summaryrefslogtreecommitdiff
path: root/sample/openssl/echo_svr.rb
blob: be8e10fa26c29a3a42cf907d1437f44fb1e8560f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#!/usr/bin/env ruby

require 'socket'
require 'openssl'
require 'getopts'

getopts nil, "p:2000", "c:", "k:", "C:"

port      = $OPT_p
cert_file = $OPT_c
key_file  = $OPT_k
ca_path   = $OPT_C

if cert_file && key_file
  cert = OpenSSL::X509::Certificate.new(File::read(cert_file))
  key  = OpenSSL::PKey::RSA.new(File::read(key_file))
else
  key = OpenSSL::PKey::RSA.new(512){ print "." }
  puts
  cert = OpenSSL::X509::Certificate.new
  cert.version = 2
  cert.serial = 0
  name = OpenSSL::X509::Name.new([["C","JP"],["O","TEST"],["CN","localhost"]])
  cert.subject = name
  cert.issuer = name
  cert.not_before = Time.now
  cert.not_after = Time.now + 3600
  cert.public_key = key.public_key
  ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
  cert.extensions = [
    ef.create_extension("basicConstraints","CA:FALSE"),
    ef.create_extension("subjectKeyIdentifier","hash"),
    ef.create_extension("extendedKeyUsage","serverAuth"),
    ef.create_extension("keyUsage",
                        "keyEncipherment,dataEncipherment,digitalSignature")
  ]
  ef.issuer_certificate = cert
  cert.add_extension ef.create_extension("authorityKeyIdentifier",
                                         "keyid:always,issuer:always")
  cert.sign(key, OpenSSL::Digest::SHA1.new)
end

ctx = OpenSSL::SSL::SSLContext.new()
ctx.key = key
ctx.cert = cert
if ca_path
  ctx.verify_mode =
    OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
  ctx.ca_path = ca_path
else
  $stderr.puts "!!! WARNING: PEER CERTIFICATE WON'T BE VERIFIED !!!"
end

tcps = TCPServer.new(port)
ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
loop do
  ns = ssls.accept
  while line = ns.gets
    ns.write line
  end
  ns.close
end