2025-04-24 09:26:44 +02:00
31 changed files with 61 additions and 339 deletions
--- a/8
+++ b/8
@ -1,11 +1,3 @@
 --------------------------------------------------------------------------------
 LuaSec 1.3.0
 ---------------
 This version includes:
 * Add :getlocalchain() + :getlocalcertificate() to mirror the peer methods (@mwild1)
 * Add Pre-Shared Key (PSK) support (@jclab-joseph)
 --------------------------------------------------------------------------------
 LuaSec 1.2.0
 ---------------
--- a/4
+++ b/4
@ -1,9 +1,9 @@
-LuaSec 1.3.0
+LuaSec 1.2.0
 ------------
 * OpenSSL options:
-    By default, this version includes options for OpenSSL 3.0.8
+    By default, this version includes options for OpenSSL 3.0.0 beta2
    If you need to generate the options for a different version of OpenSSL:
--- a/4
+++ b/4
@ -1,5 +1,5 @@
-LuaSec 1.3.0 license
+LuaSec 1.2.0 license
-Copyright (C) 2006-2023 Bruno Silvestre, UFG
+Copyright (C) 2006-2022 Bruno Silvestre, UFG
 Permission is hereby granted, free  of charge, to any person obtaining
 a  copy  of this  software  and  associated  documentation files  (the
--- a/README.md
+++ b/README.md
@ -1,4 +1,4 @@
-LuaSec 1.3.0
+LuaSec 1.2.0
 ===============
 LuaSec depends  on OpenSSL, and  integrates with LuaSocket to  make it
 easy to add secure connections to any Lua applications or scripts.
--- a/luasec-1.2.0-1.rockspec
+++ b/luasec-1.2.0-1.rockspec
@ -1,8 +1,8 @@
 package = "LuaSec"
-version = "1.3.0-1"
+version = "1.2.0-1"
 source = {
  url = "git+https://github.com/brunoos/luasec",
-  tag = "v1.3.0",
+  tag = "v1.2.0",
 }
 description = {
   summary = "A binding for OpenSSL library to provide TLS/SSL communication over LuaSocket.",
@ -87,7 +87,7 @@ build = {
                  "$(OPENSSL_BINDIR)",
               },
               libraries = {
-                  "libssl", "libcrypto", "ws2_32"
+                  "libssl32MD", "libcrypto32MD", "ws2_32"
               },
               incdirs = {
                  "$(OPENSSL_INCDIR)", "src/", "src/luasocket"
--- a/luasec.vcxproj
+++ b/luasec.vcxproj
@ -61,7 +61,7 @@
      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
    </ClCompile>
    <Link>
-      <AdditionalDependencies>ws2_32.lib;libssl.lib;libcrypto.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>ws2_32.lib;libeay32MDd.lib;ssleay32MDd.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
      <OutputFile>$(OutDir)ssl.dll</OutputFile>
      <AdditionalLibraryDirectories>C:\devel\openssl\lib\VC;C:\devel\lua-dll9;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
      <GenerateDebugInformation>true</GenerateDebugInformation>
@ -85,7 +85,7 @@
      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
    </ClCompile>
    <Link>
-      <AdditionalDependencies>ws2_32.lib;libssl.lib;libcrypto.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>ws2_32.lib;libssl32MD.lib;libcrypto32MD.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
      <OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile>
      <AdditionalLibraryDirectories>C:\devel\openssl-1.1.0\lib\VC;C:\devel\lua-5.1\lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
      <GenerateDebugInformation>true</GenerateDebugInformation>
--- a/samples/README
+++ b/samples/README
@ -45,9 +45,6 @@ Directories:
 * oneshot
 A simple connection example.
 * psk
 PSK(Pre Shared Key) support.
 * sni
 Support to SNI (Server Name Indication).
