how can openssl have SUCH a bad cli interface

data/Netpong-Test-CA/cacert.pem

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEFDCCAvygAwIBAgITfl3NbK3jOj2V0yehJ0VkuBWlvDANBgkqhkiG9w0BAQsF
+ADCBmTELMAkGA1UEBhMCREUxHTAbBgNVBAgMFEJhZGVuIFfDg8K8cnR0ZW1iZXJn
+MREwDwYDVQQHDAhNYW5uaGVpbTEVMBMGA1UECgwMTmV0cG9uZyBUZWFtMR0wGwYD
+VQQDDBROZXRwb25nLVRlc3QtQ0EgUm9vdDEiMCAGCSqGSIb3DQEJARYTc29mdHdh
+cmVAY3NjaGVyci5kZTAeFw0yNDAxMjQxNDM3NTdaFw0zNDAxMjExNDM3NTdaMIGZ
+MQswCQYDVQQGEwJERTEdMBsGA1UECAwUQmFkZW4gV8ODwrxydHRlbWJlcmcxETAP
+BgNVBAcMCE1hbm5oZWltMRUwEwYDVQQKDAxOZXRwb25nIFRlYW0xHTAbBgNVBAMM
+FE5ldHBvbmctVGVzdC1DQSBSb290MSIwIAYJKoZIhvcNAQkBFhNzb2Z0d2FyZUBj
+c2NoZXJyLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjc443jjU
+YZP4aVC0vD0WRpzC6G50wva3lLX2vOf6x1xAE/sVQ7F3j25s/oUUzHSf4/F4H3rC
+R5ZmpyOBiW/1ZuQVb48HxzE7Vh/QQenTUVcPEdZcqf0vLogDzaSrq9uMXvmWHWgQ
+IE0yYbEBd2/bE0k530EW5QZpKdUZI6m+Tf6k60Fk65skC4IZ684M6ahB9AQiBY0c
+6DzJPN6AV33s6HjHqLJUeWwiEFXx7v/I3Fo81NHnoRZQw9bNel3rRa1Ovn1FIUz3
+rKygXb3/Zcl3TKh2eRXb7bJmG35dh+Cx9OtPlYSiU45w5Kxa7+c1n2H+rDv5QlcH
+tsUR2ONDDRG4MwIDAQABo1MwUTAdBgNVHQ4EFgQUj4dOxujhWUGrCG5xJNhrCXM0
+JWEwHwYDVR0jBBgwFoAUj4dOxujhWUGrCG5xJNhrCXM0JWEwDwYDVR0TAQH/BAUw
+AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAcR6c5RMuEqO01TKfzXq0b2J8Rfqxe9WJ
+6tgc7/3DatCYkytCq+fucZ2hUg/IxZ8wRpe1UyaK5iLd0kC8ag5RT5pl9ybHnVZZ
+DsQNYlal71DaCwId+VhiZpqGVERruln7nBifNDrqbRy9U2da/q7ZoMlxkIOgUiBd
+r4Ecv/J6l6LprIIjxGRQ6dC0TN0kDkJ5UFS7IMsM13eDtejA/mfHOamN6Ty0PzaY
+HI9IeKzlFz0yzRyaYL/VrpBmiQF1goRpeIfEZw5F09hatkhSgzmV+GcMjTAnIVCU
+h/s9q/mFKeWVWUA8endIx+3YXtIdMK6H16DGYNOIyzmc7XwpQkDqvg==
+-----END CERTIFICATE-----

data/Netpong-Test-CA/private/cakey.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCNzjjeONRhk/hp
+ULS8PRZGnMLobnTC9reUtfa85/rHXEAT+xVDsXePbmz+hRTMdJ/j8XgfesJHlman
+I4GJb/Vm5BVvjwfHMTtWH9BB6dNRVw8R1lyp/S8uiAPNpKur24xe+ZYdaBAgTTJh
+sQF3b9sTSTnfQRblBmkp1Rkjqb5N/qTrQWTrmyQLghnrzgzpqEH0BCIFjRzoPMk8
+3oBXfezoeMeoslR5bCIQVfHu/8jcWjzU0eehFlDD1s16XetFrU6+fUUhTPesrKBd
+vf9lyXdMqHZ5FdvtsmYbfl2H4LH060+VhKJTjnDkrFrv5zWfYf6sO/lCVwe2xRHY
+40MNEbgzAgMBAAECggEAIMO52wqpc8RTPM4zfFzm9TjKRhcjblrADyG+GWbGSGL1
+wUgd4S6zj9X1ZBeOtzDpMqs71JYyJoVHQa4QA5f1TSk9FLIpG2qyKZOfNGOY+m3R
+ow7zCSnhSXCO5Gh8a/CF7fngJ/o/457CmdTioFydc0bTktSAvDkvekVtEhLp0C5C
+jTxhOYFaSznpLccHVkZtu2hYqSInTLFk3YVBi1qHO8qGbnUCj1PWSxV1wTmu/Ilo
+wVw3OFyCoZhjrSN3sjNYpOFJEAV5eb9AUGCum6r+Zo7GNPiM7jDShfRidD8mjcq9
+YDDkInTETHVcmr1U5CByUagDl7//ifaRBoBy5E3GPQKBgQDDKneviwuCGt2y5qbN
+PPILMXHwMxja77iDIily7Mg9cbi8Cmq4fcLcPs6SEoMmHHzuAFICrWXjJJ14npfv
+PR/UnIqDo95PclsjHe1dou396eqrtNGUBp5c8lt8tZGbLcLdCZMOsKqCdiPTmw1T
+vaGnx4GRaQIoOVeW0N8me0J9hQKBgQC6Acr6JP/tD40s04fQb6SBMz+mTiAGPoel
+R0crnh6rqb4wvomX5yoT9JRI80+i/aqVtm7COb512nq2CLc4SKSOdVSEHaRTUmOC
+lLnImM9rQoP13VEwuGnL7kMv7mNc2sOZl6WHGmAnHS27zDV+e74vUIyjAdqUAUsL
+C19SU5nQVwKBgQCbo7pe29wJnbM/gIF1Gy1Lj9r1W0pvDs1uhkfXxszJc2+HRidl
+iaVkTxIdm3XLZtyaUNcWG4Itan3KO2+e8nf37f7ojD41zVSw5KTvD4gL/gePd1vL
+WJviM8SR55p+zjegXopQJMNV1zErB3PRXGEWlBvYAo4d1dzsARZ0ccfMoQKBgB+Z
+AF8f++3Mb4IG6RJqdLqR9yUMLnqBEs/r3NY3BSTKMAndxEfuuAIt0SbXVlbs2paW
+KBiMcKNamu/jaSSBipq8qb/LvUd+PnNHSoweEVY6NWqFzy4ElcxTzEwPJgf3DbVA
+wpjBzUW3ujYlyYyT/snQ2CM0xGnSEmps4yN8Giv/AoGALsiOvNv/jUNU/RM+OznR
+93Q7WsmjZxbPFLAdpiI+Fl8zcERlSGqBKSxQSdeD7Tke5Ywzc/LHqNhTJjnDjJCY
+xWzDRe/ALUHCEEc4C6dd5qPmD30T8Fb8fRX6HVFHqT3VKb3KKrpZYvkNY8ihprq6
+iLDnm4a9JQ3aGrzkgV6xxlo=
+-----END PRIVATE KEY-----

data/ca.conf

@@ -0,0 +1,31 @@
+ [ ca ]
+ default_ca      = Netpong-Test-CA            # The default ca section
+
+ [ Netpong-Test-CA ]
+
+ dir            = ./Netpong-Test-CA     # top dir
+ database       = $dir/index.txt        # index file.
+ new_certs_dir  = $dir/newcerts         # new certs dir
+
+ certificate    = $dir/cacert.pem       # The CA cert
+ serial         = $dir/serial           # serial no file
+ private_key    = $dir/private/cakey.pem# CA private key
+ RANDFILE       = $dir/private/.rand    # random number file
+
+ default_days   = 3650                  # how long to certify for
+ default_crl_days= 30                   # how long before next CRL
+
+ policy         = policy_any            # default policy
+ email_in_dn    = no                    # Don't add the email into cert DN
+
+ name_opt       = ca_default            # Subject name display option
+ cert_opt       = ca_default            # Certificate display option
+ copy_extensions = none                 # Don't copy extensions from request
+
+ [ policy_any ]
+ countryName            = optional
+ stateOrProvinceName    = optional
+ organizationName       = optional
+ organizationalUnitName = optional
+ commonName             = supplied
+ emailAddress           = optional

