aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2019-04-15 17:38:16 +0200
committerChristian Grothoff <christian@grothoff.org>2019-04-15 17:38:16 +0200
commit1917b866996413f09fa88ae0a6169cb9bd7079e8 (patch)
treee82839d66549250ce8d7eb88c56e41e1a06dc62d /src
parentef15b53cb101c378a905faa759aa95429d2e965d (diff)
downloadlibmicrohttpd-1917b866996413f09fa88ae0a6169cb9bd7079e8.tar.gz
libmicrohttpd-1917b866996413f09fa88ae0a6169cb9bd7079e8.zip
add flags for TLS option control
Diffstat (limited to 'src')
-rw-r--r--src/include/microhttpd.h16
-rw-r--r--src/microhttpd/daemon.c24
2 files changed, 31 insertions, 9 deletions
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 4917f62b..7bb0e084 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -126,7 +126,7 @@ typedef intptr_t ssize_t;
126 * Current version of the library. 126 * Current version of the library.
127 * 0x01093001 = 1.9.30-1. 127 * 0x01093001 = 1.9.30-1.
128 */ 128 */
129#define MHD_VERSION 0x00096301 129#define MHD_VERSION 0x00096302
130 130
131/** 131/**
132 * MHD-internal return code for "YES". 132 * MHD-internal return code for "YES".
@@ -1147,7 +1147,19 @@ enum MHD_FLAG
1147 * This is combination of #MHD_USE_AUTO and #MHD_USE_INTERNAL_POLLING_THREAD 1147 * This is combination of #MHD_USE_AUTO and #MHD_USE_INTERNAL_POLLING_THREAD
1148 * flags. 1148 * flags.
1149 */ 1149 */
1150 MHD_USE_AUTO_INTERNAL_THREAD = MHD_USE_AUTO | MHD_USE_INTERNAL_POLLING_THREAD 1150 MHD_USE_AUTO_INTERNAL_THREAD = MHD_USE_AUTO | MHD_USE_INTERNAL_POLLING_THREAD,
1151
1152 /**
1153 * Flag set to enable post-handshake client authentication
1154 * (only useful in combination with #MHD_USE_TLS).
1155 */
1156 MHD_USE_POST_HANDSHAKE_AUTH_SUPPORT = 1U <<17,
1157
1158 /**
1159 * Flag set to enable TLS 1.3 early data. This has
1160 * security implications, be VERY careful when using this.
1161 */
1162 MHD_USE_INSECURE_TLS_EARLY_DATA = 1U <<18
1151 1163
1152}; 1164};
1153 1165
diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c
index ab75273b..af137a80 100644
--- a/src/microhttpd/daemon.c
+++ b/src/microhttpd/daemon.c
@@ -2460,17 +2460,27 @@ internal_add_connection (struct MHD_Daemon *daemon,
2460 else 2460 else
2461 { 2461 {
2462#ifdef HTTPS_SUPPORT 2462#ifdef HTTPS_SUPPORT
2463 connection->tls_state = MHD_TLS_CONN_INIT; 2463 gnutls_init_flags_t flags;
2464 MHD_set_https_callbacks (connection); 2464
2465 gnutls_init (&connection->tls_session, 2465 flags = GNUTLS_SERVER;
2466 GNUTLS_SERVER
2467#if (GNUTLS_VERSION_NUMBER+0 >= 0x030402) 2466#if (GNUTLS_VERSION_NUMBER+0 >= 0x030402)
2468 | GNUTLS_NO_SIGNAL 2467 flags |= GNUTLS_NO_SIGNAL;
2469#endif /* GNUTLS_VERSION_NUMBER >= 0x030402 */ 2468#endif /* GNUTLS_VERSION_NUMBER >= 0x030402 */
2470#if GNUTLS_VERSION_MAJOR >= 3 2469#if GNUTLS_VERSION_MAJOR >= 3
2471 | GNUTLS_NONBLOCK 2470 flags |= GNUTLS_NONBLOCK;
2472#endif /* GNUTLS_VERSION_MAJOR >= 3*/ 2471#endif /* GNUTLS_VERSION_MAJOR >= 3*/
2473 ); 2472#if (GNUTLS_VERSION_NUMBER+0 >= 0x030603)
2473 if (0 != (daemon->options & MHD_USE_POST_HANDSHAKE_AUTH_SUPPORT))
2474 flags |= GNUTLS_POST_HANDSHAKE_AUTH;
2475#endif
2476#if (GNUTLS_VERSION_NUMBER+0 >= 0x030605)
2477 if (0 != (daemon->options & MHD_USE_INSECURE_TLS_EARLY_DATA))
2478 flags |= GNUTLS_ENABLE_EARLY_DATA;
2479#endif
2480 connection->tls_state = MHD_TLS_CONN_INIT;
2481 MHD_set_https_callbacks (connection);
2482 gnutls_init (&connection->tls_session,
2483 flags);
2474 gnutls_priority_set (connection->tls_session, 2484 gnutls_priority_set (connection->tls_session,
2475 daemon->priority_cache); 2485 daemon->priority_cache);
2476 gnutls_session_set_ptr (connection->tls_session, 2486 gnutls_session_set_ptr (connection->tls_session,
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-20 04:47:55 +0000