--- a/samples/certs/all.sh
+++ b/samples/certs/all.sh
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env sh
 ./rootA.sh
 ./rootB.sh
 ./clientA.sh
--- a/samples/certs/clientA.sh
+++ b/samples/certs/clientA.sh
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env sh
 openssl req -newkey rsa:2048 -sha256 -keyout clientAkey.pem -out clientAreq.pem \
  -nodes -config ./clientA.cnf -days 365 -batch
--- a/samples/certs/clientB.sh
+++ b/samples/certs/clientB.sh
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env sh
 openssl req -newkey rsa:2048 -sha256 -keyout clientBkey.pem -out clientBreq.pem \
  -nodes -config ./clientB.cnf -days 365 -batch
--- a/samples/certs/rootA.sh
+++ b/samples/certs/rootA.sh
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env sh
 openssl req -newkey rsa:2048 -sha256 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch
--- a/samples/certs/rootB.sh
+++ b/samples/certs/rootB.sh
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env sh
 openssl req -newkey rsa:2048 -sha256 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch
--- a/samples/certs/serverA.sh
+++ b/samples/certs/serverA.sh
@ -1,6 +1,6 @@
-#!/bin/sh
+#!/usr/bin/env sh
-openssl req -newkey rsa:2048 -sha256 -keyout serverAkey.pem -out serverAreq.pem \
+openssl req -newkey rsa:2048 -keyout serverAkey.pem -out serverAreq.pem \
   -config ./serverA.cnf -nodes -days 365 -batch
 openssl x509 -req -in serverAreq.pem -sha256 -extfile ./serverA.cnf \
--- a/samples/certs/serverB.sh
+++ b/samples/certs/serverB.sh
@ -1,6 +1,6 @@
-#!/bin/sh
+#!/usr/bin/env sh
-openssl req -newkey rsa:2048 -sha256 -keyout serverBkey.pem -out serverBreq.pem \
+openssl req -newkey rsa:2048 -keyout serverBkey.pem -out serverBreq.pem \
   -config ./serverB.cnf -nodes -days 365 -batch
 openssl x509 -req -in serverBreq.pem -sha256 -extfile ./serverB.cnf \
--- a/samples/psk/client.lua
+++ b/samples/psk/client.lua
@ -1,36 +0,0 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 -- @param hint (nil | string)
 -- @param max_identity_len (number)
 -- @param max_psk_len (number)
 -- @return identity (string)
 -- @return PSK (string)
 local function pskcb(hint, max_identity_len, max_psk_len)
   print(string.format("PSK Callback: hint=%q, max_identity_len=%d, max_psk_len=%d", hint, max_identity_len, max_psk_len))
   return "abcd", "1234"
 end
 local params = {
   mode = "client",
   protocol = "tlsv1_2",
   psk = pskcb,
 }
 local peer = socket.tcp()
 peer:connect("127.0.0.1", 8888)
 peer = assert( ssl.wrap(peer, params) )
 assert(peer:dohandshake())
 print("--- INFO ---")
 local info = peer:info()
 for k, v in pairs(info) do
   print(k, v)
 end
 print("---")
 peer:close()
--- a/samples/psk/server.lua
+++ b/samples/psk/server.lua
@ -1,55 +0,0 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 -- @param identity (string)
 -- @param max_psk_len (number)
 -- @return psk (string)
 local function pskcb(identity, max_psk_len)
   print(string.format("PSK Callback: identity=%q, max_psk_len=%d", identity, max_psk_len))
   if identity == "abcd" then
     return "1234"
  end
  return nil
 end
 local params = {
   mode = "server",
   protocol = "any",
   options = "all",
 -- PSK with just a callback
   psk = pskcb,
 -- PSK with identity hint
 --   psk = {
 --      hint = "hintpsksample",
 --      callback = pskcb,
 --   },
 }
 -- [[ SSL context
 local ctx = assert(ssl.newcontext(params))
 --]]
 local server = socket.tcp()
 server:setoption('reuseaddr', true)
 assert( server:bind("127.0.0.1", 8888) )
 server:listen()
 local peer = server:accept()
 peer = assert( ssl.wrap(peer, ctx) )
 assert( peer:dohandshake() )
 print("--- INFO ---")
 local info = peer:info()
 for k, v in pairs(info) do
   print(k, v)
 end
 print("---")
 peer:close()
 server:close()
--- a/src/compat.h
+++ b/src/compat.h
@ -1,7 +1,7 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.3.0
+ * LuaSec 1.2.0
 *
- * Copyright (C) 2006-2023 Bruno Silvestre
+ * Copyright (C) 2006-2022 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
--- a/src/config.c
+++ b/src/config.c
@ -1,7 +1,7 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.3.0
+ * LuaSec 1.2.0
 *
- * Copyright (C) 2006-2023 Bruno Silvestre
+ * Copyright (C) 2006-2022 Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
--- a/src/context.c
+++ b/src/context.c
@ -1,8 +1,9 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.3.0
+ * LuaSec 1.2.0
 *
- * Copyright (C) 2014-2023 Kim Alvefur, Paul Aurich, Tobias Markmann, Matthew Wild
+ * Copyright (C) 2014-2022 Kim Alvefur, Paul Aurich, Tobias Markmann, 
- * Copyright (C) 2006-2023 Bruno Silvestre
+ *                         Matthew Wild.
