From 06430ec6b75eda280234a6b5d8053c58f1786312 Mon Sep 17 00:00:00 2001 From: "Christoph J. Scherr" Date: Wed, 24 Jan 2024 15:38:24 +0100 Subject: [PATCH] how can openssl have SUCH a bad cli interface --- data/Netpong-Test-CA/cacert.pem | 24 ++++++++++++++++++++ data/Netpong-Test-CA/private/cakey.pem | 28 +++++++++++++++++++++++ data/ca.conf | 31 ++++++++++++++++++++++++++ data/cert.pem | 21 ----------------- data/key.pem | 28 ----------------------- scripts/client.py | 26 --------------------- scripts/make_cert.sh | 5 +++++ scripts/spam.rs | 12 ---------- src/client/mod.rs | 4 +++- 9 files changed, 91 insertions(+), 88 deletions(-) create mode 100644 data/Netpong-Test-CA/cacert.pem create mode 100644 data/Netpong-Test-CA/private/cakey.pem create mode 100644 data/ca.conf delete mode 100644 data/cert.pem delete mode 100644 data/key.pem delete mode 100644 scripts/client.py create mode 100755 scripts/make_cert.sh delete mode 100644 scripts/spam.rs diff --git a/data/Netpong-Test-CA/cacert.pem b/data/Netpong-Test-CA/cacert.pem new file mode 100644 index 0000000..f5c48b9 --- /dev/null +++ b/data/Netpong-Test-CA/cacert.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEFDCCAvygAwIBAgITfl3NbK3jOj2V0yehJ0VkuBWlvDANBgkqhkiG9w0BAQsF +ADCBmTELMAkGA1UEBhMCREUxHTAbBgNVBAgMFEJhZGVuIFfDg8K8cnR0ZW1iZXJn +MREwDwYDVQQHDAhNYW5uaGVpbTEVMBMGA1UECgwMTmV0cG9uZyBUZWFtMR0wGwYD +VQQDDBROZXRwb25nLVRlc3QtQ0EgUm9vdDEiMCAGCSqGSIb3DQEJARYTc29mdHdh +cmVAY3NjaGVyci5kZTAeFw0yNDAxMjQxNDM3NTdaFw0zNDAxMjExNDM3NTdaMIGZ +MQswCQYDVQQGEwJERTEdMBsGA1UECAwUQmFkZW4gV8ODwrxydHRlbWJlcmcxETAP +BgNVBAcMCE1hbm5oZWltMRUwEwYDVQQKDAxOZXRwb25nIFRlYW0xHTAbBgNVBAMM +FE5ldHBvbmctVGVzdC1DQSBSb290MSIwIAYJKoZIhvcNAQkBFhNzb2Z0d2FyZUBj +c2NoZXJyLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjc443jjU +YZP4aVC0vD0WRpzC6G50wva3lLX2vOf6x1xAE/sVQ7F3j25s/oUUzHSf4/F4H3rC +R5ZmpyOBiW/1ZuQVb48HxzE7Vh/QQenTUVcPEdZcqf0vLogDzaSrq9uMXvmWHWgQ +IE0yYbEBd2/bE0k530EW5QZpKdUZI6m+Tf6k60Fk65skC4IZ684M6ahB9AQiBY0c +6DzJPN6AV33s6HjHqLJUeWwiEFXx7v/I3Fo81NHnoRZQw9bNel3rRa1Ovn1FIUz3 +rKygXb3/Zcl3TKh2eRXb7bJmG35dh+Cx9OtPlYSiU45w5Kxa7+c1n2H+rDv5QlcH +tsUR2ONDDRG4MwIDAQABo1MwUTAdBgNVHQ4EFgQUj4dOxujhWUGrCG5xJNhrCXM0 +JWEwHwYDVR0jBBgwFoAUj4dOxujhWUGrCG5xJNhrCXM0JWEwDwYDVR0TAQH/BAUw +AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAcR6c5RMuEqO01TKfzXq0b2J8Rfqxe9WJ +6tgc7/3DatCYkytCq+fucZ2hUg/IxZ8wRpe1UyaK5iLd0kC8ag5RT5pl9ybHnVZZ +DsQNYlal71DaCwId+VhiZpqGVERruln7nBifNDrqbRy9U2da/q7ZoMlxkIOgUiBd +r4Ecv/J6l6LprIIjxGRQ6dC0TN0kDkJ5UFS7IMsM13eDtejA/mfHOamN6Ty0PzaY +HI9IeKzlFz0yzRyaYL/VrpBmiQF1goRpeIfEZw5F09hatkhSgzmV+GcMjTAnIVCU +h/s9q/mFKeWVWUA8endIx+3YXtIdMK6H16DGYNOIyzmc7XwpQkDqvg== +-----END CERTIFICATE----- diff --git a/data/Netpong-Test-CA/private/cakey.pem