-
-
Save kenichi/71c6dea7c81a1fcd922f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ curl -kvv --tlsv1.2 https://sni.nakamura.io:4567/ | |
| * Trying 127.0.0.1... | |
| * Connected to sni.nakamura.io (127.0.0.1) port 4567 (#0) | |
| * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH | |
| * TLSv1.2 (OUT), TLS handshake, Client hello (1): | |
| * TLSv1.2 (IN), TLS handshake, Server hello (2): | |
| * TLSv1.2 (IN), TLS handshake, Certificate (11): | |
| * TLSv1.2 (IN), TLS handshake, Server key exchange (12): | |
| * TLSv1.2 (IN), TLS handshake, Server finished (14): | |
| * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): | |
| * TLSv1.2 (OUT), TLS change cipher, Client hello (1): | |
| * TLSv1.2 (OUT), TLS handshake, Finished (20): | |
| * TLSv1.2 (IN), TLS change cipher, Client hello (1): | |
| * TLSv1.2 (IN), TLS handshake, Finished (20): | |
| * SSL connection using TLSv1.2 / DHE-RSA-AES256-GCM-SHA384 | |
| * Server certificate: | |
| * subject: C=US; CN=mail.nakamura.io; emailAddress=postmaster@nakamura.io | |
| * start date: 2014-12-12 09:35:03 GMT | |
| * expire date: 2015-12-13 18:37:20 GMT | |
| * issuer: C=IL; O=StartCom Ltd.; OU=Secure Digital Certificate Signing; CN=StartCom Class 1 Primary Intermediate Server CA | |
| * SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway. | |
| > GET / HTTP/1.1 | |
| > Host: sni.nakamura.io:4567 | |
| > User-Agent: curl/7.43.0 | |
| > Accept: */* | |
| > | |
| < HTTP/1.1 200 OK | |
| < Connection: Keep-Alive | |
| < Content-Length: 0 | |
| < | |
| * Connection #0 to host sni.nakamura.io left intact | |
| $ curl -kvv --tlsv1.2 https://localhost:4567/ | |
| * Trying ::1... | |
| * connect to ::1 port 4567 failed: Connection refused | |
| * Trying fe80::1... | |
| * connect to fe80::1 port 4567 failed: Connection refused | |
| * Trying 127.0.0.1... | |
| * Connected to localhost (127.0.0.1) port 4567 (#0) | |
| * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH | |
| * TLSv1.2 (OUT), TLS handshake, Client hello (1): | |
| * TLSv1.2 (IN), TLS handshake, Server hello (2): | |
| * TLSv1.2 (IN), TLS handshake, Certificate (11): | |
| * TLSv1.2 (IN), TLS handshake, Server key exchange (12): | |
| * TLSv1.2 (IN), TLS handshake, Server finished (14): | |
| * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): | |
| * TLSv1.2 (OUT), TLS change cipher, Client hello (1): | |
| * TLSv1.2 (OUT), TLS handshake, Finished (20): | |
| * TLSv1.2 (IN), TLS change cipher, Client hello (1): | |
| * TLSv1.2 (IN), TLS handshake, Finished (20): | |
| * SSL connection using TLSv1.2 / DHE-RSA-AES256-GCM-SHA384 | |
| * Server certificate: | |
| * subject: OU=Domain Control Validated; OU=PositiveSSL Multi-Domain; CN=whereigo.io | |
| * start date: 2015-02-03 00:00:00 GMT | |
| * expire date: 2016-02-03 23:59:59 GMT | |
| * issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA | |
| * SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway. | |
| > GET / HTTP/1.1 | |
| > Host: localhost:4567 | |
| > User-Agent: curl/7.43.0 | |
| > Accept: */* | |
| > | |
| < HTTP/1.1 200 OK | |
| < Connection: Keep-Alive | |
| < Content-Length: 0 | |
| < | |
| * Connection #0 to host localhost left intact |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'reel' | |
| module Reel | |
| class Server | |
| class HTTPS_SNI < Server | |
| def initialize(host, port, options={}, &callback) | |
| ssl_context = OpenSSL::SSL::SSLContext.new | |
| ssl_context.servername_cb = ->(a){ | |
| socket, sni = *a | |
| ctx = socket.context | |
| if Hash === options[:sni][sni] | |
| ctx = OpenSSL::SSL::SSLContext.new | |
| ctx.cert = OpenSSL::X509::Certificate.new options[:sni][sni][:cert] | |
| ctx.key = OpenSSL::PKey::RSA.new options[:sni][sni][:key] | |
| ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE | |
| ctx | |
| end | |
| ctx | |
| } | |
| ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE | |
| @tcpserver = Celluloid::IO::TCPServer.new(host, port) | |
| server = Celluloid::IO::SSLServer.new(@tcpserver, ssl_context) | |
| options.merge!(host: host, port: port) | |
| options[:rescue] = [ OpenSSL::SSL::SSLError ] | |
| super(server, options, &callback) | |
| end | |
| end | |
| end | |
| end | |
| class R < Reel::Server::HTTPS_SNI | |
| def initialize | |
| super '127.0.0.1', 4567, { | |
| sni: { | |
| 'sni.nakamura.io' => { | |
| cert: File.read('nakamura.io.crt'), | |
| key: File.read('nakamura.io.key') | |
| }, | |
| 'localhost' => { | |
| cert: File.read('ssl-bundle.crt'), | |
| key: File.read('whereigo.io.key') | |
| } | |
| } | |
| }, &method(:on_connection) | |
| end | |
| def on_connection c | |
| c.each_request do |r| | |
| r.respond :ok, '' | |
| end | |
| end | |
| end | |
| puts "listening on 127.0.0.1:4567..." | |
| R.run | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment