summaryrefslogtreecommitdiff
path: root/sample
diff options
context:
space:
mode:
authorgotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2007-12-24 07:31:23 +0000
committergotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2007-12-24 07:31:23 +0000
commita3bfedac36e946790c966c0319765479df770e4b (patch)
tree65a7e313612bef6245f1f0052308aace47e0da84 /sample
parent8fd40444465a6165f08490269f8e0b142edc2824 (diff)
* sample/openssl: reviewed and remove dependency on getopts.rb.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14583 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'sample')
-rw-r--r--sample/openssl/cert_store_view.rb911
-rw-r--r--sample/openssl/echo_cli.rb21
-rw-r--r--sample/openssl/echo_svr.rb15
-rw-r--r--sample/openssl/gen_csr.rb12
-rw-r--r--sample/openssl/smime_read.rb10
-rw-r--r--sample/openssl/smime_write.rb10
-rw-r--r--sample/openssl/wget.rb17
7 files changed, 49 insertions, 947 deletions
diff --git a/sample/openssl/cert_store_view.rb b/sample/openssl/cert_store_view.rb
deleted file mode 100644
index 26c4d527f76..00000000000
--- a/sample/openssl/cert_store_view.rb
+++ /dev/null
@@ -1,911 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'fox'
-require 'openssl'
-require 'time'
-require 'certstore'
-require 'getopts'
-
-include Fox
-
-module CertDumpSupport
- def cert_label(cert)
- subject_alt_name =
- cert.extensions.find { |ext| ext.oid == 'subjectAltName' }
- if subject_alt_name
- subject_alt_name.value.split(/\s*,\s/).each do |alt_name_pair|
- alt_tag, alt_name = alt_name_pair.split(/:/)
- return alt_name
- end
- end
- name_label(cert.subject)
- end
-
- def name_label(name)
- ary = name.to_a
- if (cn = ary.find { |rdn| rdn[0] == 'CN' })
- return cn[1]
- end
- if ary.last[0] == 'OU'
- return ary.last[1]
- end
- name.to_s
- end
-
- def name_text(name)
- name.to_a.collect { |tag, value|
- "#{tag} = #{value}"
- }.reverse.join("\n")
- end
-
- def bn_label(bn)
- ("0" << sprintf("%X", bn)).scan(/../).join(" ")
- end
-end
-
-class CertDump
- include CertDumpSupport
-
- def initialize(cert)
- @cert = cert
- end
-
- def get_dump(tag)
- case tag
- when 'Version'
- version
- when 'Serial'
- serial
- when 'Signature Algorithm'
- signature_algorithm
- when 'Issuer'
- issuer
- when 'Validity'
- validity
- when 'Not before'
- not_before
- when 'Not after'
- not_after
- when 'Subject'
- subject
- when 'Public key'
- public_key
- else
- ext(tag)
- end
- end
-
- def get_dump_line(tag)
- case tag
- when 'Version'
- version_line
- when 'Serial'
- serial_line
- when 'Signature Algorithm'
- signature_algorithm_line
- when 'Subject'
- subject_line
- when 'Issuer'
- issuer_line
- when 'Validity'
- validity_line
- when 'Not before'
- not_before_line
- when 'Not after'
- not_after_line
- when 'Public key'
- public_key_line
- else
- ext_line(tag)
- end
- end
-
-private
-
- def version
- "Version: #{@cert.version + 1}"
- end
-
- def version_line
- version
- end
-
- def serial
- bn_label(@cert.serial)
- end
-
- def serial_line
- serial
- end
-
- def signature_algorithm
- @cert.signature_algorithm
- end
-
- def signature_algorithm_line
- signature_algorithm
- end
-
- def subject
- name_text(@cert.subject)
- end
-
- def subject_line
- @cert.subject.to_s
- end
-
- def issuer
- name_text(@cert.issuer)
- end
-
- def issuer_line
- @cert.issuer.to_s
- end
-
- def validity
- <<EOS
-Not before: #{not_before}
-Not after: #{not_after}
-EOS
- end
-
- def validity_line
- "from #{@cert.not_before.iso8601} to #{@cert.not_after.iso8601}"
- end
-
- def not_before
- @cert.not_before.to_s
- end
-
- def not_before_line
- not_before
- end
-
- def not_after
- @cert.not_after.to_s
- end
-
- def not_after_line
- not_after
- end
-
- def public_key
- @cert.public_key.to_text
- end
-
- def public_key_line
- "#{@cert.public_key.class} -- " << public_key.scan(/\A[^\n]*/)[0] << '...'
