y-yagi · August 29, 2015 14:20
diff --git a/gistfile1.rb b/gistfile1.rb
 require 'openssl'
 require 'socket'

 KEY = OpenSSL::PKey::RSA.new <<-_end_of_pem_
 -----BEGIN RSA PRIVATE KEY-----
 MIICXgIBAAKBgQDLwsSw1ECnPtT+PkOgHhcGA71nwC2/nL85VBGnRqDxOqjVh7Cx
 aKPERYHsk4BPCkE3brtThPWc9kjHEQQ7uf9Y1rbCz0layNqHyywQEVLFmp1cpIt/
 Q3geLv8ZD9pihowKJDyMDiN6ArYUmZczvW4976MU3+l54E6lF/JfFEU5hwIDAQAB
 AoGBAKSl/MQarye1yOysqX6P8fDFQt68VvtXkNmlSiKOGuzyho0M+UVSFcs6k1L0
 maDE25AMZUiGzuWHyaU55d7RXDgeskDMakD1v6ZejYtxJkSXbETOTLDwUWTn618T
 gnb17tU1jktUtU67xK/08i/XodlgnQhs6VoHTuCh3Hu77O6RAkEA7+gxqBuZR572
 74/akiW/SuXm0SXPEviyO1MuSRwtI87B02D0qgV8D1UHRm4AhMnJ8MCs1809kMQE
 JiQUCrp9mQJBANlt2ngBO14us6NnhuAseFDTBzCHXwUUu1YKHpMMmxpnGqaldGgX
 sOZB3lgJsT9VlGf3YGYdkLTNVbogQKlKpB8CQQDiSwkb4vyQfDe8/NpU5Not0fII
 8jsDUCb+opWUTMmfbxWRR3FBNu8wnym/m19N4fFj8LqYzHX4KY0oVPu6qvJxAkEA
 wa5snNekFcqONLIE4G5cosrIrb74sqL8GbGb+KuTAprzj5z1K8Bm0UW9lTjVDjDi
 qRYgZfZSL+x1P/54+xTFSwJAY1FxA/N3QPCXCjPh5YqFxAMQs2VVYTfg+t0MEcJD
 dPMQD5JX6g5HKnHFg2mZtoXQrWmJSn7p8GJK8yNTopEErA==
 -----END RSA PRIVATE KEY-----
  _end_of_pem_

 def issue_cert(dn, key, serial, not_before, not_after, extensions,
               issuer, issuer_key, digest)
  cert = OpenSSL::X509::Certificate.new
  issuer = cert unless issuer
  issuer_key = key unless issuer_key
  cert.version = 2
  cert.serial = serial
  cert.subject = dn
  cert.issuer = issuer.subject
  cert.public_key = key.public_key
  cert.not_before = not_before
  cert.not_after = not_after
  ef = OpenSSL::X509::ExtensionFactory.new
  ef.subject_certificate = cert
  ef.issuer_certificate = issuer
  extensions.each{|oid, value, critical|
    cert.add_extension(ef.create_extension(oid, value, critical))
  }
  cert.sign(issuer_key, digest)
  cert
 end

 def server_cert
  svr = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=localhost")
  now = Time.at(Time.now.to_i)
  ee_exts = [
    ["keyUsage","keyEncipherment,digitalSignature",true],
  ]
  issue_cert(svr, KEY, 1, now, now+3600, ee_exts, nil, nil, OpenSSL::Digest::SHA1.new)
 end

 CERT = server_cert
 HOST = '127.0.0.1'
 PORT = 8443

 def start_server
  ctx = OpenSSL::SSL::SSLContext.new
  ctx.cert = CERT
  ctx.key = KEY
  ctx.ssl_version = :SSLv23
  num_handshakes = 0
  ctx.renegotiation_cb = lambda do |ssl|
    puts "Negotiating..."
    num_handshakes += 1
    raise RuntimeError.new("No client renegotiation allowed") if num_handshakes > 1
  end 
  tcps = TCPServer.new(HOST, PORT)
  ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
  ssls.start_immediately = true
  begin
    done = false
    loop do
      ssl = ssls.accept
      puts "Connected"
      begin
        while line = ssl.gets
          puts "Client says: #{line}"
          ssl.write(line)
        end
      ensure
        ssl.close
      end
    end
  ensure
    tcps.close if (tcps)
  end
 end

 start_server
	require 'openssl'
	require 'socket'

	KEY = OpenSSL::PKey::RSA.new <<-_end_of_pem_
	-----BEGIN RSA PRIVATE KEY-----
	MIICXgIBAAKBgQDLwsSw1ECnPtT+PkOgHhcGA71nwC2/nL85VBGnRqDxOqjVh7Cx
	aKPERYHsk4BPCkE3brtThPWc9kjHEQQ7uf9Y1rbCz0layNqHyywQEVLFmp1cpIt/
	Q3geLv8ZD9pihowKJDyMDiN6ArYUmZczvW4976MU3+l54E6lF/JfFEU5hwIDAQAB
	AoGBAKSl/MQarye1yOysqX6P8fDFQt68VvtXkNmlSiKOGuzyho0M+UVSFcs6k1L0
	maDE25AMZUiGzuWHyaU55d7RXDgeskDMakD1v6ZejYtxJkSXbETOTLDwUWTn618T
	gnb17tU1jktUtU67xK/08i/XodlgnQhs6VoHTuCh3Hu77O6RAkEA7+gxqBuZR572
	74/akiW/SuXm0SXPEviyO1MuSRwtI87B02D0qgV8D1UHRm4AhMnJ8MCs1809kMQE
	JiQUCrp9mQJBANlt2ngBO14us6NnhuAseFDTBzCHXwUUu1YKHpMMmxpnGqaldGgX
	sOZB3lgJsT9VlGf3YGYdkLTNVbogQKlKpB8CQQDiSwkb4vyQfDe8/NpU5Not0fII
	8jsDUCb+opWUTMmfbxWRR3FBNu8wnym/m19N4fFj8LqYzHX4KY0oVPu6qvJxAkEA
	wa5snNekFcqONLIE4G5cosrIrb74sqL8GbGb+KuTAprzj5z1K8Bm0UW9lTjVDjDi
	qRYgZfZSL+x1P/54+xTFSwJAY1FxA/N3QPCXCjPh5YqFxAMQs2VVYTfg+t0MEcJD
	dPMQD5JX6g5HKnHFg2mZtoXQrWmJSn7p8GJK8yNTopEErA==
	-----END RSA PRIVATE KEY-----
	_end_of_pem_

	def issue_cert(dn, key, serial, not_before, not_after, extensions,
	issuer, issuer_key, digest)
	cert = OpenSSL::X509::Certificate.new
	issuer = cert unless issuer
	issuer_key = key unless issuer_key
	cert.version = 2
	cert.serial = serial
	cert.subject = dn
	cert.issuer = issuer.subject
	cert.public_key = key.public_key
	cert.not_before = not_before
	cert.not_after = not_after
	ef = OpenSSL::X509::ExtensionFactory.new
	ef.subject_certificate = cert
	ef.issuer_certificate = issuer
	extensions.each{\|oid, value, critical\|
	cert.add_extension(ef.create_extension(oid, value, critical))
	}
	cert.sign(issuer_key, digest)
	cert
	end

	def server_cert
	svr = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=localhost")
	now = Time.at(Time.now.to_i)
	ee_exts = [
	["keyUsage","keyEncipherment,digitalSignature",true],
	]
	issue_cert(svr, KEY, 1, now, now+3600, ee_exts, nil, nil, OpenSSL::Digest::SHA1.new)
	end

	CERT = server_cert
	HOST = '127.0.0.1'
	PORT = 8443

	def start_server
	ctx = OpenSSL::SSL::SSLContext.new
	ctx.cert = CERT
	ctx.key = KEY
	ctx.ssl_version = :SSLv23
	num_handshakes = 0
	ctx.renegotiation_cb = lambda do \|ssl\|
	puts "Negotiating..."
	num_handshakes += 1
	raise RuntimeError.new("No client renegotiation allowed") if num_handshakes > 1
	end
	tcps = TCPServer.new(HOST, PORT)
	ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
	ssls.start_immediately = true
	begin
	done = false
	loop do
	ssl = ssls.accept
	puts "Connected"
	begin
	while line = ssl.gets
	puts "Client says: #{line}"
	ssl.write(line)
	end
	ensure
	ssl.close
	end
	end
	ensure
	tcps.close if (tcps)
	end
	end

	start_server