Add TLS client verify example.

Author: ioquatix

examples/tls-client-verify/client.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDOzCCAiOgAwIBAgIUNkkoR2RJT6RNHQxWFU+tuf4POYQwDQYJKoZIhvcNAQEL
+BQAwRTELMAkGA1UEBhMCWFgxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAgFw0yNTAxMjUwOTA2NThaGA8yMTI1
+MDEwMTA5MDY1OFowRTELMAkGA1UEBhMCWFgxEzARBgNVBAgMClNvbWUtU3RhdGUx
+ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALVUuOfHvOlsu14KLPQmqgaj6Tuarg8fxTdRfBF8
+PUzjVP3LUXQ9q6xTCQioRiIvCSgsKW8Zk56i+dUGRbC+V3DBsEvERdb+OrznDtHT
+Ylk0UffG2w5WKVsbPJSnF7QzxTnVWlCy3xTZvy0Mp8Aamj4av74TV55Be/U0fR8k
+diyOKLUw7dLWEbF5eL88A3IxiDm1hUD1BFd6GnNdl7pvO9g+67MXGGxnzF+mHL6f
+YJUNSNqt/UKa0qsyFiqYT7wzvf6hNJgA3ejLyuc0rehtahGPeguSAFQYqy4GAluY
+wY2Kfuk+oAFtmU+qOMJcKUjqkUHoZ5Znki9deFxHP4tWo4cCAwEAAaMhMB8wHQYD
+VR0OBBYEFEEnRMxBq0uZp2ZhWIwVrlsnc1FqMA0GCSqGSIb3DQEBCwUAA4IBAQCN
+Yn8qqIhECUkM/iDLN57ZUGtsFub9urQ2a7vs+PNTcaeZ4wursalsKnBF9i7jwBd0
+/lAXEMS/61H1nYN+oIDDh/JxwwPUHmfGPseCautlhIWuewD/Zr5eyYWlWRWu8ihP
+8NCwIntkdTFE4yQRDH7M9fsFqVZZct06B4bRp51t5yUN8XnkP3bYNGX0jb/Jjt4r
+RZlJAamRv6mDLETJpCFvyq4jBaXK17lBUEnJWUwE7IYPdb0xaKJYzeCwTTjZcGl/
+Y5VNXpdGtyPmAWIJGl6pjkXREAgcNRrWi7L51F6/2IhCjoaENSvFurvvJqTtx8/2
+vGcG97Rv9pIRHN1WBHWj
+-----END CERTIFICATE-----

examples/tls-client-verify/client.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICijCCAXICAQAwRTELMAkGA1UEBhMCWFgxEzARBgNVBAgMClNvbWUtU3RhdGUx
+ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALVUuOfHvOlsu14KLPQmqgaj6Tuarg8fxTdRfBF8
+PUzjVP3LUXQ9q6xTCQioRiIvCSgsKW8Zk56i+dUGRbC+V3DBsEvERdb+OrznDtHT
+Ylk0UffG2w5WKVsbPJSnF7QzxTnVWlCy3xTZvy0Mp8Aamj4av74TV55Be/U0fR8k
+diyOKLUw7dLWEbF5eL88A3IxiDm1hUD1BFd6GnNdl7pvO9g+67MXGGxnzF+mHL6f
+YJUNSNqt/UKa0qsyFiqYT7wzvf6hNJgA3ejLyuc0rehtahGPeguSAFQYqy4GAluY
+wY2Kfuk+oAFtmU+qOMJcKUjqkUHoZ5Znki9deFxHP4tWo4cCAwEAAaAAMA0GCSqG
+SIb3DQEBCwUAA4IBAQCU596o58DYq416m4rb81hkF3CGOYf5gZF3vlCAqZHqjO8R
+jDfgYxDTIgOaBQXUnndb414e/tyhEeDXahXhRxRDltp5wGxcTA7vv6y0vCpIyiH9
+BbcC3D6eDf35iKSzabgimyWU2/USxNlS7trO4ZdaZLyHeKadygaRx7udFSVZOUjQ
+yKW6Z2rEXFsuFqEmIEFt5HOQZ9BUkcIdnJVkSEFgVyEUWWirTJkdXvHA1iHjnDEv
+ClswgGelVeXi6YJXCVuaMMmzUZQN6flzMhcwAKuDjf7zv1o6Jv4yuMI+Xdf8fEsK
+e990KFz6HTx2GRkUhE7tUlPRxGikXEKkwGmjK9vM
+-----END CERTIFICATE REQUEST-----