- end
-
- def ext(tag)
- @cert.extensions.each do |ext|
- if ext.oid == tag
- return ext_detail(tag, ext.value)
- end
- end
- "(unknown)"
- end
-
- def ext_line(tag)
- ext(tag).tr("\r\n", '')
- end
-
- def ext_detail(tag, value)
- value
- end
-end
-
-class CrlDump
- include CertDumpSupport
-
- def initialize(crl)
- @crl = crl
- end
-
- def get_dump(tag)
- case tag
- when 'Version'
- version
- when 'Signature Algorithm'
- signature_algorithm
- when 'Issuer'
- issuer
- when 'Last update'
- last_update
- when 'Next update'
- next_update
- else
- ext(tag)
- end
- end
-
- def get_dump_line(tag)
- case tag
- when 'Version'
- version_line
- when 'Signature Algorithm'
- signature_algorithm_line
- when 'Issuer'
- issuer_line
- when 'Last update'
- last_update_line
- when 'Next update'
- next_update_line
- else
- ext_line(tag)
- end
- end
-
-private
-
- def version
- "Version: #{@crl.version + 1}"
- end
-
- def version_line
- version
- end
-
- def signature_algorithm
- @crl.signature_algorithm
- end
-
- def signature_algorithm_line
- signature_algorithm
- end
-
- def issuer
- name_text(@crl.issuer)
- end
-
- def issuer_line
- @crl.issuer.to_s
- end
-
- def last_update
- @crl.last_update.to_s
- end
-
- def last_update_line
- last_update
- end
-
- def next_update
- @crl.next_update.to_s
- end
-
- def next_update_line
- next_update
- end
-
- def ext(tag)
- @crl.extensions.each do |ext|
- if ext.oid == tag
- return ext_detail(tag, ext.value)
- end
- end
- "(unknown)"
- end
-
- def ext_line(tag)
- ext(tag).tr("\r\n", '')
- end
-
- def ext_detail(tag, value)
- value
- end
-end
-
-class RevokedDump
- include CertDumpSupport
-
- def initialize(revoked)
- @revoked = revoked
- end
-
- def get_dump(tag)
- case tag
- when 'Serial'
- serial
- when 'Time'
- time
- else
- ext(tag)
- end
- end
-
- def get_dump_line(tag)
- case tag
- when 'Serial'
- serial_line
- when 'Time'
- time_line
- else
- ext_line(tag)
- end
- end
-
-private
-
- def serial
- bn_label(@revoked.serial)
- end
-
- def serial_line
- serial
- end
-
- def time
- @revoked.time.to_s
- end
-
- def time_line
- time
- end
-
- def ext(tag)
- @revoked.extensions.each do |ext|
- if ext.oid == tag
- return ext_detail(tag, ext.value)
- end
- end
- "(unknown)"
- end
-
- def ext_line(tag)
- ext(tag).tr("\r\n", '')
- end
-
- def ext_detail(tag, value)
- value
- end
-end
-
-class RequestDump
- include CertDumpSupport
-
- def initialize(req)
- @req = req
- end
-
- def get_dump(tag)
- case tag
- when 'Version'
- version
- when 'Signature Algorithm'
- signature_algorithm
- when 'Subject'
- subject
- when 'Public key'
- public_key
- else
- attributes(tag)
- end
- end
-
- def get_dump_line(tag)
- case tag
- when 'Version'
- version_line
- when 'Signature Algorithm'
- signature_algorithm_line
- when 'Subject'
- subject_line
- when 'Public key'
- public_key_line
- else
- attributes_line(tag)
- end
- end
-
-private
-
- def version
- "Version: #{@req.version + 1}"
- end
-
- def version_line
- version
- end
-
- def signature_algorithm
- @req.signature_algorithm
- end
-
- def signature_algorithm_line
- signature_algorithm
- end
-
- def subject
- name_text(@req.subject)
- end
-
- def subject_line
- @req.subject.to_s
- end
-
- def public_key
- @req.public_key.to_text
- end
-
- def public_key_line
- "#{@req.public_key.class} -- " << public_key.scan(/\A[^\n]*/)[0] << '...'
