diff --git a/samples/multicert/client-ecdsa.lua b/samples/multicert/client-ecdsa.lua new file mode 100644 index 0000000..79b53de --- /dev/null +++ b/samples/multicert/client-ecdsa.lua @@ -0,0 +1,29 @@ +-- +-- Public domain +-- +local socket = require("socket") +local ssl = require("ssl") + +local params = { + mode = "client", + protocol = "tlsv1_2", + key = "certs/clientECDSAkey.pem", + certificate = "certs/clientECDSA.pem", + verify = "none", + options = "all", + ciphers = "ALL:!aRSA" +} + +local peer = socket.tcp() +peer:connect("127.0.0.1", 8888) + +-- [[ SSL wrapper +peer = assert( ssl.wrap(peer, params) ) +assert(peer:dohandshake()) +--]] + +local i = peer:info() +for k, v in pairs(i) do print(k, v) end + +print(peer:receive("*l")) +peer:close() diff --git a/samples/multicert/client-rsa.lua b/samples/multicert/client-rsa.lua new file mode 100644 index 0000000..462d7a2 --- /dev/null +++ b/samples/multicert/client-rsa.lua @@ -0,0 +1,29 @@ +-- +-- Public domain +-- +local socket = require("socket") +local ssl = require("ssl") + +local params = { + mode = "client", + protocol = "tlsv1_2", + key = "certs/clientRSAkey.pem", + certificate = "certs/clientRSA.pem", + verify = "none", + options = "all", + ciphers = "ALL:!ECDSA" +} + +local peer = socket.tcp() +peer:connect("127.0.0.1", 8888) + +-- [[ SSL wrapper +peer = assert( ssl.wrap(peer, params) ) +assert(peer:dohandshake()) +--]] + +local i = peer:info() +for k, v in pairs(i) do print(k, v) end + +print(peer:receive("*l")) +peer:close() diff --git a/samples/multicert/client.lua b/samples/multicert/client.lua deleted file mode 100644 index 31bba7a..0000000 --- a/samples/multicert/client.lua +++ /dev/null @@ -1,33 +0,0 @@ --- --- Public domain --- -local socket = require("socket") -local ssl = require("ssl") - -local params = { - mode = "client", - protocol = "tlsv1_2", - key = "../certs/clientAkey.pem", - certificate = "../certs/clientA.pem", - cafile = "../certs/rootA.pem", - verify = {"peer", "fail_if_no_peer_cert"}, - options = "all", - -- - curve = "secp384r1", -} - --------------------------------------------------------------------------------- -local peer = socket.tcp() -peer:connect("127.0.0.1", 8888) - -peer = assert( ssl.wrap(peer, params) ) -assert(peer:dohandshake()) - -print("--- INFO ---") -local info = peer:info() -for k, v in pairs(info) do - print(k, v) -end -print("---") - -peer:close() diff --git a/samples/multicert/gencerts.sh b/samples/multicert/gencerts.sh new file mode 100755 index 0000000..7fc851d --- /dev/null +++ b/samples/multicert/gencerts.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +mkdir -p certs + +openssl ecparam -name secp256r1 -genkey -out certs/serverECDSAkey.pem +openssl req -new -config ../certs/serverA.cnf -extensions usr_cert -x509 -key certs/serverECDSAkey.pem -out certs/serverECDSA.pem -days 360 -batch + +openssl ecparam -name secp256r1 -genkey -out certs/clientECDSAkey.pem +openssl req -config ../certs/clientA.cnf -extensions usr_cert -x509 -new -key certs/clientECDSAkey.pem -out certs/clientECDSA.pem -days 360 -batch + +openssl req -config ../certs/serverB.cnf -extensions usr_cert -x509 -new -newkey rsa:2048 -keyout certs/serverRSAkey.pem -out certs/serverRSA.pem -nodes -days 365 -batch + +openssl req -config ../certs/clientB.cnf -extensions usr_cert -x509 -new -newkey rsa:2048 -keyout certs/clientRSAkey.pem -out certs/clientRSA.pem -nodes -days 365 -batch diff --git a/samples/multicert/server.lua b/samples/multicert/server.lua index 34be124..294bf74 100644 --- a/samples/multicert/server.lua +++ b/samples/multicert/server.lua @@ -5,27 +5,22 @@ local socket = require("socket") local ssl = require("ssl") local params = { - mode = "server", - protocol = "any", - certificates = { - { - key = "../certs/serverAkey.pem", - certificate = "../certs/serverA.pem" - }, - { - key = "../certs/serverBkey.pem", - certificate = "../certs/serverB.pem" - } + mode = "server", + protocol = "any", + certificates = { + -- Comment line below and 'client-rsa' stop working + { certificate = "certs/serverRSA.pem", key = "certs/serverRSAkey.pem" }, + -- Comment line below and 'client-ecdsa' stop working + { certificate = "certs/serverECDSA.pem", key = "certs/serverECDSAkey.pem" } }, - cafile = "../certs/rootA.pem", - verify = {"peer", "fail_if_no_peer_cert"}, - options = "all", - -- - curve = "secp384r1", + verify = "none", + options = "all" } ------------------------------------------------------------------------------- + +-- [[ SSL context local ctx = assert(ssl.newcontext(params)) +--]] local server = socket.tcp() server:setoption('reuseaddr', true) @@ -34,15 +29,10 @@ server:listen() local peer = server:accept() +-- [[ SSL wrapper peer = assert( ssl.wrap(peer, ctx) ) assert( peer:dohandshake() ) +--]] -print("--- INFO ---") -local info = peer:info() -for k, v in pairs(info) do - print(k, v) -end -print("---") - +peer:send("oneshot test\n") peer:close() -server:close()