libtls 0.0.1

data/lib/libtls/server.rb

@@ -0,0 +1,128 @@
+require 'libtls/config'
+require 'libtls/raw'
+require 'libtls/exn'
+
+module LibTLS
+##
+# Represent a server that communicates over TLS
+#
+# This class handles the details on using an existing instance of Socket to
+# communicate with clients. It knows how to configure the TLS settings and
+# negotiate the TLS handshake.
+#
+# Here is an example method that echos a response over an encrypted channel.
+# Note that the issues around creating and maintaining a socket are dealt
+# with elsewhere.
+#
+#   def echo_server(socket)
+#     config = {
+#         key_file: "thekey.key",
+#         cert_file: "thecert.crt"
+#     }
+#   
+#     LibTLS::Server.new(configure: config) do |server|
+#       client_socket, _ = socket.accept
+#   
+#       server.accept(client_socket) do |client|
+#         str = client.read
+#         client.write(str)
+#       end
+#     end
+#   end
+class Server
+  ##
+  # The FFI wrapper around the struct tls object
+  #
+  # This is only useful for calling any of the {LibTLS::Raw} methods.
+  attr :ctx
+
+  ##
+  # Instantiate and configure a TLS server
+  #
+  # Once constructed, a {Server} instance must be freed with the {#finish}
+  # method. If you pass a block to the constructor it will handle this for you.
+  #
+  # @param configure [Hash] a mapping from setting name to value. The setting
+  #   name is any of {LibTLS::Config::VALID_SET_CONFIGS}; the value is either a
+  #   scalar value passed through to the C function, or an array of values. For
+  #   example:
+  #     { ca_file: 'ca.pem', key_mem: [key_ptr, 48] }
+  # @yieldparam [Server] self an initialized and configured instance of self
+  # @raise [LibTLS::UnknownCError] if +tls_init+ or +tls_server+ fail
+  # @raise [LibTLS::CError] if +tls_configure+ fails
+  def initialize(configure:, &block)
+    if LibTLS::Raw.tls_init < 0
+      raise LibTLS::UnknownCError, "tls_init"
+    end
+
+    @config = Config.new(configure)
+
+    if (@ctx = LibTLS::Raw.tls_server) == nil
+      raise LibTLS::UnknownCError, "tls_server"
+    end
+
+    if LibTLS::Raw::tls_configure(ctx, @config.as_raw) < 0
+      raise LibTLS::CError, "tls_configure: #{LibTLS::Raw.tls_error(ctx)}"
+    end
+
+    if block
+      begin
+        block.call(self)
+      ensure
+        self.finish
+      end
+    end
+  end
+
+  ##
+  # Negotiate a TLS handshake on an existing socket
+  #
+  # The client socket is assumed to already have an active connection; for
+  # example, +IO.select+ or +Socket#accept+ has been called.
+  #
+  # The block is run on a connection opened for the client. Once the block
+  # finishes, the connection is closed automatically.
+  #
+  # @param client_socket [Socket] a connected socket
+  # @yieldparam [OpenedClient] client the connected client
+  # @raise [LibTLS::CError] if +tls_accept_socket+ fails
+  # @return the result of the block
+  def accept(client_socket, &block)
+    cctx_ptr = FFI::MemoryPointer.new(:pointer)
+
+    if tls_accept(cctx_ptr, client_socket) == -1
+      raise LibTLS::CError, "tls_accept_socket: #{LibTLS::Raw.tls_error(ctx)}"
+    end
+
+    cctx = cctx_ptr.read_pointer
+
+    opened_client = OpenedClient.new(cctx)
+    block.call(opened_client)
+  ensure
+    opened_client && opened_client.close
+  end
+
+  ##
+  # Release any memory held on to by the C library
+  #
+  # This method must be called either implicitly by passing a block to
+  # {#initialize}, or explicitly by you.
+  def finish
+    @config.free
+    LibTLS::Raw.tls_free(ctx)
+  end
+
+  private
+
+  def tls_accept(cctx_ptr, client_sock)
+    ret = LibTLS::Raw.tls_accept_socket(
+      ctx, cctx_ptr, client_sock.fileno)
+
+    if [LibTLS::Raw::TLS_READ_AGAIN, LibTLS::Raw::TLS_WRITE_AGAIN].include?(ret)
+      tls_accept(cctx_ptr, client_sock)
+    else
+      ret
+    end
+  end
+end
+end

