dany/luasec
1
0
Fork 0
mirror of https://github.com/brunoos/luasec.git synced 2025-04-05 16:26:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update sample of multiple certificates

Browse Source
This commit is contained in:
Bruno Silvestre 2019-02-26 15:52:02 -03:00
parent c0cb85d77f
commit ea8ccc3113
5 changed files with 86 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
samples/multicert/client-ecdsa.lua Normal file
View File

@ -0,0 +1,29 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "tlsv1_2",
key = "certs/clientECDSAkey.pem",
certificate = "certs/clientECDSA.pem",
verify = "none",
options = "all",
ciphers = "ALL:!aRSA"
}
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
--]]
local i = peer:info()
for k, v in pairs(i) do print(k, v) end
print(peer:receive("*l"))
peer:close()

29
samples/multicert/client-rsa.lua Normal file
View File

@ -0,0 +1,29 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "tlsv1_2",
key = "certs/clientRSAkey.pem",
certificate = "certs/clientRSA.pem",
verify = "none",
options = "all",
ciphers = "ALL:!ECDSA"
}
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
--]]
local i = peer:info()
for k, v in pairs(i) do print(k, v) end
print(peer:receive("*l"))
peer:close()

33
samples/multicert/client.lua
View File

@ -1,33 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "tlsv1_2",
key = "../certs/clientAkey.pem",
certificate = "../certs/clientA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = "all",
--
curve = "secp384r1",
}
--------------------------------------------------------------------------------
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
print("--- INFO ---")
local info = peer:info()
for k, v in pairs(info) do
print(k, v)
end
print("---")
peer:close()

13
samples/multicert/gencerts.sh Executable file
View File

@ -0,0 +1,13 @@
#!/bin/sh
mkdir -p certs
openssl ecparam -name secp256r1 -genkey -out certs/serverECDSAkey.pem
openssl req -new -config ../certs/serverA.cnf -extensions usr_cert -x509 -key certs/serverECDSAkey.pem -out certs/serverECDSA.pem -days 360 -batch
openssl ecparam -name secp256r1 -genkey -out certs/clientECDSAkey.pem
openssl req -config ../certs/clientA.cnf -extensions usr_cert -x509 -new -key certs/clientECDSAkey.pem -out certs/clientECDSA.pem -days 360 -batch
openssl req -config ../certs/serverB.cnf -extensions usr_cert -x509 -new -newkey rsa:2048 -keyout certs/serverRSAkey.pem -out certs/serverRSA.pem -nodes -days 365 -batch
openssl req -config ../certs/clientB.cnf -extensions usr_cert -x509 -new -newkey rsa:2048 -keyout certs/clientRSAkey.pem -out certs/clientRSA.pem -nodes -days 365 -batch

34
samples/multicert/server.lua
View File

@ -8,24 +8,19 @@ local params = {
mode = "server", mode = "server",
protocol = "any", protocol = "any",
certificates = { certificates = {
{ -- Comment line below and 'client-rsa' stop working
key = "../certs/serverAkey.pem", { certificate = "certs/serverRSA.pem", key = "certs/serverRSAkey.pem" },
certificate = "../certs/serverA.pem" -- Comment line below and 'client-ecdsa' stop working
{ certificate = "certs/serverECDSA.pem", key = "certs/serverECDSAkey.pem" }
}, },
{ verify = "none",
key = "../certs/serverBkey.pem", options = "all"
certificate = "../certs/serverB.pem"
}
},
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = "all",
--
curve = "secp384r1",
} }
------------------------------------------------------------------------------
-- [[ SSL context
local ctx = assert(ssl.newcontext(params)) local ctx = assert(ssl.newcontext(params))
--]]
local server = socket.tcp() local server = socket.tcp()
server:setoption('reuseaddr', true) server:setoption('reuseaddr', true)
@ -34,15 +29,10 @@ server:listen()
local peer = server:accept() local peer = server:accept()
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) ) peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() ) assert( peer:dohandshake() )
--]]
print("--- INFO ---") peer:send("oneshot test\n")
local info = peer:info()
for k, v in pairs(info) do
print(k, v)
end
print("---")
peer:close() peer:close()
server:close()