mirror of
https://github.com/simplex-chat/simplexmq.git
synced 2026-03-29 16:39:58 +00:00
2a120dfe57
* smp-server: Allow serving HTTPS and transport on the same port * update rfc * servers: refactor TLS credentials * provide server credentials in SNI hook * determine TLS server params dynamically, when starting the server * remove alpn from TransportServerConfig to decide it dynamically where server is started * diff * combine HTTP and SMP on the shared port * Update to SockAddr * Fix params and web.https parser * Switch fork urls * WIP: add smpServerTestStatic test * Update warp-tls repo * shared connection tests * cleanup * Add protocol tests * rename cert file, enable both ports and web by default * terminate with message on missing credentials * test cert file * client option to use port 443 as default SMP port * use SNI in non-SMP clients * supported * remove TODO * advice * fix test build * Add RSA-4096 check for web creds, fix test * Remove directory listing from static app * message * messages * update log tests --------- Co-authored-by: IC Rainbow <aenor.realm@gmail.com>
To generate fixtures:
(keep these instructions and openssl_ca.conf and openssl_server.conf files consistent with certificate generation on server)
# CA certificate (identity/offline)
openssl genpkey -algorithm ED448 -out ca.key
openssl req -new -x509 -days 999999 -config openssl_ca.conf -extensions v3 -key ca.key -out ca.crt
# Server certificate (online)
openssl genpkey -algorithm ED448 -out server.key
openssl req -new -config openssl_server.conf -reqexts v3 -key server.key -out server.csr
openssl x509 -req -days 999999 -extfile openssl_server.conf -extensions v3 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt
# To pretty-print
openssl x509 -in ca.crt -text -noout
openssl req -in server.csr -text -noout
openssl x509 -in server.crt -text -noout
To compute fingerprint for tests:
stack ghci
> import Data.X509.Validation (Fingerprint (..))
> Fingerprint fp <- loadFingerprint "tests/fixtures/ca.crt"
> strEncode fp