data/lib/libtls/version.rb

@@ -0,0 +1,8 @@
+module LibTLS
+  ##
+  # The version of this library
+  #
+  # This version number is independent of the version of OpenBSD, and also
+  # independent of the version of libressl-portable. It's just a number.
+  VERSION = "0.0.1"
+end

data/libtls.gemspec

@@ -0,0 +1,30 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'libtls/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "libtls"
+  spec.version       = LibTLS::VERSION
+  spec.authors       = ["Mike Burns"]
+  spec.email         = ["mike@mike-burns.com"]
+  spec.summary       = %q{Bindings for libtls (libressl)}
+  spec.description   = %q{
+This is a set of libtls bindings for Ruby, plus a nice object-oriented layer
+atop the bindings.  
+  }
+  spec.homepage      = "https://github.com/mike-burns/libtls.rb"
+  spec.license       = "ISC"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "ffi", "~> 1.2"
+  spec.requirements << 'libtls'
+
+  spec.add_development_dependency "bundler", "~> 1.6"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 2"
+end

data/spec/fixtures/mike-burns.pem

@@ -0,0 +1,116 @@
+-----BEGIN CERTIFICATE-----
+MIIGRjCCBS6gAwIBAgIDFAInMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYDVQQGEwJJ
+TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
+YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3Mg
+MSBQcmltYXJ5IEludGVybWVkaWF0ZSBTZXJ2ZXIgQ0EwHhcNMTQxMTAxMDUyMDI1
+WhcNMTUxMTAxMTk1ODM5WjBTMQswCQYDVQQGEwJTRTEbMBkGA1UEAxMSd3d3Lm1p
+a2UtYnVybnMuY29tMScwJQYJKoZIhvcNAQkBFhh3ZWJtYXN0ZXJAbWlrZS1idXJu
+cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQjCP4Sx7ObtxJ
+/1cRJ+2wDnEZtVk4MByVKeZwWO94JnsUWejRCUqFl8al2tKkYWDeju2qAMbC7Wmq
+5UiPyiXd5gdrb2Sjn+Z5K7s5B9B5DF2u3bllGU4EqhpgYOYkWFMwalDWSYoBy0WH
+9Av3GpQXx71ueF1HbLd/UrPxeEWvAytKQpbmydd+eohRvmjKU4URoT/gnY1A+39Q
+9MvyAVwnI4EtyMMW1t7jDBD1IGyY1MhxPYtaAFKEoEMzMnhZln4DohMWfmfL8LqF
+GD5FcPBDmlLDLPCsLmq5NVd/x1S9irK5fpGc3ovv/cq99XfdPfkIjMC84H8eaawr
+WThteTdzAgMBAAGjggLnMIIC4zAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDATBgNV
+HSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQUxnbSAvGSoA1sDTBCMWZyRwNs47Ew
+HwYDVR0jBBgwFoAU60I00Jiwq5/0G2sI98xkLu8OLEUwLQYDVR0RBCYwJIISd3d3
+Lm1pa2UtYnVybnMuY29tgg5taWtlLWJ1cm5zLmNvbTCCAVYGA1UdIASCAU0wggFJ
+MAgGBmeBDAECATCCATsGCysGAQQBgbU3AQIDMIIBKjAuBggrBgEFBQcCARYiaHR0
+cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjCB9wYIKwYBBQUHAgIwgeow
+JxYgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwAwIBARqBvlRoaXMg
+Y2VydGlmaWNhdGUgd2FzIGlzc3VlZCBhY2NvcmRpbmcgdG8gdGhlIENsYXNzIDEg
+VmFsaWRhdGlvbiByZXF1aXJlbWVudHMgb2YgdGhlIFN0YXJ0Q29tIENBIHBvbGlj
+eSwgcmVsaWFuY2Ugb25seSBmb3IgdGhlIGludGVuZGVkIHB1cnBvc2UgaW4gY29t
+cGxpYW5jZSBvZiB0aGUgcmVseWluZyBwYXJ0eSBvYmxpZ2F0aW9ucy4wNQYDVR0f
+BC4wLDAqoCigJoYkaHR0cDovL2NybC5zdGFydHNzbC5jb20vY3J0MS1jcmwuY3Js
+MIGOBggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5zdGFy
+dHNzbC5jb20vc3ViL2NsYXNzMS9zZXJ2ZXIvY2EwQgYIKwYBBQUHMAKGNmh0dHA6
+Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFzczEuc2VydmVyLmNhLmNy
+dDAjBgNVHRIEHDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJKoZIhvcN
+AQELBQADggEBAI35NGd8yJUPBm0Yc/nFLvdow2hpBot7Yw/h5XADT84TZmTwE+D2
+PiI7MoTKieL70L7jL7k4SNxTlaN/Y9TJ5Vqj9oAIxzlOrIAc4KzxyO3tyFTRWhVw
+WUvvEGobRuoXZVtbGOxDPcVdB1/+bNsG/mY8KrnuJmDunOYg2FA3BZWVV3xRIfEW
+rCTJwF0qT0GQfv25aM5huTFdEU+QzSUGjqaCq4doD+zFRdLj5WPP+zaEWtPC2S+F
+8v1+U4BP1MS0rVF9r+4ulvAZWZ+hrlB4kcGHEHy73hX3zy63LFxkIni15c2OE2c0
+RF2xeweSzapCmlJDtQpMqaFnaKeN+yC/W+M=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGNDCCBBygAwIBAgIBGDANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
+MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
+Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwHhcNMDcxMDI0MjA1NDE3WhcNMTcxMDI0MjA1NDE3WjCB
+jDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT
+IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0
+YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVyIENBMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtonGrO8JUngHrJJj0PREGBiE