- end
-
- def attributes(tag)
- "(unknown)"
- end
-
- def attributes_line(tag)
- attributes(tag).tr("\r\n", '')
- end
-end
-
-class CertStoreView < FXMainWindow
- class CertTree
- include CertDumpSupport
-
- def initialize(observer, tree)
- @observer = observer
- @tree = tree
- @tree.connect(SEL_COMMAND) do |sender, sel, item|
- if item.data
- @observer.getApp().beginWaitCursor do
- @observer.show_item(item.data)
- end
- else
- @observer.show_item(nil)
- end
- end
- end
-
- def show(cert_store)
- @tree.clearItems
- @self_signed_ca_node = add_item_last(nil, "Trusted root CA")
- @other_ca_node = add_item_last(nil, "Intermediate CA")
- @ee_node = add_item_last(nil, "Personal")
- @crl_node = add_item_last(nil, "CRL")
- @request_node = add_item_last(nil, "Request")
- @verify_path_node = add_item_last(nil, "Certification path")
- show_certs(cert_store)
- end
-
- def show_certs(cert_store)
- remove_items(@self_signed_ca_node)
- remove_items(@other_ca_node)
- remove_items(@ee_node)
- remove_items(@crl_node)
- remove_items(@request_node)
- import_certs(cert_store)
- end
-
- def show_request(req)
- node = add_item_last(@request_node, name_label(req.subject), req)
- @tree.selectItem(node)
- @observer.show_item(req)
- end
-
- def show_verify_path(verify_path)
- add_verify_path(verify_path)
- end
-
- private
-
- def open_node(node)
- node.expanded = node.opened = true
- end
-
- def close_node(node)
- node.expanded = node.opened = false
- end
-
- def import_certs(cert_store)
- cert_store.self_signed_ca.each do |cert|
- add_item_last(@self_signed_ca_node, cert_label(cert), cert)
- end
- cert_store.other_ca.each do |cert|
- add_item_last(@other_ca_node, cert_label(cert), cert)
- end
- cert_store.ee.each do |cert|
- add_item_last(@ee_node, cert_label(cert), cert)
- end
- cert_store.crl.each do |crl|
- node = add_item_last(@crl_node, name_label(crl.issuer), crl)
- close_node(node)
- crl.revoked.each do |revoked|
- add_item_last(node, bn_label(revoked.serial), revoked)
- end
- end
- cert_store.request.each do |req|
- add_item_last(@requestnode, name_label(req.subject), req)
- end
- end
-
- def add_verify_path(verify_path)
- node = @verify_path_node
- last_cert = nil
- verify_path.reverse_each do |ok, cert, crl_check, error_string|
- warn = []
- if @observer.cert_store.is_ca?(cert)
- warn << 'NO ARL' unless crl_check
- else
- warn << 'NO CRL' unless crl_check
- end
- warn_str = '(' << warn.join(", ") << ')'
- warn_mark = warn.empty? ? '' : '!'
- label = if ok
- "OK#{warn_mark}..." + cert_label(cert)
- else
- "NG(#{error_string})..." + cert_label(cert)
- end
- label << warn_str unless warn.empty?
- node = add_item_last(node, label, cert)
- node.expanded = true
- last_cert = cert
- end
- if last_cert
- @tree.selectItem(node)
- @observer.show_item(last_cert)
- end
- end
-
- def add_item_last(parent, label, obj = nil)
- node = @tree.addItemLast(parent, FXTreeItem.new(label))
- node.data = obj if obj
- open_node(node)
- node
- end
-
- def remove_items(node)
- while node.getNumChildren > 0
- @tree.removeItem(node.getFirst)
- end
- end
- end
-
- class CertInfo
- def initialize(observer, table)
- @observer = observer
- @table = table
- @table.leadingRows = 0
- @table.leadingCols = 0
- @table.trailingRows = 0
- @table.trailingCols = 0
- @table.showVertGrid(false)
- @table.showHorzGrid(false)
- @table.setTableSize(1, 2)
- @table.setColumnWidth(0, 125)
- @table.setColumnWidth(1, 350)
- end
-
- def show(item)
- @observer.show_detail(nil, nil)
- if item.nil?
- set_column_size(1)
- return
- end
- case item
- when OpenSSL::X509::Certificate
- show_cert(item)
- when OpenSSL::X509::CRL
- show_crl(item)
- when OpenSSL::X509::Revoked
- show_revoked(item)
- when OpenSSL::X509::Request
- show_request(item)
- else
- raise NotImplementedError.new("Unknown item type #{item.class}.")
- end
- end
-
- private
-
- def show_cert(cert)
- wrap = CertDump.new(cert)
- items = []
- items << ['Version', wrap.get_dump_line('Version')]
- items << ['Signature Algorithm', wrap.get_dump_line('Signature Algorithm')]
- items << ['Issuer', wrap.get_dump_line('Issuer')]
- items << ['Serial', wrap.get_dump_line('Serial')]
- #items << ['Not before', wrap.get_dump_line('Not before')]
- #items << ['Not after', wrap.get_dump_line('Not after')]
- items << ['Subject', wrap.get_dump_line('Subject')]
- items << ['Public key', wrap.get_dump_line('Public key')]
- items << ['Validity', wrap.get_dump_line('Validity')]
- (cert.extensions.sort { |a, b| a.oid <=> b.oid }).each do |ext|
- items << [ext.oid, wrap.get_dump_line(ext.oid)]
- end
- show_items(cert, items)
- end
-
- def show_crl(crl)
- wrap = CrlDump.new(crl)
- items = []
- items << ['Version', wrap.get_dump_line('Version')]
- items << ['Signature Algorithm', wrap.get_dump_line('Signature Algorithm')]
- items << ['Issuer', wrap.get_dump_line('Issuer')]
- items << ['Last update', wrap.get_dump_line('Last update')]
- items << ['Next update', wrap.get_dump_line('Next update')]
- crl.extensions.each do |ext|
- items << [ext.oid, wrap.get_dump_line(ext.oid)]
- end
- show_items(crl, items)
- end
-
- def show_revoked(revoked)
- wrap = RevokedDump.new(revoked)
- items = []
- items << ['Serial', wrap.get_dump_line('Serial')]
- items << ['Time', wrap.get_dump_line('Time')]
- revoked.extensions.each do |ext|
- items << [ext.oid, wrap.get_dump_line(ext.oid)]
- end
- show_items(revoked, items)
- end
-
- def show_request(req)
- wrap = RequestDump.new(req)
- items = []
- items << ['Version', wrap.get_dump_line('Version')]
- items << ['Signature Algorithm', wrap.get_dump_line('Signature Algorithm')]
- items << ['Subject', wrap.get_dump_line('Subject')]
- items << ['Public key', wrap.get_dump_line('Public key')]
- req.attributes.each do |attr|
- items << [attr.attr, wrap.get_dump_line(attr.oid)]
- end
- show_items(req, items)
- end
-
- def show_items(obj, items)
- set_column_size(items.size)
- items.each_with_index do |ele, idx|
- tag, value = ele
- @table.setItemText(idx, 0, tag)
- @table.getItem(idx, 0).data = tag
- @table.setItemText(idx, 1, value.to_s)
- @table.getItem(idx, 1).data = tag
- end
- @table.connect(SEL_COMMAND) do |sender, sel, loc|
- item = @table.getItem(loc.row, loc.col)
- @observer.show_detail(obj, item.data)
- end
- justify_table
- end
-
- def set_column_size(size)
- col0_width = @table.getColumnWidth(0)
- col1_width = @table.getColumnWidth(1)
- @table.setTableSize(size, 2)
- @table.setColumnWidth(0, col0_width)
- @table.setColumnWidth(1, col1_width)
- end
-
- def justify_table
- for col in 0..@table.numCols-1
- for row in 0..@table.numRows-1
- @table.getItem(row, col).justify = FXTableItem::LEFT
- end
- end
- end
- end
-
- class CertDetail
- def initialize(observer, detail)
- @observer = observer
- @detail = detail
- end
-
- def show(item, tag)
- if item.nil?
