Some work with OCSP

This commit is contained in:
Bruno Silvestre
2021-06-25 19:50:47 -03:00
parent cdcf5fdb30
commit a3e74db781
5 changed files with 416 additions and 0 deletions

54
samples/ocsp/client.lua Normal file
View File

@ -0,0 +1,54 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local ocsp = ssl.ocsp
-- Parameters
-- * status:
-- * nil (no status was sent by server)
-- * ocsp.status.successful
-- * ocsp.status.malformedrequest
-- * ocsp.status.internalerror
-- * ocsp.status.trylater
-- * ocsp.status.sigrequired
-- * ocsp.status.unauthorized
--
-- Returns
-- * nil: on error
-- * true: status was accepted (continue the handshake)
-- * false: status not accepted (handshake stops with error)
--
local callback = function(status)
print("Status: ", status)
print("---")
if status == nil then
print("[WARN] No OCSP response")
return true
end
return (status == ocsp.status.successful)
end
local params = {
mode = "client",
protocol = "tlsv1_2",
verify = "none",
options = "all",
ocsp = callback,
}
while true do
local peer = socket.tcp()
peer:connect("127.0.0.1", 8443)
peer = assert(ssl.wrap(peer, params))
assert(peer:dohandshake())
print(peer:receive())
print("------------")
peer:close()
end

89
samples/ocsp/server.lua Normal file
View File

@ -0,0 +1,89 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local mime = require("mime")
local ltn12 = require("ltn12")
local http = require("socket.http")
local ocsp = ssl.ocsp
--------------------------------------------------------------------------------
local response
function loadresponse(certfile, cafile)
local f = io.open(cafile)
local ca = f:read("*a")
ca = ssl.loadcertificate(ca)
f:close()
f = io.open(certfile)
local cert = f:read("*a")
cert = ssl.loadcertificate(cert)
f:close()
local res = {}
local req = ocsp.buildrequest(cert, ca)
req = mime.b64(req)
local a, b = http.request {
url = "http://zerossl.ocsp.sectigo.com/" .. req,
method = "GET",
sink = ltn12.sink.table(res),
header = {
["Content-Type"] = "application/ocsp-request",
["Host"] = "zerossl.ocsp.sectigo.com",
},
}
response = table.concat(res)
local thisupd, nextupd = ocsp.responsetime(response)
print("This update: ", thisupd)
print("Next update: ", nextupd)
end
--------------------------------------------------------------------------------
local cafile = "ca.pem"
local certfile = "server.pem"
-- Remember to update 'response' before 'next update'
local callback = function()
if not response then
loadresponse(certfile, cafile)
end
return response
end
local params = {
mode = "server",
protocol = "any",
key = "server.key",
certificate = certfile,
verify = "none",
options = "all",
ocsp = callback,
}
--------------------------------------------------------------------------------
local ctx = assert(ssl.newcontext(params))
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert(server:bind("127.0.0.1", 8443))
server:listen()
while true do
local peer = server:accept()
peer = assert(ssl.wrap(peer, ctx))
local succ = peer:dohandshake()
if succ then
peer:send("OCSP test\n")
peer:close()
end
end