examples/tls-client-verify/client.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC1VLjnx7zpbLte
+Ciz0JqoGo+k7mq4PH8U3UXwRfD1M41T9y1F0PausUwkIqEYiLwkoLClvGZOeovnV
+BkWwvldwwbBLxEXW/jq85w7R02JZNFH3xtsOVilbGzyUpxe0M8U51VpQst8U2b8t
+DKfAGpo+Gr++E1eeQXv1NH0fJHYsjii1MO3S1hGxeXi/PANyMYg5tYVA9QRXehpz
+XZe6bzvYPuuzFxhsZ8xfphy+n2CVDUjarf1CmtKrMhYqmE+8M73+oTSYAN3oy8rn
+NK3obWoRj3oLkgBUGKsuBgJbmMGNin7pPqABbZlPqjjCXClI6pFB6GeWZ5IvXXhc
+Rz+LVqOHAgMBAAECgf9HL3tngoInIQhtYpFDR+p3sOFfBNpQFajWjqamNp/aD2TO
+PYM8nvlGLVLekzD1OoHdw3iApQnOvSxW9J9nQ1IQcflDxUmlnShyAENRHCr/2gpT
+uz1D449YtNiTgwVLOQe0LI3IIHBzPwhOJymzwL3Mo7OiavV6qzp+iJyWHTpHQt5X
+otrlZYNs3TK2tZX2yAlt/7rpkkGkgyf2K0LKrpeIyS/V8sObX+marYHz/EbEKMiP
+qDYutW0JoswZATNUPCC/sCudBEd/1+giUqZGz00npyI8uV9+rbuoT7JG8JTFQj0R
+aNqZXrsN3SnR3HIs5uttuYwZiRv6s1yLT4yG6jkCgYEA4oLAqp3hlGodUc1pZitY
+vtIeucbtDUNdBHWmWu7RASdTZDGA2TTYoXzNe+7eJ5IWW8n1ossklrVso5Hq2DI5
+qulypUfOxFwuu3W6W372jV904nMQmSl6Z28Wy9m5KxdcPWn9cKLbNsCjFtC0ubVn
+XYlXBuUjJ4RqX1buXlkVgc8CgYEAzPAyoBmRYHBtqzRJkqVvErzUy7PZrzXRLkGp
+7zQzimD+EgWzSUPxMAjTP66ocGkEzzXOlXZkIJYXYXGzE1h4RhHUVoFkC3+QkCMz
+jL7mvjfzpeK8+5+pJZiczJIVcP2X8bMYoLNVrytxkEgy273t8exrOu4wx5rgZha9
+QmfWyMkCgYEAuitvgYv8QUiqSnbDP0c3TLdUq6q1YWZRiH3OOgT5YbJZ1wrc9Sl7
+N9dk6IzeqLVojQ7ERoYiz3/UB+jBlepJ/ZCcOv53EmsVudu8TMFgkbe4UPrz1H8D
+7QmgOfH8QE+V76AyvyYLeMgCA5mMQOq5R2a/UZp5N1ydNTk09/TOOX8CgYAc/0ua
+faOlSqMp208hscjClPdjD0KY2PuNGPtrfi5gwRKSCD5y+msRCd6iHxt0NFfa3dkq
+KsNGHRaX0hetgBIcj/9EcjButBEHZAOyQXyyo4YVDb0BuXicejiNdYoVH7y1FUtB
+yb4w9+usp5qSnxAg7/vILdW3GIHxz/vdfoXUiQKBgQDMNlAzZku3Ot9XErSJURXD
+VNSfBgpa8FLXqQ85J46NBdTtms3KDwRsEKyBm5yTb/64FxyiSpG7Bgwetk8UpVop
+bst522h35wTayA4oaXdV0dDuoIRDC1fz5hmBbI3akP6hsWOiupqh8TAME35KaqWT
+2Lj7ymEWe/1LtONYTYt3Og==
+-----END PRIVATE KEY-----

examples/tls-client-verify/config.ru

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+run do |env|
+	[200, {}, ["Hello World! #{Time.now}"]]
+end

examples/tls-client-verify/falcon.rb

@@ -0,0 +1,33 @@
+#!/usr/bin/env falcon-host
+# frozen_string_literal: true
+
+# Released under the MIT License.
+# Copyright, 2019-2024, by Samuel Williams.
+
+require "falcon/environment/self_signed_tls"
+require "falcon/environment/rack"
+require "falcon/environment/supervisor"
+
+service "hello.localhost" do
+	include Falcon::Environment::SelfSignedTLS
+	include Falcon::Environment::Rack
+	
+	scheme "https"
+	protocol {Async::HTTP::Protocol::HTTPS}
+	
+	ssl_context do
+		super().tap do |context|
+			context.verify_mode = OpenSSL::SSL::VERIFY_PEER
+			
+			context.verify_callback = proc do |verified, store_context|
+				Console.warn(self, "Verified: #{verified}, error: #{store_context.error_string}")
+				
+				true
+			end
+		end
+	end
+	
+	endpoint do
+		Async::HTTP::Endpoint.for(scheme, "localhost", port: 9292, protocol: protocol, ssl_context: ssl_context)
+	end
+end

examples/tls-client-verify/readme.md

@@ -0,0 +1,28 @@
+# TLS Client Verify
+
+It is possible to verify inbound client requests using TLS client certificates. This is useful for ensuring that only authorized clients can access your service. In order to do this, you need to configure Falcon to use a TLS context with additional client verification options.
+
+```ruby
+	ssl_context do
+		super().tap do |context|
+			context.verify_mode = OpenSSL::SSL::VERIFY_PEER
+			
+			context.verify_callback = proc do |verified, store_context|
+				# Add your custom verification logic here.
+				true
+			end
+		end
+	end
+```
+
+## Server
+
+``` bash
+$ bundle exec falcon host
+```
+
+### Client
+
+``` bash
+$ openssl s_client -connect localhost:9292 -cert client.crt -key client.key
+```