带证书的lua https.request

时间:2017-03-27 22:33:27

标签: ssl https lua request certificate

我试图使用证书在 lua 上发出请求。

最近我收到了COMODO SSL

我在互联网上尝试了很多教程,但无济于事。

我发现this blog's proposal非常有趣:

我无法在Linux / OpenWRT / Lua 5.1上执行请求。

COMODO为我提供了以下文件:

  1. AddTrustExternalCARoot.crt
  2. my_domain_com.crt
  3. COMODORSAAddTrustCA.crt
  4. COMODORSADomainValidationSecureServerCA.crt

    5. 在这篇博客中他提到了这些文件:

    1. key =" /root/client.key"
    2. 证书=" /root/client.crt",
    3. 凭证档案错误=" /root/ca.crt"

      4. 如何将COMODO的.crt文件转换为博客中提到的文件?

      Obs:我试​​着用curl下载并获取,但它没有用。

2 个答案:

答案 0 :(得分:0)

我已经描述了details in a blog post;基本上,您需要为ssl.wrap调用指定模式和证书文件:

local params = {
  mode = "client",
  protocol = "tlsv1",
  cafile = "/path/to/downloaded/cacert.pem", --<-- added cafile parameters
  verify = "peer", --<-- changed "none" to "peer"
  options = "all",
}

如果您需要将.crt转换为.pem文件,则following SO answer may help。我没有尝试使用.crt,但我使用.pem文件的例子。

答案 1 :(得分:0)

我用this code解决了这个问题:

module("https", package.seeall) 

local socket = require "socket" 
local http = require "socket.http" 
local ssl = require "ssl" 
local ltn12 = require "ltn12" 

local try = socket.try 
local protect = socket.protect 

local DEFAULT_PROTOCOL = "sslv23" 
local DEFAULT_CAFILE = "/etc/ssl/certs/ca-certificates.crt" 
local DEFAULT_VERIFY = "peer" 
local DEFAULT_OPTIONS = "all" 
local DEFAULT_CIPHERS = "ADH-AES256-SHA:ADH-AES128-SHA:HIGH:MEDIUM" 
local DEFAULT_HTTPS_PORT = 443 

local https_mt = { 
    -- Create proxy functions for each call through the metatable 
    __index = function(tbl, key) 
        local f = function(prxy, ...) 
            local c = prxy.c 
            return c[key](c, ...) 
        end 
        tbl[key] = f    -- Save new proxy function in cache for speed 
        return f 
    end 
} 

local function new_create(params) 
    return function() 
        local t = { c = try(socket.tcp()) } 
        function t:connect(host, port) 
            try(self.c:connect(host, port)) 
            self.c = try(ssl.wrap(self.c, params)) 
            try(self.c:dohandshake()) 
            return 1 
        end 
        return setmetatable(t, https_mt) 
    end 
end 

local function request_generic(args) 
    local sslparams = { 
        mode = "client", 
        protocol = args.protocol or DEFAULT_PROTOCOL, 
        cafile = args.cafile or DEFAULT_CAFILE, 
        verify = args.verify or DEFAULT_VERIFY, 
        options = args.options or DEFAULT_OPTIONS, 
        ciphers = args.ciphers or DEFAULT_CIPHERS 
    } 
    local req = { 
      url = args.url, 
      port = args.port or DEFAULT_HTTPS_PORT, 
      sink = args.sink, 
      method = args.method, 
      headers = args.headers, 
      source = args.source, 
      step = args.step, 
      proxy = args.proxy,       -- Buggy? 
      redirect = args.redirect, 
      create = new_create(sslparams) 
    } 
    return http.request(req) 
end 

local function request_simple(url, body) 
    local tbl = { } 
    local req = { 
        url = url, 
        sink = ltn12.sink.table(tbl) 
    } 
    if body then 
        req.method = "POST" 
        req.source = ltn12.source.string(body) 
        req.headers = { 
            ["Content-length"] = #body, 
            ["Content-type"] = "application/x-www-form-urlencoded" 
        } 
    end 
    local _, status, headers = request_generic(req) 
    return table.concat(tbl), status, headers 
end 


function request(req_or_url, body) 
    if type(req_or_url) == "string" then 
        return request_simple(req_or_url, body) 
    else 
        return request_generic(req_or_url) 
    end 
end
相关问题
最新问题