mirror/mongoose
1
0
Fork 0
mirror of https://github.com/cesanta/mongoose.git synced 2024-11-24 02:59:01 +08:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

Update http server example to showcase SSL

Browse Source
This commit is contained in:
cpq 2020-12-18 09:01:14 +00:00
parent 82a378e519
commit 04450ec659
7 changed files with 120 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
examples/http-client/main.c
View File

@ -21,8 +21,8 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
}
int main(int argc, char *argv[]) {
struct mg_mgr mgr; // Event manager
mg_mgr_init(&mgr); // Initialise event manager
struct mg_mgr mgr; // Event manager
mg_mgr_init(&mgr); // Initialise event manager
if (argc != 2) {
fprintf(stderr, "Usage: %s URL\n", argv[0]); // Print error
@ -31,7 +31,7 @@ int main(int argc, char *argv[]) {
struct mg_connection *c = mg_http_connect(&mgr, argv[1], fn, &done);
if (c != NULL) {
mg_printf(c, "GET %s HTTP/1.0\r\n\r\n", mg_url_uri(argv[1]));
// If target URL is SSL/TLS, command client connection to use TLS
// If target URL is https://, tell client connection to use TLS
if (mg_url_is_ssl(argv[1])) {
struct mg_tls_opts opts = {.ca = "ca.pem"};
mg_tls_init(c, &opts);

6
examples/http-restful-server/Makefile
View File

@ -1,5 +1,11 @@
PROG ?= example
ifeq "$(MBEDTLS_DIR)" ""
else
CFLAGS += -DMG_ENABLE_MBEDTLS=1 -I$(MBEDTLS_DIR)/include -I/usr/include
CFLAGS += -L$(MBEDTLS_DIR)/lib -lmbedtls -lmbedcrypto -lmbedx509
endif
all: $(PROG)
$(DEBUGGER) ./$(PROG) $(ARGS)

43
examples/http-restful-server/ca.pem Normal file
View File

@ -0,0 +1,43 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
11:2a:0e:3c:6a:8c:85:ff:6e:6a:bc:db:95:51:70:ce:b4:30:78:c7
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = IE, L = Dublin, O = Cesanta, CN = Test Root
Validity
Not Before: May 9 21:51:44 2020 GMT
Not After : May 9 21:51:44 2050 GMT
Subject: C = IE, L = Dublin, O = Cesanta, CN = Test Root
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:2c:ab:d1:02:66:24:96:d7:12:3e:09:50:4f:f1:
50:ee:51:e8:55:03:5e:ba:b1:1d:98:b2:72:79:27:
a8:1b:31:0d:5d:50:21:ff:42:f2:da:74:17:5e:53:
b2:65:41:c1:fc:84:de:4a:11:b9:8c:f4:19:d9:c4:
ca:2b:ea:eb:2c
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
X509v3 Key Usage:
Digital Signature, Key Encipherment, Key Agreement, Certificate Sign, CRL Sign
Signature Algorithm: ecdsa-with-SHA256
30:46:02:21:00:9c:71:6c:00:8c:06:41:0c:91:2f:cd:41:d3:
87:47:e9:df:3a:22:ad:25:7c:bf:0e:2b:39:dd:7a:0c:4e:68:
1d:02:21:00:8f:c1:22:30:10:61:5d:51:10:ea:08:2d:02:63:
67:67:32:b5:06:63:96:57:bb:78:47:0a:88:d9:19:2e:f3:be
-----BEGIN CERTIFICATE-----
MIIBqjCCAU+gAwIBAgIUESoOPGqMhf9uarzblVFwzrQweMcwCgYIKoZIzj0EAwIw
RDELMAkGA1UEBhMCSUUxDzANBgNVBAcMBkR1YmxpbjEQMA4GA1UECgwHQ2VzYW50
YTESMBAGA1UEAwwJVGVzdCBSb290MCAXDTIwMDUwOTIxNTE0NFoYDzIwNTAwNTA5
MjE1MTQ0WjBEMQswCQYDVQQGEwJJRTEPMA0GA1UEBwwGRHVibGluMRAwDgYDVQQK
DAdDZXNhbnRhMRIwEAYDVQQDDAlUZXN0IFJvb3QwWTATBgcqhkjOPQIBBggqhkjO
PQMBBwNCAAQsq9ECZiSW1xI+CVBP8VDuUehVA166sR2YsnJ5J6gbMQ1dUCH/QvLa
dBdeU7JlQcH8hN5KEbmM9BnZxMor6ussox0wGzAMBgNVHRMEBTADAQH/MAsGA1Ud
DwQEAwIBrjAKBggqhkjOPQQDAgNJADBGAiEAnHFsAIwGQQyRL81B04dH6d86Iq0l
fL8OKzndegxOaB0CIQCPwSIwEGFdURDqCC0CY2dnMrUGY5ZXu3hHCojZGS7zvg==
-----END CERTIFICATE-----

