From d079d6622349821baeead6c94510d624417642bb Mon Sep 17 00:00:00 2001 From: Yujia Qiao Date: Tue, 7 Mar 2023 21:25:42 +0800 Subject: [PATCH] chore: update tls cert for test --- docs/transport.md | 16 ++++-- examples/tls/ca-cert.pem | 31 ------------ examples/tls/client.toml | 6 +-- examples/tls/create_self_signed_cert.sh | 62 ++++++++++++++++++++++++ examples/tls/identity.pfx | Bin 5699 -> 3587 bytes examples/tls/rootCA.crt | 20 ++++++++ tests/for_tcp/tls_transport.toml | 4 +- tests/for_udp/tls_transport.toml | 4 +- 8 files changed, 101 insertions(+), 42 deletions(-) delete mode 100644 examples/tls/ca-cert.pem create mode 100644 examples/tls/create_self_signed_cert.sh create mode 100644 examples/tls/rootCA.crt diff --git a/docs/transport.md b/docs/transport.md index 9b0bd7f7..a66bc7d6 100644 --- a/docs/transport.md +++ b/docs/transport.md @@ -6,11 +6,11 @@ By default, `rathole` forwards traffic as it is. Different options can be enable Checkout the [example](../examples/tls) ### Client Normally, a self-signed certificate is used. In this case, the client needs to trust the CA. `trusted_root` is the path to the root CA's certificate PEM file. -`hostname` is the hostname that the client used to validate aginst the certificate that the server presents. +`hostname` is the hostname that the client used to validate aginst the certificate that the server presents. Note that it does not have to be the same with the `remote_addr` in `[client]`. ``` [client.transport.tls] -trusted_root = "example/tls/ca-cert.pem" -hostname = "0.0.0.0" +trusted_root = "example/tls/rootCA.crt" +hostname = "localhost" ``` ### Server @@ -18,9 +18,17 @@ PKCS#12 archives are needed to run the server. It can be created using openssl like: ``` -openssl pkcs12 -export -out identity.pfx -inkey server-key.pem -in server-cert.pem -certfile ca_chain_certs.pem +openssl pkcs12 -export -out identity.pfx -inkey server.key -in server.crt -certfile ca_chain_certs.crt ``` +Aruguments are: + +- `-inkey`: Server Private Key +- `-in`: Server Certificate +- `-certfile`: CA Certificate + +Creating self-signed certificate with one's own CA is a non-trival task. However, a script is