+gFYfka7hh/oyULTTRwbw5gdfcA4Q9x3AzhA2NIVaD5Ksg8asWFI/ujjo/OenJOJA
+pgh2wJJuniptTT9uYSAK21ne0n1jsz5G/vohURjXzTCm7QduO3CHtPn66+6CPAVv
+kvek3AowHpNz/gfK11+AnSJYUq4G2ouHI2mw5CrY6oPSvfNx23BaKA+vWjhwRRI/
+ME3NO68X5Q/LoKldSKqxYVDLNM08XMML6BDAjJvwAwNi/rJsPnIO7hxDKslIDlc5
+xDEhyBDBLIf+VJVSH1I8MRKbf+fAoKVZ1eKPPvDVqOHXcDGpxLPPr21TLwb0pwID
+AQABo4IBrTCCAakwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD
+VR0OBBYEFOtCNNCYsKuf9BtrCPfMZC7vDixFMB8GA1UdIwQYMBaAFE4L7xqkQFul
+F2mHMMo0aEPQQa7yMGYGCCsGAQUFBwEBBFowWDAnBggrBgEFBQcwAYYbaHR0cDov
+L29jc3Auc3RhcnRzc2wuY29tL2NhMC0GCCsGAQUFBzAChiFodHRwOi8vd3d3LnN0
+YXJ0c3NsLmNvbS9zZnNjYS5jcnQwWwYDVR0fBFQwUjAnoCWgI4YhaHR0cDovL3d3
+dy5zdGFydHNzbC5jb20vc2ZzY2EuY3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0
+c3NsLmNvbS9zZnNjYS5jcmwwgYAGA1UdIAR5MHcwdQYLKwYBBAGBtTcBAgEwZjAu
+BggrBgEFBQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0
+BggrBgEFBQcCARYoaHR0cDovL3d3dy5zdGFydHNzbC5jb20vaW50ZXJtZWRpYXRl
+LnBkZjANBgkqhkiG9w0BAQUFAAOCAgEAIQlJPqWIbuALi0jaMU2P91ZXouHTYlfp
+tVbzhUV1O+VQHwSL5qBaPucAroXQ+/8gA2TLrQLhxpFy+KNN1t7ozD+hiqLjfDen
+xk+PNdb01m4Ge90h2c9W/8swIkn+iQTzheWq8ecf6HWQTd35RvdCNPdFWAwRDYSw
+xtpdPvkBnufh2lWVvnQce/xNFE+sflVHfXv0pQ1JHpXo9xLBzP92piVH0PN1Nb6X
+t1gW66pceG/sUzCv6gRNzKkC4/C2BBL2MLERPZBOVmTX3DxDX3M570uvh+v2/miI
+RHLq0gfGabDBoYvvF0nXYbFFSF87ICHpW7LM9NfpMfULFWE7epTj69m8f5SuauNi
+YpaoZHy4h/OZMn6SolK+u/hlz8nyMPyLwcKmltdfieFcNID1j0cHL7SRv7Gifl9L
+WtBbnySGBVFaaQNlQ0lxxeBvlDRr9hvYqbBMflPrj0jfyjO1SPo2ShpTpjMM0InN
+SRXNiTE8kMBy12VLUjWKRhFEuT2OKGWmPnmeXAhEKa2wNREuIU640ucQPl2Eg7PD
+wuTSxv0JS3QJ3fGz0xk+gA2iCxnwOOfFwq/iI9th4p1cbiCJSS4jarJiwUW0n6+L
+p/EiO/h94pDQehn7Skzj0n1fSoMD7SfWI55rjbRZotnvbIIp3XUZPD9MEI3vu3Un
+0q6Dp6jOW6c=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
+MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
+Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9
+MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
+U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh
+cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk
+pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf
+OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C
+Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT
+Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi
+HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM
+Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w
++2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+
+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3
+Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B
+26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID
+AQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE
+FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9j
+ZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3Js
+LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFM
+BgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0
+Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFy
+dGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3Rh
+cnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlh
+YmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2Yg
+dGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFp
+bGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJ
+YIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNT
+TCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEAFmyZ
+9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8
+jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUW
+FjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJz
+ewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1
+ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3fsNrarnDy0RLrHiQi+fHLB5L
+EUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZEoalHmdkrQYu
+L6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq
+yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuC
+O3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6V
+um0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkySh
+NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14=
+-----END CERTIFICATE-----

