Stuck with luasec Lua secure socket

Question

This example code fails:

 require("socket")
 require("ssl")

-- TLS/SSL server parameters
 local params = {
 mode = "server",
 protocol = "sslv23",
 key = "./keys/server.key",
 certificate = "./keys/server.crt",
 cafile = "./keys/server.key",
 password = "123456",
 verify = {"peer", "fail_if_no_peer_cert"},
 options = {"all", "no_sslv2"},
 ciphers = "ALL:!ADH:@STRENGTH",
 }

local socket = require("socket")
local server = socket.bind("*", 8888)
local client = server:accept()
client:settimeout(10)

 -- TLS/SSL initialization
local conn,emsg = ssl.wrap(client, params)
print(emsg)
 conn:dohandshake()
 --
 conn:send("one line\n")
 conn:close()

request

https://localhost:8888/

output

error loading CA locations ((null))
lua: a.lua:25: attempt to index local 'conn' (a nil value)
stack traceback:
        a.lua:25: in main chunk
        [C]: ?

Not very much info. Any idea how to trace down to the problem ?

Update

Got this now: the cafile parameter is not necessary for server mode:

local params = {
 mode = "server",
 protocol = "sslv23",
 key = "./keys/server.key",
 certificate = "./keys/server.crt",
 password = "123456",
 options = {"all", "no_sslv2"},
 ciphers = "ALL:!ADH:@STRENGTH",
 }

Answer 1

LuaSec is a binding for OpenSSL, so the error you are getting (error loading CA locations) means that the OpenSSL library cannot read your CA files. Are you sure they are in the current directory and with proper permissions?

EDIT: According to LuaSec sources, it currently uses only the PEM format for private key. Ensure that the private key is stored as PEM, not DER.

Answer 2

CAFile contains the set of certificates (.crt) that your server or client trust. You put the key (.key).