+- Logic Machine Forum (https://forum.logicmachine.net)
+-- Forum: LogicMachine eco-system (https://forum.logicmachine.net/forumdisplay.php?fid=1)
+--- Forum: Scripting (https://forum.logicmachine.net/forumdisplay.php?fid=8)
+--- Thread: TCP over SSL (/showthread.php?tid=446)
TCP over SSL - oyvindi - 31.10.2016
Hi,
anybody had any success creating an SSL server listener in LUA ?
There seems to be an issue with the server socket not being able to receive() from the client. Sending from server to client however, works just fine.
Note that I tried using it in a copas handler first, and then as a simple standalone luasec handler (running on my machine, not in LM)
Simple test code looks like this:
Code:
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "server",
protocol = "tlsv1_2",
key = "C:\\ .... \\serverkey.pem",
certificate = "C:\\ .... \\server.pem",
cafile = "C:\\ .... \\root.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = "all",
}
local server = socket.tcp()
local ctx = assert(ssl.newcontext(params))
server:setoption('reuseaddr', true)
assert( server:bind("10.20.2.92", 2000) )
server:listen()
local peer = server:accept()
peer = assert( ssl.wrap(peer, ctx) )
peer:dohandshake()
data = peer:receive() -- <--- HANGS !
print("receieved: " .. data)
peer:send("Pong!\n")
peer:close()RE: TCP over SSL - admin - 01.11.2016
SSL server is not yet supported, we'll try to prepare an update this week though
RE: TCP over SSL - oyvindi - 01.11.2016
(01.11.2016, 09:30)admin Wrote: SSL server is not yet supported, we'll try to prepare an update this week though
Ok ! I assume it will be via luasec ?
I got my code working though, turned out to be a hickup on the client side.
RE: TCP over SSL - rocfusion - 16.10.2017
Hi Admin,
Is there any update on running an ssl server on the lm? Can this be done without a cert?
Thanks,
Roger
RE: TCP over SSL - admin - 16.10.2017
It's possible, but you cannot run it without a certificate. You can reuse web-server's self-signed certificate though. Here's a short example:
Code:
if not tcpserver then
require('copas')
sslparams = {
mode = 'server',
protocol = 'tlsv12',
key = '/etc/nginx_sha256.key',
certificate = '/etc/nginx_sha256.crt',
options = 'all',
}
-- connection handler
function connhandler(sock)
local ip, port = sock:getpeername()
sock = copas.wrap(sock, sslparams)
sock:dohandshake()
alert('[server] connection from %s:%d', ip, port)
-- main reader loop
while true do
-- wait for single line of data (until \n, \r is ignored)
local data, err = copas.receive(sock, '*l')
-- error while receiving
if err then
alert('[server] closed connection from %s:%d', ip, port)
return
end
-- handle data frame
if data == 'HELLO' then
sock:send('HELLO TO YOU\r\n')
sock:close()
end
end
end
-- bind to port 12345
tcpserver = socket.bind('*', 12345)
-- error while binding, try again later
if not tcpserver then
os.sleep(5)
error('[server] error: cannot bind')
end
-- set server connection handler
copas.addserver(tcpserver, connhandler)
end
copas.step(1)RE: TCP over SSL - rocfusion - 18.10.2017
Thanks Admin, that works..
RE: TCP over SSL - rocfusion - 19.10.2017
Hi Admin,
A couple of questions,
Will this server support multiple clients? I added a basic authentication, that just sets a global variable on connecting and closes the connection if the password is incorrect.
The data received is passed another function parseC. Now I need to be able to respond back to the connected client where I declared a global function in this handler. Is this the right way to do this?
Code:
-- handle data frame
if data then
if(first==true)then
if(data ~='mypassword')then
first=false
sock:close()
end
end
Sclient= function (param)
sock:send(param)
end
local fd,prtd = pcall(parseC,data)
if(fd==false)then
alert("[elk-client] Error with parsemsg %s ",prtd)
end
endThanks,
Roger
RE: TCP over SSL - admin - 19.10.2017
Yes, it supports multiple clients.
See this example on how to pass data to all connected clients:
http://openrb.com/example-lm2-as-tcp-server-for-external-requests/
You can pass any number of arguments via pcall, you can pass both data and socket if you want to send a reply to a specific client.