diff options
| author |   william <william@25tandclement.com>
| 2013-12-09 21:26:39 -0800 |
|---|---|---|
| committer | william <william@25tandclement.com>
| 2013-12-09 21:26:39 -0800 |
| commit | e3ec2e4f949267ca48fe9fe983dd00f41010c2a8 (patch) | |
| tree | 744fc7d57d94e044699c0f7ece7cb47cb56cfaff /examples/self.x509 | |
| parent | 9db41e05d9a00eb906b530b38bcaaa068d40c88b (diff) | |
| download | luaossl-e3ec2e4f949267ca48fe9fe983dd00f41010c2a8.tar.gz luaossl-e3ec2e4f949267ca48fe9fe983dd00f41010c2a8.tar.bz2 luaossl-e3ec2e4f949267ca48fe9fe983dd00f41010c2a8.zip | |
copy over our examples/
Diffstat (limited to 'examples/self.x509')
| -rwxr-xr-x | examples/self.x509 | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/examples/self.x509 b/examples/self.x509 new file mode 100755 index 0000000..39525d0 --- /dev/null +++ b/examples/self.x509 @@ -0,0 +1,54 @@ +#!/usr/local/lua52/bin/lua +-- +-- Example self-signed X.509 certificate generation. +-- +-- Skips intermediate CSR object, which is just an antiquated way for +-- specifying subject DN and public key to CAs. See API documentation for +-- CSR generation. +-- + +local pubkey = require"openssl.pubkey" +local x509 = require"openssl.x509" +local name = require"openssl.x509.name" +local altname = require"openssl.x509.altname" + +-- generate our public/private key pair +--local key = pubkey.new{ type = "RSA", bits = 1024 } +--local key = pubkey.new{ type = "DSA", bits = 1024 } +local key = pubkey.new{ type = "EC", curve = "prime192v1" } + +-- our Subject and Issuer DN (self-signed, so same) +local dn = name.new() +dn:add("C", "US") +dn:add("ST", "California") +dn:add("L", "San Francisco") +dn:add("O", "Acme, Inc") +dn:add("CN", "acme.inc") + +-- our Alternative Names +local alt = altname.new() +alt:add("DNS", "acme.inc") +alt:add("DNS", "*.acme.inc") + +-- build our certificate +local crt = x509.new() + +crt:setVersion(3) +crt:setSerial(47) + +crt:setSubject(dn) +crt:setIssuer(crt:getSubject()) +crt:setSubjectAlt(alt) + +local issued, expires = crt:getLifetime() +crt:setLifetime(issued, expires + 60) -- good for 60 seconds + +crt:setBasicConstraints{ CA = true, pathLen = 2 } +crt:setBasicConstraintsCritical(true) + +crt:setPublicKey(key) +crt:sign(key) + +-- pretty-print using openssl command-line utility. +io.popen("openssl x509 -text -noout", "w"):write(tostring(crt)) + |