mirror of
https://github.com/brunoos/luasec.git
synced 2025-07-23 17:29:57 +02:00
Some work with OCSP
This commit is contained in:
54
samples/ocsp/client.lua
Normal file
54
samples/ocsp/client.lua
Normal file
@ -0,0 +1,54 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local ocsp = ssl.ocsp
|
||||
|
||||
-- Parameters
|
||||
-- * status:
|
||||
-- * nil (no status was sent by server)
|
||||
-- * ocsp.status.successful
|
||||
-- * ocsp.status.malformedrequest
|
||||
-- * ocsp.status.internalerror
|
||||
-- * ocsp.status.trylater
|
||||
-- * ocsp.status.sigrequired
|
||||
-- * ocsp.status.unauthorized
|
||||
--
|
||||
-- Returns
|
||||
-- * nil: on error
|
||||
-- * true: status was accepted (continue the handshake)
|
||||
-- * false: status not accepted (handshake stops with error)
|
||||
--
|
||||
local callback = function(status)
|
||||
print("Status: ", status)
|
||||
print("---")
|
||||
|
||||
if status == nil then
|
||||
print("[WARN] No OCSP response")
|
||||
return true
|
||||
end
|
||||
|
||||
return (status == ocsp.status.successful)
|
||||
end
|
||||
|
||||
local params = {
|
||||
mode = "client",
|
||||
protocol = "tlsv1_2",
|
||||
verify = "none",
|
||||
options = "all",
|
||||
ocsp = callback,
|
||||
}
|
||||
|
||||
while true do
|
||||
local peer = socket.tcp()
|
||||
peer:connect("127.0.0.1", 8443)
|
||||
|
||||
peer = assert(ssl.wrap(peer, params))
|
||||
assert(peer:dohandshake())
|
||||
|
||||
print(peer:receive())
|
||||
print("------------")
|
||||
peer:close()
|
||||
end
|
89
samples/ocsp/server.lua
Normal file
89
samples/ocsp/server.lua
Normal file
@ -0,0 +1,89 @@
|
||||
--
|
||||
-- Public domain
|
||||
--
|
||||
local socket = require("socket")
|
||||
local ssl = require("ssl")
|
||||
|
||||
local mime = require("mime")
|
||||
local ltn12 = require("ltn12")
|
||||
local http = require("socket.http")
|
||||
|
||||
local ocsp = ssl.ocsp
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
local response
|
||||
|
||||
function loadresponse(certfile, cafile)
|
||||
local f = io.open(cafile)
|
||||
local ca = f:read("*a")
|
||||
ca = ssl.loadcertificate(ca)
|
||||
f:close()
|
||||
|
||||
f = io.open(certfile)
|
||||
local cert = f:read("*a")
|
||||
cert = ssl.loadcertificate(cert)
|
||||
f:close()
|
||||
|
||||
local res = {}
|
||||
local req = ocsp.buildrequest(cert, ca)
|
||||
req = mime.b64(req)
|
||||
|
||||
local a, b = http.request {
|
||||
url = "http://zerossl.ocsp.sectigo.com/" .. req,
|
||||
method = "GET",
|
||||
sink = ltn12.sink.table(res),
|
||||
header = {
|
||||
["Content-Type"] = "application/ocsp-request",
|
||||
["Host"] = "zerossl.ocsp.sectigo.com",
|
||||
},
|
||||
}
|
||||
|
||||
response = table.concat(res)
|
||||
|
||||
local thisupd, nextupd = ocsp.responsetime(response)
|
||||
print("This update: ", thisupd)
|
||||
print("Next update: ", nextupd)
|
||||
end
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
local cafile = "ca.pem"
|
||||
local certfile = "server.pem"
|
||||
|
||||
-- Remember to update 'response' before 'next update'
|
||||
local callback = function()
|
||||
if not response then
|
||||
loadresponse(certfile, cafile)
|
||||
end
|
||||
return response
|
||||
end
|
||||
|
||||
local params = {
|
||||
mode = "server",
|
||||
protocol = "any",
|
||||
key = "server.key",
|
||||
certificate = certfile,
|
||||
verify = "none",
|
||||
options = "all",
|
||||
ocsp = callback,
|
||||
}
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
local ctx = assert(ssl.newcontext(params))
|
||||
|
||||
local server = socket.tcp()
|
||||
server:setoption('reuseaddr', true)
|
||||
assert(server:bind("127.0.0.1", 8443))
|
||||
server:listen()
|
||||
|
||||
while true do
|
||||
local peer = server:accept()
|
||||
peer = assert(ssl.wrap(peer, ctx))
|
||||
local succ = peer:dohandshake()
|
||||
if succ then
|
||||
peer:send("OCSP test\n")
|
||||
peer:close()
|
||||
end
|
||||
end
|
Reference in New Issue
Block a user