data/spec/fixtures/theca.pem

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICCTCCAXICCQC0VuaH4rQBXTANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJT
+RTESMBAGA1UECAwJU3RvY2tob2xtMRIwEAYDVQQHDAlTdG9ja2hvbG0xEjAQBgNV
+BAMMCWxvY2FsaG9zdDAeFw0xNTA0MTQxOTA5MjhaFw0xNjA0MTMxOTA5MjhaMEkx
+CzAJBgNVBAYTAlNFMRIwEAYDVQQIDAlTdG9ja2hvbG0xEjAQBgNVBAcMCVN0b2Nr
+aG9sbTESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCoPanBU4m8XMicKm9g+4tNDpd7PjJwQXT9ybleuZaqR0RDBPYra3Pk+djB
+eTJcCOmTpSV+3GoiUKUImkSmlAZ/z7/QckzutYq4SczSexSLyecxNIlbDpDoj9pY
+a0q3QGd20cO4bWCkslldt5YMvLWsuNZn8SWIjZniy58Q4W/fSwIDAQABMA0GCSqG
+SIb3DQEBCwUAA4GBAE2Zdyvdtpp5vvNztLUPM0JMUJLgmR1Z7z0XYdSelBWs7b0F
+Hbno1Ft1kWpPhYhYkokmI4wYQ/PiI0dgKxIs7adcZNpvCzk6kvfNUhiPRNsk/oIJ
+Z1tfxKDbpClQgAshvX8zcepJnxK5JdPk8joOmBdMshEkmg30UW20EOVvhl45
+-----END CERTIFICATE-----

data/spec/fixtures/thecert.crt

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICCTCCAXICCQC0VuaH4rQBXTANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJT
+RTESMBAGA1UECAwJU3RvY2tob2xtMRIwEAYDVQQHDAlTdG9ja2hvbG0xEjAQBgNV
+BAMMCWxvY2FsaG9zdDAeFw0xNTA0MTQxOTA5MjhaFw0xNjA0MTMxOTA5MjhaMEkx
+CzAJBgNVBAYTAlNFMRIwEAYDVQQIDAlTdG9ja2hvbG0xEjAQBgNVBAcMCVN0b2Nr
+aG9sbTESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCoPanBU4m8XMicKm9g+4tNDpd7PjJwQXT9ybleuZaqR0RDBPYra3Pk+djB
+eTJcCOmTpSV+3GoiUKUImkSmlAZ/z7/QckzutYq4SczSexSLyecxNIlbDpDoj9pY
+a0q3QGd20cO4bWCkslldt5YMvLWsuNZn8SWIjZniy58Q4W/fSwIDAQABMA0GCSqG
+SIb3DQEBCwUAA4GBAE2Zdyvdtpp5vvNztLUPM0JMUJLgmR1Z7z0XYdSelBWs7b0F
+Hbno1Ft1kWpPhYhYkokmI4wYQ/PiI0dgKxIs7adcZNpvCzk6kvfNUhiPRNsk/oIJ
+Z1tfxKDbpClQgAshvX8zcepJnxK5JdPk8joOmBdMshEkmg30UW20EOVvhl45
+-----END CERTIFICATE-----

