commit 34fc9301b4e5e9ad37807179ac39255cb4a6b5bd
parent 1224ccacd3df90763f0e5b1f7b5269b41e2c4187
Author: kyle <kyle@0x30.net>
Date: Sun, 6 Dec 2015 15:27:56 -0700
sl: add ssl support
- got signed server certificate, keys, and chains from let's encrypt
- used their tools right from githum.com/letsencrypt/letsencrypt
- certificates are for use with absentmindedproductions.ca only
- ie, when connecting, to get ssl that works, this must be the hostname
- modify tests to connect with ssl too
- kind of tricky as we never want the tests to connect to
absentmindedproductions.ca, but rather localhost
- solution is to connect to localhost, but override the domain name check
Diffstat:
8 files changed, 224 insertions(+), 6 deletions(-)
diff --git a/sl b/sl
@@ -8,6 +8,7 @@ use DBI;
use Digest::SHA qw(sha256_base64);
use Getopt::Std;
use IO::Socket;
+use IO::Socket::SSL;
use POSIX;
use Scalar::Util qw(looks_like_number);
use Socket;
@@ -57,6 +58,14 @@ while (my $new_sock = $listen_sock->accept()) {
log_set_peer_host_port($new_sock);
log_print("new connection (pid = '$$')\n");
+ # upgrade connection to SSL
+ IO::Socket::SSL->start_SSL($new_sock,
+ SSL_server => 1,
+ SSL_cert_file => 'ssl/cert_chain.pem',
+ SSL_key_file => 'ssl/privkey.pem'
+ ) or die "failed to ssl handshake: $SSL_ERROR";
+ #log_print(IO::Socket::SSL->get_fingerprint($new_sock) . "\n");
+
# each child opens their own database connection
my $dbh = DBI->connect(
"dbi:SQLite:dbname=$db_file",
diff --git a/ssl/cert.pem b/ssl/cert.pem
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFGDCCBACgAwIBAgISAVSQWh4u/TNGveB/S3Pep4fDMA0GCSqGSIb3DQEBCwUA
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNTEyMDYyMDA4MDBaFw0x
+NjAzMDUyMDA4MDBaMCUxIzAhBgNVBAMTGmFic2VudG1pbmRlZHByb2R1Y3Rpb25z
+LmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoE9S8XXYAMxohTLn
+H7DgakREGlZ93zhHUrcSPYP07nOx1hBgb6JzYEC8jN3Yqfg3TqJtOYxut11OyuIx
+neozu7WBZiyKn+yKkJ8jv88IJeY2xEwOhpytnZX//2vjT8vujOXNcTD69Iwi63Qj
+hdE3KAdl1MxtGbenEosWZ9KtJaFHY/7yIYCz2NPNU+9UmgfOCpzHw9VdkA6kIDtQ
+iRdvzrSi6JztWvxboh2OYR8Xm1GbK57bVhT3tsSKEcOD0S4Vyxm4vb+ez5lxwwoT
+kULj6hfWSbKEHfs6LRIFTr915Xgf9TqEDBkNOrugsU1pyN2SP6OIDwvnQchF7Ymf
+UXRGwQIDAQABo4ICGzCCAhcwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG
+AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQPub6TEjbP
+fz4AfgimsM2Hf7jmuzAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBw
+BggrBgEFBQcBAQRkMGIwLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwLmludC14MS5s
+ZXRzZW5jcnlwdC5vcmcvMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDEu
+bGV0c2VuY3J5cHQub3JnLzAlBgNVHREEHjAcghphYnNlbnRtaW5kZWRwcm9kdWN0
+aW9ucy5jYTCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEw
+gdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggr
+BgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVk
+IHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ug
+d2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0
+c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAxxmUq
+tgUqoQCwUhID4SuSelSsEvMDNByGOR0dBnk7/1EpT6Gl4DzHX3oAouNebbATnO6P
+Fe+vgyUvxNCpvL9tdmoljn9WBMunweIAIphIHyee0qk7K8bAOaFql9jYlxsWbwtV
+J3R4GC5PGA6U7AvZJbH8t9wvIAy4soyJ8aj94i6LHiKACi8o/ucaUDDOOTjFT4mT
+M7HZozrrJ9W+CadqtJsAibQI6fVmVzzWFrJfSPvOkrCzluifNcf8i692aMKAF9py
+hl5MNS+htIgM+Nx9W0H9zzepzB0xL2fTmdQXqICWk1kYwrJEoKglnnohJ8yBCj58
+uajG/Ff0QIfGBCFp
+-----END CERTIFICATE-----
diff --git a/ssl/cert_chain.pem b/ssl/cert_chain.pem
@@ -0,0 +1,57 @@
+-----BEGIN CERTIFICATE-----
+MIIFGDCCBACgAwIBAgISAVSQWh4u/TNGveB/S3Pep4fDMA0GCSqGSIb3DQEBCwUA
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNTEyMDYyMDA4MDBaFw0x
