diff --git a/samples/README b/samples/README index 885a94e..8c6533c 100644 --- a/samples/README +++ b/samples/README @@ -4,8 +4,23 @@ Directories: Contains scripts to generate the certificates used by the examples. Generate Root CA 'A' and 'B' first, then the servers and clients. -* oneshot - A simple connection example. +* chain + Example of certificate chain in handshake. + +* dhparam + DH parameters for handshake. + +* digest + Certificate digest. + +* ecdh + Elliptic curve cipher. + +* info + Informations about the connection. + +* key + Test encrypted private key. * loop Test successive connections between the server and the client @@ -15,6 +30,15 @@ Directories: Same of above, but the connection is not explicit closed, the gabage collector is encharge of that. +* oneshot + A simple connection example. + +* verification + Retrieve the certificate verification errors from the handshake. + +* verify + Ignore handshake errors and proceed. + * wantread Test timeout in handshake() and receive(). @@ -22,7 +46,4 @@ Directories: Test timeout in send(). * want - Test want(). - -* key - Test encrypted private key. + Test want() method. diff --git a/samples/verification/fail-string/server.lua b/samples/verification/fail-string/server.lua index 3bbf013..64e4638 100644 --- a/samples/verification/fail-string/server.lua +++ b/samples/verification/fail-string/server.lua @@ -14,7 +14,6 @@ local params = { options = {"all", "no_sslv2"}, } - -- [[ SSL context local ctx = assert(ssl.newcontext(params)) --]] diff --git a/samples/verification/fail-table/client.lua b/samples/verification/fail-table/client.lua index a8f3874..307c8e5 100644 --- a/samples/verification/fail-table/client.lua +++ b/samples/verification/fail-table/client.lua @@ -12,14 +12,13 @@ local params = { cafile = "../../certs/rootB.pem", verify = {"peer", "fail_if_no_peer_cert"}, options = {"all", "no_sslv2"}, + verifyext = {"lsec_continue"}, } -- [[ SSL context local ctx = assert(ssl.newcontext(params)) --]] -ctx:setverifyext("lsec_continue") - local peer = socket.tcp() peer:connect("127.0.0.1", 8888) diff --git a/samples/verification/fail-table/server.lua b/samples/verification/fail-table/server.lua index 47112af..e270783 100644 --- a/samples/verification/fail-table/server.lua +++ b/samples/verification/fail-table/server.lua @@ -12,15 +12,13 @@ local params = { cafile = "../../certs/rootA.pem", verify = {"peer", "fail_if_no_peer_cert"}, options = {"all", "no_sslv2"}, + verifyext = {"lsec_continue", "crl_check", "crl_check_chain"}, } - -- [[ SSL context local ctx = assert(ssl.newcontext(params)) --]] -ctx:setverifyext("lsec_continue", "crl_check", "crl_check_chain") - local server = socket.tcp() server:setoption('reuseaddr', true) assert( server:bind("127.0.0.1", 8888) ) diff --git a/samples/verify/client.lua b/samples/verify/client.lua index 709237a..78dce8d 100644 --- a/samples/verify/client.lua +++ b/samples/verify/client.lua @@ -11,17 +11,12 @@ local params = { certificate = "../certs/serverB.pem", cafile = "../certs/rootB.pem", verify = {"peer", "fail_if_no_peer_cert"}, + verifyext = {"lsec_continue", "lsec_ignore_purpose"}, options = {"all", "no_sslv2"}, } local ctx = assert(ssl.newcontext(params)) --- [[ Ignore error on certificate verification -ctx:setverifyext("lsec_continue") ---ctx:setverifyext("lsec_ignore_purpose") ---ctx:setverifyext(); -- Clear all flags set ---]] - local peer = socket.tcp() peer:connect("127.0.0.1", 8888) diff --git a/samples/verify/server.lua b/samples/verify/server.lua index 8b9bae0..cebe315 100644 --- a/samples/verify/server.lua +++ b/samples/verify/server.lua @@ -11,18 +11,13 @@ local params = { certificate = "../certs/serverA.pem", cafile = "../certs/rootA.pem", verify = {"peer", "fail_if_no_peer_cert"}, + verifyext = {"lsec_continue", "lsec_ignore_purpose"}, options = {"all", "no_sslv2"}, } local ctx = assert(ssl.newcontext(params)) --- [[ Ignore error on certificate verification -ctx:setverifyext("lsec_continue") ---ctx:setverifyext("lsec_ignore_purpose") ---ctx:setverifyext(); -- Clear all flags set ---]] - local server = socket.tcp() server:setoption('reuseaddr', true) assert( server:bind("127.0.0.1", 8888) )