provided under tls example folder for reference. + ## Noise Protocol ### Quickstart for the Noise Protocl In one word, the [Noise Protocol](http://noiseprotocol.org/noise.html) is a lightweigt, easy to configure and drop-in replacement of TLS. No need to create a self-sign certificate to secure the connection. diff --git a/examples/tls/ca-cert.pem b/examples/tls/ca-cert.pem deleted file mode 100644 index 8bbf6489..00000000 --- a/examples/tls/ca-cert.pem +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFazCCA1OgAwIBAgIUXTmJtkI6aK16A8HPkP2IvowmSKwwDQYJKoZIhvcNAQEL -BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM -GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMjAxMDIwODEzMzhaFw0yMzAy -MDMwODEzMzhaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw -HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQDAAq3LEmJigEuRT9sswUx6Kfc4T04oZvZTSYNIRrBF -Zcc/EGZF/t/k2ciGDSAB1mL2rUdIfWveQ/5kRCSFffX5qvKFkzogRQQjFPLFjfoC -lKXxvy/BOIwF786gvHbz5EI1dcAL+nRco3U6dHPdewvbQwX9cZrUD3pq+r1qlipY -w5rZL7Z5cNoczhRAgFhIBHvsgBazkkOB7PDUkmkYAYnw3uK+r4coAqnnfjpxoaCQ -dQi4JX2VvqOdgxzw9vIRqbL+p2NBPnVjcSj067Y9sxtfR3Xmt2dlMJuReFN8phnK -8GiYiuiYA01O84htjHt+A8oVYKalXdPeikoSgPmhoJCQQs0NkBzGCc33U7XEa6kM -j6Y81Id4uXAK5LxyVGo5zOEvOyF3EhceIJDeGS9NsGJyT757OuKrsCK0v8KNPsEh -VvrcngnRQOWFTg/rp/vSrj7S5i0NPjkEpRitxaYBOg40DXyG1GfYf1SvneXpT0gh -ZbgjipPrwvuZnJVqqIv1hVVNOKo7nJS24rZ/andZS8g6OE0bL9AlE1Sp2lMXuagJ -2haPa2rSFZPqNPrP9wh5KVreD9UNeTb37NbXWeZXwKR8v20GAWjb2QQKY92zlMpI -gmViEvJHrHbKVoU/8gyS9R7iL9JOehk3sqVhbjaDyouC9mosPrQFzp1frKvSlKNg -1wIDAQABo1MwUTAdBgNVHQ4EFgQU98MJp09MMFw5s4sacYozQFzTNFwwHwYDVR0j -BBgwFoAU98MJp09MMFw5s4sacYozQFzTNFwwDwYDVR0TAQH/BAUwAwEB/zANBgkq -hkiG9w0BAQsFAAOCAgEABOtNqqKFEA3vynOFteZV+VquaRKqDuYn0doMMPH9cY20 -4ASioa3aqbmvBiSTDsOdvgP6j5nSVEtQCt5P3fBRMa8a3YnTGPNx8uGPuOA+ZD+b -USR5FcXJHtkjSfpVF9DOZr34+khRpfHPEZQiaAAiKwaRnI4Gqhv6e6JoaimkQDYj -xcKw+f1NcCdhSTkpcx9K/Qfa0cXKSL+0Hwl5AbDMsnRAkKu62YKdOv36nnBOMc2S -6laNIx20nt8Evm3KBNDRiHAw8pwMGfnxCCG6hGo2IvYh6hOjZupVpP55iMgQUkfF -Gmvxe/4wjuPCvI/Liy0PFfiCHVKASWIiMWG8u8WfJUw1/4RFZu4l2LVVuJOujr6n -1k5vzIozuo6Ym8mKnnHQmYf5K9T/YuRW3EFa9Ar6/krjw6K/I97P+Wh/DVZiaGC5 -n90ZcRj+abb+zOfz0AHTOp7zlr3w4si7AF3tZ9WhW2R0BC3wwmXygli0I6iMXE7E -tvXM5UwxLJoJen2fWqn75/91BifEqPWckPb1h14i73hAPVSte1wvstf8mER/DFSX -Is/GxAhRsZChHn2lEJsvPlrfyMxYwcXTTvd//sp+iOZjfky5vhRuMDUYsHx6/znT -q/rpT3CMnAVlMTf8n/0dY4mdcaQj0cRJfVnUlvZnhw0tJzCP3rH3smlpWloexds= ------END CERTIFICATE----- diff --git a/examples/tls/client.toml b/examples/tls/client.toml index ff239707..4a142826 100644 --- a/examples/tls/client.toml +++ b/examples/tls/client.toml @@ -1,12 +1,12 @@ [client] -remote_addr = "localhost:2333" +remote_addr = "127.0.0.1:2333" default_token = "123" [client.transport] type = "tls" [client.transport.tls] -trusted_root = "examples/tls/ca-cert.pem" -hostname = "0.0.0.0" +trusted_root = "examples/tls/rootCA.crt" +hostname = "localhost" [client.services.foo1] local_addr = "127.0.0.1:80" diff --git a/examples/tls/create_self_signed_cert.sh b/examples/tls/create_self_signed_cert.sh new file mode 100644 index 00000000..e110a1f4 --- /dev/null +++ b/examples/tls/create_self_signed_cert.sh @@ -0,0 +1,62 @@ +#!/bin/sh + +# create CA +openssl req -x509 \ + -sha256 -days 356 \ + -nodes \ + -newkey rsa:2048 \ + -subj "/CN=MyOwnCA/C=US/L=San Fransisco" \ + -keyout rootCA.key -out rootCA.crt + +# create server private key +openssl genrsa -out server.key 2048 + +# create certificate signing request (CSR) +cat > csr.conf < cert.conf <2`Yw2hW8Bt2LYgh4WtevU* zk|x{@V1R-LkV`E~3P;u2OC|ywfX=;sha8oaRrCnslzWg9y7(+{&1^Z`|7OR35%|0M z3x4e6_~wAu{qGFv?Q@5lo&;;!$49gBCEc6MP!k3}2${Yhb~|dgyekkzUH?*7!A0&z z{gwYzJ9I<3^AE&!e#o- zDZb2!AJo%5a;oLMHf#aRee!J45JClGOMR% zEZwXy$-c_R_WUpV0L^1&SDE#I;X=`NyIMbDW64*|jU`jye;9vjta2s67p>v4akT`z zfW&<9OJ5C)JuZ}`1Luw*3^LT_=Brs(b6|{&38f1ugC*P@`N&|mC_jAI9pR0tX{n4< zk-Fw@GHIR>jK>}7?LfSkLV4isf--iRJCTWPE)$HTu64EecK=qbep@YflM#@$8*qt8 z9*1ct)7vndeo+yJR0 zXnC?QDH8_s@7=_AnJ*O;fPj-4tzdt}RvaWcCOe=WA=3a1;!{1v=<@P}{^{BQ?aA~ZdGIemoF zFa&@5x4D_|0<6gs#BZi7lm^8Wh$jMd{JsfqoIihh%DUQ z%08VKR{TqhA_W8CQrbIWndVQe=X&LQH=2-~N|W-1==s~~m$ipBQlmH}`x=)R@v;tm z&!;#KZEV2TU-`# zfAQmc4g`VpoxX_fBZ;q+xSlHqrF@766GPZ<;ECP5=>ey6+GGi9IZf6cegeUmUXVmL zF9(n=1v?SaPIr-3I5wg;l{&Vlv&1wuweJ*N2cu~2A=$826#1*`8a_r|J4%}LPLf$n4+A%4~vwEGRff1m5Z#kjRn%F@0t2G*HavB!mKvq<;mWYQiQ zHRKbI{menp%CFklGuu|3xXSBI7p~XlT=Gz-93Ks>7_Cr&LJb