18
examples/http-restful-server/main.c
View File

@ -1,9 +1,14 @@
// Copyright (c) 2020 Cesanta Software Limited
// All rights reserved
//
// To enable SSL/TLS,
// 1. Change s_listen_on from http:// to https://
// 2. make MBEDTLS_DIR=/path/to/your/mbedtls/installation
// 3. curl -k https://127.0.0.1:8000
#include "mongoose.h"
static const char *s_listen_on = "http://localhost:8000";
static const char *s_listen_on = "https://localhost:8000";
static const char *s_web_directory = ".";
// This RESTful server implements the following endpoints:
@ -11,7 +16,15 @@ static const char *s_web_directory = ".";
// /api/f2/:id - wildcard example, respond with JSON string {"result": "URI"}
// any other URI serves static files from s_web_directory
static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
if (ev == MG_EV_HTTP_MSG) {
if (ev == MG_EV_ACCEPT && mg_url_is_ssl(s_listen_on)) {
// If s_listen_on URL is https://, tell listening connection to use TLS
struct mg_tls_opts opts = {
//.ca = "ca.pem", // Uncomment to enable two-way SSL
.cert = "server.pem", // Certificate PEM file
.certkey = "server.pem", // This pem conains both cert and key
};
mg_tls_init(c, &opts);
} else if (ev == MG_EV_HTTP_MSG) {
struct mg_http_message *hm = (struct mg_http_message *) ev_data;
if (mg_http_match_uri(hm, "/api/f1")) {
mg_http_reply(c, 200, "", "{\"result\": %d}\n", 123); // Serve REST
@ -27,6 +40,7 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
int main(void) {
struct mg_mgr mgr; // Event manager
mg_log_set("2"); // Set to 3 to enable debug
mg_mgr_init(&mgr); // Initialise event manager
mg_http_listen(&mgr, s_listen_on, fn, NULL); // Create HTTP listener
for (;;) mg_mgr_poll(&mgr, 1000); // Infinite event loop

50
examples/http-restful-server/server.pem Normal file
View File

@ -0,0 +1,50 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6e:73:28:55:df:13:b5:61:f5:4f:4f:5d:00:d9:0a:d8:b5:3a:21:4b
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = IE, L = Dublin, O = Cesanta, CN = Test Root
Validity
Not Before: May 9 21:51:49 2020 GMT
Not After : May 9 21:51:49 2030 GMT
Subject: CN = server
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:92:e0:46:9c:89:c3:37:a9:74:eb:35:55:43:55:
5c:ac:eb:c7:e4:50:ee:f4:c0:ba:17:02:5c:d9:ed:
b4:d4:ff:21:12:9a:b4:43:f4:89:4b:69:e4:6d:2b:
96:1f:fc:01:4d:30:5a:79:73:76:ba:19:41:cc:c5:
16:2b:bf:74:28
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: ecdsa-with-SHA256
30:46:02:21:00:fa:3a:c7:1e:cb:8c:27:59:41:8d:77:dd:7b:
cb:8c:08:15:16:b9:6e:70:e6:47:38:d1:55:42:e0:d7:66:c8:
f0:02:21:00:cc:70:4d:96:28:00:d3:c7:39:53:74:b2:49:87:
27:92:1b:ab:1a:0e:74:06:59:42:23:47:98:43:d8:20:a7:fa
-----BEGIN CERTIFICATE-----
MIIBhzCCASygAwIBAgIUbnMoVd8TtWH1T09dANkK2LU6IUswCgYIKoZIzj0EAwIw
RDELMAkGA1UEBhMCSUUxDzANBgNVBAcMBkR1YmxpbjEQMA4GA1UECgwHQ2VzYW50
YTESMBAGA1UEAwwJVGVzdCBSb290MB4XDTIwMDUwOTIxNTE0OVoXDTMwMDUwOTIx
NTE0OVowETEPMA0GA1UEAwwGc2VydmVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
QgAEkuBGnInDN6l06zVVQ1VcrOvH5FDu9MC6FwJc2e201P8hEpq0Q/SJS2nkbSuW
H/wBTTBaeXN2uhlBzMUWK790KKMvMC0wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gw
EwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0EAwIDSQAwRgIhAPo6xx7LjCdZ
QY133XvLjAgVFrlucOZHONFVQuDXZsjwAiEAzHBNligA08c5U3SySYcnkhurGg50
BllCI0eYQ9ggp/o=
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQglNni0t9Dg9icgG8w
kbfxWSS+TuNgbtNybIQXcm3NHpmhRANCAASS4EacicM3qXTrNVVDVVys68fkUO70
wLoXAlzZ7bTU/yESmrRD9IlLaeRtK5Yf/AFNMFp5c3a6GUHMxRYrv3Qo
-----END PRIVATE KEY-----

3
mongoose.c
View File

@ -2597,8 +2597,7 @@ static void accept_conn(struct mg_mgr *mgr, struct mg_connection *lsn) {
socklen_t sa_len = sizeof(usa.sin);
SOCKET fd = accept(FD(lsn), &usa.sa, &sa_len);
if (fd == INVALID_SOCKET) {
LOG(LL_ERROR,
("%p accept(%d) failed, errno %d", lsn->fd, FD(lsn), MG_SOCK_ERRNO));
LOG(LL_ERROR, ("%p accept failed, errno %d", lsn->fd, MG_SOCK_ERRNO));
#if !defined(_WIN32)
} else if (fd >= FD_SETSIZE) {
LOG(LL_ERROR, ("%ld > %ld", (long) fd, (long) FD_SETSIZE));

3
src/sock.c
View File

@ -329,8 +329,7 @@ static void accept_conn(struct mg_mgr *mgr, struct mg_connection *lsn) {
socklen_t sa_len = sizeof(usa.sin);
SOCKET fd = accept(FD(lsn), &usa.sa, &sa_len);
if (fd == INVALID_SOCKET) {
LOG(LL_ERROR,
("%p accept(%d) failed, errno %d", lsn->fd, FD(lsn), MG_SOCK_ERRNO));
LOG(LL_ERROR, ("%p accept failed, errno %d", lsn->fd, MG_SOCK_ERRNO));
#if !defined(_WIN32)
} else if (fd >= FD_SETSIZE) {
LOG(LL_ERROR, ("%ld > %ld", (long) fd, (long) FD_SETSIZE));