История

Jeroen de Bruijn b5868d3de3 Organise examples using subdirectories Examples are dial and listend and each have subdirectories for the different examples.		2020-03-25 07:10:08 +01:00
..
README.md	Add example with certificate verification	2020-03-25 07:10:08 +01:00
client.pem	Add example with certificate verification	2020-03-25 07:10:08 +01:00
client.pub.pem	Add example with certificate verification	2020-03-25 07:10:08 +01:00
server.pem	Add example with certificate verification	2020-03-25 07:10:08 +01:00
server.pub.pem	Add example with certificate verification	2020-03-25 07:10:08 +01:00

README.md

Certificates

The certificates in for the examples are generated using the commands shown below.

Note that this was run on OpenSSL 1.1.1d, of which the arguments can be found in the OpenSSL Manpages, and is not guaranteed to work on different OpenSSL versions.

# Extensions required for certificate validation.
$ EXTFILE='extfile.conf'
$ echo 'subjectAltName = IP:127.0.0.1\nbasicConstraints = critical,CA:true' > "${EXTFILE}"

# Server.
$ SERVER_NAME='server'
$ openssl ecparam -name prime256v1 -genkey -noout -out "${SERVER_NAME}.pem"
$ openssl req -key "${SERVER_NAME}.pem" -new -sha256 -subj '/C=NL' -out "${SERVER_NAME}.csr"
$ openssl x509 -req -in "${SERVER_NAME}.csr" -extfile "${EXTFILE}" -days 365 -signkey "${SERVER_NAME}.pem" -sha256 -out "${SERVER_NAME}.pub.pem"

# Client.
$ CLIENT_NAME='client'
$ openssl ecparam -name prime256v1 -genkey -noout -out "${CLIENT_NAME}.pem"
$ openssl req -key "${CLIENT_NAME}.pem" -new -sha256 -subj '/C=NL' -out "${CLIENT_NAME}.csr"
$ openssl x509 -req -in "${CLIENT_NAME}.csr" -extfile "${EXTFILE}" -days 365 -CA "${SERVER_NAME}.pub.pem" -CAkey "${SERVER_NAME}.pem" -set_serial '0xabcd' -sha256 -out "${CLIENT_NAME}.pub.pem"

# Cleanup.
$ rm "${EXTFILE}" "${SERVER_NAME}.csr" "${CLIENT_NAME}.csr"