From b70cf61f0c1f70621b88fe6420083a576d47f19f Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Mon, 24 Jun 2019 02:52:38 +0000 Subject: nntp: NNTPS and NNTP+STARTTLS working It kinda, barely works, and I'm most happy I got it working without any modifications to the main NNTP::event_step callback thanks to the DS->write(CODE) support we inherited from Danga::Socket. --- certs/.gitignore | 4 ++ certs/create-certs.perl | 132 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 136 insertions(+) create mode 100644 certs/.gitignore create mode 100755 certs/create-certs.perl (limited to 'certs') diff --git a/certs/.gitignore b/certs/.gitignore new file mode 100644 index 00000000..0b3a547b --- /dev/null +++ b/certs/.gitignore @@ -0,0 +1,4 @@ +*.pem +*.der +*.enc +*.p12 diff --git a/certs/create-certs.perl b/certs/create-certs.perl new file mode 100755 index 00000000..bfd8e5f1 --- /dev/null +++ b/certs/create-certs.perl @@ -0,0 +1,132 @@ +#!/usr/bin/perl -w +# License: GPL-1.0+ or Artistic-1.0-Perl +# from IO::Socket::SSL 2.063 / https://github.com/noxxi/p5-io-socket-ssl +use strict; +use warnings; +use IO::Socket::SSL::Utils; +use Net::SSLeay; + +my $dir = "./"; +my $now = time(); +my $later = $now + 100*365*86400; + +Net::SSLeay::SSLeay_add_ssl_algorithms(); +my $sha256 = Net::SSLeay::EVP_get_digestbyname('sha256') or die; +my $printfp = sub { + my ($w,$cert) = @_; + print $w.' sha256$'.unpack('H*',Net::SSLeay::X509_digest($cert, $sha256))."\n" +}; + +my %time_valid = (not_before => $now, not_after => $later); + +my @ca = CERT_create( + CA => 1, + subject => { CN => 'IO::Socket::SSL Demo CA' }, + %time_valid, +); +save('test-ca.pem',PEM_cert2string($ca[0])); + +my @server = CERT_create( + CA => 0, + subject => { CN => 'server.local' }, + purpose => 'server', + issuer => \@ca, + %time_valid, +); +save('server-cert.pem',PEM_cert2string($server[0])); +save('server-key.pem',PEM_key2string($server[1])); +$printfp->(server => $server[0]); + +@server = CERT_create( + CA => 0, + subject => { CN => 'server2.local' }, + purpose => 'server', + issuer => \@ca, + %time_valid, +); +save('server2-cert.pem',PEM_cert2string($server[0])); +save('server2-key.pem',PEM_key2string($server[1])); +$printfp->(server2 => $server[0]); + +@server = CERT_create( + CA => 0, + subject => { CN => 'server-ecc.local' }, + purpose => 'server', + issuer => \@ca, + key => KEY_create_ec(), + %time_valid, +); +save('server-ecc-cert.pem',PEM_cert2string($server[0])); +save('server-ecc-key.pem',PEM_key2string($server[1])); +$printfp->('server-ecc' => $server[0]); + + +my @client = CERT_create( + CA => 0, + subject => { CN => 'client.local' }, + purpose => 'client', + issuer => \@ca, + %time_valid, +); +save('client-cert.pem',PEM_cert2string($client[0])); +save('client-key.pem',PEM_key2string($client[1])); +$printfp->(client => $client[0]); + +my @swc = CERT_create( + CA => 0, + subject => { CN => 'server.local' }, + purpose => 'server', + issuer => \@ca, + subjectAltNames => [ + [ DNS => '*.server.local' ], + [ IP => '127.0.0.1' ], + [ DNS => 'www*.other.local' ], + [ DNS => 'smtp.mydomain.local' ], + [ DNS => 'xn--lwe-sna.idntest.local' ] + ], + %time_valid, +); +save('server-wildcard.pem',PEM_cert2string($swc[0]),PEM_key2string($swc[1])); + + +my @subca = CERT_create( + CA => 1, + issuer => \@ca, + subject => { CN => 'IO::Socket::SSL Demo Sub CA' }, + %time_valid, +); +save('test-subca.pem',PEM_cert2string($subca[0])); +@server = CERT_create( + CA => 0, + subject => { CN => 'server.local' }, + purpose => 'server', + issuer => \@subca, + %time_valid, +); +save('sub-server.pem',PEM_cert2string($server[0]).PEM_key2string($server[1])); + + + +my @cap = CERT_create( + CA => 1, + subject => { CN => 'IO::Socket::SSL::Intercept' }, + %time_valid, +); +save('proxyca.pem',PEM_cert2string($cap[0]).PEM_key2string($cap[1])); + +sub save { + my $file = shift; + open(my $fd,'>',$dir.$file) or die $!; + print $fd @_; +} + +system(<