带证书的lua https.request
[英]lua https.request with certificate
问题描述
I'm trying to make a request on lua with certificate. 
我正试图用证书向lua提出请求。
Recently I've gotten a COMODO SSL . 最近我收到了COMODO SSL 。
I've tried many tutorials on the internet, but to no avail. 我在互联网上尝试了很多教程,但无济于事。
I found this blog's proposal very interesting: 我发现这个博客的提议非常有趣:
I am not getting able to execute the request on Linux/OpenWRT/Lua 5.1. 我无法在Linux / OpenWRT / Lua 5.1上执行请求。
COMODO has provided me with the following files: COMODO为我提供了以下文件:
- AddTrustExternalCARoot.crt AddTrustExternalCARoot.crt
- my_domain_com.crt my_domain_com.crt
- COMODORSAAddTrustCA.crt COMODORSAAddTrustCA.crt
- COMODORSADomainValidationSecureServerCA.crt COMODORSADomainValidationSecureServerCA.crt
And in this blog he mentions these files: 在这篇博客中他提到了这些文件:
- key = "/root/client.key" key =“/ root /client.key”
- certificate="/root/client.crt", 证书= “/根/ client.crt”,
- cafile="/root/ca.crt" 凭证档案错误= “/根/ ca.crt”
How do I convert the COMODO's .crt files the to those mentioned in the blog? 如何将COMODO的.crt文件转换为博客中提到的文件?
Obs: I tried to download with curl and get, but it did not work. Obs:我试着用curl下载并获取,但它没有用。
2 个解决方案
解决方案1
0 2017-03-27 23:57:13
I've described the details in a blog post ; 我在博文中描述了细节 ; basically, you need to specify the mode and the certificate file for the ssl.wrap call: 基本上,您需要为ssl.wrap调用指定模式和证书文件:
local params = {
mode = "client",
protocol = "tlsv1",
cafile = "/path/to/downloaded/cacert.pem", --<-- added cafile parameters
verify = "peer", --<-- changed "none" to "peer"
options = "all",
}
If you need to convert .crt to .pem file, then the following SO answer may help . 如果您需要将.crt转换为.pem文件,那么以下SO答案可能有所帮助 。 I haven't tried with .crt, but the examples I have work with .pem files. 我没有尝试过.crt,但是我使用.pem文件的例子。
解决方案2
0 2017-03-28 11:08:21
I solve it with this code : 我用这段代码解决了这个问题 :
module("https", package.seeall)
local socket = require "socket"
local http = require "socket.http"
local ssl = require "ssl"
local ltn12 = require "ltn12"
local try = socket.try
local protect = socket.protect
local DEFAULT_PROTOCOL = "sslv23"
local DEFAULT_CAFILE = "/etc/ssl/certs/ca-certificates.crt"
local DEFAULT_VERIFY = "peer"
local DEFAULT_OPTIONS = "all"
local DEFAULT_CIPHERS = "ADH-AES256-SHA:ADH-AES128-SHA:HIGH:MEDIUM"
local DEFAULT_HTTPS_PORT = 443
local https_mt = {
-- Create proxy functions for each call through the metatable
__index = function(tbl, key)
local f = function(prxy, ...)
local c = prxy.c
return c[key](c, ...)
end
tbl[key] = f -- Save new proxy function in cache for speed
return f
end
}
local function new_create(params)
return function()
local t = { c = try(socket.tcp()) }
function t:connect(host, port)
try(self.c:connect(host, port))
self.c = try(ssl.wrap(self.c, params))
try(self.c:dohandshake())
return 1
end
return setmetatable(t, https_mt)
end
end
local function request_generic(args)
local sslparams = {
mode = "client",
protocol = args.protocol or DEFAULT_PROTOCOL,
cafile = args.cafile or DEFAULT_CAFILE,
verify = args.verify or DEFAULT_VERIFY,
options = args.options or DEFAULT_OPTIONS,
ciphers = args.ciphers or DEFAULT_CIPHERS
}
local req = {
url = args.url,
port = args.port or DEFAULT_HTTPS_PORT,
sink = args.sink,
method = args.method,
headers = args.headers,
source = args.source,
step = args.step,
proxy = args.proxy, -- Buggy?
redirect = args.redirect,
create = new_create(sslparams)
}
return http.request(req)
end
local function request_simple(url, body)
local tbl = { }
local req = {
url = url,
sink = ltn12.sink.table(tbl)
}
if body then
req.method = "POST"
req.source = ltn12.source.string(body)
req.headers = {
["Content-length"] = #body,
["Content-type"] = "application/x-www-form-urlencoded"
}
end
local _, status, headers = request_generic(req)
return table.concat(tbl), status, headers
end
function request(req_or_url, body)
if type(req_or_url) == "string" then
return request_simple(req_or_url, body)
else
return request_generic(req_or_url)
end
end
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.