data/spec/fixtures/thecsr.csr

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBiDCB8gIBADBJMQswCQYDVQQGEwJTRTESMBAGA1UECAwJU3RvY2tob2xtMRIw
+EAYDVQQHDAlTdG9ja2hvbG0xEjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEAqD2pwVOJvFzInCpvYPuLTQ6Xez4ycEF0/cm5XrmW
+qkdEQwT2K2tz5PnYwXkyXAjpk6UlftxqIlClCJpEppQGf8+/0HJM7rWKuEnM0nsU
+i8nnMTSJWw6Q6I/aWGtKt0BndtHDuG1gpLJZXbeWDLy1rLjWZ/EliI2Z4sufEOFv
+30sCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4GBAD7rnHFehiIhj6zXWGyKnVvBBT64
+0M/yRdEfADH2sA5viUxDX2E9r+zZJMwTWNhH+nPeNU4aJbgjULkq6VIOWVHafkFS
+hmk4KQMnDMy0wzyY88ozZ2m/g3vpm+MH/wJF4AZ7YCywyuiI+J87pwAmATkEjcqR
+/uoYUH9EyLi4BO3Y
+-----END CERTIFICATE REQUEST-----

data/spec/fixtures/thekey.key

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCoPanBU4m8XMicKm9g+4tNDpd7PjJwQXT9ybleuZaqR0RDBPYr
+a3Pk+djBeTJcCOmTpSV+3GoiUKUImkSmlAZ/z7/QckzutYq4SczSexSLyecxNIlb
+DpDoj9pYa0q3QGd20cO4bWCkslldt5YMvLWsuNZn8SWIjZniy58Q4W/fSwIDAQAB
+AoGAIDT9xFa7rWWNueedvtEoz62VbjBv83F0dgkiBXI914chGDtg7Nr7KsBxsEgF
+Tf0eyfb5gJmtb7hEf6sYrVL1Ez8yoAjHo3su2Yh9EhL8FNJITaWANgpvJFpBBRcV
+aDz3foxbc0pGISWl4NwIxuStZdY1en96LgSXlD9CE8TqgIECQQDVdKlZ5OMfw2Cn
+dOqgSYvcT/ToYE5Mg4TfH5xnyWNseAQ8k8kI2GIOxZIH3PAl5VwuVxpr8Bbza97v
+4mYgHptrAkEAycX3Ewa1YMKNjrOYB47kDCzYhYBFD/mUojbE05WVPQatoznRfBdk
+ZKsg5iu6P6NU6moROYiVauOu6oDmhXGjoQJBAMHaBwrKobHw/9BUj9gtssTMIIEB
+JVq7fmocDTD8ZjzV6hMRq9tKmBMOPobBkZ7443R6SlaIXm+HIZn9o/27ji0CQQC6
+MQ/6YqplC6MNF/UmpFkUUx3Ks78HKsxZlCi1BsecdNkuUmBZHkzqCHBnddp8dwAZ
+AJ+8c6lN5aS3iRMv+NmBAkAnJKyhAjpxKe4JcTex5WyQg/GPffjMakQm8J5ppUnX
+jxSjvPKee0PYgztZwwCWgakynwvCk+GbK0h3oCssDAmP
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/thekey.key.protected