 * Copyright (C) 2006-2022 Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
@ -707,141 +708,6 @@ static int set_alpn_cb(lua_State *L)
  return 1;
 }
 /**
 * Callback to select the PSK.
 */
 static unsigned int server_psk_cb(SSL *ssl, const char *identity, unsigned char *psk,
  unsigned int max_psk_len)
 {
  size_t psk_len;
  const char *ret_psk;
  SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
  p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
  lua_State *L = pctx->L;
  luaL_getmetatable(L, "SSL:PSK:Registry");
  lua_pushlightuserdata(L, (void*)pctx->context);
  lua_gettable(L, -2);
  lua_pushstring(L, identity);
  lua_pushinteger(L, max_psk_len);
  lua_call(L, 2, 1);
  if (!lua_isstring(L, -1)) {
    lua_pop(L, 2);
    return 0;
  }
  ret_psk = lua_tolstring(L, -1, &psk_len);
  if (psk_len == 0 || psk_len > max_psk_len)
    psk_len = 0;
  else
    memcpy(psk, ret_psk, psk_len);
  lua_pop(L, 2);
  return psk_len;
 }
 /**
 * Set a PSK callback for server.
 */
 static int set_server_psk_cb(lua_State *L)
 {
  p_context ctx = checkctx(L, 1);
  luaL_getmetatable(L, "SSL:PSK:Registry");
  lua_pushlightuserdata(L, (void*)ctx->context);
  lua_pushvalue(L, 2);
  lua_settable(L, -3);
  SSL_CTX_set_psk_server_callback(ctx->context, server_psk_cb);
  lua_pushboolean(L, 1);
  return 1;
 }
 /*
 * Set the PSK indentity hint.
 */
 static int set_psk_identity_hint(lua_State *L)
 {
  p_context ctx = checkctx(L, 1);
  const char *hint = luaL_checkstring(L, 2);
  int ret = SSL_CTX_use_psk_identity_hint(ctx->context, hint);
  lua_pushboolean(L, ret);
  return 1;
 }
 /*
 * Client callback to PSK.
 */
 static unsigned int client_psk_cb(SSL *ssl, const char *hint, char *identity,
  unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)
 {
  size_t psk_len;
  size_t identity_len;
  const char *ret_psk;
  const char *ret_identity;
  SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
  p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
  lua_State *L = pctx->L;
  luaL_getmetatable(L, "SSL:PSK:Registry");
  lua_pushlightuserdata(L, (void*)pctx->context);
  lua_gettable(L, -2);
  if (hint)
    lua_pushstring(L, hint);
  else
    lua_pushnil(L);
  // Leave space to '\0'
  lua_pushinteger(L, max_identity_len-1);
  lua_pushinteger(L, max_psk_len);
  lua_call(L, 3, 2);
  if (!lua_isstring(L, -1) || !lua_isstring(L, -2)) {
    lua_pop(L, 3);
    return 0;
  }
  ret_identity = lua_tolstring(L, -2, &identity_len);
  ret_psk = lua_tolstring(L, -1, &psk_len);
  if (identity_len >= max_identity_len || psk_len > max_psk_len)
    psk_len = 0;
  else {
    memcpy(identity, ret_identity, identity_len);
    identity[identity_len] = 0;
    memcpy(psk, ret_psk, psk_len);
  }
  lua_pop(L, 3);
  return psk_len;
 }
 /**
 * Set a PSK callback for client.
