帶證書的lua https.request

Question

我正試圖用證書向lua提出請求。

最近我收到了COMODO SSL 。

我在互聯網上嘗試了很多教程，但無濟於事。

我發現這個博客的提議非常有趣：

我無法在Linux / OpenWRT / Lua 5.1上執行請求。

COMODO為我提供了以下文件：

1. AddTrustExternalCARoot.crt
2. my_domain_com.crt
3. COMODORSAAddTrustCA.crt
4. COMODORSADomainValidationSecureServerCA.crt

在這篇博客中他提到了這些文件：

1. key =“/ root /client.key”
2. 證書= “/根/ client.crt”，
3. 憑證檔案錯誤= “/根/ ca.crt”

如何將COMODO的.crt文件轉換為博客中提到的文件？

Obs：我試​​着用curl下載並獲取，但它沒有用。

Answer 1

我在博文中描述了細節 ; 基本上，您需要為ssl.wrap調用指定模式和證書文件：

local params = {
  mode = "client",
  protocol = "tlsv1",
  cafile = "/path/to/downloaded/cacert.pem", --<-- added cafile parameters
  verify = "peer", --<-- changed "none" to "peer"
  options = "all",
}

如果您需要將.crt轉換為.pem文件，那么以下SO答案可能有所幫助 。 我沒有嘗試過.crt，但是我使用.pem文件的例子。

Answer 2

我用這段代碼解決了這個問題 ：

module("https", package.seeall) 

local socket = require "socket" 
local http = require "socket.http" 
local ssl = require "ssl" 
local ltn12 = require "ltn12" 

local try = socket.try 
local protect = socket.protect 

local DEFAULT_PROTOCOL = "sslv23" 
local DEFAULT_CAFILE = "/etc/ssl/certs/ca-certificates.crt" 
local DEFAULT_VERIFY = "peer" 
local DEFAULT_OPTIONS = "all" 
local DEFAULT_CIPHERS = "ADH-AES256-SHA:ADH-AES128-SHA:HIGH:MEDIUM" 
local DEFAULT_HTTPS_PORT = 443 

local https_mt = { 
    -- Create proxy functions for each call through the metatable 
    __index = function(tbl, key) 
        local f = function(prxy, ...) 
            local c = prxy.c 
            return c[key](c, ...) 
        end 
        tbl[key] = f    -- Save new proxy function in cache for speed 
        return f 
    end 
} 

local function new_create(params) 
    return function() 
        local t = { c = try(socket.tcp()) } 
        function t:connect(host, port) 
            try(self.c:connect(host, port)) 
            self.c = try(ssl.wrap(self.c, params)) 
            try(self.c:dohandshake()) 
            return 1 
        end 
        return setmetatable(t, https_mt) 
    end 
end 

local function request_generic(args) 
    local sslparams = { 
        mode = "client", 
        protocol = args.protocol or DEFAULT_PROTOCOL, 
        cafile = args.cafile or DEFAULT_CAFILE, 
        verify = args.verify or DEFAULT_VERIFY, 
        options = args.options or DEFAULT_OPTIONS, 
        ciphers = args.ciphers or DEFAULT_CIPHERS 
    } 
    local req = { 
      url = args.url, 
      port = args.port or DEFAULT_HTTPS_PORT, 
      sink = args.sink, 
      method = args.method, 
      headers = args.headers, 
      source = args.source, 
      step = args.step, 
      proxy = args.proxy,       -- Buggy? 
      redirect = args.redirect, 
      create = new_create(sslparams) 
    } 
    return http.request(req) 
end 

local function request_simple(url, body) 
    local tbl = { } 
    local req = { 
        url = url, 
        sink = ltn12.sink.table(tbl) 
    } 
    if body then 
        req.method = "POST" 
        req.source = ltn12.source.string(body) 
        req.headers = { 
            ["Content-length"] = #body, 
            ["Content-type"] = "application/x-www-form-urlencoded" 
        } 
    end 
    local _, status, headers = request_generic(req) 
    return table.concat(tbl), status, headers 
end 


function request(req_or_url, body) 
    if type(req_or_url) == "string" then 
        return request_simple(req_or_url, body) 
    else 
        return request_generic(req_or_url) 
    end 
end