Last active
May 5, 2018 10:13
-
-
Save artem-smotrakov/9b65e69b05c8acbd1a8ef2799b39c588 to your computer and use it in GitHub Desktop.
Building a Docker image with picotls TLS 1.3 server with enabled AddressSanitizer. Based on https://github.com/artem-smotrakov/tlsbunny
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
openssl ecparam -out root_key.pem -name secp256r1 -genkey | |
openssl req -new -key root_key.pem -out root_req.pem -sha256 -subj /CN=Root | |
openssl x509 -req -days 3650 -in root_req.pem -signkey root_key.pem -out root_cert.der -sha256 -outform der | |
openssl pkcs8 -topk8 -nocrypt \ | |
-in root_key.pem -inform pem -out root_key.pkcs8 -outform der | |
openssl x509 -in root_cert.der -inform der -out root_cert.pem -outform pem | |
openssl ecparam -out server_key.pem -name secp256r1 -genkey | |
openssl req -new -key server_key.pem -out server_req.pem -sha256 -subj /CN=Server | |
openssl x509 -req -days 3650 -sha256 \ | |
-in server_req.pem -out server_cert.der -outform der \ | |
-CA root_cert.pem -CAkey root_key.pem -set_serial 1 | |
openssl pkcs8 -topk8 -nocrypt \ | |
-in server_key.pem -inform pem -out server_key.pkcs8 -outform der | |
openssl x509 -in server_cert.der -inform der -out server_cert.pem -outform pem | |
openssl ecparam -out client_key.pem -name secp256r1 -genkey | |
openssl req -new -key client_key.pem -out client_req.pem -sha256 -subj /CN=Client | |
openssl x509 -req -days 3650 -sha256 \ | |
-in client_req.pem -out client_cert.der -outform der \ | |
-CA root_cert.pem -CAkey root_key.pem -set_serial 2 | |
openssl pkcs8 -topk8 -nocrypt \ | |
-in client_key.pem -inform pem -out client_key.pkcs8 -outform der | |
openssl x509 -in client_cert.der -inform der -out client_cert.pem -outform pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# this is a dockerfile which builds picotls, and start a local TLS 1.3 server | |
# | |
# the following commands build a docker image | |
# | |
# $ docker build --file Dockerfile --tag picotls/server/tls13 . | |
# | |
# the following command starts a local picotls server | |
# | |
# $ docker run -p 20101:20101 picotls/server/tls13 | |
# | |
# good luck! | |
# | |
FROM ubuntu | |
RUN apt-get update --fix-missing | |
RUN apt-get install -y git make cmake gcc g++ pkg-config openssl libssl-dev | |
ENV PICOTLS /var/src/picotls | |
RUN git clone https://github.com/h2o/picotls ${PICOTLS} | |
WORKDIR ${PICOTLS} | |
RUN git submodule init | |
RUN git submodule update | |
ENV CFLAGS="-fsanitize=address -fno-omit-frame-pointer -g -O1" | |
ENV LDFLAGS=-fsanitize=address | |
RUN cmake \ | |
-DCMAKE_C_FLAGS=${CFLAGS} \ | |
-DCMAKE_EXE_LINKER_FLAGS=${LDFLAGS} \ | |
. | |
RUN make | |
EXPOSE 20101 | |
ADD create_certs.sh create_certs.sh | |
RUN bash create_certs.sh | |
RUN echo "I am a picotls server which supports TLS 1.3" > message | |
CMD [ "./cli", "-c", "server_cert.pem", "-k", "server_key.pem", "-i", "message", "0.0.0.0", "20101" ] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment