1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local function readfile(filename)
local fd = assert(io.open(filename))
local dh = fd:read("*a")
fd:close()
return dh
end
local function dhparam_cb(export, keylength)
print("---")
print("DH Callback")
print("Export", export)
print("Key length", keylength)
print("---")
local filename
if keylength == 512 then
filename = "dh-512.pem"
elseif keylength == 1024 then
filename = "dh-1024.pem"
else
-- No key
return nil
end
return readfile(filename)
end
local params = {
mode = "server",
protocol = "any",
key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = "all",
dhparam = dhparam_cb,
}
-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
--]]
peer:send("oneshot test\n")
peer:close()
|
