From c72dc02ecb87c07bc4d9d1d036f0295dceccb5d2 Mon Sep 17 00:00:00 2001 From: Jeremy List Date: Tue, 26 Feb 2019 10:52:53 +1300 Subject: [PATCH] Sample for multiple certificates. --- samples/multicert/client.lua | 33 +++++++++++++++++++++++++ samples/multicert/server.lua | 48 ++++++++++++++++++++++++++++++++++++ 2 files changed, 81 insertions(+) create mode 100644 samples/multicert/client.lua create mode 100644 samples/multicert/server.lua diff --git a/samples/multicert/client.lua b/samples/multicert/client.lua new file mode 100644 index 0000000..31bba7a --- /dev/null +++ b/samples/multicert/client.lua @@ -0,0 +1,33 @@ +-- +-- Public domain +-- +local socket = require("socket") +local ssl = require("ssl") + +local params = { + mode = "client", + protocol = "tlsv1_2", + key = "../certs/clientAkey.pem", + certificate = "../certs/clientA.pem", + cafile = "../certs/rootA.pem", + verify = {"peer", "fail_if_no_peer_cert"}, + options = "all", + -- + curve = "secp384r1", +} + +-------------------------------------------------------------------------------- +local peer = socket.tcp() +peer:connect("127.0.0.1", 8888) + +peer = assert( ssl.wrap(peer, params) ) +assert(peer:dohandshake()) + +print("--- INFO ---") +local info = peer:info() +for k, v in pairs(info) do + print(k, v) +end +print("---") + +peer:close() diff --git a/samples/multicert/server.lua b/samples/multicert/server.lua new file mode 100644 index 0000000..34be124 --- /dev/null +++ b/samples/multicert/server.lua @@ -0,0 +1,48 @@ +-- +-- Public domain +-- +local socket = require("socket") +local ssl = require("ssl") + +local params = { + mode = "server", + protocol = "any", + certificates = { + { + key = "../certs/serverAkey.pem", + certificate = "../certs/serverA.pem" + }, + { + key = "../certs/serverBkey.pem", + certificate = "../certs/serverB.pem" + } + }, + cafile = "../certs/rootA.pem", + verify = {"peer", "fail_if_no_peer_cert"}, + options = "all", + -- + curve = "secp384r1", +} + +------------------------------------------------------------------------------ +local ctx = assert(ssl.newcontext(params)) + +local server = socket.tcp() +server:setoption('reuseaddr', true) +assert( server:bind("127.0.0.1", 8888) ) +server:listen() + +local peer = server:accept() + +peer = assert( ssl.wrap(peer, ctx) ) +assert( peer:dohandshake() ) + +print("--- INFO ---") +local info = peer:info() +for k, v in pairs(info) do + print(k, v) +end +print("---") + +peer:close() +server:close()