From cc2fb8ee75d0e55d0d108fe01fa509a9c20880ca Mon Sep 17 00:00:00 2001 From: Bruno Silvestre Date: Mon, 21 Apr 2014 13:18:20 -0300 Subject: [PATCH] SNI support. --- samples/sni/client.lua | 34 ++++++++++++++++++++++++++++ samples/sni/server.lua | 50 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 84 insertions(+) create mode 100644 samples/sni/client.lua create mode 100644 samples/sni/server.lua diff --git a/samples/sni/client.lua b/samples/sni/client.lua new file mode 100644 index 0000000..1487098 --- /dev/null +++ b/samples/sni/client.lua @@ -0,0 +1,34 @@ +local socket = require("socket") +local ssl = require("ssl") + +local params = { + mode = "client", + protocol = "tlsv1", + key = "../certs/clientAkey.pem", + certificate = "../certs/clientA.pem", + cafile = "../certs/rootA.pem", + verify = "peer", + options = "all", +} + +local conn = socket.tcp() +conn:connect("127.0.0.1", 8888) + +-- TLS/SSL initialization +conn = ssl.wrap(conn, params) + +-- Comment the lines to not send a name +--conn:sni("servera.br") +conn:sni("serveraa.br") + +assert(conn:dohandshake()) +-- +local cert = conn:getpeercertificate() +for k, v in pairs(cert:subject()) do + for i, j in pairs(v) do + print(i, j) + end +end +-- +print(conn:receive("*l")) +conn:close() diff --git a/samples/sni/server.lua b/samples/sni/server.lua new file mode 100644 index 0000000..8ac4be2 --- /dev/null +++ b/samples/sni/server.lua @@ -0,0 +1,50 @@ +local socket = require("socket") +local ssl = require("ssl") + +local params01 = { + mode = "server", + protocol = "tlsv1", + key = "../certs/serverAkey.pem", + certificate = "../certs/serverA.pem", + cafile = "../certs/rootA.pem", + verify = "none", + options = "all", + ciphers = "ALL:!ADH:@STRENGTH", +} + +local params02 = { + mode = "server", + protocol = "tlsv1", + key = "../certs/serverAAkey.pem", + certificate = "../certs/serverAA.pem", + cafile = "../certs/rootA.pem", + verify = "none", + options = "all", + ciphers = "ALL:!ADH:@STRENGTH", +} + +-- +local ctx01 = ssl.newcontext(params01) +local ctx02 = ssl.newcontext(params02) + +-- +local server = socket.tcp() +server:setoption('reuseaddr', true) +server:bind("127.0.0.1", 8888) +server:listen() +local conn = server:accept() +-- + +-- Default context (when client does not send a name) is ctx01 +conn = ssl.wrap(conn, ctx01) + +-- Configure the name map +conn:sni({ + ["servera.br"] = ctx01, + ["serveraa.br"] = ctx02, +}) + +assert(conn:dohandshake()) +-- +conn:send("one line\n") +conn:close()