diff options
Diffstat (limited to 'src/daemon/daemon.c')
-rw-r--r-- | src/daemon/daemon.c | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/src/daemon/daemon.c b/src/daemon/daemon.c index 3578823a..cb70e9a9 100644 --- a/src/daemon/daemon.c +++ b/src/daemon/daemon.c | |||
@@ -29,6 +29,7 @@ | |||
29 | #include "response.h" | 29 | #include "response.h" |
30 | #include "connection.h" | 30 | #include "connection.h" |
31 | #include "memorypool.h" | 31 | #include "memorypool.h" |
32 | #include <gnutls/gnutls.h> | ||
32 | 33 | ||
33 | /** | 34 | /** |
34 | * Default connection limit. | 35 | * Default connection limit. |
@@ -52,6 +53,12 @@ | |||
52 | */ | 53 | */ |
53 | #define DEBUG_CONNECT MHD_NO | 54 | #define DEBUG_CONNECT MHD_NO |
54 | 55 | ||
56 | // TODO rm | ||
57 | /* HTTPS file path limit, leaving room for file name */ | ||
58 | #define MHD_PATH_LEN 240 | ||
59 | |||
60 | int MHDS_init (struct MHD_Daemon *daemon); | ||
61 | |||
55 | /** | 62 | /** |
56 | * Obtain the select sets for this daemon. | 63 | * Obtain the select sets for this daemon. |
57 | * | 64 | * |
@@ -174,6 +181,8 @@ MHDS_handle_connection (void *data) | |||
174 | if (con == NULL) | 181 | if (con == NULL) |
175 | abort (); | 182 | abort (); |
176 | 183 | ||
184 | // TODO add connection time out code | ||
185 | |||
177 | /* forward call to handler */ | 186 | /* forward call to handler */ |
178 | con->daemon->default_handler (NULL, con, NULL, NULL, NULL, NULL, NULL, | 187 | con->daemon->default_handler (NULL, con, NULL, NULL, NULL, NULL, NULL, |
179 | NULL); | 188 | NULL); |
@@ -690,6 +699,13 @@ MHD_start_daemon (unsigned int options, | |||
690 | retVal->pool_size = MHD_POOL_SIZE_DEFAULT; | 699 | retVal->pool_size = MHD_POOL_SIZE_DEFAULT; |
691 | retVal->connection_timeout = 0; /* no timeout */ | 700 | retVal->connection_timeout = 0; /* no timeout */ |
692 | 701 | ||
702 | /* set server default document root path */ | ||
703 | getcwd (retVal->doc_root, MHD_PATH_LEN); | ||
704 | |||
705 | /* initialize ssl path parameters to the local path */ | ||
706 | strcpy (retVal->https_cert_path, "cert.pem"); | ||
707 | strcpy (retVal->https_key_path, "key.pem"); | ||
708 | |||
693 | /* initializes the argument pointer variable */ | 709 | /* initializes the argument pointer variable */ |
694 | va_start (ap, dh_cls); | 710 | va_start (ap, dh_cls); |
695 | 711 | ||
@@ -717,6 +733,22 @@ MHD_start_daemon (unsigned int options, | |||
717 | case MHD_OPTION_PER_IP_CONNECTION_LIMIT: | 733 | case MHD_OPTION_PER_IP_CONNECTION_LIMIT: |
718 | retVal->per_ip_connection_limit = va_arg (ap, unsigned int); | 734 | retVal->per_ip_connection_limit = va_arg (ap, unsigned int); |
719 | break; | 735 | break; |
736 | case MHD_OPTION_DOC_ROOT: | ||
737 | strncpy (retVal->doc_root, va_arg (ap, char *), MHD_PATH_LEN); | ||
738 | break; | ||
739 | case MHD_OPTION_HTTPS_KEY_PATH: | ||
740 | strncpy (retVal->https_key_path, va_arg (ap, char *), MHD_PATH_LEN); | ||
741 | strcat (retVal->https_key_path, DIR_SEPARATOR_STR); | ||
742 | strcat (retVal->https_key_path, "key.pem"); | ||
743 | break; | ||
744 | case MHD_OPTION_HTTPS_CERT_PATH: | ||
745 | |||
746 | strncpy (retVal->https_cert_path, | ||
747 | va_arg (ap, char *), MHD_PATH_LEN); | ||
748 | strcat (retVal->https_cert_path, DIR_SEPARATOR_STR); | ||
749 | strcat (retVal->https_cert_path, "cert.pem"); | ||