- @detail.text = ''
- return
- end
- case item
- when OpenSSL::X509::Certificate
- show_cert(item, tag)
- when OpenSSL::X509::CRL
- show_crl(item, tag)
- when OpenSSL::X509::Revoked
- show_revoked(item, tag)
- when OpenSSL::X509::Request
- show_request(item, tag)
- else
- raise NotImplementedError.new("Unknown item type #{item.class}.")
- end
- end
-
- private
-
- def show_cert(cert, tag)
- wrap = CertDump.new(cert)
- @detail.text = wrap.get_dump(tag)
- end
-
- def show_crl(crl, tag)
- wrap = CrlDump.new(crl)
- @detail.text = wrap.get_dump(tag)
- end
-
- def show_revoked(revoked, tag)
- wrap = RevokedDump.new(revoked)
- @detail.text = wrap.get_dump(tag)
- end
-
- def show_request(request, tag)
- wrap = RequestDump.new(request)
- @detail.text = wrap.get_dump(tag)
- end
- end
-
- attr_reader :cert_store
-
- def initialize(app, cert_store)
- @cert_store = cert_store
- @verify_filter = 0
- @verify_filename = nil
- full_width = 800
- full_height = 500
- horz_pos = 300
-
- super(app, "Certificate store", nil, nil, DECOR_ALL, 0, 0, full_width,
- full_height)
-
- FXTooltip.new(self.getApp())
-
- menubar = FXMenubar.new(self, LAYOUT_SIDE_TOP|LAYOUT_FILL_X)
- file_menu = FXMenuPane.new(self)
- FXMenuTitle.new(menubar, "&File", nil, file_menu)
- file_open_menu = FXMenuPane.new(self)
- FXMenuCommand.new(file_open_menu, "&Directory\tCtl-O").connect(SEL_COMMAND,
- method(:on_cmd_file_open_dir))
- FXMenuCascade.new(file_menu, "&Open\tCtl-O", nil, file_open_menu)
- FXMenuCommand.new(file_menu, "&Quit\tCtl-Q", nil, getApp(), FXApp::ID_QUIT)
-
- tool_menu = FXMenuPane.new(self)
- FXMenuTitle.new(menubar, "&Tool", nil, tool_menu)
- FXMenuCommand.new(tool_menu, "&Verify\tCtl-N").connect(SEL_COMMAND,
- method(:on_cmd_tool_verify))
- FXMenuCommand.new(tool_menu, "&Show Request\tCtl-R").connect(SEL_COMMAND,
- method(:on_cmd_tool_request))
-
- base_frame = FXHorizontalFrame.new(self, LAYOUT_FILL_X | LAYOUT_FILL_Y)
- splitter_horz = FXSplitter.new(base_frame, LAYOUT_SIDE_TOP | LAYOUT_FILL_X |
- LAYOUT_FILL_Y | SPLITTER_TRACKING | SPLITTER_HORIZONTAL)
-
- # Cert tree
- cert_tree_frame = FXHorizontalFrame.new(splitter_horz, LAYOUT_FILL_X |
- LAYOUT_FILL_Y | FRAME_SUNKEN | FRAME_THICK)
- cert_tree_frame.setWidth(horz_pos)
- cert_tree = FXTreeList.new(cert_tree_frame, 0, nil, 0,
- TREELIST_BROWSESELECT | TREELIST_SHOWS_LINES | TREELIST_SHOWS_BOXES |
- TREELIST_ROOT_BOXES | LAYOUT_FILL_X | LAYOUT_FILL_Y)
- @cert_tree = CertTree.new(self, cert_tree)
-
- # Cert info
- splitter_vert = FXSplitter.new(splitter_horz, LAYOUT_SIDE_TOP |
- LAYOUT_FILL_X | LAYOUT_FILL_Y | SPLITTER_TRACKING | SPLITTER_VERTICAL |
- SPLITTER_REVERSED)
- cert_list_base = FXVerticalFrame.new(splitter_vert, LAYOUT_FILL_X |
- LAYOUT_FILL_Y, 0,0,0,0, 0,0,0,0)
- cert_list_frame = FXHorizontalFrame.new(cert_list_base, FRAME_SUNKEN |
- FRAME_THICK | LAYOUT_FILL_X | LAYOUT_FILL_Y)
- cert_info = FXTable.new(cert_list_frame, 2, 10, nil, 0, FRAME_SUNKEN |
- TABLE_COL_SIZABLE | LAYOUT_FILL_X | LAYOUT_FILL_Y, 0, 0, 0, 0, 2, 2, 2, 2)
- @cert_info = CertInfo.new(self, cert_info)
-
- cert_detail_base = FXVerticalFrame.new(splitter_vert, LAYOUT_FILL_X |
- LAYOUT_FILL_Y, 0,0,0,0, 0,0,0,0)
- cert_detail_frame = FXHorizontalFrame.new(cert_detail_base, FRAME_SUNKEN |
- FRAME_THICK | LAYOUT_FILL_X | LAYOUT_FILL_Y)
- cert_detail = FXText.new(cert_detail_frame, nil, 0, TEXT_READONLY |
- LAYOUT_FILL_X | LAYOUT_FILL_Y)
- @cert_detail = CertDetail.new(self, cert_detail)
-
- show_init
- end
-
- def create
- super
- show(PLACEMENT_SCREEN)
- end
-
- def show_init
- @cert_tree.show(@cert_store)
- show_item(nil)
- end
-
- def show_certs
- @cert_tree.show_certs(@cert_store)
- end
-
- def show_request(req)
- @cert_tree.show_request(req)
- end
-
- def show_verify_path(verify_path)
- @cert_tree.show_verify_path(verify_path)
- end
-
- def show_item(item)
- @cert_info.show(item) if @cert_info
- end
-
- def show_detail(item, tag)
- @cert_detail.show(item, tag) if @cert_detail
- end
-
- def verify(certfile)
- path = verify_certfile(certfile)
- show_certs # CRL could be change.
- show_verify_path(path)
- end
-
-private
-
- def on_cmd_file_open_dir(sender, sel, ptr)
- dir = FXFileDialog.getOpenDirectory(self, "Open certificate directory", ".")
- unless dir.empty?
- begin
- @cert_store = CertStore.new(dir)
- rescue
- show_error($!)
- end
- show_init
- end
- 1
- end
-
- def on_cmd_tool_verify(sender, sel, ptr)
- dialog = FXFileDialog.new(self, "Verify certificate")
- dialog.filename = ''
- dialog.patternList = ["All Files (*)", "PEM formatted certificate (*.pem)"]
- dialog.currentPattern = @verify_filter
- if dialog.execute != 0
- @verify_filename = dialog.filename
- verify(@verify_filename)
- end
- @verify_filter = dialog.currentPattern
- 1
- end
-
- def on_cmd_tool_request(sender, sel, ptr)
- dialog = FXFileDialog.new(self, "Show request")
- dialog.filename = ''
- dialog.patternList = ["All Files (*)", "PEM formatted certificate (*.pem)"]
- if dialog.execute != 0
- req = @cert_store.generate_cert(dialog.filename)
- show_request(req)
- end
- 1
- end
-
- def verify_certfile(filename)
- begin
- cert = @cert_store.generate_cert(filename)
- result = @cert_store.verify(cert)
- @cert_store.scan_certs
- result
- rescue
- show_error($!)
- []
- end
- end
-
- def show_error(e)
- msg = e.inspect + "\n" + e.backtrace.join("\n")
- FXMessageBox.error(self, MBOX_OK, "Error", msg)
- end
-end
-
-getopts nil, "cert:"
-
-certs_dir = ARGV.shift or raise "#{$0} cert_dir"
-certfile = $OPT_cert
-app = FXApp.new("CertStore", "FoxTest")
-cert_store = CertStore.new(certs_dir)
-w = CertStoreView.new(app, cert_store)
-app.create
-if certfile
- w.verify(certfile)
-end
-app.run
diff --git a/sample/openssl/echo_cli.rb b/sample/openssl/echo_cli.rb
index 29b356a7ad4..069a21ec944 100644
--- a/sample/openssl/echo_cli.rb
+++ b/sample/openssl/echo_cli.rb
@@ -2,15 +2,15 @@
require 'socket'
require 'openssl'
-require 'getopts'
+require 'optparse'
-getopts nil, "p:2000", "c:", "k:", "C:"
+options = ARGV.getopts("p:c:k:C:")
host = ARGV[0] || "localhost"
-port = $OPT_p
-cert_file = $OPT_c
-key_file = $OPT_k
-ca_path = $OPT_C
+port = options["p"] || "2000"
+cert_file = options["c"]
+key_file = options["k"]
+ca_path = options["C"]
ctx = OpenSSL::SSL::SSLContext.new()
if cert_file && key_file
@@ -27,11 +27,18 @@ end
s = TCPSocket.new(host, port)
ssl = OpenSSL::SSL::SSLSocket.new(s, ctx)
ssl.connect # start SSL session
+p ssl.peer_cert
+errors = Hash.new
+OpenSSL::X509.constants.grep(/^V_(ERR_|OK)/).each do |name|
+ errors[OpenSSL::X509.const_get(name)] = name
+end
+p errors[ssl.verify_result]
+
ssl.sync_close = true # if true the underlying socket will be
# closed in SSLSocket#close. (default: false)
while line = $stdin.gets
ssl.write line
- print ssl.gets
+ puts ssl.gets.inspect
end
ssl.close
diff --git a/sample/openssl/echo_svr.rb b/sample/openssl/echo_svr.rb
index be8e10fa26c..719de6be843 100644
--- a/sample/openssl/echo_svr.rb
+++ b/sample/openssl/echo_svr.rb
@@ -2,14 +2,14 @@
require 'socket'
require 'openssl'
-require 'getopts'
+require 'optparse'
-getopts nil, "p:2000", "c:", "k:", "C:"
+options = ARGV.getopts("p:c:k:C:")
-port = $OPT_p
-cert_file = $OPT_c
-key_file = $OPT_k
-ca_path = $OPT_C
+port = options["p"] || "2000"
+cert_file = options["c"]
+key_file = options["k"]
+ca_path = options["C"]
if cert_file && key_file
cert = OpenSSL::X509::Certificate.new(File::read(cert_file))
@@ -55,8 +55,11 @@ tcps = TCPServer.new(port)
ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
loop do
ns = ssls.accept
+ puts "connected from #{ns.peeraddr}"
while line = ns.gets
+ puts line.inspect
ns.write line
end
+ puts "connection closed"
ns.close
end
diff --git a/sample/openssl/gen_csr.rb b/sample/openssl/gen_csr.rb
index d3da5741bcd..4228707fdb2 100644
--- a/sample/openssl/gen_csr.rb
+++ b/sample/openssl/gen_csr.rb
@@ -1,6 +1,6 @@
#!/usr/bin/env ruby
-require 'getopts'
+require 'optparse'
require 'openssl'
include OpenSSL
@@ -14,10 +14,10 @@ EOS
exit
end
-getopts nil, "key:", "csrout:", "keyout:"
-keypair_file = $OPT_key
-csrout = $OPT_csrout || "csr.pem"
-keyout = $OPT_keyout || "keypair.pem"
+options = ARGV.getopts(nil, "key:", "csrout:", "keyout:")
+keypair_file = options["key"]
+csrout = options["csrout"] || "csr.pem"
+keyout = options["keyout"] || "keypair.pem"
$stdout.sync = true
name_str = ARGV.shift or usage()
@@ -47,3 +47,5 @@ puts "Writing #{csrout}..."
