2013-03-30 13:21:40 +01:00
|
|
|
--
|
|
|
|
|
-- Public domain
|
|
|
|
|
--
|
|
|
|
|
local socket = require("socket")
|
|
|
|
|
local ssl = require("ssl")
|
|
|
|
|
|
|
|
|
|
local params = {
|
|
|
|
|
mode = "server",
|
|
|
|
|
protocol = "sslv3",
|
|
|
|
|
key = "../../certs/serverAkey.pem",
|
|
|
|
|
certificate = "../../certs/serverA.pem",
|
|
|
|
|
cafile = "../../certs/rootA.pem",
|
|
|
|
|
verify = {"peer", "fail_if_no_peer_cert"},
|
|
|
|
|
options = {"all", "no_sslv2"},
|
2014-01-29 20:47:27 +01:00
|
|
|
verifyext = {"lsec_continue", "crl_check", "crl_check_chain"},
|
2013-03-30 13:21:40 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
-- [[ SSL context
|
|
|
|
|
local ctx = assert(ssl.newcontext(params))
|
|
|
|
|
--]]
|
|
|
|
|
|
|
|
|
|
local server = socket.tcp()
|
|
|
|
|
server:setoption('reuseaddr', true)
|
|
|
|
|
assert( server:bind("127.0.0.1", 8888) )
|
|
|
|
|
server:listen()
|
|
|
|
|
|
|
|
|
|
local peer = server:accept()
|
|
|
|
|
|
|
|
|
|
-- [[ SSL wrapper
|
|
|
|
|
peer = assert( ssl.wrap(peer, ctx) )
|
|
|
|
|
assert( peer:dohandshake() )
|
|
|
|
|
--]]
|
|
|
|
|
|
|
|
|
|
local succ, errs = peer:getpeerverification()
|
|
|
|
|
print(succ, errs)
|
|
|
|
|
for i, err in pairs(errs) do
|
|
|
|
|
for j, msg in ipairs(err) do
|
|
|
|
|
print("depth = " .. i, "error = " .. msg)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
peer:send("oneshot test\n")
|
|
|
|
|
peer:close()
|