750 | break; | ||
751 | |||
720 | default: | 752 | default: |
721 | #if HAVE_MESSAGES | 753 | #if HAVE_MESSAGES |
722 | fprintf (stderr, | 754 | fprintf (stderr, |
@@ -725,6 +757,29 @@ MHD_start_daemon (unsigned int options, | |||
725 | abort (); | 757 | abort (); |
726 | } | 758 | } |
727 | } | 759 | } |
760 | |||
761 | /* initialize HTTPS daemon certificate aspects */ | ||
762 | if (options & MHD_USE_SSL) | ||
763 | { | ||
764 | /* test for private key & certificate file exsitance */ | ||
765 | FILE *cert_file = fopen (retVal->https_cert_path, "r"); | ||
766 | FILE *key_file = fopen (retVal->https_key_path, "r"); | ||
767 | if (key_file == NULL || cert_file == NULL) | ||
768 | { | ||
769 | printf ("missing cert files"); | ||
770 | #if HAVE_MESSAGES | ||
771 | MHD_DLOG (retVal, "Missing X.509 key or certificate file\n"); | ||
772 | #endif | ||
773 | free (retVal); | ||
774 | CLOSE (socket_fd); | ||
775 | return NULL; | ||
776 | } | ||
777 | |||
778 | fclose (cert_file); | ||
779 | fclose (key_file); | ||
780 | MHDS_init (retVal); | ||
781 | } | ||
782 | |||
728 | va_end (ap); | 783 | va_end (ap); |
729 | if (((0 != (options & MHD_USE_THREAD_PER_CONNECTION)) || (0 != (options | 784 | if (((0 != (options & MHD_USE_THREAD_PER_CONNECTION)) || (0 != (options |
730 | & | 785 | & |
@@ -793,9 +848,51 @@ MHD_stop_daemon (struct MHD_Daemon *daemon) | |||
793 | } | 848 | } |
794 | MHD_cleanup_connections (daemon); | 849 | MHD_cleanup_connections (daemon); |
795 | } | 850 | } |
851 | |||
852 | /* TLS clean up */ | ||
853 | if (daemon->options & MHD_USE_SSL) | ||
854 | { | ||
855 | gnutls_priority_deinit (daemon->priority_cache); | ||
856 | gnutls_global_deinit (); | ||
857 | } | ||
858 | |||
796 | free (daemon); | 859 | free (daemon); |
797 | } | 860 | } |
798 | 861 | ||
862 | int | ||
863 | MHDS_init (struct MHD_Daemon *daemon) | ||
864 | { | ||
865 | gnutls_global_init (); | ||
866 | /* Generate Diffie Hellman parameters - for use with DHE kx algorithms. */ | ||
867 | gnutls_dh_params_init (&daemon->dh_params); | ||
868 | gnutls_dh_params_generate2 (daemon->dh_params, DH_BITS); | ||
869 | |||
870 | // TODO make room for cipher settings adjustment | ||
871 | gnutls_priority_init (&daemon->priority_cache, | ||
872 | "NORMAL:+AES-256-CBC:+RSA:+SHA1:+COMP-NULL", NULL); | ||
873 | |||
874 | /* setup server certificate */ | ||
875 | gnutls_certificate_allocate_credentials (&daemon->x509_cret); | ||
876 | |||
877 | // TODO remove if unused | ||
878 | /* add trusted CAs to certificate */ | ||
879 | // gnutls_certificate_set_x509_trust_file(x509_cret, CAFILE,GNUTLS_X509_FMT_PEM); | ||
880 | |||
881 | /* add Certificate revocation list to certificate */ | ||
882 | //gnutls_certificate_set_x509_crl_file(x509_cret, CRLFILE, GNUTLS_X509_FMT_PEM); | ||
883 | |||
884 | /* sets a certificate private key pair */ | ||
885 | gnutls_certificate_set_x509_key_file (daemon->x509_cret, | ||
886 | daemon->https_cert_path, | ||
887 | daemon->https_key_path, | ||
888 | GNUTLS_X509_FMT_PEM); | ||
889 | |||
890 | gnutls_certificate_set_dh_params (daemon->x509_cret, daemon->dh_params); | ||
891 | |||
892 | // TODO address error case return value | ||
893 | return 0; | ||
894 | } | ||
895 | |||
799 | #ifndef WINDOWS | 896 | #ifndef WINDOWS |
800 | 897 | ||
801 | static struct sigaction sig; | 898 | static struct sigaction sig; |