocket:getSockName() → (\n string, -- The local IP address.\n number -- The local port. \n)", "desc": "Returns the local address and port the socket is bound to.\n", "tags": [], "name": "getSockName", "return_str": "(string, number)", "function_type": "Method", "returns": [ { "lua_type": "string", "desc": "The local IP address." }, { "lua_type": "number", "desc": "The local port. " } ], "params": [] }, { "source": { "path": "", "line": 135 }, "is_method": true, "signature": "SslSocket:fileNo() → (\n number -- The file descriptor. \n)", "desc": "Returns the underlying OS file descriptor number for\nthe socket. Useful for advanced I/O multiplexing.\n", "tags": [], "name": "fileNo", "return_str": "number", "function_type": "Method", "returns": [ { "lua_type": "number", "desc": "The file descriptor. " } ], "params": [] } ], "metamethods": [], "types": [] } ] }