Login/Register
https request in lua
Asked Answered
lualuasocket
A

4

18

I am trying to retrieve a page on my SSL enabled server with a lua script. Important to note that the server has a self-signed certificate. No problem with certificate issued by a trusted CA.

local https = require("socket.http")
local resp = {}
local r, c, h, s = https.request{
    url = "https://my-server:443/example.php",
    sink = ltn12.sink.table(resp),
    protocol = "tlsv1"
}

The server returns:

Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please.

And on the server side, that request produce this entry in the Apache ssl_access.log

192.168.0.150 - - [27/Nov/2011:16:32:07 +0100] "GET /" 400 529 "-" "-"

Furthermore, tcpdump shows that after the SYN-ACK handshake, no SSL 257 Client Hello is sent. Using the same URL from my browser or with wget works ok.

Alarcon answered 27/11, 2011 at 15:36 Comment(0)
D
15

As Doug Currie said, you should use luasec. In order to enable https.request, you have to require the ssl.https module:

local https = require 'ssl.https'
local r, c, h, s = https.request{
    url = "https://my-server:443/example.php",
    sink = ltn12.sink.table(resp),
    protocol = "tlsv1"
}
Dorran answered 27/11, 2011 at 21:18 Comment(5)
As I said above, that lua script will be executed on a rather cramped router that has no room left for the LuaSec package. I believe I'll have to find a workaround. Thanks for your help anyway. And BTW I tried your snippet in a LuaSec aware box and it doesn't seem to find the 'ssl.https' module.Alarcon
Which version of LuaSec did you use? The version 0.4.1, which is available on the main site, contains ssl/https.lua that should be installed into the Lua package path.Dorran
Version 4.0. I had a look into the https.lua module and it seems to create a module ssl.module. Why can't I simply use the https.lua module like I tried to do in my first post? That module is derived from LuaSec I believe.Alarcon
Because you are importing socket.http module, which does not know anything about HTTPS (discussion here). That is why you need to load the custom module. Of course, you can put it wherever you like, for example in $LUA_PATH/socket/https.lua, then you can call it as require 'socket.https'.Dorran
link to luasec is broken. But maybe this link could replace the old oneGiovannigip
C
7

See this lua-l thread describing how to add support for luasocket https client using luasec.

Compellation answered 27/11, 2011 at 16:46 Comment(2)
I saw that thread but I was hoping to find something simpler. Like in this example from the LuaSec documentation. That method works all right with certificates issued by trusted CA but not on self-signed ones.Alarcon
Another bad news is that I don't have enough memory on my router to install the LuaSec package.Alarcon
G
4

like this 

local https = require("ssl.https")
local one, code, headers, status = https.request{
       url = "https://www.test.com",
       key = "/root/client.key",
       certificate="/root/client.crt",
       cafile="/root/ca.crt"
}
Gluck answered 17/7, 2015 at 7:14 Comment(0)
D
1

A more modern solution is to use lua-http: https://github.com/daurnimator/lua-http

It comes with a luasocket/luasec compatible interface.

Dy answered 23/7, 2016 at 0:14 Comment(1)
Is it usable on windows?Bucephalus

© 2022 - 2024 — McMap. All rights reserved.