From 3cb262f5af1b431eb1303f349dac6f28aec24d78 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Thu, 6 Jul 2017 22:42:23 -0400 Subject: TLS example. --- README.md | 8 +++++++- https-client.sh | 7 +++++++ https-server.sh | 27 +++++++++++++++++++++++++++ issue-certificates.sh | 10 +++++++++- 4 files changed, 50 insertions(+), 2 deletions(-) create mode 100755 https-client.sh create mode 100755 https-server.sh diff --git a/README.md b/README.md index 9af8bf7..a349537 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Packages you need (on Debian Jessie, anyway): - sudo apt-get install opensc cryptech-alpha + sudo apt-get install opensc cryptech-alpha stunnel micro-httpd w3m sudo apt-get install -t jessie-backports libengine-pkcs11-openssl We're using the backported version of libengine-pkcs11-openssl because @@ -47,6 +47,12 @@ useful things with those keys. * `smime-signature.sh` generates and verifies a signed S/MIME message; this also depends on `issue-certificates.sh`. +* `https-server.sh` runs a toy https server, using keys and certificates + generated by `create-keys.sh` and `issue-certificates.sh`. + +* `https-client.sh` uses w3m as a client to talk to the toy server + run by `https-server.sh` (and therefore has the same dependencies). + ## References and notes * diff --git a/https-client.sh b/https-client.sh new file mode 100755 index 0000000..b308978 --- /dev/null +++ b/https-client.sh @@ -0,0 +1,7 @@ +#!/bin/sh - + +exec w3m \ + -o ssl_forbid_method=23 \ + -o ssl_verify_server=true \ + -o ssl_ca_file=$(pwd)/leader.cer \ + https://localhost:4443/ diff --git a/https-server.sh b/https-server.sh new file mode 100755 index 0000000..ea105cd --- /dev/null +++ b/https-server.sh @@ -0,0 +1,27 @@ +#!/bin/sh - + +. ./environment.sh + +stunnel -fd 0 <