@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,0EDD0A67E5CDB391
+
+HIEDTe8y51xjvG/R9FbDgEQ3bzUbQYAAqimxdpJoOFvWMOgJl9HlWNAUk5yf8evD
+rU+t1fvn0GUL0OHnR6A8edI8U+9GPL3Bt4vis5unpkGg68MyvQna4qDXnqAW3cVI
+OXpt+v/xaQUazChCg6b9mt4G4vd7mKWB4i9tg078+d+hyWxWOMqU2CdWt7hDRtkw
+wIwHf1Gbn9q3gXReuDHmq2SHg1FkjfMqQ7rY7jySGSzapdAj/wh/h04kZ2Vdkooa
+jIp1hShqJh6fRij9R5PuJyAvVcioxFcdT7iE2u2diBVcehJWlHOTOoBTJpB4ExeC
+cHdeA3tuE1rTfK4Ix65UDPbk6xXXwuIyiTLD7Bw0Q5uw7093+ZaoFctmE6CCkiMK
+vHByPKmsrsNuac+Dq3QsL0WDkHwYvRSji8wVnorlCMOVqa4xHMo27gtgIufEGJzs
+wWTIiIqPy8iMLODtt+uWbGRkLHXfOwS7F4PvmeQB8xEnjVlIBJ1qpYpXzzMgs5x9
+N69d+xTY4AVBF+a87kQIkx41AjqiNt2sBS7gYkGnnd1W6v3IqdQuTLzfZh/WLiaW
+RGhP/f8gRWprVoso07qTBdWM/rx9op+F6C5LYlGGAKvtSXcwsklT3qL2AEzc6Tvi
+P7iyD+n6wdtFsIFwzp4D2l7oE5alN+a9o7laV18MwLFVhfdSjRVM6VDA2nBDva4T
+G063CrMiRUv4G5nbqvgOSOmx2nHArYcSjyfc7fyobxeAyuzt8E+ayLSgAML//BTS
+rlOIkY84kUvgHxsjw1Ia5fg9oTyPaSJVDJwN1QNTvCX872/z+ELWDw==
+-----END RSA PRIVATE KEY-----

data/spec/oo/client_spec.rb

@@ -0,0 +1,28 @@
+require 'rspec'
+require 'libtls'
+require 'support/fixtures'
+
+describe 'a libtls client' do
+  it 'reads data via a TLS connection' do
+    config = {
+      protocols: LibTLS::Raw::TLS_PROTOCOL_TLSv1_2,
+      ca_file: fixture_filename('mike-burns.pem')
+    }
+
+    content = nil
+    LibTLS::Client.new(configure: config) do |client|
+      content = client.connect("mike-burns.com", 443) do |c|
+        c.write(http_get("mike-burns.com"))
+        c.read
+      end
+    end
+
+    expect(content[0..14]).to eq "HTTP/1.1 200 OK"
+  end
+
+  private
+
+  def http_get(hostname)
+    "GET / HTTP/1.1\r\nUser-Agent: libtls.rb/0.1\r\nHost: #{hostname}\r\n\r\n"
+  end
+end

data/spec/oo/server_spec.rb

@@ -0,0 +1,75 @@
+require 'rspec'
+require 'socket'
+require 'libtls'
+require 'support/fixtures'
+
+describe 'a libtls server' do
+  before :each do
+    @socket = create_socket_for_client(hostname, port)
+  end
+
+  after :each do
+    @client_socket && @client_socket.close
+    @socket && @socket.close
+  end
+
+  it 'sends data via a TLS connection' do
+    config = {
+      key_file: key_file,
+      cert_file: cert_file
+    }
+
+    fork do
+      @client_socket, _ = @socket.accept
+
+      LibTLS::Server.new(configure: config) do |server|
+        server.accept(@client_socket) do |c|
+          str = c.read
+          c.write(str)
+        end
+      end
+    end
+    sleep 1
+
+    content = echo_client(msg)
+
+    expect(content).to eq (msg)
+  end
+
+  private
+
+  let(:hostname) { "localhost" }
+  let(:port) { "3334" }
+  let(:key_file) { fixture_filename("thekey.key") }
+  let(:cert_file) { fixture_filename("thecert.crt") }
+  let(:ca_file) { fixture_filename("theca.pem") }
+  let(:msg) { "hello\r\n" }
+
+  def echo_client(str)
+    content = ""
+    config = {
+      protocols: LibTLS::Raw::TLS_PROTOCOLS_ALL,
+      ca_file: ca_file
+    }
+
+    LibTLS::Client.new(configure: config) do |client|
+      begin
+        content = client.connect(hostname, port) do |c|
+          c.write(str)
+          c.read
+        end
+      rescue LibTLS::CError
+      end
+    end
+
+    content
+  end
+
+  def create_socket_for_client(hostname, port)
+    sin = Addrinfo.tcp(hostname, port)
+    sock = sin.bind()
+    sock.listen(1)
+
+    sock
+  end
+end