diff options
author | lv-426 <oxcafebaby@yahoo.com> | 2008-06-02 02:11:51 +0000 |
---|---|---|
committer | lv-426 <oxcafebaby@yahoo.com> | 2008-06-02 02:11:51 +0000 |
commit | 2132000306890e42d48ff535d786d382d14c3985 (patch) | |
tree | d4f258960d4ee5295a272e4f000a11575ec68bc2 /src/daemon | |
parent | 1a951599f1ece8d91a68a9c9d80188cca241b2e7 (diff) | |
download | libmicrohttpd-2132000306890e42d48ff535d786d382d14c3985.tar.gz libmicrohttpd-2132000306890e42d48ff535d786d382d14c3985.zip |
added X.509 parameters to the daemon struct
added https daemon creation functionality
https file server example [overriding existing echo server]
Diffstat (limited to 'src/daemon')
-rw-r--r-- | src/daemon/Makefile.am | 10 | ||||
-rw-r--r-- | src/daemon/daemon.c | 97 | ||||
-rw-r--r-- | src/daemon/internal.h | 20 |
3 files changed, 124 insertions, 3 deletions
diff --git a/src/daemon/Makefile.am b/src/daemon/Makefile.am index 718dd023..365c1cf1 100644 --- a/src/daemon/Makefile.am +++ b/src/daemon/Makefile.am | |||
@@ -11,8 +11,6 @@ EXTRA_DIST = SYMBOLS | |||
11 | lib_LTLIBRARIES = \ | 11 | lib_LTLIBRARIES = \ |
12 | libmicrohttpd.la | 12 | libmicrohttpd.la |
13 | 13 | ||
14 | libmicrohttpd_la_LDFLAGS = \ | ||
15 | -export-dynamic -version-info 4:3:0 $(retaincommand) | ||
16 | libmicrohttpd_la_SOURCES = \ | 14 | libmicrohttpd_la_SOURCES = \ |
17 | connection.c connection.h \ | 15 | connection.c connection.h \ |
18 | reason_phrase.c reason_phrase.h \ | 16 | reason_phrase.c reason_phrase.h \ |
@@ -21,7 +19,13 @@ libmicrohttpd_la_SOURCES = \ | |||
21 | memorypool.c memorypool.h \ | 19 | memorypool.c memorypool.h \ |
22 | plibc.h \ | 20 | plibc.h \ |
23 | postprocessor.c \ | 21 | postprocessor.c \ |
24 | response.c response.h | 22 | response.c response.h |
23 | libmicrohttpd_la_LDFLAGS = \ | ||
24 | -export-dynamic -version-info 4:3:0 $(retaincommand) \ | ||
25 | -L$(GNUTLS_LIB_PATH) \ | ||
26 | -lgnutls | ||
27 | libmicrohttpd_la_CPPFLAGS = \ | ||
28 | $(GNUTLS_CPPFLAGS) | ||
25 | 29 | ||
26 | check_PROGRAMS = \ | 30 | check_PROGRAMS = \ |
27 | postprocessor_test \ | 31 | postprocessor_test \ |
diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c index 3578823a..cb70e9a9 100644 --- a/src/daemon/daemon.c +++ b/src/daemon/daemon.c | |||
@@ -29,6 +29,7 @@ | |||
29 | #include "response.h" | 29 | #include "response.h" |
30 | #include "connection.h" | 30 | #include "connection.h" |
31 | #include "memorypool.h" | 31 | #include "memorypool.h" |
32 | #include <gnutls/gnutls.h> | ||
32 | 33 | ||
33 | /** | 34 | /** |
34 | * Default connection limit. | 35 | * Default connection limit. |
@@ -52,6 +53,12 @@ | |||
52 | */ | 53 | */ |
53 | #define DEBUG_CONNECT MHD_NO | 54 | #define DEBUG_CONNECT MHD_NO |
54 | 55 | ||
56 | // TODO rm | ||
57 | /* HTTPS file path limit, leaving room for file name */ | ||
58 | #define MHD_PATH_LEN 240 | ||
59 | |||
60 | int MHDS_init (struct MHD_Daemon *daemon); | ||
61 | |||
55 | /** | 62 | /** |
56 | * Obtain the select sets for this daemon. | 63 | * Obtain the select sets for this daemon. |
57 | * | 64 | * |
@@ -174,6 +181,8 @@ MHDS_handle_connection (void *data) | |||
174 | if (con == NULL) | 181 | if (con == NULL) |
175 | abort (); | 182 | abort (); |
176 | 183 | ||
184 | // TODO add connection time out code | ||
185 | |||
177 | /* forward call to handler */ | 186 | /* forward call to handler */ |
178 | con->daemon->default_handler (NULL, con, NULL, NULL, NULL, NULL, NULL, | 187 | con->daemon->default_handler (NULL, con, NULL, NULL, NULL, NULL, NULL, |