z2J~s<-Y(_IBt{tKF`5*$!Ow4;`ch>#(K)f6g4%UrNTTUc1^3dG&IOLtB)sk!f0BJ< z`!f(8!)a3nxWnqnQY`@TBzhZ!;W&7guU>rkbtNcgbmYjT_pC{gP5cpy zNse+!Ju_;FionGWB>RVX3Z&$EzEi}xxiss%1xwyTSo|tuu*Nl&8x}&k;VdLOe$c7! z0~w-wvy4W|tSUwjvbMn}G|S!Jf8cscwgt%Z{u^{QI)JKzRvLlBf*NLOH11e`gHonU z%r@_BE4Y)sCYq0y)0Q%o?9xU(v|)PMZf5{F#h8+23A1X0Lm?l9JeIt@pCO{`P;*e= zYC?1NUbDn+1bc{7D&D{aRCicf7Y~|mJ-V$ zo+@``9etFT0Oo~0J`+Br%fG%fBV}=mJ-OOtE1PY;>08~GQ6${}gS^b92Cq(*08glo z>(0&e`IW(e;kp~ALJY~qjp^XF`?$z9HxTsFQq21Uf3H2Fz7+6E3krSm}#L zSe`F?%7R7>6lPpn(qnR4O^1Pr$6@<2SWt6F{ye zYlbVUazT`)oX+PRWE44>MrXUW%hCbSVRKE+u2J$NNOJ_UPzEfAs3?#9KAR+%9V{hT zeT(0T4;)aRG)VWme@WJ~N8Ac^M0j98Dn{As0!_pyB~;E;d*P93rY050ObNyx0iCD1 zj{L`OUlli6p#yK$0ONflPXv#i{EIbA-$O*N6YZUgE)T)F4`UfTa7lWQBs@p<+DWWl zNdF2!5hlo4gT4lcnxKY2yh&BmQ@0%48Pon*rRdY|83)G*XBdk#Z^#Ee=)>>t!hzXI zD570eH<^Q8092*sLIgFoFey1_>&LNQU{0oYDk>1kgRPvCb1KTP;A-0_XvA zjH3LYLSpIQ;#3+G&5Y-YTzGuwhAdVfc9jB%jyQroi>BVLk-XQIQ~a#wBWW7SG`f@o z3igcgPbZ0mYML2l_{!HXfxgDCg*(3_&wqX)zTF&S^xK^MD6|^D;7oIXF|-N^N74^%o+&!;YB7ICGJj7+ z7+-lanUkBZ@)YBJTZ<q)M7BYZjlVl+8awFce525 z2*|N6qiL}?@OX@fOe;aZ&AS>Y_D``{7--RX&OaoM{bv($5Uwvy8oPG8!L+>PZwp&O zYhHb8(u$}`_h%aQc5-ZyjH&GQ4*(c`MI!M_;yeZ^#JMC+ryyM>U+}ln=YNYgfIkb| zETfJ*{Q+bS}4}5vA#p$R*W(U#aS}GWP=`f|{Y8<)wOY_6!{B z1&b}~WIF-)0z;pWZxOG$#%Hrw?Vb%n=v)4CgFF1-gx_)e!@1LDD=Jb1xw^#GY{@JO z%ndZ?L)tjZgV@Sw*Am`(x_{iNJzK8b(ex_u)k6+hCs3FkVZT|&6DQG|XIxFo{8rG1 z@t;+_7jq6T6Y8KNos{QJu()0xFT3iUETWx2KlnnlZNgXn>g{s1{$OXj-tjvDZ`YX|;YN zcdHO3<4mda_i!59c^XZfuJIOzMj*i>zh|R_QU==#*Pre?TMojI&3W|KNDXUeav`^1 z%gP-VW;7+8(FH}%2Y(m46~dC^HBRQDsV#Cl?Jdl2#T4ehr;z*8fWs<@WIQRdd)0V2 z|3urN<4#f+`yX|N@QZO?(p-O@x%d%xEH}f}AF7V6)KyYoT3V)YUfjR&1vY@#;iyqU zTLGm3!WTj1R+vA(&M^ClvglqxZY1OlcqaGM*B3_dvUdp)AAdE$J9_{h;Ob0K7czU- z>vHpp>ZH~6O*K$MB4?w_7S()79uwSOr^ER1<4?G)&6^uxHO3v=+UmJKSsk*GXk#*~ z0cUJ?lcPNgPpf8{56Li}t^yXD!WTV~j{2IwVzS&|c2NlO(;yaH{{*f`5IdsAZo(5- z(c>mcfE)e3K7YS2!3&S2*>;+(Ww|lTy^((4WvqFd5BU3z-n60Sj$CvTy+#69ZW3(K zKz`5nG^kn2Xr8pczAE_WG!3_D?<+mP=QYYxx&=vv0vq@+^}86VBZC~? zRFbWrz951t?V24y=)v7FB`_lf2`Yw2hW8Bt2^BFG1Qiq;I7i-}&?UDk=-?pWgJN=! z@KT+U78Nd=O)o<(4Cg^)z@d^*1INm-3%5Z}-SZWG`Ddh|$${Dg2tR_7ncGrT+C^6P85=n>+}iqY$`hNRKbC3Ia1xg{{7-^2;5%f;=R$T z;=sQr{V58USFSsd4xvrcBj5vd5C%1dB*eM(yJo0AyQvN=DMq~*YpVi#gFkkvm-^XB zzS!q;8#Mo|tfYQ3e|!