mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
65 lines
1.7 KiB
Ruby
65 lines
1.7 KiB
Ruby
|
#!/usr/bin/env ruby
|
||
|
|
||
|
require 'socket'
|
||
|
require 'openssl'
|
||
|
require 'getopts'
|
||
|
|
||
|
getopts nil, "p:2000", "c:", "k:", "C:"
|
||
|
|
||
|
port = $OPT_p
|
||
|
cert_file = $OPT_c
|
||
|
key_file = $OPT_k
|
||
|
ca_path = $OPT_C
|
||
|
|
||
|
if cert_file && key_file
|
||
|
cert = OpenSSL::X509::Certificate.new(File::read(cert_file))
|
||
|
key = OpenSSL::PKey::RSA.new(File::read(key_file))
|
||
|
else
|
||
|
key = OpenSSL::PKey::RSA.new(512){ print "." }
|
||
|
puts
|
||
|
cert = OpenSSL::X509::Certificate.new
|
||
|
cert.version = 2
|
||
|
cert.serial = 0
|
||
|
name = OpenSSL::X509::Name.new([["C","JP"],["O","TEST"],["CN","localhost"]])
|
||
|
cert.subject = name
|
||
|
cert.issuer = name
|
||
|
cert.not_before = Time.now
|
||
|
cert.not_after = Time.now + 3600
|
||
|
cert.public_key = key.public_key
|
||
|
ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
|
||
|
cert.extensions = [
|
||
|
ef.create_extension("basicConstraints","CA:FALSE"),
|
||
|
ef.create_extension("subjectKeyIdentifier","hash"),
|
||
|
ef.create_extension("extendedKeyUsage","serverAuth"),
|
||
|
ef.create_extension("keyUsage",
|
||
|
"keyEncipherment,dataEncipherment,digitalSignature")
|
||
|
]
|
||
|
ef.issuer_certificate = cert
|
||
|
cert.add_extension ef.create_extension("authorityKeyIdentifier",
|
||
|
"keyid:always,issuer:always")
|
||
|
cert.sign(key, OpenSSL::Digest::SHA1.new)
|
||
|
end
|
||
|
|
||
|
ctx = OpenSSL::SSL::SSLContext.new()
|
||
|
ctx.key = key
|
||
|
ctx.cert = cert
|
||
|
if ca_path
|
||
|
ctx.verify_mode =
|
||
|
OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
|
||
|
ctx.ca_path = ca_path
|
||
|
else
|
||
|
$stderr.puts "!!! WARNING: PEER CERTIFICATE WON'T BE VERIFIED !!!"
|
||
|
end
|
||
|
|
||
|
svr = TCPServer.new(port)
|
||
|
loop do
|
||
|
ns = svr.accept
|
||
|
ssl = OpenSSL::SSL::SSLSocket.new(ns, ctx)
|
||
|
ssl.accept
|
||
|
while line = ssl.gets
|
||
|
ssl.write line
|
||
|
end
|
||
|
ssl.close
|
||
|
ns.close
|
||
|
end
|