1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
local socket = require "socket";
local ssl = require "ssl";
local dns = require "lunbound".new();
local cfg = {
protocol = "tlsv1_2",
mode = "client",
ciphers = "DEFAULT",
capath = "/etc/ssl/certs",
verify = "peer",
dane = true,
};
local function daneconnect(host, port)
port = port or "443";
local conn = ssl.wrap(socket.connect(host, port), cfg);
local tlsa = dns:resolve("_" .. port .. "._tcp." .. host, 52);
assert(tlsa.secure, "Insecure DNS");
assert(conn:setdane(host));
for i = 1, tlsa.n do
local usage, selector, mtype = tlsa[i] :byte(1, 3);
assert(conn:settlsa(usage, selector, mtype, tlsa[i] :sub(4, - 1)));
end
assert(conn:dohandshake());
return conn;
end
if not ... then
print("Usage: client.lua example.com [port]");
return os.exit(1);
end
local conn = daneconnect(...);
print(conn:getpeerverification());
|