+NjAzMDUyMDA4MDBaMCUxIzAhBgNVBAMTGmFic2VudG1pbmRlZHByb2R1Y3Rpb25z
+LmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoE9S8XXYAMxohTLn
+H7DgakREGlZ93zhHUrcSPYP07nOx1hBgb6JzYEC8jN3Yqfg3TqJtOYxut11OyuIx
+neozu7WBZiyKn+yKkJ8jv88IJeY2xEwOhpytnZX//2vjT8vujOXNcTD69Iwi63Qj
+hdE3KAdl1MxtGbenEosWZ9KtJaFHY/7yIYCz2NPNU+9UmgfOCpzHw9VdkA6kIDtQ
+iRdvzrSi6JztWvxboh2OYR8Xm1GbK57bVhT3tsSKEcOD0S4Vyxm4vb+ez5lxwwoT
+kULj6hfWSbKEHfs6LRIFTr915Xgf9TqEDBkNOrugsU1pyN2SP6OIDwvnQchF7Ymf
+UXRGwQIDAQABo4ICGzCCAhcwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG
+AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQPub6TEjbP
+fz4AfgimsM2Hf7jmuzAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBw
+BggrBgEFBQcBAQRkMGIwLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwLmludC14MS5s
+ZXRzZW5jcnlwdC5vcmcvMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDEu
+bGV0c2VuY3J5cHQub3JnLzAlBgNVHREEHjAcghphYnNlbnRtaW5kZWRwcm9kdWN0
+aW9ucy5jYTCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEw
+gdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggr
+BgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVk
+IHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ug
+d2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0
+c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAxxmUq
+tgUqoQCwUhID4SuSelSsEvMDNByGOR0dBnk7/1EpT6Gl4DzHX3oAouNebbATnO6P
+Fe+vgyUvxNCpvL9tdmoljn9WBMunweIAIphIHyee0qk7K8bAOaFql9jYlxsWbwtV
+J3R4GC5PGA6U7AvZJbH8t9wvIAy4soyJ8aj94i6LHiKACi8o/ucaUDDOOTjFT4mT
+M7HZozrrJ9W+CadqtJsAibQI6fVmVzzWFrJfSPvOkrCzluifNcf8i692aMKAF9py
+hl5MNS+htIgM+Nx9W0H9zzepzB0xL2fTmdQXqICWk1kYwrJEoKglnnohJ8yBCj58
+uajG/Ff0QIfGBCFp
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
+BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
+PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
+dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
+gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
+4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
+BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
+b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
+ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
+AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
+MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
+LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
+pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
+v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
+ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
+ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
+6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
+f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
+-----END CERTIFICATE-----
diff --git a/ssl/chain.pem b/ssl/chain.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
+BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
+PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
+dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
+gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
+4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
+BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
+b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
+ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
+AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
+MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
+LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
+pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
+v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
+ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
+ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
+6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
+f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
+-----END CERTIFICATE-----
diff --git a/ssl/fullchain.pem b/ssl/fullchain.pem
@@ -0,0 +1,57 @@
+-----BEGIN CERTIFICATE-----
+MIIFGDCCBACgAwIBAgISAVSQWh4u/TNGveB/S3Pep4fDMA0GCSqGSIb3DQEBCwUA
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNTEyMDYyMDA4MDBaFw0x
+NjAzMDUyMDA4MDBaMCUxIzAhBgNVBAMTGmFic2VudG1pbmRlZHByb2R1Y3Rpb25z
+LmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoE9S8XXYAMxohTLn
+H7DgakREGlZ93zhHUrcSPYP07nOx1hBgb6JzYEC8jN3Yqfg3TqJtOYxut11OyuIx
+neozu7WBZiyKn+yKkJ8jv88IJeY2xEwOhpytnZX//2vjT8vujOXNcTD69Iwi63Qj
+hdE3KAdl1MxtGbenEosWZ9KtJaFHY/7yIYCz2NPNU+9UmgfOCpzHw9VdkA6kIDtQ
+iRdvzrSi6JztWvxboh2OYR8Xm1GbK57bVhT3tsSKEcOD0S4Vyxm4vb+ez5lxwwoT
+kULj6hfWSbKEHfs6LRIFTr915Xgf9TqEDBkNOrugsU1pyN2SP6OIDwvnQchF7Ymf
+UXRGwQIDAQABo4ICGzCCAhcwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG
+AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQPub6TEjbP
+fz4AfgimsM2Hf7jmuzAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBw
+BggrBgEFBQcBAQRkMGIwLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwLmludC14MS5s
+ZXRzZW5jcnlwdC5vcmcvMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDEu
+bGV0c2VuY3J5cHQub3JnLzAlBgNVHREEHjAcghphYnNlbnRtaW5kZWRwcm9kdWN0
+aW9ucy5jYTCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEw
+gdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggr
+BgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVk
+IHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ug
+d2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0
+c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAxxmUq
+tgUqoQCwUhID4SuSelSsEvMDNByGOR0dBnk7/1EpT6Gl4DzHX3oAouNebbATnO6P
+Fe+vgyUvxNCpvL9tdmoljn9WBMunweIAIphIHyee0qk7K8bAOaFql9jYlxsWbwtV
+J3R4GC5PGA6U7AvZJbH8t9wvIAy4soyJ8aj94i6LHiKACi8o/ucaUDDOOTjFT4mT
+M7HZozrrJ9W+CadqtJsAibQI6fVmVzzWFrJfSPvOkrCzluifNcf8i692aMKAF9py
+hl5MNS+htIgM+Nx9W0H9zzepzB0xL2fTmdQXqICWk1kYwrJEoKglnnohJ8yBCj58
+uajG/Ff0QIfGBCFp
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
+BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
+PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
+dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
+gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
+4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
+BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
+b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
+ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
+AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
+MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
+LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
+pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
+v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
+ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
+ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
+6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
+f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
+-----END CERTIFICATE-----
diff --git a/ssl/notes.txt b/ssl/notes.txt
@@ -0,0 +1,9 @@
+Our certificates in ssl/ are provided by let's encrypt.
+I think they will expire in 2016-03.
+
+To get a certificate that IO::Socket::SSL will like, you have to concatenate
+cert.pem and chain.pem to produce cert_chain.pem.
+
+Also, concatenating cert.pem and fullchain.pem works, but fullchain.pem has a
+larger file size. I'm unsure at this point which one is (more) correct, as they
+both work.