b/data/Netpong-Test-CA/private/cakey.pem new file mode 100644 index 0000000..04e2fdf --- /dev/null +++ b/data/Netpong-Test-CA/private/cakey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCNzjjeONRhk/hp +ULS8PRZGnMLobnTC9reUtfa85/rHXEAT+xVDsXePbmz+hRTMdJ/j8XgfesJHlman +I4GJb/Vm5BVvjwfHMTtWH9BB6dNRVw8R1lyp/S8uiAPNpKur24xe+ZYdaBAgTTJh +sQF3b9sTSTnfQRblBmkp1Rkjqb5N/qTrQWTrmyQLghnrzgzpqEH0BCIFjRzoPMk8 +3oBXfezoeMeoslR5bCIQVfHu/8jcWjzU0eehFlDD1s16XetFrU6+fUUhTPesrKBd +vf9lyXdMqHZ5FdvtsmYbfl2H4LH060+VhKJTjnDkrFrv5zWfYf6sO/lCVwe2xRHY +40MNEbgzAgMBAAECggEAIMO52wqpc8RTPM4zfFzm9TjKRhcjblrADyG+GWbGSGL1 +wUgd4S6zj9X1ZBeOtzDpMqs71JYyJoVHQa4QA5f1TSk9FLIpG2qyKZOfNGOY+m3R +ow7zCSnhSXCO5Gh8a/CF7fngJ/o/457CmdTioFydc0bTktSAvDkvekVtEhLp0C5C +jTxhOYFaSznpLccHVkZtu2hYqSInTLFk3YVBi1qHO8qGbnUCj1PWSxV1wTmu/Ilo +wVw3OFyCoZhjrSN3sjNYpOFJEAV5eb9AUGCum6r+Zo7GNPiM7jDShfRidD8mjcq9 +YDDkInTETHVcmr1U5CByUagDl7//ifaRBoBy5E3GPQKBgQDDKneviwuCGt2y5qbN +PPILMXHwMxja77iDIily7Mg9cbi8Cmq4fcLcPs6SEoMmHHzuAFICrWXjJJ14npfv +PR/UnIqDo95PclsjHe1dou396eqrtNGUBp5c8lt8tZGbLcLdCZMOsKqCdiPTmw1T +vaGnx4GRaQIoOVeW0N8me0J9hQKBgQC6Acr6JP/tD40s04fQb6SBMz+mTiAGPoel +R0crnh6rqb4wvomX5yoT9JRI80+i/aqVtm7COb512nq2CLc4SKSOdVSEHaRTUmOC +lLnImM9rQoP13VEwuGnL7kMv7mNc2sOZl6WHGmAnHS27zDV+e74vUIyjAdqUAUsL +C19SU5nQVwKBgQCbo7pe29wJnbM/gIF1Gy1Lj9r1W0pvDs1uhkfXxszJc2+HRidl +iaVkTxIdm3XLZtyaUNcWG4Itan3KO2+e8nf37f7ojD41zVSw5KTvD4gL/gePd1vL +WJviM8SR55p+zjegXopQJMNV1zErB3PRXGEWlBvYAo4d1dzsARZ0ccfMoQKBgB+Z +AF8f++3Mb4IG6RJqdLqR9yUMLnqBEs/r3NY3BSTKMAndxEfuuAIt0SbXVlbs2paW +KBiMcKNamu/jaSSBipq8qb/LvUd+PnNHSoweEVY6NWqFzy4ElcxTzEwPJgf3DbVA +wpjBzUW3ujYlyYyT/snQ2CM0xGnSEmps4yN8Giv/AoGALsiOvNv/jUNU/RM+OznR +93Q7WsmjZxbPFLAdpiI+Fl8zcERlSGqBKSxQSdeD7Tke5Ywzc/LHqNhTJjnDjJCY +xWzDRe/ALUHCEEc4C6dd5qPmD30T8Fb8fRX6HVFHqT3VKb3KKrpZYvkNY8ihprq6 +iLDnm4a9JQ3aGrzkgV6xxlo= +-----END PRIVATE KEY----- diff --git a/data/ca.conf b/data/ca.conf new file mode 100644 index 0000000..e4f1c22 --- /dev/null +++ b/data/ca.conf @@ -0,0 +1,31 @@ + [ ca ] + default_ca = Netpong-Test-CA # The default ca section + + [ Netpong-Test-CA ] + + dir = ./Netpong-Test-CA # top dir + database = $dir/index.txt # index file. + new_certs_dir = $dir/newcerts # new certs dir + + certificate = $dir/cacert.pem # The CA cert + serial = $dir/serial # serial no file + private_key = $dir/private/cakey.pem# CA private key + RANDFILE = $dir/private/.rand # random number file + + default_days = 3650 # how long to certify for + default_crl_days= 30 # how long before next CRL + + policy = policy_any # default policy + email_in_dn = no # Don't add the email into cert DN + + name_opt = ca_default # Subject name display option + cert_opt = ca_default # Certificate display option + copy_extensions = none # Don't copy extensions from request + + [ policy_any ] + countryName = optional + stateOrProvinceName = optional + organizationName = optional + organizationalUnitName = optional + commonName = supplied + emailAddress = optional diff --git a/data/cert.pem b/data/cert.pem deleted file mode 100644 index f5ba695..0000000 --- a/data/cert.pem +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDazCCAlOgAwIBAgIUPLZFd1ZmncG0bzFIhFBfxj7kKEMwDQYJKoZIhvcNAQEL -BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM -GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDAxMjEyMTAzMTJaFw0yNDAy -MjAyMTAzMTJaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw -HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQCyGMplbAbVnxqpxGOBCjUeZUQ/V7PmPFLPnjhUIOb5 -UBXt3aNE5qrL8VIUTia8ljv/1Ma3c+468e2c0BRv++Jvgbzi/LEAQfADapBz5ZD8 -vg3w0l7ilmP+3COCWK1NHCghc/4TxUIT16d+49Yy7udLK9+UEM7GJ5LBdGjmGNRw -6jFL1e1xZj6oSnUxD58zjou5Bv/1cY9+JENc2/C589AcNnBRpEn9ZcJKvRnC/Lfd -kXavMdk2VmLX9+YlTawwLP+kRI4Li223lOcnq2v6SYOkGNwWlivCMNMOg2pp7cxC -YRQhkS9QGXjAyrK1VJy8GEPNsEFsxc6p5O+/h3XVhrSLAgMBAAGjUzBRMB0GA1Ud -DgQWBBRWe92k4QFXu1aZo3m+FjAPXDCiszAfBgNVHSMEGDAWgBRWe92k4QFXu1aZ -o3m+FjAPXDCiszAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBW -cxUTDKd1klBlTd8NOy72S3uiEts7M1Z4DjjMfvsqJBlEUNbUwmaauVTcp5kEu1iA -wGoQsa5dcCZmJxw3eXDuXg82rIX+FvqcJ/P/BE1kUAXYXa86AK+5rFCpblph71g5 -SWN23HcOMTeoiOjucCEx3tu48lGYKuoqmijQhaD4BNbYXFx3HzmdDCw/6YxshHOF -0aB7+K6ScMDgrdt25AowfmhYtbK0HV+jMnrl3SJwv6YcaqifXuw4vQ85fSHFxBKs -9YSPGLao0kPRMIJtrg+j6q0JaLNv0wwxi5gt2jb6jmYFsRJK1FJ9YBbBTIrP6pZ3 -9Xc0GIieYs8xY0LKdyTS ------END CERTIFICATE----- diff --git a/data/key.pem b/data/key.pem deleted file mode 100644 index 786a50d..0000000 --- a/data/key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCyGMplbAbVnxqp -xGOBCjUeZUQ/V7PmPFLPnjhUIOb5UBXt3aNE5qrL8VIUTia8ljv/1Ma3c+468e2c -0BRv++Jvgbzi/LEAQfADapBz5ZD8vg3w0l7ilmP+3COCWK1NHCghc/4TxUIT16d+ -49Yy7udLK9+UEM7GJ5LBdGjmGNRw6jFL1e1xZj6oSnUxD58zjou5Bv/1cY9+JENc -2/C589AcNnBRpEn9ZcJKvRnC/LfdkXavMdk2VmLX9+YlTawwLP+kRI4Li223lOcn -q2v6SYOkGNwWlivCMNMOg2pp7cxCYRQhkS9QGXjAyrK1VJy8GEPNsEFsxc6p5O+/ -h3XVhrSLAgMBAAECggEACRLgRPiTBJE9n4ak9y8Y87p/FqcWQFW0dmV+QzMF8Y/V -/i97oQgLjaZ24xf0O0mANxGVKkWazqAC1il30RjJOZsnj30GW5gAbXwhbfY1Q9s/ -BJUDRpIY+CQpHvv7oGEd3k51lHZJXo9vNjTPdfrcB+VtV7LfhhMAFCElMwvyzunZ -slQaG33kb4SNXdqWWG02mI5uNCLtIClQWCJkQX0NYefVhGtwBAl5mvGZBinBg+ji -OdK8pyoRKmbVV9AsZ+zDaXKFSPV9CTNY9Q5Z6Zca0KRA2KKt2JrsgQzUok+o72bw -QkTKfRaHqeQ2WUZx0eiG2kOTVtSP2ovkiireUT8luQKBgQD0YCNzbEUDLPT67x+W -8IRHTMpNMvn/5qcUirtuc7yrBNivsMW844VJcsHTE1iJ4lK8AWQoJdxmp7Jhas4K -3HzpUVEKKOC46AIx0o3Bh7MibjVnaeUlLgQWdtHyPblRmkE8/PvHWb11HUmBtBOG -kGuC6Zk6DqSXnu68y9mW9Q/bBwKBgQC6kYyRgxkcZiyLeiPYfuBTxj7JaQ9sZMbS -3AmhpDBUyHTf0EExD6Rj9Rm3aKl+lj2Rm0CVPagJzMEhKWZjmaycetMavArtVxh8 -GyFFjgipwmszSKyKvEpmQ7bcStmu8NEgbFe0pCsKlVSNH9x9HGQWxuwza/AYD1nw -jSP7PFsFXQKBgGwNvl8g9nrq+/+gkAU7oCGusJzl92jRYftRRIMYJcowwGce8LAO -ojbRySY9nZ6KNi7vJowiAYxahiNRCH4A9DJuRDkLziG0ZJQHF6sFB44n0PFC/5Er -AZ+1Niu4YyLT5BjFe8avxXftVT1GlIOhhAhEpf3nz5tDKSjNsg5vmW0tAoGAH4cn -LRPtc2okzvE2C4jtWdrfk2PIsnWZT9rVWdaIQFubvJLR4XuWOTobPW5XbkfvYaLN -2CqSMg3C+Vqord4zWEI9WIA8jH0yaw6eocVt21o6iXEXj15gaEW7KiEQBks12/fT -Hni7uU8g+bRPq2jX1S2KjuoHqdk2RrtjQDqj2xUCgYEAnITvoy6U427XGIH010bn -+O5dfgsZ0XEoaxJRYQdO4Tp6Ob/lKQDGmuu9ehbfMjaFR0uAWvsW/rps7P1WTl/b -LtArkTXtxe2kNOKb7wbChtiIYyghtRk9QLAZzDP/bc83denwjVg0mkbcynMCfeJg -ILvGfJEt28Dwf1StGv/fzI8= ------END PRIVATE KEY----- diff --git a/scripts/client.py b/scripts/client.py deleted file mode 100644 index 6041246..0000000 --- a/scripts/client.py +++ /dev/null @@ -1,26 +0,0 @@ -import socket - - -def ping(): - - HOST = "127.0.0.1" - PORT = 9999 - - payload = b"ping\0" - - with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s: - s.connect((HOST, PORT)) - while True: - try: - s.sendall(payload) - print("> ping") - except Exception as e: - break - reply = s.recv(1024).decode() - if reply == "": - break - print(f"< {reply}") - print("connection shut down") - -if __name__ == "__main__": - ping() diff --git a/scripts/make_cert.sh b/scripts/make_cert.sh new file mode 100755 index 0000000..2dd0782 --- /dev/null +++ b/scripts/make_cert.sh @@ -0,0 +1,5 @@ +#!/bin/bash +mkdir data +echo create ca +# non-interactive and 10 years expiration +openssl req -x509 -nodes -newkey rsa:4096 -keyout data/key.pem -out data/cert.pem -sha256 -days 3650 -subj '/CN=localhost' diff --git a/scripts/spam.rs b/scripts/spam.rs deleted file mode 100644 index a5f8355..0000000 --- a/scripts/spam.rs +++ /dev/null @@ -1,12 +0,0 @@ -const MAX: usize = 50; -use std::process::Command; - -fn main() { - let mut pool = ThreadPool::new(MAX); - - loop { - pool.execute(||{ - Command::new("python3").args(["scripts/client.py"]).output().unwrap(); - }); - } -} diff --git a/src/client/mod.rs b/src/client/mod.rs index baa8d5f..c8ed441 100644 --- a/src/client/mod.rs +++ b/src/client/mod.rs @@ -4,7 +4,7 @@ use std::{fs::File, io::BufReader, sync::Arc}; use crate::{common::decode, Config}; use anyhow; -use libpt::log::{error, info}; +use libpt::log::{error, info, trace}; use rustls_pemfile::certs; use tokio::{ io::{AsyncReadExt, AsyncWriteExt}, @@ -32,9 +32,11 @@ impl Client { if cfg.certs.is_some() { let mut reader = BufReader::new(File::open(cfg.certs.clone().unwrap())?); for cert in certs(&mut reader) { + trace!("found custom cert: {cert:?}"); root_cert_store.add(cert?)? } } + trace!("root cert store: {root_cert_store:?}"); let tls_config = rustls::ClientConfig::builder() .with_root_certificates(root_cert_store) .with_no_client_auth();