Examples update.

samples/README

@@ -4,8 +4,23 @@ Directories:
  Contains scripts to generate the certificates used by the examples.
  Generate Root CA 'A' and 'B' first, then the servers and clients.
 
-* oneshot
- A simple connection example.
+* chain
+ Example of certificate chain in handshake.
+
+* dhparam
+ DH parameters for handshake.
+
+* digest
+ Certificate digest.
+
+* ecdh
+ Elliptic curve cipher.
+
+* info
+ Informations about the connection.
+
+* key
+ Test encrypted private key.
 
 * loop
  Test successive connections between the server and the client 
@@ -15,6 +30,15 @@ Directories:
  Same of above,  but the connection is not  explicit closed, the gabage
  collector is encharge of that.
 
+* oneshot
+ A simple connection example.
+
+* verification
+ Retrieve the certificate verification errors from the handshake.
+
+* verify
+ Ignore handshake errors and proceed.
+
 * wantread
  Test timeout in handshake() and receive().
 
@@ -22,7 +46,4 @@ Directories:
  Test timeout in send().
 
 * want
- Test want().
-
-* key
- Test encrypted private key.
+ Test want() method.

samples/verification/fail-string/server.lua

@@ -14,7 +14,6 @@ local params = {
    options = {"all", "no_sslv2"},
 }
 
-
 -- [[ SSL context
 local ctx = assert(ssl.newcontext(params))
 --]]

samples/verification/fail-table/client.lua

@@ -12,14 +12,13 @@ local params = {
    cafile = "../../certs/rootB.pem",
    verify = {"peer", "fail_if_no_peer_cert"},
    options = {"all", "no_sslv2"},
+   verifyext = {"lsec_continue"},
 }
 
 -- [[ SSL context
 local ctx = assert(ssl.newcontext(params))
 --]]
 
-ctx:setverifyext("lsec_continue")
-
 local peer = socket.tcp()
 peer:connect("127.0.0.1", 8888)
 

samples/verification/fail-table/server.lua

@@ -12,15 +12,13 @@ local params = {
    cafile = "../../certs/rootA.pem",
    verify = {"peer", "fail_if_no_peer_cert"},
    options = {"all", "no_sslv2"},
+   verifyext = {"lsec_continue", "crl_check", "crl_check_chain"},
 }
 
-
 -- [[ SSL context
 local ctx = assert(ssl.newcontext(params))
 --]]
 
-ctx:setverifyext("lsec_continue", "crl_check", "crl_check_chain")
-
 local server = socket.tcp()
 server:setoption('reuseaddr', true)
 assert( server:bind("127.0.0.1", 8888) )

samples/verify/client.lua

@@ -11,17 +11,12 @@ local params = {
    certificate = "../certs/serverB.pem",
    cafile = "../certs/rootB.pem",
    verify = {"peer", "fail_if_no_peer_cert"},
+   verifyext = {"lsec_continue", "lsec_ignore_purpose"},
    options = {"all", "no_sslv2"},
 }
 
 local ctx = assert(ssl.newcontext(params))
 
--- [[ Ignore error on certificate verification
-ctx:setverifyext("lsec_continue")
---ctx:setverifyext("lsec_ignore_purpose")
---ctx:setverifyext();                           -- Clear all flags set
---]]
-
 local peer = socket.tcp()
 peer:connect("127.0.0.1", 8888)
 

samples/verify/server.lua

@@ -11,18 +11,13 @@ local params = {
    certificate = "../certs/serverA.pem",
    cafile = "../certs/rootA.pem",
    verify = {"peer", "fail_if_no_peer_cert"},
+   verifyext = {"lsec_continue", "lsec_ignore_purpose"},
    options = {"all", "no_sslv2"},
 }
 
 
 local ctx = assert(ssl.newcontext(params))
 
--- [[ Ignore error on certificate verification
-ctx:setverifyext("lsec_continue")
---ctx:setverifyext("lsec_ignore_purpose")
---ctx:setverifyext();                           -- Clear all flags set
---]]
-
 local server = socket.tcp()
 server:setoption('reuseaddr', true)
 assert( server:bind("127.0.0.1", 8888) )