 */
 static int set_client_psk_cb(lua_State *L) {
  p_context ctx = checkctx(L, 1);
  luaL_getmetatable(L, "SSL:PSK:Registry");
  lua_pushlightuserdata(L, (void*)ctx->context);
  lua_pushvalue(L, 2);
  lua_settable(L, -3);
  SSL_CTX_set_psk_client_callback(ctx->context, client_psk_cb);
  lua_pushboolean(L, 1);
  return 1;
 }
 #if defined(LSEC_ENABLE_DANE)
 /*
 * DANE
@ -893,9 +759,6 @@ static luaL_Reg funcs[] = {
  {"setdhparam",      set_dhparam},
  {"setverify",       set_verify},
  {"setoptions",      set_options},
  {"setpskhint",      set_psk_identity_hint},
  {"setserverpskcb",  set_server_psk_cb},
  {"setclientpskcb",  set_client_psk_cb},
  {"setmode",         set_mode},
 #if !defined(OPENSSL_NO_EC)
  {"setcurve",        set_curve},
@ -929,10 +792,6 @@ static int meth_destroy(lua_State *L)
    lua_pushlightuserdata(L, (void*)ctx->context);
    lua_pushnil(L);
    lua_settable(L, -3);
    luaL_getmetatable(L, "SSL:PSK:Registry");
    lua_pushlightuserdata(L, (void*)ctx->context);
    lua_pushnil(L);
    lua_settable(L, -3);
    SSL_CTX_free(ctx->context);
    ctx->context = NULL;
@ -1077,7 +936,6 @@ LSEC_API int luaopen_ssl_context(lua_State *L)
 {
  luaL_newmetatable(L, "SSL:DH:Registry");      /* Keep all DH callbacks   */
  luaL_newmetatable(L, "SSL:ALPN:Registry");    /* Keep all ALPN callbacks */
  luaL_newmetatable(L, "SSL:PSK:Registry");       /* Keep all PSK callbacks */
  luaL_newmetatable(L, "SSL:Verify:Registry");  /* Keep all verify flags   */
  luaL_newmetatable(L, "SSL:Context");
  setfuncs(L, meta);
--- a/src/context.h
+++ b/src/context.h
@ -2,9 +2,9 @@
 #define LSEC_CONTEXT_H
 /*--------------------------------------------------------------------------
- * LuaSec 1.3.0
+ * LuaSec 1.2.0
 *
- * Copyright (C) 2006-2023 Bruno Silvestre
+ * Copyright (C) 2006-2022 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
--- a/src/ec.c
+++ b/src/ec.c
@ -1,10 +1,3 @@
 /*--------------------------------------------------------------------------
 * LuaSec 1.3.0
 *
 * Copyright (C) 2006-2023 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
 #include <openssl/objects.h>
 #include "ec.h"
--- a/src/ec.h
+++ b/src/ec.h
@ -1,7 +1,7 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.3.0
+ * LuaSec 1.2.0
 *
- * Copyright (C) 2006-2023 Bruno Silvestre
+ * Copyright (C) 2006-2022 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
--- a/src/https.lua
+++ b/src/https.lua
@ -1,7 +1,6 @@
 ----------------------------------------------------------------------------
-- LuaSec 1.3.0
+-- LuaSec 1.2.0
--
+-- Copyright (C) 2009-2022 PUC-Rio
 -- Copyright (C) 2009-2023 PUC-Rio
 --
 -- Author: Pablo Musa
 -- Author: Tomas Guisasola
@ -19,8 +18,8 @@ local try    = socket.try
 -- Module
 --
 local _M = {
-  _VERSION   = "1.3.0",
+  _VERSION   = "1.2.0",
-  _COPYRIGHT = "LuaSec 1.3.0 - Copyright (C) 2009-2023 PUC-Rio",
+  _COPYRIGHT = "LuaSec 1.2.0 - Copyright (C) 2009-2022 PUC-Rio",
  PORT       = 443,
  TIMEOUT    = 60
 }
--- a/src/options.c
+++ b/src/options.c
@ -1,7 +1,7 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.3.0
+ * LuaSec 1.2.0
 *
- * Copyright (C) 2006-2023 Bruno Silvestre
+ * Copyright (C) 2006-2022 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
@ -13,7 +13,7 @@
 /* 
-  OpenSSL version: OpenSSL 3.0.8
+  OpenSSL version: OpenSSL 3.0.0-beta2
 */
 static lsec_ssl_option_t ssl_options[] = {
--- a/src/options.h
+++ b/src/options.h
@ -2,9 +2,9 @@
 #define LSEC_OPTIONS_H
 /*--------------------------------------------------------------------------
- * LuaSec 1.3.0
+ * LuaSec 1.2.0
 *
- * Copyright (C) 2006-2023 Bruno Silvestre
+ * Copyright (C) 2006-2022 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
--- a/src/options.lua
+++ b/src/options.lua
@ -18,9 +18,9 @@ end
 local function generate(options, version)
  print([[
 /*--------------------------------------------------------------------------
- * LuaSec 1.3.0
+ * LuaSec 1.2.0
 *
- * Copyright (C) 2006-2023 Bruno Silvestre
+ * Copyright (C) 2006-2022 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
--- a/src/ssl.c
+++ b/src/ssl.c
@ -1,8 +1,9 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.3.0
+ * LuaSec 1.2.0
 *
- * Copyright (C) 2014-2023 Kim Alvefur, Paul Aurich, Tobias Markmann, Matthew Wild
+ * Copyright (C) 2014-2022 Kim Alvefur, Paul Aurich, Tobias Markmann, 
- * Copyright (C) 2006-2023 Bruno Silvestre
+ *                         Matthew Wild.
