luasec/samples/dhparam/server.lua

--
-- Public domain
--
local socket = require("socket")
local ssl    = require("ssl")

local function readfile(filename)
  local fd = assert(io.open(filename))
  local dh = fd:read("*a")
  fd:close()
  return dh
end

local function dhparam_cb(export, keylength)
  print("---")
  print("DH Callback")
  print("Export", export)
  print("Key length", keylength)
  print("---")
  local filename
  if keylength == 512 then
    filename = "dh-512.pem"
  elseif keylength == 1024 then
    filename = "dh-1024.pem"
  else
    -- No key
    return nil
  end
  return readfile(filename)
end

local params = {
   mode = "server",
   protocol = "any",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = "all",
   dhparam = dhparam_cb,
   ciphers = "EDH+AESGCM"
}


-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]

local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()

local peer = server:accept()

-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
--]]

peer:send("oneshot test\n")
peer:close()
LuaSec 20120616 (unofficial) + patches 2013-03-30 13:21:40 +01:00			`--`
			`-- Public domain`
			`--`
			`local socket = require("socket")`
			`local ssl = require("ssl")`

			`local function readfile(filename)`
			`local fd = assert(io.open(filename))`
			`local dh = fd:read("*a")`
			`fd:close()`
			`return dh`
			`end`

			`local function dhparam_cb(export, keylength)`
			`print("---")`
			`print("DH Callback")`
			`print("Export", export)`
			`print("Key length", keylength)`
			`print("---")`
			`local filename`
			`if keylength == 512 then`
			`filename = "dh-512.pem"`
			`elseif keylength == 1024 then`
			`filename = "dh-1024.pem"`
			`else`
			`-- No key`
			`return nil`
			`end`
			`return readfile(filename)`
			`end`

			`local params = {`
			`mode = "server",`
update protocol samples(bring "tlsv1_2" to clients and "any" to servers) 2015-11-18 00:39:05 +01:00			`protocol = "any",`
LuaSec 20120616 (unofficial) + patches 2013-03-30 13:21:40 +01:00			`key = "../certs/serverAkey.pem",`
			`certificate = "../certs/serverA.pem",`
			`cafile = "../certs/rootA.pem",`
			`verify = {"peer", "fail_if_no_peer_cert"},`
Update samples (using 'tlsv1'). 2015-11-12 22:04:37 +01:00			`options = "all",`
LuaSec 20120616 (unofficial) + patches 2013-03-30 13:21:40 +01:00			`dhparam = dhparam_cb,`
Force a cipher that use DH parameter 2018-07-26 16:22:24 +02:00			`ciphers = "EDH+AESGCM"`
LuaSec 20120616 (unofficial) + patches 2013-03-30 13:21:40 +01:00			`}`


			`-- [[ SSL context`
			`local ctx = assert(ssl.newcontext(params))`
			`--]]`

			`local server = socket.tcp()`
			`server:setoption('reuseaddr', true)`
			`assert( server:bind("127.0.0.1", 8888) )`
			`server:listen()`

			`local peer = server:accept()`

			`-- [[ SSL wrapper`
			`peer = assert( ssl.wrap(peer, ctx) )`
			`assert( peer:dohandshake() )`
			`--]]`

			`peer:send("oneshot test\n")`
			`peer:close()`