diff options
Diffstat (limited to 'doc/chapters/tlsauthentication.inc')
-rw-r--r-- | doc/chapters/tlsauthentication.inc | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/doc/chapters/tlsauthentication.inc b/doc/chapters/tlsauthentication.inc new file mode 100644 index 00000000..37b45b8e --- /dev/null +++ b/doc/chapters/tlsauthentication.inc | |||
@@ -0,0 +1,130 @@ | |||
1 | We left the basic authentication chapter with the unsatisfactory conclusion that | ||
2 | any traffic, including the credentials, could be intercepted by anyone between | ||
3 | the browser client and the server. Protecting the data while it is sent over | ||
4 | unsecured lines will be the goal of this chapter. | ||
5 | |||
6 | Since version 0.4, the @emph{MHD} library includes support for encrypting the | ||
7 | traffic by employing SSL/TSL. If @emph{GNU libmicrohttpd} has been configured to | ||
8 | support these, encryption and decryption can be applied transparently on the | ||
9 | data being sent, with only minimal changes to the actual source code of the example. | ||
10 | |||
11 | |||
12 | @heading Preparation | ||
13 | |||
14 | First, a private key for the server will be generated. With this key, the server | ||
15 | will later be able to authenticate itself to the client---preventing anyone else | ||
16 | from stealing the password by faking its identity. The @emph{OpenSSL} suite, which | ||
17 | is available on many operating systems, can generate such a key. For the scope of | ||
18 | this tutorial, we will be content with a 1024 bit key: | ||
19 | @verbatim | ||
20 | > openssl genrsa -out server.key 1024 | ||
21 | @end verbatim | ||
22 | @noindent | ||
23 | |||
24 | In addition to the key, a certificate describing the server in human readable tokens | ||
25 | is also needed. This certificate will be attested with our aforementioned key. In this way, | ||
26 | we obtain a self-signed certificate, valid for one year. | ||
27 | |||
28 | @verbatim | ||
29 | > openssl req -days 365 -out server.pem -new -x509 -key server.key | ||
30 | @end verbatim | ||
31 | @noindent | ||
32 | |||
33 | To avoid unnecessary error messages in the browser, the certificate needs to | ||
34 | have a name that matches the @emph{URI}, for example, "localhost" or the domain. | ||
35 | If you plan to have a publicly reachable server, you will need to ask a trusted third party, | ||
36 | called @emph{Certificate Authority}, or @emph{CA}, to attest the certificate for you. This way, | ||
37 | any visitor can make sure the server's identity is real. | ||
38 | |||
39 | Whether the server's certificate is signed by us or a third party, once it has been accepted | ||
40 | by the client, both sides will be communicating over encrypted channels. From this point on, | ||
41 | it is the client's turn to authenticate itself. But this has already been implemented in the basic | ||
42 | authentication scheme. | ||
43 | |||
44 | |||
45 | @heading Changing the source code | ||
46 | |||
47 | We merely have to extend the server program so that it loads the two files into memory, | ||
48 | |||
49 | @verbatim | ||
50 | int | ||
51 | main () | ||
52 | { | ||
53 | struct MHD_Daemon *daemon; | ||
54 | char *key_pem; | ||
55 | char *cert_pem; | ||
56 | |||
57 | key_pem = load_file (SERVERKEYFILE); | ||
58 | cert_pem = load_file (SERVERCERTFILE); | ||
59 | |||
60 | if ((key_pem == NULL) || (cert_pem == NULL)) | ||
61 | { | ||
62 | printf ("The key/certificate files could not be read.\n"); | ||
63 | return 1; | ||
64 | } | ||
65 | @end verbatim | ||
66 | @noindent | ||
67 | |||
68 | and then we point the @emph{MHD} daemon to it upon initalization. | ||
69 | @verbatim | ||
70 | |||
71 | daemon = MHD_start_daemon (MHD_USE_SELECT_INTERNALLY | MHD_USE_SSL, PORT, NULL, NULL, | ||
72 | &answer_to_connection, NULL, | ||
73 | MHD_OPTION_HTTPS_MEM_KEY, key_pem, | ||
74 | MHD_OPTION_HTTPS_MEM_CERT, cert_pem, | ||
75 | MHD_OPTION_END); | ||
76 | |||
77 | if (NULL == daemon) | ||
78 | { | ||
79 | printf ("%s\n", cert_pem); | ||
80 | |||
81 | free (key_pem); | ||
82 | free (cert_pem); | ||
83 | |||
84 | return 1; | ||
85 | } | ||
86 | @end verbatim | ||
87 | @noindent | ||
88 | |||
89 | |||
90 | The rest consists of little new besides some additional memory cleanups. | ||
91 | @verbatim | ||
92 | |||
93 | getchar (); | ||
94 | |||
95 | MHD_stop_daemon (daemon); | ||
96 | free (key_pem); | ||
97 | free (cert_pem); | ||
98 | |||
99 | return 0; | ||
100 | } | ||
101 | @end verbatim | ||
102 | @noindent | ||
103 | |||
104 | |||
105 | The rather unexciting file loader can be found in the complete example @code{tlsauthentication.c}. | ||
106 | |||
107 | @heading Remarks | ||
108 | @itemize @bullet | ||
109 | @item | ||
110 | While the standard @emph{HTTP} port is 80, it is 443 for @emph{HTTPS}. The common internet browsers assume | ||
111 | standard @emph{HTTP} if they are asked to access other ports than these. Therefore, you will have to type | ||
112 | @code{https://localhost:8888} explicitly when you test the example, or the browser will not know how to | ||
113 | handle the answer properly. | ||
114 | |||
115 | @item | ||
116 | The remaining weak point is the question how the server will be trusted initially. Either a @emph{CA} signs the | ||
117 | certificate or the client obtains the key over secure means. Anyway, the clients have to be aware (or configured) | ||
118 | that they should not accept certificates of unknown origin. | ||
119 | |||
120 | @item | ||
121 | The introduced method of certificates makes it mandatory to set an expiration date---making it less feasible to | ||
122 | hardcode certificates in embedded devices. | ||
123 | |||
124 | @item | ||
125 | The cryptographic facilities consume memory space and computing time. For this reason, websites usually consists | ||
126 | both of uncritically @emph{HTTP} parts and secured @emph{HTTPS}. | ||
127 | |||
128 | @end itemize | ||
129 | |||
130 | |||