data/cert.pem

@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDazCCAlOgAwIBAgIUPLZFd1ZmncG0bzFIhFBfxj7kKEMwDQYJKoZIhvcNAQEL
-BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
-GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDAxMjEyMTAzMTJaFw0yNDAy
-MjAyMTAzMTJaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
-HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQCyGMplbAbVnxqpxGOBCjUeZUQ/V7PmPFLPnjhUIOb5
-UBXt3aNE5qrL8VIUTia8ljv/1Ma3c+468e2c0BRv++Jvgbzi/LEAQfADapBz5ZD8
-vg3w0l7ilmP+3COCWK1NHCghc/4TxUIT16d+49Yy7udLK9+UEM7GJ5LBdGjmGNRw
-6jFL1e1xZj6oSnUxD58zjou5Bv/1cY9+JENc2/C589AcNnBRpEn9ZcJKvRnC/Lfd
-kXavMdk2VmLX9+YlTawwLP+kRI4Li223lOcnq2v6SYOkGNwWlivCMNMOg2pp7cxC
-YRQhkS9QGXjAyrK1VJy8GEPNsEFsxc6p5O+/h3XVhrSLAgMBAAGjUzBRMB0GA1Ud
-DgQWBBRWe92k4QFXu1aZo3m+FjAPXDCiszAfBgNVHSMEGDAWgBRWe92k4QFXu1aZ
-o3m+FjAPXDCiszAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBW
-cxUTDKd1klBlTd8NOy72S3uiEts7M1Z4DjjMfvsqJBlEUNbUwmaauVTcp5kEu1iA
-wGoQsa5dcCZmJxw3eXDuXg82rIX+FvqcJ/P/BE1kUAXYXa86AK+5rFCpblph71g5
-SWN23HcOMTeoiOjucCEx3tu48lGYKuoqmijQhaD4BNbYXFx3HzmdDCw/6YxshHOF
-0aB7+K6ScMDgrdt25AowfmhYtbK0HV+jMnrl3SJwv6YcaqifXuw4vQ85fSHFxBKs
-9YSPGLao0kPRMIJtrg+j6q0JaLNv0wwxi5gt2jb6jmYFsRJK1FJ9YBbBTIrP6pZ3
-9Xc0GIieYs8xY0LKdyTS
------END CERTIFICATE-----

data/key.pem

@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCyGMplbAbVnxqp
-xGOBCjUeZUQ/V7PmPFLPnjhUIOb5UBXt3aNE5qrL8VIUTia8ljv/1Ma3c+468e2c
-0BRv++Jvgbzi/LEAQfADapBz5ZD8vg3w0l7ilmP+3COCWK1NHCghc/4TxUIT16d+
-49Yy7udLK9+UEM7GJ5LBdGjmGNRw6jFL1e1xZj6oSnUxD58zjou5Bv/1cY9+JENc
-2/C589AcNnBRpEn9ZcJKvRnC/LfdkXavMdk2VmLX9+YlTawwLP+kRI4Li223lOcn
-q2v6SYOkGNwWlivCMNMOg2pp7cxCYRQhkS9QGXjAyrK1VJy8GEPNsEFsxc6p5O+/
-h3XVhrSLAgMBAAECggEACRLgRPiTBJE9n4ak9y8Y87p/FqcWQFW0dmV+QzMF8Y/V
-/i97oQgLjaZ24xf0O0mANxGVKkWazqAC1il30RjJOZsnj30GW5gAbXwhbfY1Q9s/
-BJUDRpIY+CQpHvv7oGEd3k51lHZJXo9vNjTPdfrcB+VtV7LfhhMAFCElMwvyzunZ
-slQaG33kb4SNXdqWWG02mI5uNCLtIClQWCJkQX0NYefVhGtwBAl5mvGZBinBg+ji
-OdK8pyoRKmbVV9AsZ+zDaXKFSPV9CTNY9Q5Z6Zca0KRA2KKt2JrsgQzUok+o72bw
-QkTKfRaHqeQ2WUZx0eiG2kOTVtSP2ovkiireUT8luQKBgQD0YCNzbEUDLPT67x+W
-8IRHTMpNMvn/5qcUirtuc7yrBNivsMW844VJcsHTE1iJ4lK8AWQoJdxmp7Jhas4K
-3HzpUVEKKOC46AIx0o3Bh7MibjVnaeUlLgQWdtHyPblRmkE8/PvHWb11HUmBtBOG
-kGuC6Zk6DqSXnu68y9mW9Q/bBwKBgQC6kYyRgxkcZiyLeiPYfuBTxj7JaQ9sZMbS
-3AmhpDBUyHTf0EExD6Rj9Rm3aKl+lj2Rm0CVPagJzMEhKWZjmaycetMavArtVxh8
-GyFFjgipwmszSKyKvEpmQ7bcStmu8NEgbFe0pCsKlVSNH9x9HGQWxuwza/AYD1nw
-jSP7PFsFXQKBgGwNvl8g9nrq+/+gkAU7oCGusJzl92jRYftRRIMYJcowwGce8LAO
-ojbRySY9nZ6KNi7vJowiAYxahiNRCH4A9DJuRDkLziG0ZJQHF6sFB44n0PFC/5Er
-AZ+1Niu4YyLT5BjFe8avxXftVT1GlIOhhAhEpf3nz5tDKSjNsg5vmW0tAoGAH4cn
-LRPtc2okzvE2C4jtWdrfk2PIsnWZT9rVWdaIQFubvJLR4XuWOTobPW5XbkfvYaLN
-2CqSMg3C+Vqord4zWEI9WIA8jH0yaw6eocVt21o6iXEXj15gaEW7KiEQBks12/fT
-Hni7uU8g+bRPq2jX1S2KjuoHqdk2RrtjQDqj2xUCgYEAnITvoy6U427XGIH010bn
-+O5dfgsZ0XEoaxJRYQdO4Tp6Ob/lKQDGmuu9ehbfMjaFR0uAWvsW/rps7P1WTl/b
-LtArkTXtxe2kNOKb7wbChtiIYyghtRk9QLAZzDP/bc83denwjVg0mkbcynMCfeJg
-ILvGfJEt28Dwf1StGv/fzI8=
------END PRIVATE KEY-----

scripts/client.py

@@ -1,26 +0,0 @@
-import socket
-
-
-def ping():
-
-    HOST = "127.0.0.1"
-    PORT = 9999
-
-    payload = b"ping\0"
-
-    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
-        s.connect((HOST, PORT))
-        while True:
-            try:
-                s.sendall(payload)
-                print("> ping")
-            except Exception as e:
-                break
-            reply = s.recv(1024).decode()
-            if reply == "":
-                break
-            print(f"< {reply}")
-        print("connection shut down")
-
-if __name__ == "__main__":
-    ping()

scripts/make_cert.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+mkdir data
+echo create ca
+# non-interactive and 10 years expiration
+openssl req -x509 -nodes -newkey rsa:4096 -keyout data/key.pem -out data/cert.pem -sha256 -days 3650 -subj '/CN=localhost'

scripts/spam.rs

@@ -1,12 +0,0 @@
-const MAX: usize = 50;
-use std::process::Command;
-
-fn main() {
-    let mut pool = ThreadPool::new(MAX);
-
-    loop {
-        pool.execute(||{
-            Command::new("python3").args(["scripts/client.py"]).output().unwrap();
-        });
-    }
-}

src/client/mod.rs

@@ -4,7 +4,7 @@ use std::{fs::File, io::BufReader, sync::Arc};
 use crate::{common::decode, Config};
 
 use anyhow;
-use libpt::log::{error, info};
+use libpt::log::{error, info, trace};
 use rustls_pemfile::certs;
 use tokio::{
     io::{AsyncReadExt, AsyncWriteExt},
@@ -32,9 +32,11 @@ impl Client {
         if cfg.certs.is_some() {
             let mut reader = BufReader::new(File::open(cfg.certs.clone().unwrap())?);
             for cert in certs(&mut reader) {
+                trace!("found custom cert: {cert:?}");
                 root_cert_store.add(cert?)?
             }
         }
+        trace!("root cert store: {root_cert_store:?}");
         let tls_config = rustls::ClientConfig::builder()
             .with_root_certificates(root_cert_store)
             .with_no_client_auth();