_C=mR;p;X$+Li7dmQeMSiF96X3wY*=IqG6TM~n+(M4X(9^v z6oIs60g7k;5Cg|GpBrZuDaaQ|UMMvh+8F34C|6G56P?JqE@3==d z>Gp(!qa4{E9R=?56rmcA4>?P0m(BwP7AAdt_apqLJg#|dA`7eU-SYJNn_mYmqYqiL z*M9QrJvk_v*m5AOIt%1x>yK}lYxHL53vM>RpIQ1Hrs9;q_ive6fQ%Po|Q?Eyv^oq ztkGs8>B6fBhj*@#t|1t8kFkEjJdh~@wR)E%L=^m_E*;B;y1cknW`DfBR#RvqShLnr<}#+JrF+u7Iye}A#t&uP#gqmV|KwMmE(9r*wm z?uP0}lK8LBI$F0NVp!Z-PBy|OjcPO6h#>Y$b9RE)wS*c-{vsS^l(+(JJ>o<>FrG0C_jj zzQcv;p!6M);u5wI`4+hPn( zD)gI-6gK)dD0uuK0ef6b{r_+n9({B>e1C4`*Jl zI2V<>h}7xs2NZKZmu#SeR1mMH+nnYWb)TSvwF8f(fsUM0`h0O5_ja0fWI23#0&bwJ ze~Ul$PIufSSFzYMMK@FF0v5h%^F-~A9wD&GqRJwUe7TnJtx0+W^4OR@=F~~H?&%h$ zALj}gtnF~mGu*naWdY)90K|dM_{cg#XQy9*4aAMPrU~SRI=va(2-`>`JW$53>=2+| zT-W#Rb*3?vt@g^HzC0_LFVLiSh0DOje>PsiXYA2{5&*9#fJ6U7D-mml?TUL>M_P%P z7D0TWcC|j9UNTP3X+*J65rOl+O#&D9=&=8L`3o%J5QdMeviw|!$B`YM{_{O|YD@#l z?4V{UC-LacdrWfxUaXGWShc13u~fd$B-WIQNJDv(dT?*tu_`KbKQ?bSmgha?e>*Y^ zHLWyeYaTr4&t(MGGL5OOjmqWir(d>d?+1og-f0s&u;c(|+;abid8?&@w-E|h)vjnP zO$6N2en?49(gEK)SgEI)EZRXeN_SB1yvyOayl4S=*sejfw!jek^f^)X)$)cNu#NH~ z(P$T&5I1zyQ~Nb6w}S*vkD-VcUp7}^3ntE#Rde4x$U7_=EEAYJo9JHYVVTM{6i z^? zMHy{&a3=26MRK!PX(uA5n=wYWKv|(Woz`aj>pq)Px}uvte=!WX>Sb-(WJGrpYnOl z?+>|y$e#8x3av69YPn{Ve|}Qc03MKb2FwT!dn_ZOTgzoG^6u6#Tn=AIwMq5ZDop#Y5A1W?!hZ9(P9|Xr=F9)2E}K z^dVasF0dW4OuP4=VhC&@v=_bQM-^7EX=p&uA$on{w3J?&8)MU$e}jkBQd=x#Kd$&V z$xLR0GEEY(YO@*nW+eAc>c&$OKA~h;W#>qA?2ZvO#=CxT`{u3VBhL08g|8fHZU>Md zt%zrj*w{tw9irLPvD^(;48^V?UmwoGExR}9=%Y9}%GHV4498kyiXcger&h^V)yhiy zW;sz=irQAvlPh+oe*gsy?jMu*th;H}joJA6`(sIPoC?0eMaSq_XC#-8Slv@Ct*TL8 zalzZmkuLjii05bZ$~(R^rdw~dW^}St-6-SN0$-tq5!(Ud01UUf`2Q)Bd^L5e=TifO z0$O@han)%}uGm@F(=d=m@zLiDuFl*dQMmn%@(&y`SDUOLe_1lX1gZiwU+;diatzbW z4kE7a0{|4}pwb|Y1xc|m$@88u468BkV(XbB0J) zr)txqGs~ln=?`hhCi6QzQBW%ru}0`$m^oZMUvcQCRtCx)=uxZ1t!!!FRp(uv_akc(y2hH3;e}HwUK$fWLm?SNvUzB$L*x@fT z-F7#icTeS&T%aS5Gh~6V!2b%9I$beOYWw(f;JHbHS*OX7+X4!z`(EC4DJ2GPeYafc zg5@lR%Nz6lR(J+`^)*ZyB9oeh)jHDi;B6ut7kSBizElyUHul=KGhuil8ZOh?*e%7l4Dbi7xJ4Hm$%FzG z!ZG^Bte9}eS1ssR*%6?mF9zSQb65W`bei#KGm^*b9I<40s&mJISq0vN17}tqhgc)u z^E!|GBGiR5)7mua!rhK@0PhJ_$l65TB*={+e@lOR^>*V(@$mSI*s z=-{B%#aIyNv)DGKp)1dV%7Y=GvY?`;+O&aCc8g=(@Olv#>aRiDCCw~~{!