diff options
| author | yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-08-25 15:02:05 +0000 |
|---|---|---|
| committer | yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-08-25 15:02:05 +0000 |
| commit | 0dc342de848a642ecce8db697b8fecd83a63e117 (patch) | |
| tree | 2b7ed4724aff1f86073e4740134bda9c4aac1a39 /trunk/sample/openssl/echo_svr.rb | |
| parent | ef70cf7138ab8034b5b806f466e4b484b24f0f88 (diff) | |
added tag v1_9_0_4
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/tags/v1_9_0_4@18845 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'trunk/sample/openssl/echo_svr.rb')
| -rw-r--r-- | trunk/sample/openssl/echo_svr.rb | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/trunk/sample/openssl/echo_svr.rb b/trunk/sample/openssl/echo_svr.rb new file mode 100644 index 0000000000..719de6be84 --- /dev/null +++ b/trunk/sample/openssl/echo_svr.rb @@ -0,0 +1,65 @@ +#!/usr/bin/env ruby + +require 'socket' +require 'openssl' +require 'optparse' + +options = ARGV.getopts("p:c:k:C:") + +port = options["p"] || "2000" +cert_file = options["c"] +key_file = options["k"] +ca_path = options["C"] + +if cert_file && key_file + cert = OpenSSL::X509::Certificate.new(File::read(cert_file)) + key = OpenSSL::PKey::RSA.new(File::read(key_file)) +else + key = OpenSSL::PKey::RSA.new(512){ print "." } + puts + cert = OpenSSL::X509::Certificate.new + cert.version = 2 + cert.serial = 0 + name = OpenSSL::X509::Name.new([["C","JP"],["O","TEST"],["CN","localhost"]]) + cert.subject = name + cert.issuer = name + cert.not_before = Time.now + cert.not_after = Time.now + 3600 + cert.public_key = key.public_key + ef = OpenSSL::X509::ExtensionFactory.new(nil,cert) + cert.extensions = [ + ef.create_extension("basicConstraints","CA:FALSE"), + ef.create_extension("subjectKeyIdentifier","hash"), + ef.create_extension("extendedKeyUsage","serverAuth"), + ef.create_extension("keyUsage", + "keyEncipherment,dataEncipherment,digitalSignature") + ] + ef.issuer_certificate = cert + cert.add_extension ef.create_extension("authorityKeyIdentifier", + "keyid:always,issuer:always") + cert.sign(key, OpenSSL::Digest::SHA1.new) +end + +ctx = OpenSSL::SSL::SSLContext.new() +ctx.key = key +ctx.cert = cert +if ca_path + ctx.verify_mode = + OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT + ctx.ca_path = ca_path +else + $stderr.puts "!!! WARNING: PEER CERTIFICATE WON'T BE VERIFIED !!!" +end + +tcps = TCPServer.new(port) +ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx) +loop do + ns = ssls.accept + puts "connected from #{ns.peeraddr}" + while line = ns.gets + puts line.inspect + ns.write line + end + puts "connection closed" + ns.close +end |