App-sslmaker
4 results

 view release on metacpan or  search on metacpan

README.md  view on Meta::CPAN 

    Creates a file which stores the SSL CRL number. If `n` is present in
    `%stash`, it will be used as the start number, which defaults to 1000.

- index.txt

    This is currently just an empty file.

- nginx.config

    Used to render an example nginx config. `%stash` should contain `cert`,
    `client_certificate`, `crl`, `key`, `server_name` and `verify_client`.

- openssl.cnf

    Creates a config file for openssl. TODO: Descrive stash values.

- serial

    Creates a file which stores the SSL serial number. If `n` is present in
    `%stash`, it will be used as the start number, which defaults to 1000.

lib/App/sslmaker.pm  view on Meta::CPAN 

Creates a file which stores the SSL CRL number. If C<n> is present in
C<%stash>, it will be used as the start number, which defaults to 1000.

=item * index.txt

This is currently just an empty file.

=item * nginx.config

Used to render an example nginx config. C<%stash> should contain C<cert>,
C<client_certificate>, C<crl>, C<key>, C<server_name> and C<verify_client>.

=item * openssl.cnf

Creates a config file for openssl. TODO: Descrive stash values.

=item * serial

Creates a file which stores the SSL serial number. If C<n> is present in
C<%stash>, it will be used as the start number, which defaults to 1000.

lib/App/sslmaker.pm  view on Meta::CPAN 

@@ nginx.config
server {
  listen 443;
  server_name <%= $stash->{domain} || 'example.com' %>;

  ssl on;
  ssl_certificate_key <%= $stash->{key} %>;
  ssl_certificate <%= $stash->{cert} %>;
  ssl_client_certificate <%= $stash->{ca_cert} %>;
  ssl_crl <%= $stash->{crl} || 'TODO' %>;
  ssl_verify_client <%= $stash->{verify_client} || 'optional' %>;
  ssl_verify_depth 2;

  location / {
    proxy_pass http://127.0.0.1:8080;
    proxy_set_header X-Forwarded-Proto "https";
    proxy_set_header X-SSL-Client-S-DN $ssl_client_s_dn; # /C=US/ST=Florida/L=Orlando/O=CLIENT NAME/CN=CLIENT NAME
    proxy_set_header X-SSL-Client-Verified $ssl_client_verify; # SUCCESS, FAILED, NONE
  }
}
@@ openssl.cnf
HOME = <%= Path::Tiny->new($stash->{home})->absolute->stringify %>
RANDFILE = $ENV::HOME/.rnd

[ ca ]
default_ca = CA_default
unique_subject = <%= $stash->{unique_subject} || "no" %>

script/sslmaker  view on Meta::CPAN 


  $args->{home}       = $self->root->parent;
  $args->{passphrase} = $self->root->parent->child(qw(passphrase));
  $self->run_maybe($args->{cert}, sub { $sslmaker->$wrapper(sign_csr => $args) });

  $args->{chain_cert} = $home->child(qw(certs ca-chain.cert.pem));
  $sslmaker->_cat(@$args{qw( cert ca_cert chain_cert )});
  $sslmaker->_d("# Generated $args->{chain_cert} from CA and intermediate certificate");

  $sslmaker->openssl(
    verify => -CAfile => @$args{qw( ca_cert cert )},
    sub {
      my ($sslmaker, $output) = @_;
      die $output if $output =~ /error/;
    }
  );

  return 0;
}

sub subcommand_nginx {

t/io-socket-inet.t  view on Meta::CPAN 

use Time::HiRes 'usleep';
use Test::More;
use App::sslmaker;

$ENV{SSLMAKER_SUBJECT} = '/C=NO/ST=Oslo/L=Oslo/O=Example/OU=Prime/CN=example.com/emailAddress=admin@example.com';

=commands

These commands can come in handy if something fail:

openssl verify -CAfile local/tmp/real/ca/certs/ca.cert.pem local/tmp/real/intermediate/certs/intermediate.cert.pem
openssl verify -CAfile local/tmp/real/intermediate/certs/ca-chain.cert.pem local/tmp/real/client.cert.pem
openssl x509 -noout -text -in local/tmp/real/ca/certs/ca.cert.pem
openssl x509 -noout -text -in local/tmp/real/intermediate/certs/intermediate.cert.pem
openssl x509 -noout -text -in local/tmp/real/client.cert.pem | grep 'Issuer\|Subject'
openssl x509 -noout -text -in local/tmp/real/server.cert.pem | grep 'Issuer\|Subject'

=cut

plan skip_all => "$^O is not supported" if $^O eq 'MSWin32';
plan skip_all => 'IO::Socket::IP 0.20 required'  unless eval 'use IO::Socket::IP 0.20; 1';
plan skip_all => 'IO::Socket::SSL 1.84 required' unless eval 'use IO::Socket::SSL 1.84; 1';

t/io-socket-inet.t  view on Meta::CPAN 


sub run_echo_server {
  my %args = (
    Listen                 => 10,
    LocalAddr              => $host,
    LocalPort              => $port,
    SSL_ca_file            => $home->child('intermediate/certs/ca-chain.cert.pem')->stringify,
    SSL_cert_file          => $home->child('server.cert.pem')->stringify,
    SSL_key_file           => $home->child('server.key.pem')->stringify,
    SSL_honor_cipher_order => 1,
    SSL_verify_mode        => 1,
  );

  my $s = IO::Socket::SSL->new(%args) or die "[SERVER] Failed to listen: $! ($IO::Socket::SSL::SSL_ERROR)";

  while (1) {
    note "Waiting for client to connect";
    my $client  = $s->accept or die "[SERVER] Failed to accept or ssl handshake: $! ($IO::Socket::SSL::SSL_ERROR)";
    my $buf     = $client->readline;
    my $subject = $client->peer_certificate('subject');
    note $subject;

t/io-socket-inet.t  view on Meta::CPAN 

}

sub connect_to_echo_server {
  my $guard = 3;
  my %args  = (
    PeerHost        => $host,
    PeerPort        => $port,
    SSL_ca_file     => $home->child('intermediate/certs/ca-chain.cert.pem')->stringify,
    SSL_cert_file   => $home->child('client.cert.pem')->stringify,
    SSL_key_file    => $home->child('client.key.pem')->stringify,
    SSL_verify_mode => 0,
  );

  while ($guard--) {
    note "Trying to connect to server ($pid)";
    usleep 300e3;
    my $client = IO::Socket::SSL->new(%args) or next;
    return $client;
  }

  die "[CLIENT] Failed connect or ssl handshake: $! ($IO::Socket::SSL::SSL_ERROR)";



( run in 1.627 second using v1.01-cache-2.11-cpan-39bf76dae61 )