}=fE>M?ah>tvZz?PV^>E_2Ub;!PN-2PMh+qS=C6Lr@LlK1e`O88 zOEGg=zP>s{nd4ncsH&BOAD}?t_}3RBnt>U1hSKL`w`(_~| zuHVxQ`jYXqWFryfDSz@I)j-Ph#zY1>RVo~__Z0t1Zpj`2V)gYrv7G_1lGnc5PGTk? z;lkz}l+B}CBih(T`4wa^f(ir%F9|A!NQUW_RXS^1Du$h!wdyFTg?}xmPw`Mmf@T{4JebX2y#vU%9=AL@ z0NKYW`Y3AeRDnQ({Z~^Gz($mdS#awYG(-6)r9<`RdE?6wZSMKxVp-hw_oI`KD7N$< zx+D+%)VsM6Lh>CvuwP6mzG_$11I2(6cnvbp4{m~0{AU(EGp1kt+h^4<%qw8}UKK1t zv43{BnphK@AK%vJ!IY+PS>ziY15}4*Ux5d6Af_pTx1*oWn9UyE5_cnZx}DaoEGr3U zr0S7Y?RzJLbwz6peL$;1*(VA%;T<$={khH)?`u(R>0cga)Ffjf>Q8`kPeKFGqxQFO z%f7N;|7Iu~xBGL-yt{E*rD~IaCSl6m1JAWxD%UrhhX# z+*|bpjpsaky1-Y!Oz`nh2E1g=5R3FJP|iV~!n2Jr06VSgl+3Bu;{Uq{2XM>HJHA>h%$2Oz3uLH3+&2eKYAL{v0~gZGQF zqijjgGPO8p+u>$L7_^M;n;|Cc?y%>-CX!V`~9?$;|4g zxdSMu&wqqD7-T|U?;EjG`PEqcNgU~cfE#wPsYs@Gb_{iR^*#!VjKP9V8Gk;CFUrBG zSK++vj&?QT+leY*vNaW;9j^c5R`?li(2-jY{nKE*jQH`luv0J~YvkfrD6aJ8+F}zr z6^pVgfD{2`wTE89Q@M?7gpXSS?gCg63b>n&40PiYYgo({BVWs+T3|&XNJO2R4@qe0 z_~t`;-KZ}}o(+$_mSzagiXQ{Y;3^>7t z#g>45lLhbPw#(x8Sqh@OU=51UHXr4Auh=73(jPY4n;QxH^ql)men3A|)DywBvHME$k<9$7(nZ@0-hF?SVhN<#iz4E!?baY#( zIPM;T*rYMXH~%tDFh?b4tju)0>e`c>w7a4F!_Zcl?M0;x<$p+6q(QR85wtj6JNR+F z>6p3QWzz{eCaOlqGXO4UhpIp2_Fo%bd(YvhOtu3o=t+-}uT);d_fly1%nDrTGA$pg z+0pN0SC72c#KeW&4txkOlrRcu%uQt#Gbe`pvB&BFy8LBY)M)`qE6BJyfl~ly&=(+#bfv zu@Y58{fmM33M7#L(%zEYWMlu>!RtK6Wq150Yo6uBK?(Bd@5MaYFga7PVJdiq5lO4w zOp23H4I;6Sq4npm+skY6-e+K8y!aHNU(7MX!T6b2o*?eHXcq5_VmW5x1T_ES3P$XboOnQxooUk7mP)8n%lziky9dT?soj#gp6 z$Z(iOt*mY!GAE&Sj8HoytNq$NP6U_7@_1Gf(0?b5JSvC$rY%NL?a&V-0o0|sMAj*u zH(SLR$PWwEibeb!37rxZ>~Jdz;sscfzhLl($|Anaq@ii<)g|JkS;CPJ&`{z;p5}_j z&htQ2i9w=fDK?Z9$CayMGn0=#eUxz#n z(0{t=KRYT1tdGx22@DbrTO6M2qhjK=!~|bQ$e2lP_wkz|*MyWoZxzx>E*kLQm))p~ zY%Wat6QmrMxThpwW5d~Ne-d+<+zCIZMietnQh|tP1D7ZlsdpTZ`8Fbx? z&r8#`Q1juuAUv6r4PM8A)b`lzF$Kh)i6MYCjxz$xbN@f&@CJDt+@q9)0j%WL>3@D8 zb1fmm#xrS@%!DpE%Ph^3d1-3F0Br4eyA@-j%oi;@{OI|D86)0;iCFs4I&mI?M&b%1Hx> zR;xl;9SqT1-#|}7F(oh~1_>&LNFIjw4FL%iF%|?Ahoi_&D+=v)20#rM$!~UjIXZ%# zlfVrXE{>%LDcfzS^qD|Ippx;5VdRIGkHBIiQV-d46v%nH+yn^Pu;^UZv=SHs0tf(G CQ?LjC diff --git a/examples/tls/rootCA.crt b/examples/tls/rootCA.crt new file mode 100644 index 00000000..f3ed90f3 --- /dev/null +++ b/examples/tls/rootCA.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDTzCCAjegAwIBAgIUT2Hjb+eORMuX0zIwClSygNTJiSQwDQYJKoZIhvcNAQEL +BQAwNzEQMA4GA1UEAwwHTXlPd25DQTELMAkGA1UEBhMCVVMxFjAUBgNVBAcMDVNh +biBGcmFuc2lzY28wHhcNMjMwMzA3MTIzOTM5WhcNMjQwMjI2MTIzOTM5WjA3MRAw +DgYDVQQDDAdNeU93bkNBMQswCQYDVQQGEwJVUzEWMBQGA1UEBwwNU2FuIEZyYW5z +aXNjbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL4hFcu/+GeSQRR0 +XniadepJtCp3juIaHaYLMIsKg4fUSOiVlOCJU27wYa6xaYOcjSKpv7tmZ7YwFBwO +dGdlcqAFD1nj+JCsHQAJKRIYWY6UklrQb0rd+67HXF03cN4sPGiAKXy52jaPYJIS +oz5w8mfcz66b3q6fYmefyjwvqBl5nJApiWzBEtLPDKhmT6ST3VuQLdmYNEmL3lL9 +wVJu3R1L7gnzoUFdHyeOpAoALFAI8zfezI8IJsDLLdVfKZNZYm0PDB98ldlBQ2wf +uXFTzuVHeifBFcUxhV5/U9c3Fp7UnuMD7/RAcABBE8aW6wFl246WjTk4v6r0QYgZ +49BrnGMCAwEAAaNTMFEwHQYDVR0OBBYEFIwCXoKvHjF6mWhgNLwSEktXT9S/MB8G +A1UdIwQYMBaAFIwCXoKvHjF6mWhgNLwSEktXT9S/MA8GA1UdEwEB/wQFMAMBAf8w +DQYJKoZIhvcNAQELBQADggEBAIlSJqo9QJUZTE1SzafqihkSXBuLAKMNq+Box02o +2tticlBV3BVpNZ4SbOs8oYN/Hmr2cDSmgbf4ZB1BqExarsrLnFuIrM4XWVzuFHSt +oMSlE/OE6cO0wzqUlihmUfx2azuXKPLotAObD6fwNbUb03YxTpNrEqFxIjYn6g56 +Mp1Eo/Na2ptr41Nin2gHsynPOWdPhpBqBxnWMFz1pfZ7TB1h92DVqFN92fMzgvAT +oJdTGl9hFTcS4XrYwOhhITNGn7oM9uTFpTd/IZbjAakcAnLcwRumthD32YJPpXqV +JC2zJNBvEbQ4hdvZu3eNx5J8GU8wiMoJgYNy4zNMbM3qM+E= +-----END CERTIFICATE----- diff --git a/tests/for_tcp/tls_transport.toml b/tests/for_tcp/tls_transport.toml index 92e6c178..e8fa9e31 100644 --- a/tests/for_tcp/tls_transport.toml +++ b/tests/for_tcp/tls_transport.toml @@ -5,8 +5,8 @@ default_token = "default_token_if_not_specify" [client.transport] type = "tls" [client.transport.tls] -trusted_root = "examples/tls/ca-cert.pem" -hostname = "0.0.0.0" +trusted_root = "examples/tls/rootCA.crt" +hostname = "localhost" [client.services.echo] local_addr = "127.0.0.1:8080" diff --git a/tests/for_udp/tls_transport.toml b/tests/for_udp/tls_transport.toml index 52588523..fb45597b 100644 --- a/tests/for_udp/tls_transport.toml +++ b/tests/for_udp/tls_transport.toml @@ -5,8 +5,8 @@ default_token = "default_token_if_not_specify" [client.transport] type = "tls" [client.transport.tls] -trusted_root = "examples/tls/ca-cert.pem" -hostname = "0.0.0.0" +trusted_root = "examples/tls/rootCA.crt" +hostname = "localhost" [client.services.echo] type = "udp"