diff --git a/ssl/privkey.pem b/ssl/privkey.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCgT1LxddgAzGiF
+MucfsOBqREQaVn3fOEdStxI9g/Tuc7HWEGBvonNgQLyM3dip+DdOom05jG63XU7K
+4jGd6jO7tYFmLIqf7IqQnyO/zwgl5jbETA6GnK2dlf//a+NPy+6M5c1xMPr0jCLr
+dCOF0TcoB2XUzG0Zt6cSixZn0q0loUdj/vIhgLPY081T71SaB84KnMfD1V2QDqQg
+O1CJF2/OtKLonO1a/FuiHY5hHxebUZsrnttWFPe2xIoRw4PRLhXLGbi9v57PmXHD
+ChORQuPqF9ZJsoQd+zotEgVOv3XleB/1OoQMGQ06u6CxTWnI3ZI/o4gPC+dByEXt
+iZ9RdEbBAgMBAAECggEAGzDZNLN0S85f/BfCNBHgPqYNlxoMh4wYLON4aI61QKzH
+ATQN52F6iFzynkISueGsH95VAGndbaSZ9LehCtPqqnAC3r23VaDdb+JOQf5vt13w
+9CKiZBq3J/+FSGGYULSaZbOkwQo5xrjuQ1mTnOL7pAJ9NzblWnNYF0EYL8wAKl2H
+8RPwIR0+eqZWYCSrIdHEC8TBPjHmWmAydHYCp0E0gY9Kdd6sApPPgPmDq2hVTHDV
+23hwmO9NCvRViF0bigjUZ6OF7E4W9zImQK+vxZxcdkLmSFOkhFu9FfXkuFO2dXYx
+wTpB3aDtS3wm6lSri6QDzSwj68+e6h0a4iQDQXk7cQKBgQDL34Lbvr7VjSlq0/y0
+6F+iTCcjiwVgBPBaqqLPxMojOnzfgpB1F3SuYg704Xjz29j0IpoXkmZmdcFJ689E
+snaem5lVJHb/OfCFh+vMO4qKAZzfviNniXOQTO56MR16X8gt5ZohGDbHqFDEg3le
+aB44+hlOTsXxd3myRQm4a6O4MwKBgQDJTGMAzjqlddZk7g1yf4Xzm560FzVmvM3Y
+92GexMQL8Ia1jdF4U79E3Fw90YsKTh1+T7alVVM7QSpMSr22zY0I0M3q7Ryy/gFq
+jbRsPq/rrD+3vMxxmz+vXROLhnRpTTP4hdDFJ5c4HO6JH0hws8HZSlTc/OYAQH7q
+ouffZtzhOwKBgH+CSpjfgwGTaU0MSuhm0bFzSaNcRr9YN2+te2jRHs/Lu+AbC/h/
+9BVA9TPJdVmnrdh7b77AbNU2Xu650oeXysLGdK8gwGA+v6T0btDsiGhqO9BgXkpa
+WHHu+9RmtZYdI9k42h5Kw7A6IFHYHOej3QsruPoWII02eWG69ipnAB2rAoGAKj+x
+C8s8/dtEmzxncB+Zwq5n2c6BM8XuwlnxkDwmFYdvDo3sZ//TxiUl6wee0hPhFtCu
+Ofc1l9sugIKzXLm5nx8MCQGpI1wyeeWx94IUtDcbzHmAw1tdO3YikwcuSaedf8y+
+K5MKpwlTe04oixb/WZbDRvqBX44p1R9J4Vaah18CgYEAx5OmZhChlQV01nsCGXJc
+xdNzlLMF4hAgoKb5ccfTOysJEIlB+5CdP/vSKdXfiYCnF26jtUCiMWgvoomK0Rro
+TT918yqLffLxzVj5wF6KBK0F9jMXmJH793vLfEgDLgDxMgK35u4YGkGUBTtW35/e
+nOH6t58QzBhH3ZdP772UetQ=
+-----END PRIVATE KEY-----
diff --git a/tests/test.pm b/tests/test.pm
@@ -4,7 +4,7 @@ use warnings;
use Errno;
use Exporter qw(import);
-use IO::Socket qw(SHUT_RDWR);
+use IO::Socket::SSL;
use Time::HiRes qw(usleep);
require "msgs.pl";
@@ -29,11 +29,12 @@ sub new_socket
my $sock = undef;
my $i = 0;
while (! $sock) {
- $sock = new IO::Socket::INET(
- LocalHost => '127.0.0.1',
- PeerHost => '127.0.0.1',
+ $sock = new IO::Socket::SSL->new(
+ PeerHost => 'localhost',
PeerPort => $ENV{PORT},
- Proto => 'tcp',
+ # this is needed because PeerHost is localhost and our
+ # SSL certificates are signed with amp.ca
+ SSL_verifycn_name => "absentmindedproductions.ca",
);
if ($!{ECONNREFUSED}) {
@@ -42,7 +43,7 @@ sub new_socket
usleep(50 * 1000);
}
else {
- die "error: new socket: $!\n" unless $sock;
+ die "error=$!, ssl_error=$SSL_ERROR\n" unless $sock;
}
}