此示例代码失败:
require("socket")
require("ssl")
-- TLS/SSL server parameters
local params = {
mode = "server",
protocol = "sslv23",
key = "./keys/server.key",
certificate = "./keys/server.crt",
cafile = "./keys/server.key",
password = "123456",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all", "no_sslv2"},
ciphers = "ALL:!ADH:@STRENGTH",
}
local socket = require("socket")
local server = socket.bind("*", 8888)
local client = server:accept()
client:settimeout(10)
-- TLS/SSL initialization
local conn,emsg = ssl.wrap(client, params)
print(emsg)
conn:dohandshake()
--
conn:send("one line\n")
conn:close()
请求
https://localhost:8888/
输出
error loading CA locations ((null))
lua: a.lua:25: attempt to index local 'conn' (a nil value)
stack traceback:
a.lua:25: in main chunk
[C]: ?
信息不多。知道如何追查问题吗?
更新
立即获得:服务器模式不需要 cafile 参数:
local params = {
mode = "server",
protocol = "sslv23",
key = "./keys/server.key",
certificate = "./keys/server.crt",
password = "123456",
options = {"all", "no_sslv2"},
ciphers = "ALL:!ADH:@STRENGTH",
}
答案 0 :(得分:3)
LuaSec是OpenSSL的绑定,因此您收到的错误(加载CA位置错误)意味着OpenSSL库无法读取您的CA文件。您确定它们在当前目录中并具有适当的权限吗?
编辑:根据LuaSec的消息来源,它目前只使用私有密钥的PEM格式。确保私钥存储为PEM,而不是DER。答案 1 :(得分:0)
CAFile包含服务器或客户端信任的证书集(.crt)。你把钥匙(.key)。