File.open(csrout, "w") do |f|
f << req.to_pem
end
+puts req.to_text
+puts req.to_pem
diff --git a/sample/openssl/smime_read.rb b/sample/openssl/smime_read.rb
index 0f08f54f7e2..17394f9b8d3 100644
--- a/sample/openssl/smime_read.rb
+++ b/sample/openssl/smime_read.rb
@@ -1,12 +1,12 @@
-require 'getopts'
+require 'optparse'
require 'openssl'
include OpenSSL
-getopts nil, "c:", "k:", "C:"
+options = ARGV.getopts("c:k:C:")
-cert_file = $OPT_c
-key_file = $OPT_k
-ca_path = $OPT_C
+cert_file = options["c"]
+key_file = options["k"]
+ca_path = options["C"]
data = $stdin.read
diff --git a/sample/openssl/smime_write.rb b/sample/openssl/smime_write.rb
index ce32cd8146e..535b3d6685f 100644
--- a/sample/openssl/smime_write.rb
+++ b/sample/openssl/smime_write.rb
@@ -1,12 +1,12 @@
require 'openssl'
-require 'getopts'
+require 'optparse'
include OpenSSL
-getopts nil, "c:", "k:", "r:"
+options = ARGV.getopts("c:k:r:")
-cert_file = $OPT_c
-key_file = $OPT_k
-rcpt_file = $OPT_r
+cert_file = options["c"]
+key_file = options["k"]
+rcpt_file = options["r"]
cert = X509::Certificate.new(File::read(cert_file))
key = PKey::RSA.new(File::read(key_file))
diff --git a/sample/openssl/wget.rb b/sample/openssl/wget.rb
index 0362ab980d7..ee637204dbe 100644
--- a/sample/openssl/wget.rb
+++ b/sample/openssl/wget.rb
@@ -1,11 +1,11 @@
#!/usr/bin/env ruby
require 'net/https'
-require 'getopts'
+require 'optparse'
-getopts nil, 'C:'
+options = ARGV.getopts('C:')
-ca_path = $OPT_C
+cert_store = options["C"]
uri = URI.parse(ARGV[0])
if proxy = ENV['HTTP_PROXY']
@@ -18,11 +18,12 @@ h = Net::HTTP.new(uri.host, uri.port, prx_host, prx_port)
h.set_debug_output($stderr) if $DEBUG
if uri.scheme == "https"
h.use_ssl = true
- if ca_path
- h.verify_mode = OpenSSL::SSL::VERIFY_PEER
- h.ca_path = ca_path
- else
- $stderr.puts "!!! WARNING: PEER CERTIFICATE WON'T BE VERIFIED !!!"
+ if cert_store
+ if File.directory?(cert_store)
+ h.ca_path = cert_store
+ else
+ h.ca_file = cert_store
+ end
end
end