shlist

share and manage lists between multiple people
Log | Files | Refs

commit 34fc9301b4e5e9ad37807179ac39255cb4a6b5bd
parent 1224ccacd3df90763f0e5b1f7b5269b41e2c4187
Author: kyle <kyle@0x30.net>
Date:   Sun,  6 Dec 2015 15:27:56 -0700

sl: add ssl support

- got signed server certificate, keys, and chains from let's encrypt
- used their tools right from githum.com/letsencrypt/letsencrypt
- certificates are for use with absentmindedproductions.ca only
  - ie, when connecting, to get ssl that works, this must be the hostname
- modify tests to connect with ssl too
  - kind of tricky as we never want the tests to connect to
    absentmindedproductions.ca, but rather localhost
  - solution is to connect to localhost, but override the domain name check

Diffstat:
Msl | 9+++++++++
Assl/cert.pem | 30++++++++++++++++++++++++++++++
Assl/cert_chain.pem | 57+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Assl/chain.pem | 27+++++++++++++++++++++++++++
Assl/fullchain.pem | 57+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Assl/notes.txt | 9+++++++++
Assl/privkey.pem | 28++++++++++++++++++++++++++++
Mtests/test.pm | 13+++++++------
8 files changed, 224 insertions(+), 6 deletions(-)

diff --git a/sl b/sl @@ -8,6 +8,7 @@ use DBI; use Digest::SHA qw(sha256_base64); use Getopt::Std; use IO::Socket; +use IO::Socket::SSL; use POSIX; use Scalar::Util qw(looks_like_number); use Socket; @@ -57,6 +58,14 @@ while (my $new_sock = $listen_sock->accept()) { log_set_peer_host_port($new_sock); log_print("new connection (pid = '$$')\n"); + # upgrade connection to SSL + IO::Socket::SSL->start_SSL($new_sock, + SSL_server => 1, + SSL_cert_file => 'ssl/cert_chain.pem', + SSL_key_file => 'ssl/privkey.pem' + ) or die "failed to ssl handshake: $SSL_ERROR"; + #log_print(IO::Socket::SSL->get_fingerprint($new_sock) . "\n"); + # each child opens their own database connection my $dbh = DBI->connect( "dbi:SQLite:dbname=$db_file", diff --git a/ssl/cert.pem b/ssl/cert.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFGDCCBACgAwIBAgISAVSQWh4u/TNGveB/S3Pep4fDMA0GCSqGSIb3DQEBCwUA +MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD +ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNTEyMDYyMDA4MDBaFw0x +NjAzMDUyMDA4MDBaMCUxIzAhBgNVBAMTGmFic2VudG1pbmRlZHByb2R1Y3Rpb25z +LmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoE9S8XXYAMxohTLn +H7DgakREGlZ93zhHUrcSPYP07nOx1hBgb6JzYEC8jN3Yqfg3TqJtOYxut11OyuIx +neozu7WBZiyKn+yKkJ8jv88IJeY2xEwOhpytnZX//2vjT8vujOXNcTD69Iwi63Qj +hdE3KAdl1MxtGbenEosWZ9KtJaFHY/7yIYCz2NPNU+9UmgfOCpzHw9VdkA6kIDtQ +iRdvzrSi6JztWvxboh2OYR8Xm1GbK57bVhT3tsSKEcOD0S4Vyxm4vb+ez5lxwwoT +kULj6hfWSbKEHfs6LRIFTr915Xgf9TqEDBkNOrugsU1pyN2SP6OIDwvnQchF7Ymf +UXRGwQIDAQABo4ICGzCCAhcwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG +AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQPub6TEjbP +fz4AfgimsM2Hf7jmuzAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBw +BggrBgEFBQcBAQRkMGIwLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwLmludC14MS5s +ZXRzZW5jcnlwdC5vcmcvMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDEu +bGV0c2VuY3J5cHQub3JnLzAlBgNVHREEHjAcghphYnNlbnRtaW5kZWRwcm9kdWN0 +aW9ucy5jYTCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEw +gdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggr +BgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVk +IHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ug +d2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0 +c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAxxmUq +tgUqoQCwUhID4SuSelSsEvMDNByGOR0dBnk7/1EpT6Gl4DzHX3oAouNebbATnO6P +Fe+vgyUvxNCpvL9tdmoljn9WBMunweIAIphIHyee0qk7K8bAOaFql9jYlxsWbwtV +J3R4GC5PGA6U7AvZJbH8t9wvIAy4soyJ8aj94i6LHiKACi8o/ucaUDDOOTjFT4mT +M7HZozrrJ9W+CadqtJsAibQI6fVmVzzWFrJfSPvOkrCzluifNcf8i692aMKAF9py +hl5MNS+htIgM+Nx9W0H9zzepzB0xL2fTmdQXqICWk1kYwrJEoKglnnohJ8yBCj58 +uajG/Ff0QIfGBCFp +-----END CERTIFICATE----- diff --git a/ssl/cert_chain.pem b/ssl/cert_chain.pem @@ -0,0 +1,57 @@ +-----BEGIN CERTIFICATE----- +MIIFGDCCBACgAwIBAgISAVSQWh4u/TNGveB/S3Pep4fDMA0GCSqGSIb3DQEBCwUA +MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD +ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNTEyMDYyMDA4MDBaFw0x +NjAzMDUyMDA4MDBaMCUxIzAhBgNVBAMTGmFic2VudG1pbmRlZHByb2R1Y3Rpb25z +LmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoE9S8XXYAMxohTLn +H7DgakREGlZ93zhHUrcSPYP07nOx1hBgb6JzYEC8jN3Yqfg3TqJtOYxut11OyuIx +neozu7WBZiyKn+yKkJ8jv88IJeY2xEwOhpytnZX//2vjT8vujOXNcTD69Iwi63Qj +hdE3KAdl1MxtGbenEosWZ9KtJaFHY/7yIYCz2NPNU+9UmgfOCpzHw9VdkA6kIDtQ +iRdvzrSi6JztWvxboh2OYR8Xm1GbK57bVhT3tsSKEcOD0S4Vyxm4vb+ez5lxwwoT +kULj6hfWSbKEHfs6LRIFTr915Xgf9TqEDBkNOrugsU1pyN2SP6OIDwvnQchF7Ymf +UXRGwQIDAQABo4ICGzCCAhcwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG +AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQPub6TEjbP +fz4AfgimsM2Hf7jmuzAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBw +BggrBgEFBQcBAQRkMGIwLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwLmludC14MS5s +ZXRzZW5jcnlwdC5vcmcvMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDEu +bGV0c2VuY3J5cHQub3JnLzAlBgNVHREEHjAcghphYnNlbnRtaW5kZWRwcm9kdWN0 +aW9ucy5jYTCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEw +gdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggr +BgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVk +IHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ug +d2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0 +c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAxxmUq +tgUqoQCwUhID4SuSelSsEvMDNByGOR0dBnk7/1EpT6Gl4DzHX3oAouNebbATnO6P +Fe+vgyUvxNCpvL9tdmoljn9WBMunweIAIphIHyee0qk7K8bAOaFql9jYlxsWbwtV +J3R4GC5PGA6U7AvZJbH8t9wvIAy4soyJ8aj94i6LHiKACi8o/ucaUDDOOTjFT4mT +M7HZozrrJ9W+CadqtJsAibQI6fVmVzzWFrJfSPvOkrCzluifNcf8i692aMKAF9py +hl5MNS+htIgM+Nx9W0H9zzepzB0xL2fTmdQXqICWk1kYwrJEoKglnnohJ8yBCj58 +uajG/Ff0QIfGBCFp +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw +PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD +Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa +MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD +ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB +BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg +PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG +dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1 +gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4 +4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud +EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy +BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j +b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv +ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ +MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH +AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw +MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM +LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3 +pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd +v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd +ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW +ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk +6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj +f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk= +-----END CERTIFICATE----- diff --git a/ssl/chain.pem b/ssl/chain.