 * Copyright (C) 2006-2022 Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
@ -947,7 +948,7 @@ static int meth_getalpn(lua_State *L)
 static int meth_copyright(lua_State *L)
 {
-  lua_pushstring(L, "LuaSec 1.3.0 - Copyright (C) 2006-2023 Bruno Silvestre, UFG"
+  lua_pushstring(L, "LuaSec 1.2.0 - Copyright (C) 2006-2022 Bruno Silvestre, UFG"
 #if defined(WITH_LUASOCKET)
                    "\nLuaSocket 3.0-RC1 - Copyright (C) 2004-2013 Diego Nehab"
 #endif
--- a/src/ssl.h
+++ b/src/ssl.h
@ -2,9 +2,9 @@
 #define LSEC_SSL_H
 /*--------------------------------------------------------------------------
- * LuaSec 1.3.0
+ * LuaSec 1.2.0
 *
- * Copyright (C) 2006-2023 Bruno Silvestre
+ * Copyright (C) 2006-2022 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
--- a/src/ssl.lua
+++ b/src/ssl.lua
@ -1,7 +1,7 @@
 ------------------------------------------------------------------------------
-- LuaSec 1.3.0
+-- LuaSec 1.2.0
 --
-- Copyright (C) 2006-2023 Bruno Silvestre
+-- Copyright (C) 2006-2022 Bruno Silvestre
 --
 ------------------------------------------------------------------------------
@ -201,33 +201,6 @@ local function newcontext(cfg)
      if not succ then return nil, msg end
   end
   -- PSK
   if cfg.psk then
      if cfg.mode == "client" then
         if type(cfg.psk) ~= "function" then
            return nil, "invalid PSK configuration"
         end
         succ = context.setclientpskcb(ctx, cfg.psk)
         if not succ then return nil, msg end
      elseif cfg.mode == "server" then
         if type(cfg.psk) == "function" then
            succ, msg = context.setserverpskcb(ctx, cfg.psk)
            if not succ then return nil, msg end
         elseif type(cfg.psk) == "table" then
            if type(cfg.psk.hint) == "string" and type(cfg.psk.callback) == "function" then
               succ, msg = context.setpskhint(ctx, cfg.psk.hint)
               if not succ then return succ, msg end
               succ = context.setserverpskcb(ctx, cfg.psk.callback)
               if not succ then return succ, msg end
            else
               return nil, "invalid PSK configuration"
            end
         else
            return nil, "invalid PSK configuration"
         end
      end
   end
   if config.capabilities.dane and cfg.dane then
      if type(cfg.dane) == "table" then
         context.setdane(ctx, unpack(cfg.dane))
@ -302,7 +275,7 @@ core.setmethod("info", info)
 --
 local _M = {
-  _VERSION        = "1.3.0",
+  _VERSION        = "1.2.0",
  _COPYRIGHT      = core.copyright(),
  config          = config,
  loadcertificate = x509.load,
--- a/src/x509.c
+++ b/src/x509.c
@ -1,8 +1,8 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.3.0
+ * LuaSec 1.2.0
 *
- * Copyright (C) 2014-2023 Kim Alvefur, Paul Aurich, Tobias Markmann, Matthew Wild
+ * Copyright (C) 2014-2022 Kim Alvefur, Paul Aurich, Tobias Markmann
- * Copyright (C) 2014-2023 Bruno Silvestre
+ *                         Matthew Wild, Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
--- a/src/x509.h
+++ b/src/x509.h
@ -1,8 +1,8 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.3.0
+ * LuaSec 1.2.0
 *
- * Copyright (C) 2014-2023 Kim Alvefur, Paul Aurich, Tobias Markmann, Matthew Wild
+ * Copyright (C) 2014-2022 Kim Alvefur, Paul Aurich, Tobias Markmann
- * Copyright (C) 2013-2023 Bruno Silvestre
+ *                         Matthew Wild, Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
`@ -1,4 +1,4 @@`
	`#!/bin/sh`	`#!/usr/bin/env sh`

	`openssl req -newkey rsa:2048 -sha256 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch`	`openssl req -newkey rsa:2048 -sha256 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch`