我使用LuaSec 0.4的默认'oneshot'示例(请参见下文)来实现双向身份验证。身份验证是成功的,所以显然证书颁发机构(CA)承认这些同伴是他们自称的人。Lua:在成功通过LuaSec进行客户端身份验证后如何获取客户端详细信息
但是,我怎么能看到同行声称是谁?例如。我如何检查对等方证书的组织名称?因为尽管客户端现在可以相信服务器已被CA知道,但客户端并不知道服务器是否真的是合适的对等设备。
而另一种方式:服务器知道连接客户端是由CA知道的。但许多客户端都被CA知道,那么服务器如何知道哪个客户端连接了?
-------- For the sake of completeness
------- server code:
require("socket")
require("ssl")
local params = {
mode = "server",
protocol = "sslv3",
key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all", "no_sslv2"},
}
-- SSL context
local ctx = assert(ssl.newcontext(params))
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert(server:bind("127.0.0.1", 8888))
server:listen()
local peer = server:accept()
-- SSL wrapper
peer = assert(ssl.wrap(peer, ctx))
assert(peer:dohandshake())
local fd = peer:getfd()
peer:send("oneshot test\n")
peer:close()
------- client code:
require("socket")
require("ssl")
local params = {
mode = "client",
protocol = "sslv3",
key = "../certs/clientAkey.pem",
certificate = "../certs/clientA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all", "no_sslv2"},
}
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
-- SSL wrapper
peer = assert(ssl.wrap(peer, params))
assert(peer:dohandshake())
print(peer:receive("*l"))
peer:close()