forked from Yellow-Camper/libevhtp
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
After running `make examples`, if SSL is enabled, you can quickly test HTTPS, with optional client-based certificate authentication using the following process within the build directory: ``` ./examples/https/bin/generate.sh -- Test without client auth ./examples/example_https \ -cert examples/https/server-crt.pem \ -key examples/https/server-key.pem curl -vk https://localhost:4443/ -- Test WITH client auth ./examples/example_https \ -cert examples/https/server-crt.pem \ -key examples/https/server-key.pem \ -ca examples/https/ca-crt.pem \ -verify-peer \ -verify-depth 2 \ -enforce-peer-cert curl -kv \ --key examples/https/client1-key.pem \ --cert examples/https/client1-crt.pem \ https://localhost:4443/ ```
- Loading branch information
1 parent
282a1c9
commit 1e0c241
Showing
7 changed files
with
434 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| #!/usr/bin/env bash | ||
|
|
||
| CONFIG_DIR="@PROJECT_BINARY_DIR@/examples/https" | ||
|
|
||
| # Create new CA | ||
| openssl req -new -x509 -days 9999 \ | ||
| -config "$CONFIG_DIR/etc/ca.cnf" \ | ||
| -keyout "$CONFIG_DIR/ca-key.pem" \ | ||
| -out "$CONFIG_DIR/ca-crt.pem" | ||
|
|
||
| # Generate private key for server | ||
| openssl genrsa -out "$CONFIG_DIR/server-key.pem" 4096 | ||
|
|
||
| # Generate cert signing request | ||
| openssl req -new \ | ||
| -config "$CONFIG_DIR/etc/server.cnf" \ | ||
| -key "$CONFIG_DIR/server-key.pem" \ | ||
| -out "$CONFIG_DIR/server-csr.pem" | ||
|
|
||
| # Sign the request | ||
| openssl x509 -req \ | ||
| -extfile "$CONFIG_DIR/etc/server.cnf" \ | ||
| -days 999 \ | ||
| -passin "pass:password" \ | ||
| -in "$CONFIG_DIR/server-csr.pem" \ | ||
| -CA "$CONFIG_DIR/ca-crt.pem" \ | ||
| -CAkey "$CONFIG_DIR/ca-key.pem" \ | ||
| -CAcreateserial \ | ||
| -out "$CONFIG_DIR/server-crt.pem" | ||
|
|
||
| # Generate a few client certs | ||
| openssl genrsa -out "$CONFIG_DIR/client1-key.pem" 4096 | ||
| openssl genrsa -out "$CONFIG_DIR/client2-key.pem" 4096 | ||
|
|
||
| # create two cert sign requests | ||
| openssl req -new -config "$CONFIG_DIR/etc/client1.cnf" -key $CONFIG_DIR/client1-key.pem -out $CONFIG_DIR/client1-csr.pem | ||
| openssl req -new -config $CONFIG_DIR/etc/client2.cnf -key $CONFIG_DIR/client2-key.pem -out $CONFIG_DIR/client2-csr.pem | ||
|
|
||
| # sign the above client certs | ||
| openssl x509 -req \ | ||
| -extfile $CONFIG_DIR/etc/client1.cnf \ | ||
| -days 999 \ | ||
| -passin "pass:password" \ | ||
| -in $CONFIG_DIR/client1-csr.pem \ | ||
| -CA $CONFIG_DIR/ca-crt.pem \ | ||
| -CAkey $CONFIG_DIR/ca-key.pem \ | ||
| -CAcreateserial \ | ||
| -out $CONFIG_DIR/client1-crt.pem | ||
|
|
||
| openssl x509 -req \ | ||
| -extfile $CONFIG_DIR/etc/client2.cnf \ | ||
| -days 999 \ | ||
| -passin "pass:password" \ | ||
| -in $CONFIG_DIR/client2-csr.pem \ | ||
| -CA $CONFIG_DIR/ca-crt.pem \ | ||
| -CAkey $CONFIG_DIR/ca-key.pem \ | ||
| -CAcreateserial \ | ||
| -out $CONFIG_DIR/client2-crt.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| [ ca ] | ||
| default_ca = CA_default | ||
|
|
||
| [ CA_default ] | ||
| serial = ca-serial | ||
| crl = ca-crl.pem | ||
| database = ca-database.txt | ||
| name_opt = CA_default | ||
| cert_opt = CA_default | ||
| default_crl_days = 9999 | ||
| default_md = md5 | ||
|
|
||
| [ req ] | ||
| default_bits = 4096 | ||
| days = 9999 | ||
| distinguished_name = req_distinguished_name | ||
| attributes = req_attributes | ||
| prompt = no | ||
| output_password = password | ||
|
|
||
| [ req_distinguished_name ] | ||
| C = US | ||
| ST = MA | ||
| L = Boston | ||
| O = Critical Stack | ||
| OU = evhtp | ||
| CN = ca | ||
| emailAddress = nate@cl0d.com | ||
|
|
||
| [ req_attributes ] | ||
| challengePassword = test |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| [ req ] | ||
| default_bits = 4096 | ||
| days = 9999 | ||
| distinguished_name = req_distinguished_name | ||
| attributes = req_attributes | ||
| prompt = no | ||
| x509_extensions = v3_ca | ||
|
|
||
| [ req_distinguished_name ] | ||
| C = US | ||
| ST = MA | ||
| L = Boston | ||
| O = Critical Stack | ||
| OU = evhtp | ||
| CN = client1 | ||
| emailAddress = nate@cl0d.com | ||
|
|
||
| [ req_attributes ] | ||
| challengePassword = password | ||
|
|
||
| [ v3_ca ] | ||
| authorityInfoAccess = @issuer_info | ||
|
|
||
| [ issuer_info ] | ||
| OCSP;URI.0 = http://ocsp.example.com/ | ||
| caIssuers;URI.0 = http://example.com/ca.cert |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| [ req ] | ||
| default_bits = 4096 | ||
| days = 9999 | ||
| distinguished_name = req_distinguished_name | ||
| attributes = req_attributes | ||
| prompt = no | ||
| x509_extensions = v3_ca | ||
|
|
||
| [ req_distinguished_name ] | ||
| C = US | ||
| ST = MA | ||
| L = Boston | ||
| O = Critical Stack | ||
| OU = evhtp | ||
| CN = client2 | ||
| emailAddress = nate@cl0d.com | ||
|
|
||
| [ req_attributes ] | ||
| challengePassword = password | ||
|
|
||
| [ v3_ca ] | ||
| authorityInfoAccess = @issuer_info | ||
|
|
||
| [ issuer_info ] | ||
| OCSP;URI.0 = http://ocsp.example.com/ | ||
| caIssuers;URI.0 = http://example.com/ca.cert |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| [ req ] | ||
| default_bits = 4096 | ||
| days = 9999 | ||
| distinguished_name = req_distinguished_name | ||
| attributes = req_attributes | ||
| prompt = no | ||
| x509_extensions = v3_ca | ||
|
|
||
| [ req_distinguished_name ] | ||
| C = US | ||
| ST = MA | ||
| L = Boston | ||
| O = Critical Stack | ||
| OU = evhtp | ||
| CN = localhost | ||
| emailAddress = nate@cl0d.com | ||
|
|
||
| [ req_attributes ] | ||
| challengePassword = password | ||
|
|
||
| [ v3_ca ] | ||
| authorityInfoAccess = @issuer_info | ||
|
|
||
| [ issuer_info ] | ||
| OCSP;URI.0 = http://ocsp.example.com/ | ||
| caIssuers;URI.0 = http://example.com/ca.cert |
Oops, something went wrong.