-
-
Save kyledrake/371a465406a473245e2a to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ curl -kvv --tlsv1.2 https://sni.nakamura.io:4567/ | |
| * Trying 127.0.0.1... | |
| * Connected to sni.nakamura.io (127.0.0.1) port 4567 (#0) | |
| * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH | |
| * TLSv1.2 (OUT), TLS handshake, Client hello (1): | |
| * TLSv1.2 (IN), TLS handshake, Server hello (2): | |
| * TLSv1.2 (IN), TLS handshake, Certificate (11): | |
| * TLSv1.2 (IN), TLS handshake, Server key exchange (12): | |
| * TLSv1.2 (IN), TLS handshake, Server finished (14): | |
| * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): | |
| * TLSv1.2 (OUT), TLS change cipher, Client hello (1): | |
| * TLSv1.2 (OUT), TLS handshake, Finished (20): | |
| * TLSv1.2 (IN), TLS change cipher, Client hello (1): | |
| * TLSv1.2 (IN), TLS handshake, Finished (20): | |
| * SSL connection using TLSv1.2 / DHE-RSA-AES256-GCM-SHA384 | |
| * Server certificate: | |
| * subject: C=US; CN=mail.nakamura.io; [email protected] | |
| * start date: 2014-12-12 09:35:03 GMT | |
| * expire date: 2015-12-13 18:37:20 GMT | |
| * issuer: C=IL; O=StartCom Ltd.; OU=Secure Digital Certificate Signing; CN=StartCom Class 1 Primary Intermediate Server CA | |
| * SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway. | |
| > GET / HTTP/1.1 | |
| > Host: sni.nakamura.io:4567 | |
| > User-Agent: curl/7.43.0 | |
| > Accept: */* | |
| > | |
| < HTTP/1.1 200 OK | |
| < Connection: Keep-Alive | |
| < Content-Length: 0 | |
| < | |
| * Connection #0 to host sni.nakamura.io left intact | |
| $ curl -kvv --tlsv1.2 https://localhost:4567/ | |
| * Trying ::1... | |
| * connect to ::1 port 4567 failed: Connection refused | |
| * Trying fe80::1... | |
| * connect to fe80::1 port 4567 failed: Connection refused | |
| * Trying 127.0.0.1... | |
| * Connected to localhost (127.0.0.1) port 4567 (#0) | |
| * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH | |
| * TLSv1.2 (OUT), TLS handshake, Client hello (1): | |
| * TLSv1.2 (IN), TLS handshake, Server hello (2): | |
| * TLSv1.2 (IN), TLS handshake, Certificate (11): | |
| * TLSv1.2 (IN), TLS handshake, Server key exchange (12): | |
| * TLSv1.2 (IN), TLS handshake, Server finished (14): | |
| * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): | |
| * TLSv1.2 (OUT), TLS change cipher, Client hello (1): | |
| * TLSv1.2 (OUT), TLS handshake, Finished (20): | |
| * TLSv1.2 (IN), TLS change cipher, Client hello (1): | |
| * TLSv1.2 (IN), TLS handshake, Finished (20): | |
| * SSL connection using TLSv1.2 / DHE-RSA-AES256-GCM-SHA384 | |
| * Server certificate: | |
| * subject: OU=Domain Control Validated; OU=PositiveSSL Multi-Domain; CN=whereigo.io | |
| * start date: 2015-02-03 00:00:00 GMT | |
| * expire date: 2016-02-03 23:59:59 GMT | |
| * issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA | |
| * SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway. | |
| > GET / HTTP/1.1 | |
| > Host: localhost:4567 | |
| > User-Agent: curl/7.43.0 | |
| > Accept: */* | |
| > | |
| < HTTP/1.1 200 OK | |
| < Connection: Keep-Alive | |
| < Content-Length: 0 | |
| < | |
| * Connection #0 to host localhost left intact |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'reel' | |
| module Reel | |
| class Server | |
| class HTTPS_SNI < Server | |
| def initialize(host, port, options={}, &callback) | |
| ssl_context = OpenSSL::SSL::SSLContext.new | |
| ssl_context.servername_cb = ->(a){ | |
| socket, sni = *a | |
| ctx = socket.context | |
| if Hash === options[:sni][sni] | |
| ctx = OpenSSL::SSL::SSLContext.new | |
| ctx.cert = OpenSSL::X509::Certificate.new options[:sni][sni][:cert] | |
| ctx.key = OpenSSL::PKey::RSA.new options[:sni][sni][:key] | |
| ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE | |
| ctx | |
| end | |
| ctx | |
| } | |
| ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE | |
| @tcpserver = Celluloid::IO::TCPServer.new(host, port) | |
| server = Celluloid::IO::SSLServer.new(@tcpserver, ssl_context) | |
| options.merge!(host: host, port: port) | |
| options[:rescue] = [ OpenSSL::SSL::SSLError ] | |
| super(server, options, &callback) | |
| end | |
| end | |
| end | |
| end | |
| class R < Reel::Server::HTTPS_SNI | |
| def initialize | |
| super '127.0.0.1', 4567, { | |
| sni: { | |
| 'sni.nakamura.io' => { | |
| cert: File.read('nakamura.io.crt'), | |
| key: File.read('nakamura.io.key') | |
| }, | |
| 'localhost' => { | |
| cert: File.read('ssl-bundle.crt'), | |
| key: File.read('whereigo.io.key') | |
| } | |
| } | |
| }, &method(:on_connection) | |
| end | |
| def on_connection c | |
| c.each_request do |r| | |
| r.respond :ok, '' | |
| end | |
| end | |
| end | |
| puts "listening on 127.0.0.1:4567..." | |
| R.run | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment