卡在luasec Lua安全插座上

Question

This example code fails:

 require("socket")
 require("ssl")

-- TLS/SSL server parameters
 local params = {
 mode = "server",
 protocol = "sslv23",
 key = "./keys/server.key",
 certificate = "./keys/server.crt",
 cafile = "./keys/server.key",
 password = "123456",
 verify = {"peer", "fail_if_no_peer_cert"},
 options = {"all", "no_sslv2"},
 ciphers = "ALL:!ADH:@STRENGTH",
 }

local socket = require("socket")
local server = socket.bind("*", 8888)
local client = server:accept()
client:settimeout(10)

 -- TLS/SSL initialization
local conn,emsg = ssl.wrap(client, params)
print(emsg)
 conn:dohandshake()
 --
 conn:send("one line\n")
 conn:close()

request

https://localhost:8888/

output

error loading CA locations ((null))
lua: a.lua:25: attempt to index local 'conn' (a nil value)
stack traceback:
        a.lua:25: in main chunk
        [C]: ?

Not very much info. Any idea how to trace down to the problem ?

Update

Got this now: the cafile parameter is not necessary for server mode:

local params = {
 mode = "server",
 protocol = "sslv23",
 key = "./keys/server.key",
 certificate = "./keys/server.crt",
 password = "123456",
 options = {"all", "no_sslv2"},
 ciphers = "ALL:!ADH:@STRENGTH",
 }

Answer 1

LuaSec is a binding for OpenSSL, so the error you are getting ( error loading CA locations ) means that the OpenSSL library cannot read your CA files. Are you sure they are in the current directory and with proper permissions?

EDIT: According to LuaSec sources, it currently uses only the PEM format for private key. Ensure that the private key is stored as PEM, not DER.

Answer 2

CAFile contains the set of certificates (.crt) that your server or client trust. You put the key (.key).