Skip to content

Instantly share code, notes, and snippets.

@kyledrake
Forked from kenichi/curl commands
Last active Oct 15, 2015
Embed
What would you like to do?
$ curl -kvv --tlsv1.2 https://sni.nakamura.io:4567/
* Trying 127.0.0.1...
* Connected to sni.nakamura.io (127.0.0.1) port 4567 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / DHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: C=US; CN=mail.nakamura.io; emailAddress=postmaster@nakamura.io
* start date: 2014-12-12 09:35:03 GMT
* expire date: 2015-12-13 18:37:20 GMT
* issuer: C=IL; O=StartCom Ltd.; OU=Secure Digital Certificate Signing; CN=StartCom Class 1 Primary Intermediate Server CA
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET / HTTP/1.1
> Host: sni.nakamura.io:4567
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Connection: Keep-Alive
< Content-Length: 0
<
* Connection #0 to host sni.nakamura.io left intact
$ curl -kvv --tlsv1.2 https://localhost:4567/
* Trying ::1...
* connect to ::1 port 4567 failed: Connection refused
* Trying fe80::1...
* connect to fe80::1 port 4567 failed: Connection refused
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 4567 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / DHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: OU=Domain Control Validated; OU=PositiveSSL Multi-Domain; CN=whereigo.io
* start date: 2015-02-03 00:00:00 GMT
* expire date: 2016-02-03 23:59:59 GMT
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET / HTTP/1.1
> Host: localhost:4567
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Connection: Keep-Alive
< Content-Length: 0
<
* Connection #0 to host localhost left intact
require 'reel'
module Reel
class Server
class HTTPS_SNI < Server
def initialize(host, port, options={}, &callback)
ssl_context = OpenSSL::SSL::SSLContext.new
ssl_context.servername_cb = ->(a){
socket, sni = *a
ctx = socket.context
if Hash === options[:sni][sni]
ctx = OpenSSL::SSL::SSLContext.new
ctx.cert = OpenSSL::X509::Certificate.new options[:sni][sni][:cert]
ctx.key = OpenSSL::PKey::RSA.new options[:sni][sni][:key]
ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
ctx
end
ctx
}
ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
@tcpserver = Celluloid::IO::TCPServer.new(host, port)
server = Celluloid::IO::SSLServer.new(@tcpserver, ssl_context)
options.merge!(host: host, port: port)
options[:rescue] = [ OpenSSL::SSL::SSLError ]
super(server, options, &callback)
end
end
end
end
class R < Reel::Server::HTTPS_SNI
def initialize
super '127.0.0.1', 4567, {
sni: {
'sni.nakamura.io' => {
cert: File.read('nakamura.io.crt'),
key: File.read('nakamura.io.key')
},
'localhost' => {
cert: File.read('ssl-bundle.crt'),
key: File.read('whereigo.io.key')
}
}
}, &method(:on_connection)
end
def on_connection c
c.each_request do |r|
r.respond :ok, ''
end
end
end
puts "listening on 127.0.0.1:4567..."
R.run
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment