added X.509 parameters to the daemon struct

added https daemon creation functionality https file server example [overriding existing echo server]
author: lv-426 <oxcafebaby@yahoo.com> 2008-06-02 02:11:51 +0000
committer: lv-426 <oxcafebaby@yahoo.com> 2008-06-02 02:11:51 +0000
commit: 2132000306890e42d48ff535d786d382d14c3985 (patch)
tree: d4f258960d4ee5295a272e4f000a11575ec68bc2 /src/daemon
parent: 1a951599f1ece8d91a68a9c9d80188cca241b2e7 (diff)
download: libmicrohttpd-2132000306890e42d48ff535d786d382d14c3985.tar.gz
libmicrohttpd-2132000306890e42d48ff535d786d382d14c3985.zip
3 files changed, 124 insertions, 3 deletions
diff --git a/src/daemon/Makefile.am b/src/daemon/Makefile.am
index 718dd023..365c1cf1 100644
--- a/src/daemon/Makefile.am
+++ b/src/daemon/Makefile.am
@@ -11,8 +11,6 @@ EXTRA_DIST = SYMBOLS
 lib_LTLIBRARIES = \
  libmicrohttpd.la
-libmicrohttpd_la_LDFLAGS = \
-  -export-dynamic -version-info 4:3:0 $(retaincommand)
 libmicrohttpd_la_SOURCES = \
  connection.c connection.h \
  reason_phrase.c reason_phrase.h \
@@ -21,7 +19,13 @@ libmicrohttpd_la_SOURCES = \
  memorypool.c memorypool.h \
  plibc.h \
  postprocessor.c \
-  response.c response.h 
+  response.c response.h
+libmicrohttpd_la_LDFLAGS = \
+  -export-dynamic -version-info 4:3:0 $(retaincommand) \
+  -L$(GNUTLS_LIB_PATH) \
+  -lgnutls
+libmicrohttpd_la_CPPFLAGS = \
+  $(GNUTLS_CPPFLAGS) 
 check_PROGRAMS = \
  postprocessor_test \
diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c
index 3578823a..cb70e9a9 100644
--- a/src/daemon/daemon.c
+++ b/src/daemon/daemon.c
@@ -29,6 +29,7 @@
 #include "response.h"
 #include "connection.h"
 #include "memorypool.h"
+#include <gnutls/gnutls.h>
 /**
 * Default connection limit.
@@ -52,6 +53,12 @@
 */
 #define DEBUG_CONNECT MHD_NO
+// TODO rm
+/* HTTPS file path limit, leaving room for file name */
+#define MHD_PATH_LEN 240
+int MHDS_init (struct MHD_Daemon *daemon);
 /**
 * Obtain the select sets for this daemon.
 *
@@ -174,6 +181,8 @@ MHDS_handle_connection (void *data)
  if (con == NULL)
    abort ();
+  // TODO add connection time out code
  /* forward call to handler */
  con->daemon->default_handler (NULL, con, NULL, NULL, NULL, NULL, NULL,
                                NULL);
@@ -690,6 +699,13 @@ MHD_start_daemon (unsigned int options,
  retVal->pool_size = MHD_POOL_SIZE_DEFAULT;
  retVal->connection_timeout = 0;       /* no timeout */
+  /* set server default document root path */
+  getcwd (retVal->doc_root, MHD_PATH_LEN);
+  /* initialize ssl path parameters to the local path */
+  strcpy (retVal->https_cert_path, "cert.pem");
+  strcpy (retVal->https_key_path, "key.pem");
  /* initializes the argument pointer variable */
  va_start (ap, dh_cls);
@@ -717,6 +733,22 @@ MHD_start_daemon (unsigned int options,
        case MHD_OPTION_PER_IP_CONNECTION_LIMIT:
          retVal->per_ip_connection_limit = va_arg (ap, unsigned int);
          break;
+        case MHD_OPTION_DOC_ROOT:
+          strncpy (retVal->doc_root, va_arg (ap, char *), MHD_PATH_LEN);
+          break;
+        case MHD_OPTION_HTTPS_KEY_PATH:
+          strncpy (retVal->https_key_path, va_arg (ap, char *), MHD_PATH_LEN);
+          strcat (retVal->https_key_path, DIR_SEPARATOR_STR);
+          strcat (retVal->https_key_path, "key.pem");
+          break;
+        case MHD_OPTION_HTTPS_CERT_PATH:
+          strncpy (retVal->https_cert_path,
+                   va_arg (ap, char *), MHD_PATH_LEN);
+          strcat (retVal->https_cert_path, DIR_SEPARATOR_STR);
+          strcat (retVal->https_cert_path, "cert.pem");
+          break;
        default:
 #if HAVE_MESSAGES
          fprintf (stderr,
@@ -725,6 +757,29 @@ MHD_start_daemon (unsigned int options,
          abort ();
        }
    }
+  /* initialize HTTPS daemon certificate aspects */
+  if (options & MHD_USE_SSL)
+    {
+      /* test for private key & certificate file exsitance */
+      FILE *cert_file = fopen (retVal->https_cert_path, "r");
+      FILE *key_file = fopen (retVal->https_key_path, "r");
+      if (key_file == NULL || cert_file == NULL)
+        {
+          printf ("missing cert files");
+#if HAVE_MESSAGES
+          MHD_DLOG (retVal, "Missing X.509 key or certificate file\n");
+#endif
+          free (retVal);
+          CLOSE (socket_fd);
+          return NULL;
+        }
+      fclose (cert_file);
+      fclose (key_file);
+      MHDS_init (retVal);
+    }
  va_end (ap);
  if (((0 != (options & MHD_USE_THREAD_PER_CONNECTION)) || (0 != (options
                                                                  &
@@ -793,9 +848,51 @@ MHD_stop_daemon (struct MHD_Daemon *daemon)
        }
      MHD_cleanup_connections (daemon);
    }
+  /* TLS clean up */
+  if (daemon->options & MHD_USE_SSL)
+    {
+      gnutls_priority_deinit (daemon->priority_cache);
+      gnutls_global_deinit ();
+    }
  free (daemon);
 }
+int
+MHDS_init (struct MHD_Daemon *daemon)
+{
+  gnutls_global_init ();
+  /* Generate Diffie Hellman parameters - for use with DHE kx algorithms. */
+  gnutls_dh_params_init (&daemon->dh_params);
+  gnutls_dh_params_generate2 (daemon->dh_params, DH_BITS);
+  // TODO make room for cipher settings adjustment
+  gnutls_priority_init (&daemon->priority_cache,
+                        "NORMAL:+AES-256-CBC:+RSA:+SHA1:+COMP-NULL", NULL);
+  /* setup server certificate */
+  gnutls_certificate_allocate_credentials (&daemon->x509_cret);
+  // TODO remove if unused
+  /* add trusted CAs to certificate */
+  // gnutls_certificate_set_x509_trust_file(x509_cret, CAFILE,GNUTLS_X509_FMT_PEM);
+  /* add Certificate revocation list to certificate */
+  //gnutls_certificate_set_x509_crl_file(x509_cret, CRLFILE, GNUTLS_X509_FMT_PEM);
+  /* sets a certificate private key pair */
+  gnutls_certificate_set_x509_key_file (daemon->x509_cret,
+                                        daemon->https_cert_path,
+                                        daemon->https_key_path,
+                                        GNUTLS_X509_FMT_PEM);
+  gnutls_certificate_set_dh_params (daemon->x509_cret, daemon->dh_params);
+  // TODO address error case return value
+  return 0;
+}
 #ifndef WINDOWS
 static struct sigaction sig;
diff --git a/src/daemon/internal.h b/src/daemon/internal.h
index 37075bc0..1084de08 100644
--- a/src/daemon/internal.h
+++ b/src/daemon/internal.h
@@ -35,6 +35,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <signal.h>
+#include <gnutls/gnutls.h>
 #include "config.h"
 #include "plibc.h"
@@ -58,6 +59,9 @@
 */
 #define MHD_BUF_INC_SIZE 2048
+/* TLS Diffie-Hellman parameter */
+#define DH_BITS 1024
 #if HAVE_MESSAGES
 /**
 * fprintf-like helper function for logging debug
@@ -606,6 +610,22 @@ struct MHD_Daemon
     */
  unsigned short port;
+  /* server credintials */
+  gnutls_certificate_credentials_t x509_cret;
+  /* cipher priority cache */
+  gnutls_priority_t priority_cache;
+  /* Diffie-Hellman parameters */
+  gnutls_dh_params_t dh_params;
+  // TODO consider switching to variadic length paths
+  /* server root path used while serving http pages */
+  char doc_root[255];
+  char https_key_path[255];
+  char https_cert_path[255];
 };
 #endif
author	lv-426 <oxcafebaby@yahoo.com>	2008-06-02 02:11:51 +0000
committer	lv-426 <oxcafebaby@yahoo.com>	2008-06-02 02:11:51 +0000
commit	2132000306890e42d48ff535d786d382d14c3985 (patch)
tree	d4f258960d4ee5295a272e4f000a11575ec68bc2 /src/daemon
parent	1a951599f1ece8d91a68a9c9d80188cca241b2e7 (diff)
download	libmicrohttpd-2132000306890e42d48ff535d786d382d14c3985.tar.gz libmicrohttpd-2132000306890e42d48ff535d786d382d14c3985.zip

diff --git a/src/daemon/Makefile.am b/src/daemon/Makefile.am index 718dd023..365c1cf1 100644 --- a/src/daemon/Makefile.am +++ b/src/daemon/Makefile.am
@@ -11,8 +11,6 @@ EXTRA_DIST = SYMBOLS
11	lib_LTLIBRARIES = \	11	lib_LTLIBRARIES = \
12	libmicrohttpd.la	12	libmicrohttpd.la
13		13
14	libmicrohttpd_la_LDFLAGS = \
15	-export-dynamic -version-info 4:3:0 $(retaincommand)
16	libmicrohttpd_la_SOURCES = \	14	libmicrohttpd_la_SOURCES = \
17	connection.c connection.h \	15	connection.c connection.h \
18	reason_phrase.c reason_phrase.h \	16	reason_phrase.c reason_phrase.h \
@@ -21,7 +19,13 @@ libmicrohttpd_la_SOURCES = \
21	memorypool.c memorypool.h \	19	memorypool.c memorypool.h \
22	plibc.h \	20	plibc.h \
23	postprocessor.c \	21	postprocessor.c \
24	response.c response.h	22	response.c response.h
		23	libmicrohttpd_la_LDFLAGS = \
		24	-export-dynamic -version-info 4:3:0 $(retaincommand) \
		25	-L$(GNUTLS_LIB_PATH) \
		26	-lgnutls
		27	libmicrohttpd_la_CPPFLAGS = \
		28	$(GNUTLS_CPPFLAGS)
25		29
26	check_PROGRAMS = \	30	check_PROGRAMS = \
27	postprocessor_test \	31	postprocessor_test \


diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c index 3578823a..cb70e9a9 100644 --- a/src/daemon/daemon.c +++ b/src/daemon/daemon.c
@@ -29,6 +29,7 @@
29	#include "response.h"	29	#include "response.h"
30	#include "connection.h"	30	#include "connection.h"
31	#include "memorypool.h"	31	#include "memorypool.h"
		32	#include <gnutls/gnutls.h>
32		33
33	/**	34	/**
34	* Default connection limit.	35	* Default connection limit.
@@ -52,6 +53,12 @@
52	*/	53	*/
53	#define DEBUG_CONNECT MHD_NO	54	#define DEBUG_CONNECT MHD_NO
54		55
		56	// TODO rm
		57	/* HTTPS file path limit, leaving room for file name */
		58	#define MHD_PATH_LEN 240
		59
		60	int MHDS_init (struct MHD_Daemon *daemon);
		61
55	/**	62	/**
56	* Obtain the select sets for this daemon.	63	* Obtain the select sets for this daemon.
57	*	64	*
@@ -174,6 +181,8 @@ MHDS_handle_connection (void *data)
174	if (con == NULL)	181	if (con == NULL)
175	abort ();	182	abort ();
176		183
		184	// TODO add connection time out code
		185
177	/* forward call to handler */	186	/* forward call to handler */
178	con->daemon->default_handler (NULL, con, NULL, NULL, NULL, NULL, NULL,	187	con->daemon->default_handler (NULL, con, NULL, NULL, NULL, NULL, NULL,
179	NULL);	188	NULL);
@@ -690,6 +699,13 @@ MHD_start_daemon (unsigned int options,
690	retVal->pool_size = MHD_POOL_SIZE_DEFAULT;	699	retVal->pool_size = MHD_POOL_SIZE_DEFAULT;
691	retVal->connection_timeout = 0; /* no timeout */	700	retVal->connection_timeout = 0; /* no timeout */
692		701
		702	/* set server default document root path */
		703	getcwd (retVal->doc_root, MHD_PATH_LEN);
		704
		705	/* initialize ssl path parameters to the local path */
		706	strcpy (retVal->https_cert_path, "cert.pem");
		707	strcpy (retVal->https_key_path, "key.pem");
		708
693	/* initializes the argument pointer variable */	709	/* initializes the argument pointer variable */
694	va_start (ap, dh_cls);	710	va_start (ap, dh_cls);
695		711
@@ -717,6 +733,22 @@ MHD_start_daemon (unsigned int options,
717	case MHD_OPTION_PER_IP_CONNECTION_LIMIT:	733	case MHD_OPTION_PER_IP_CONNECTION_LIMIT:
718	retVal->per_ip_connection_limit = va_arg (ap, unsigned int);	734	retVal->per_ip_connection_limit = va_arg (ap, unsigned int);
719	break;	735	break;
		736	case MHD_OPTION_DOC_ROOT:
		737	strncpy (retVal->doc_root, va_arg (ap, char *), MHD_PATH_LEN);
		738	break;
		739	case MHD_OPTION_HTTPS_KEY_PATH:
		740	strncpy (retVal->https_key_path, va_arg (ap, char *), MHD_PATH_LEN);
		741	strcat (retVal->https_key_path, DIR_SEPARATOR_STR);
		742	strcat (retVal->https_key_path, "key.pem");
		743	break;
		744	case MHD_OPTION_HTTPS_CERT_PATH:
		745
		746	strncpy (retVal->https_cert_path,
		747	va_arg (ap, char *), MHD_PATH_LEN);
		748	strcat (retVal->https_cert_path, DIR_SEPARATOR_STR);
		749	strcat (retVal->https_cert_path, "cert.pem");
		750	break;
		751
720	default:	752	default:
721	#if HAVE_MESSAGES	753	#if HAVE_MESSAGES
722	fprintf (stderr,	754	fprintf (stderr,
@@ -725,6 +757,29 @@ MHD_start_daemon (unsigned int options,
725	abort ();	757	abort ();
726	}	758	}
727	}	759	}
		760
		761	/* initialize HTTPS daemon certificate aspects */
		762	if (options & MHD_USE_SSL)
		763	{
		764	/* test for private key & certificate file exsitance */
		765	FILE *cert_file = fopen (retVal->https_cert_path, "r");
		766	FILE *key_file = fopen (retVal->https_key_path, "r");
		767	if (key_file == NULL \|\| cert_file == NULL)
		768	{
		769	printf ("missing cert files");
		770	#if HAVE_MESSAGES
		771	MHD_DLOG (retVal, "Missing X.509 key or certificate file\n");
		772	#endif
		773	free (retVal);
		774	CLOSE (socket_fd);
		775	return NULL;
		776	}
		777
		778	fclose (cert_file);
		779	fclose (key_file);
		780	MHDS_init (retVal);
		781	}
		782
728	va_end (ap);	783	va_end (ap);
729	if (((0 != (options & MHD_USE_THREAD_PER_CONNECTION)) \|\| (0 != (options	784	if (((0 != (options & MHD_USE_THREAD_PER_CONNECTION)) \|\| (0 != (options
730	&	785	&
@@ -793,9 +848,51 @@ MHD_stop_daemon (struct MHD_Daemon *daemon)
793	}	848	}
794	MHD_cleanup_connections (daemon);	849	MHD_cleanup_connections (daemon);
795	}	850	}
		851
		852	/* TLS clean up */
		853	if (daemon->options & MHD_USE_SSL)
		854	{
		855	gnutls_priority_deinit (daemon->priority_cache);
		856	gnutls_global_deinit ();
		857	}
		858
796	free (daemon);	859	free (daemon);
797	}	860	}
798		861
		862	int
		863	MHDS_init (struct MHD_Daemon *daemon)
		864	{
		865	gnutls_global_init ();
		866	/* Generate Diffie Hellman parameters - for use with DHE kx algorithms. */
		867	gnutls_dh_params_init (&daemon->dh_params);
		868	gnutls_dh_params_generate2 (daemon->dh_params, DH_BITS);
		869
		870	// TODO make room for cipher settings adjustment
		871	gnutls_priority_init (&daemon->priority_cache,
		872	"NORMAL:+AES-256-CBC:+RSA:+SHA1:+COMP-NULL", NULL);
		873
		874	/* setup server certificate */
		875	gnutls_certificate_allocate_credentials (&daemon->x509_cret);
		876
		877	// TODO remove if unused
		878	/* add trusted CAs to certificate */
		879	// gnutls_certificate_set_x509_trust_file(x509_cret, CAFILE,GNUTLS_X509_FMT_PEM);
		880
		881	/* add Certificate revocation list to certificate */
		882	//gnutls_certificate_set_x509_crl_file(x509_cret, CRLFILE, GNUTLS_X509_FMT_PEM);
		883
		884	/* sets a certificate private key pair */
		885	gnutls_certificate_set_x509_key_file (daemon->x509_cret,
		886	daemon->https_cert_path,
		887	daemon->https_key_path,
		888	GNUTLS_X509_FMT_PEM);
		889
		890	gnutls_certificate_set_dh_params (daemon->x509_cret, daemon->dh_params);
		891
		892	// TODO address error case return value
		893	return 0;
		894	}
		895
799	#ifndef WINDOWS	896	#ifndef WINDOWS
800		897
801	static struct sigaction sig;	898	static struct sigaction sig;


diff --git a/src/daemon/internal.h b/src/daemon/internal.h index 37075bc0..1084de08 100644 --- a/src/daemon/internal.h +++ b/src/daemon/internal.h
@@ -35,6 +35,7 @@
35	#include <errno.h>	35	#include <errno.h>
36	#include <fcntl.h>	36	#include <fcntl.h>
37	#include <signal.h>	37	#include <signal.h>
		38	#include <gnutls/gnutls.h>
38		39
39	#include "config.h"	40	#include "config.h"
40	#include "plibc.h"	41	#include "plibc.h"
@@ -58,6 +59,9 @@
58	*/	59	*/
59	#define MHD_BUF_INC_SIZE 2048	60	#define MHD_BUF_INC_SIZE 2048
60		61
		62	/* TLS Diffie-Hellman parameter */
		63	#define DH_BITS 1024
		64
61	#if HAVE_MESSAGES	65	#if HAVE_MESSAGES
62	/**	66	/**
63	* fprintf-like helper function for logging debug	67	* fprintf-like helper function for logging debug
@@ -606,6 +610,22 @@ struct MHD_Daemon
606	*/	610	*/
607	unsigned short port;	611	unsigned short port;
608		612
		613	/* server credintials */
		614	gnutls_certificate_credentials_t x509_cret;
		615
		616	/* cipher priority cache */
		617	gnutls_priority_t priority_cache;
		618
		619	/* Diffie-Hellman parameters */
		620	gnutls_dh_params_t dh_params;
		621
		622	// TODO consider switching to variadic length paths
		623	/* server root path used while serving http pages */
		624	char doc_root[255];
		625
		626	char https_key_path[255];
		627
		628	char https_cert_path[255];
609	};	629	};
610		630
611	#endif	631	#endif