* sample/openssl: added. Sample of standard distribution library should be

locate in sample/{module_name}/*. * ext/openssl/sample/*: removed. move to sample/openssl/*. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4492 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2003-09-04 10:31:29 +00:00 · 2003-09-04 10:31:29 +00:00 · 5f84c80fc5
commit 5f84c80fc5
parent 11d439a7bd
13 changed files with 7 additions and 0 deletions
--- a/sample/openssl/echo_svr.rb
+++ b/sample/openssl/echo_svr.rb
@ -0,0 +1,62 @@
+#!/usr/bin/env ruby
+
+require 'socket'
+require 'openssl'
+require 'getopts'
+
+getopts nil, "p:2000", "c:", "k:", "C:"
+
+port      = $OPT_p
+cert_file = $OPT_c
+key_file  = $OPT_k
+ca_path   = $OPT_C
+
+if cert_file && key_file
+  cert = OpenSSL::X509::Certificate.new(File::read(cert_file))
+  key  = OpenSSL::PKey::RSA.new(File::read(key_file))
+else
+  key = OpenSSL::PKey::RSA.new(512){ print "." }
+  puts
+  cert = OpenSSL::X509::Certificate.new
+  cert.version = 2
+  cert.serial = 0
+  name = OpenSSL::X509::Name.new([["C","JP"],["O","TEST"],["CN","localhost"]])
+  cert.subject = name
+  cert.issuer = name
+  cert.not_before = Time.now
+  cert.not_after = Time.now + 3600
+  cert.public_key = key.public_key
+  ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
+  cert.extensions = [
+    ef.create_extension("basicConstraints","CA:FALSE"),
+    ef.create_extension("subjectKeyIdentifier","hash"),
+    ef.create_extension("extendedKeyUsage","serverAuth"),
+    ef.create_extension("keyUsage",
+                        "keyEncipherment,dataEncipherment,digitalSignature")
+  ]
+  ef.issuer_certificate = cert
+  cert.add_extension ef.create_extension("authorityKeyIdentifier",
+                                         "keyid:always,issuer:always")
+  cert.sign(key, OpenSSL::Digest::SHA1.new)
+end
+
+ctx = OpenSSL::SSL::SSLContext.new()
+ctx.key = key
+ctx.cert = cert
+if ca_path
+  ctx.verify_mode =
+    OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
+  ctx.ca_path = ca_path
+else
+  $stderr.puts "!!! WARNING: PEER CERTIFICATE WON'T BE VERIFIED !!!"
+end
+
+tcps = TCPServer.new(port)
+ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
+loop do
+  ns = ssls.accept
+  while line = ns.gets
+    ns.write line
+  end
+  ns.close
+end