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw +PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD +Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa +MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD +ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB +BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg +PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG +dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1 +gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4 +4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud +EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy +BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j +b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv +ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ +MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH +AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw +MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM +LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3 +pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd +v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd +ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW +ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk +6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj +f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk= +-----END CERTIFICATE----- diff --git a/ssl/fullchain.pem b/ssl/fullchain.pem @@ -0,0 +1,57 @@ +-----BEGIN CERTIFICATE----- +MIIFGDCCBACgAwIBAgISAVSQWh4u/TNGveB/S3Pep4fDMA0GCSqGSIb3DQEBCwUA +MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD +ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNTEyMDYyMDA4MDBaFw0x +NjAzMDUyMDA4MDBaMCUxIzAhBgNVBAMTGmFic2VudG1pbmRlZHByb2R1Y3Rpb25z +LmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoE9S8XXYAMxohTLn +H7DgakREGlZ93zhHUrcSPYP07nOx1hBgb6JzYEC8jN3Yqfg3TqJtOYxut11OyuIx +neozu7WBZiyKn+yKkJ8jv88IJeY2xEwOhpytnZX//2vjT8vujOXNcTD69Iwi63Qj +hdE3KAdl1MxtGbenEosWZ9KtJaFHY/7yIYCz2NPNU+9UmgfOCpzHw9VdkA6kIDtQ +iRdvzrSi6JztWvxboh2OYR8Xm1GbK57bVhT3tsSKEcOD0S4Vyxm4vb+ez5lxwwoT +kULj6hfWSbKEHfs6LRIFTr915Xgf9TqEDBkNOrugsU1pyN2SP6OIDwvnQchF7Ymf +UXRGwQIDAQABo4ICGzCCAhcwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG +AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQPub6TEjbP +fz4AfgimsM2Hf7jmuzAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBw +BggrBgEFBQcBAQRkMGIwLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwLmludC14MS5s +ZXRzZW5jcnlwdC5vcmcvMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDEu +bGV0c2VuY3J5cHQub3JnLzAlBgNVHREEHjAcghphYnNlbnRtaW5kZWRwcm9kdWN0 +aW9ucy5jYTCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEw +gdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggr +BgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVk +IHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ug +d2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0 +c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAxxmUq +tgUqoQCwUhID4SuSelSsEvMDNByGOR0dBnk7/1EpT6Gl4DzHX3oAouNebbATnO6P +Fe+vgyUvxNCpvL9tdmoljn9WBMunweIAIphIHyee0qk7K8bAOaFql9jYlxsWbwtV +J3R4GC5PGA6U7AvZJbH8t9wvIAy4soyJ8aj94i6LHiKACi8o/ucaUDDOOTjFT4mT +M7HZozrrJ9W+CadqtJsAibQI6fVmVzzWFrJfSPvOkrCzluifNcf8i692aMKAF9py +hl5MNS+htIgM+Nx9W0H9zzepzB0xL2fTmdQXqICWk1kYwrJEoKglnnohJ8yBCj58 +uajG/Ff0QIfGBCFp +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw +PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD +Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa +MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD +ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB +BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg +PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG +dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1 +gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4 +4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud +EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy +BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j +b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv +ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ +MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH +AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw +MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM +LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3 +pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd +v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd +ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW +ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk +6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj +f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk= +-----END CERTIFICATE----- diff --git a/ssl/notes.txt b/ssl/notes.txt @@ -0,0 +1,9 @@ +Our certificates in ssl/ are provided by let's encrypt. +I think they will expire in 2016-03. + +To get a certificate that IO::Socket::SSL will like, you have to concatenate +cert.pem and chain.pem to produce cert_chain.pem. + +Also, concatenating cert.pem and fullchain.pem works, but fullchain.pem has a +larger file size. I'm unsure at this point which one is (more) correct, as they +both work. diff --git a/ssl/privkey.pem b/ssl/privkey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCgT1LxddgAzGiF +MucfsOBqREQaVn3fOEdStxI9g/Tuc7HWEGBvonNgQLyM3dip+DdOom05jG63XU7K +4jGd6jO7tYFmLIqf7IqQnyO/zwgl5jbETA6GnK2dlf//a+NPy+6M5c1xMPr0jCLr +dCOF0TcoB2XUzG0Zt6cSixZn0q0loUdj/vIhgLPY081T71SaB84KnMfD1V2QDqQg +O1CJF2/OtKLonO1a/FuiHY5hHxebUZsrnttWFPe2xIoRw4PRLhXLGbi9v57PmXHD +ChORQuPqF9ZJsoQd+zotEgVOv3XleB/1OoQMGQ06u6CxTWnI3ZI/o4gPC+dByEXt +iZ9RdEbBAgMBAAECggEAGzDZNLN0S85f/BfCNBHgPqYNlxoMh4wYLON4aI61QKzH +ATQN52F6iFzynkISueGsH95VAGndbaSZ9LehCtPqqnAC3r23VaDdb+JOQf5vt13w +9CKiZBq3J/+FSGGYULSaZbOkwQo5xrjuQ1mTnOL7pAJ9NzblWnNYF0EYL8wAKl2H +8RPwIR0+eqZWYCSrIdHEC8TBPjHmWmAydHYCp0E0gY9Kdd6sApPPgPmDq2hVTHDV +23hwmO9NCvRViF0bigjUZ6OF7E4W9zImQK+vxZxcdkLmSFOkhFu9FfXkuFO2dXYx +wTpB3aDtS3wm6lSri6QDzSwj68+e6h0a4iQDQXk7cQKBgQDL34Lbvr7VjSlq0/y0 +6F+iTCcjiwVgBPBaqqLPxMojOnzfgpB1F3SuYg704Xjz29j0IpoXkmZmdcFJ689E +snaem5lVJHb/OfCFh+vMO4qKAZzfviNniXOQTO56MR16X8gt5ZohGDbHqFDEg3le +aB44+hlOTsXxd3myRQm4a6O4MwKBgQDJTGMAzjqlddZk7g1yf4Xzm560FzVmvM3Y +92GexMQL8Ia1jdF4U79E3Fw90YsKTh1+T7alVVM7QSpMSr22zY0I0M3q7Ryy/gFq +jbRsPq/rrD+3vMxxmz+vXROLhnRpTTP4hdDFJ5c4HO6JH0hws8HZSlTc/OYAQH7q +ouffZtzhOwKBgH+CSpjfgwGTaU0MSuhm0bFzSaNcRr9YN2+te2jRHs/Lu+AbC/h/ +9BVA9TPJdVmnrdh7b77AbNU2Xu650oeXysLGdK8gwGA+v6T0btDsiGhqO9BgXkpa +WHHu+9RmtZYdI9k42h5Kw7A6IFHYHOej3QsruPoWII02eWG69ipnAB2rAoGAKj+x +C8s8/dtEmzxncB+Zwq5n2c6BM8XuwlnxkDwmFYdvDo3sZ//TxiUl6wee0hPhFtCu +Ofc1l9sugIKzXLm5nx8MCQGpI1wyeeWx94IUtDcbzHmAw1tdO3YikwcuSaedf8y+ +K5MKpwlTe04oixb/WZbDRvqBX44p1R9J4Vaah18CgYEAx5OmZhChlQV01nsCGXJc +xdNzlLMF4hAgoKb5ccfTOysJEIlB+5CdP/vSKdXfiYCnF26jtUCiMWgvoomK0Rro +TT918yqLffLxzVj5wF6KBK0F9jMXmJH793vLfEgDLgDxMgK35u4YGkGUBTtW35/e +nOH6t58QzBhH3ZdP772UetQ= +-----END PRIVATE KEY----- diff --git a/tests/test.pm b/tests/test.pm @@ -4,7 +4,7 @@ use warnings; use Errno; use Exporter qw(import); -use IO::Socket qw(SHUT_RDWR); +use IO::Socket::SSL; use Time::HiRes qw(usleep); require "msgs.pl"; @@ -29,11 +29,12 @@ sub new_socket my $sock = undef; my $i = 0; while (! $sock) { - $sock = new IO::Socket::INET( - LocalHost => '127.0.0.1', - PeerHost => '127.0.0.1', + $sock = new IO::Socket::SSL->new( + PeerHost => 'localhost', PeerPort => $ENV{PORT}, - Proto => 'tcp', + # this is needed because PeerHost is localhost and our + # SSL certificates are signed with amp.ca + SSL_verifycn_name => "absentmindedproductions.ca", ); if ($!{ECONNREFUSED}) { @@ -42,7 +43,7 @@ sub new_socket usleep(50 * 1000); } else { - die "error: new socket: $!\n" unless $sock; + die "error=$!, ssl_error=$SSL_ERROR\n" unless $sock; } }