179 | NULL); | 188 | NULL); |
@@ -690,6 +699,13 @@ MHD_start_daemon (unsigned int options, | |||
690 | retVal->pool_size = MHD_POOL_SIZE_DEFAULT; | 699 | retVal->pool_size = MHD_POOL_SIZE_DEFAULT; |
691 | retVal->connection_timeout = 0; /* no timeout */ | 700 | retVal->connection_timeout = 0; /* no timeout */ |
692 | 701 | ||
702 | /* set server default document root path */ | ||
703 | getcwd (retVal->doc_root, MHD_PATH_LEN); | ||
704 | |||
705 | /* initialize ssl path parameters to the local path */ | ||
706 | strcpy (retVal->https_cert_path, "cert.pem"); | ||
707 | strcpy (retVal->https_key_path, "key.pem"); | ||
708 | |||
693 | /* initializes the argument pointer variable */ | 709 | /* initializes the argument pointer variable */ |
694 | va_start (ap, dh_cls); | 710 | va_start (ap, dh_cls); |
695 | 711 | ||
@@ -717,6 +733,22 @@ MHD_start_daemon (unsigned int options, | |||
717 | case MHD_OPTION_PER_IP_CONNECTION_LIMIT: | 733 | case MHD_OPTION_PER_IP_CONNECTION_LIMIT: |
718 | retVal->per_ip_connection_limit = va_arg (ap, unsigned int); | 734 | retVal->per_ip_connection_limit = va_arg (ap, unsigned int); |
719 | break; | 735 | break; |
736 | case MHD_OPTION_DOC_ROOT: | ||
737 | strncpy (retVal->doc_root, va_arg (ap, char *), MHD_PATH_LEN); | ||
738 | break; | ||
739 | case MHD_OPTION_HTTPS_KEY_PATH: | ||
740 | strncpy (retVal->https_key_path, va_arg (ap, char *), MHD_PATH_LEN); | ||
741 | strcat (retVal->https_key_path, DIR_SEPARATOR_STR); | ||
742 | strcat (retVal->https_key_path, "key.pem"); | ||
743 | break; | ||
744 | case MHD_OPTION_HTTPS_CERT_PATH: | ||
745 | |||
746 | strncpy (retVal->https_cert_path, | ||
747 | va_arg (ap, char *), MHD_PATH_LEN); | ||
748 | strcat (retVal->https_cert_path, DIR_SEPARATOR_STR); | ||
749 | strcat (retVal->https_cert_path, "cert.pem"); | ||
750 | break; | ||
751 | |||
720 | default: | 752 | default: |
721 | #if HAVE_MESSAGES | 753 | #if HAVE_MESSAGES |
722 | fprintf (stderr, | 754 | fprintf (stderr, |
@@ -725,6 +757,29 @@ MHD_start_daemon (unsigned int options, | |||
725 | abort (); | 757 | abort (); |
726 | } | 758 | } |
727 | } | 759 | } |
760 | |||
761 | /* initialize HTTPS daemon certificate aspects */ | ||
762 | if (options & MHD_USE_SSL) | ||
763 | { | ||
764 | /* test for private key & certificate file exsitance */ | ||
765 | FILE *cert_file = fopen (retVal->https_cert_path, "r"); | ||
766 | FILE *key_file = fopen (retVal->https_key_path, "r"); | ||
767 | if (key_file == NULL || cert_file == NULL) | ||
768 | { | ||
769 | printf ("missing cert files"); | ||
770 | #if HAVE_MESSAGES | ||
771 | MHD_DLOG (retVal, "Missing X.509 key or certificate file\n"); | ||
772 | #endif | ||
773 | free (retVal); | ||
774 | CLOSE (socket_fd); | ||
775 | return NULL; | ||
776 | } | ||
777 | |||
778 | fclose (cert_file); | ||
779 | fclose (key_file); | ||
780 | MHDS_init (retVal); | ||
781 | } | ||
782 | |||
728 | va_end (ap); | 783 | va_end (ap); |
729 | if (((0 != (options & MHD_USE_THREAD_PER_CONNECTION)) || (0 != (options | 784 | if (((0 != (options & MHD_USE_THREAD_PER_CONNECTION)) || (0 != (options |
730 | & | 785 | & |
@@ -793,9 +848,51 @@ MHD_stop_daemon (struct MHD_Daemon *daemon) | |||
793 | } | 848 | } |
794 | MHD_cleanup_connections (daemon); | 849 | MHD_cleanup_connections (daemon); |
795 | } | 850 | } |
851 | |||
852 | /* TLS clean up */ | ||
853 | if (daemon->options & MHD_USE_SSL) | ||
854 | { | ||
855 | gnutls_priority_deinit (daemon->priority_cache); | ||
856 | gnutls_global_deinit (); | ||
857 | } | ||
858 | |||
796 | free (daemon); | 859 | free (daemon); |
797 | } | 860 | } |
798 | 861 | ||
862 | int | ||
863 | MHDS_init (struct MHD_Daemon *daemon) | ||
864 | { | ||
865 | gnutls_global_init (); | ||
866 | /* Generate Diffie Hellman parameters - for use with DHE kx algorithms. */ | ||
867 | gnutls_dh_params_init (&daemon->dh_params); | ||
868 | gnutls_dh_params_generate2 (daemon->dh_params, DH_BITS); | ||
869 | |||
870 | // TODO make room for cipher settings adjustment | ||
871 | gnutls_priority_init (&daemon->priority_cache, | ||
872 | "NORMAL:+AES-256-CBC:+RSA:+SHA1:+COMP-NULL", NULL); | ||
873 | |||
874 | /* setup server certificate */ | ||
875 | gnutls_certificate_allocate_credentials (&daemon->x509_cret); | ||
876 | |||
877 | // TODO remove if unused | ||
878 | /* add trusted CAs to certificate */ | ||
879 | // gnutls_certificate_set_x509_trust_file(x509_cret, CAFILE,GNUTLS_X509_FMT_PEM); | ||
880 | |||
881 | /* add Certificate revocation list to certificate */ | ||
882 | //gnutls_certificate_set_x509_crl_file(x509_cret, CRLFILE, GNUTLS_X509_FMT_PEM); | ||
883 | |||
884 | /* sets a certificate private key pair */ | ||
885 | gnutls_certificate_set_x509_key_file (daemon->x509_cret, | ||
886 | daemon->https_cert_path, | ||
887 | daemon->https_key_path, | ||
888 | GNUTLS_X509_FMT_PEM); | ||
889 | |||
890 | gnutls_certificate_set_dh_params (daemon->x509_cret, daemon->dh_params); | ||
891 | |||
892 | // TODO address error case return value | ||
893 | return 0; | ||
894 | } | ||
895 | |||
799 | #ifndef WINDOWS | 896 | #ifndef WINDOWS |
800 | 897 | ||
801 | static struct sigaction sig; | 898 | static struct sigaction sig; |
diff --git a/src/daemon/internal.h b/src/daemon/internal.h index 37075bc0..1084de08 100644 --- a/src/daemon/internal.h +++ b/src/daemon/internal.h | |||
@@ -35,6 +35,7 @@ | |||
35 | #include <errno.h> | 35 | #include <errno.h> |
36 | #include <fcntl.h> | 36 | #include <fcntl.h> |
37 | #include <signal.h> | 37 | #include <signal.h> |
38 | #include <gnutls/gnutls.h> | ||
38 | 39 | ||
39 | #include "config.h" | 40 | #include "config.h" |
40 | #include "plibc.h" | 41 | #include "plibc.h" |
@@ -58,6 +59,9 @@ | |||
58 | */ | 59 | */ |
59 | #define MHD_BUF_INC_SIZE 2048 | 60 | #define MHD_BUF_INC_SIZE 2048 |
60 | 61 | ||
62 | /* TLS Diffie-Hellman parameter */ | ||
63 | #define DH_BITS 1024 | ||
64 | |||
61 | #if HAVE_MESSAGES | 65 | #if HAVE_MESSAGES |
62 | /** | 66 | /** |
63 | * fprintf-like helper function for logging debug | 67 | * fprintf-like helper function for logging debug |
@@ -606,6 +610,22 @@ struct MHD_Daemon | |||
606 | */ | 610 | */ |
607 | unsigned short port; | 611 | unsigned short port; |
608 | 612 | ||
613 | /* server credintials */ | ||
614 | gnutls_certificate_credentials_t x509_cret; | ||
615 | |||
616 | /* cipher priority cache */ | ||
617 | gnutls_priority_t priority_cache; | ||
618 | |||
619 | /* Diffie-Hellman parameters */ | ||
620 | gnutls_dh_params_t dh_params; | ||
621 | |||
622 | // TODO consider switching to variadic length paths | ||
623 | /* server root path used while serving http pages */ | ||
624 | char doc_root[255]; | ||
625 | |||
626 | char https_key_path[255]; | ||
627 | |||
628 | char https_cert_path[255]; | ||
609 | }; | 629 | }; |
610 | 630 | ||
611 | #endif | 631 | #endif |