diff --git a/examples/http-client/main.c b/examples/http-client/main.c index d06f50e1..46e5f9d2 100644 --- a/examples/http-client/main.c +++ b/examples/http-client/main.c @@ -21,8 +21,8 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) { } int main(int argc, char *argv[]) { - struct mg_mgr mgr; // Event manager - mg_mgr_init(&mgr); // Initialise event manager + struct mg_mgr mgr; // Event manager + mg_mgr_init(&mgr); // Initialise event manager if (argc != 2) { fprintf(stderr, "Usage: %s URL\n", argv[0]); // Print error @@ -31,7 +31,7 @@ int main(int argc, char *argv[]) { struct mg_connection *c = mg_http_connect(&mgr, argv[1], fn, &done); if (c != NULL) { mg_printf(c, "GET %s HTTP/1.0\r\n\r\n", mg_url_uri(argv[1])); - // If target URL is SSL/TLS, command client connection to use TLS + // If target URL is https://, tell client connection to use TLS if (mg_url_is_ssl(argv[1])) { struct mg_tls_opts opts = {.ca = "ca.pem"}; mg_tls_init(c, &opts); diff --git a/examples/http-restful-server/Makefile b/examples/http-restful-server/Makefile index 09ac5f8c..da256b51 100644 --- a/examples/http-restful-server/Makefile +++ b/examples/http-restful-server/Makefile @@ -1,5 +1,11 @@ PROG ?= example +ifeq "$(MBEDTLS_DIR)" "" +else +CFLAGS += -DMG_ENABLE_MBEDTLS=1 -I$(MBEDTLS_DIR)/include -I/usr/include +CFLAGS += -L$(MBEDTLS_DIR)/lib -lmbedtls -lmbedcrypto -lmbedx509 +endif + all: $(PROG) $(DEBUGGER) ./$(PROG) $(ARGS) diff --git a/examples/http-restful-server/ca.pem b/examples/http-restful-server/ca.pem new file mode 100644 index 00000000..d3ce06a0 --- /dev/null +++ b/examples/http-restful-server/ca.pem @@ -0,0 +1,43 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 11:2a:0e:3c:6a:8c:85:ff:6e:6a:bc:db:95:51:70:ce:b4:30:78:c7 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: C = IE, L = Dublin, O = Cesanta, CN = Test Root + Validity + Not Before: May 9 21:51:44 2020 GMT + Not After : May 9 21:51:44 2050 GMT + Subject: C = IE, L = Dublin, O = Cesanta, CN = Test Root + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:2c:ab:d1:02:66:24:96:d7:12:3e:09:50:4f:f1: + 50:ee:51:e8:55:03:5e:ba:b1:1d:98:b2:72:79:27: + a8:1b:31:0d:5d:50:21:ff:42:f2:da:74:17:5e:53: + b2:65:41:c1:fc:84:de:4a:11:b9:8c:f4:19:d9:c4: + ca:2b:ea:eb:2c + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Key Usage: + Digital Signature, Key Encipherment, Key Agreement, Certificate Sign, CRL Sign + Signature Algorithm: ecdsa-with-SHA256 + 30:46:02:21:00:9c:71:6c:00:8c:06:41:0c:91:2f:cd:41:d3: + 87:47:e9:df:3a:22:ad:25:7c:bf:0e:2b:39:dd:7a:0c:4e:68: + 1d:02:21:00:8f:c1:22:30:10:61:5d:51:10:ea:08:2d:02:63: + 67:67:32:b5:06:63:96:57:bb:78:47:0a:88:d9:19:2e:f3:be +-----BEGIN CERTIFICATE----- +MIIBqjCCAU+gAwIBAgIUESoOPGqMhf9uarzblVFwzrQweMcwCgYIKoZIzj0EAwIw +RDELMAkGA1UEBhMCSUUxDzANBgNVBAcMBkR1YmxpbjEQMA4GA1UECgwHQ2VzYW50 +YTESMBAGA1UEAwwJVGVzdCBSb290MCAXDTIwMDUwOTIxNTE0NFoYDzIwNTAwNTA5 +MjE1MTQ0WjBEMQswCQYDVQQGEwJJRTEPMA0GA1UEBwwGRHVibGluMRAwDgYDVQQK +DAdDZXNhbnRhMRIwEAYDVQQDDAlUZXN0IFJvb3QwWTATBgcqhkjOPQIBBggqhkjO +PQMBBwNCAAQsq9ECZiSW1xI+CVBP8VDuUehVA166sR2YsnJ5J6gbMQ1dUCH/QvLa +dBdeU7JlQcH8hN5KEbmM9BnZxMor6ussox0wGzAMBgNVHRMEBTADAQH/MAsGA1Ud +DwQEAwIBrjAKBggqhkjOPQQDAgNJADBGAiEAnHFsAIwGQQyRL81B04dH6d86Iq0l +fL8OKzndegxOaB0CIQCPwSIwEGFdURDqCC0CY2dnMrUGY5ZXu3hHCojZGS7zvg== +-----END CERTIFICATE----- diff --git a/examples/http-restful-server/main.c b/examples/http-restful-server/main.c index 7ad21982..140cc36f 100644 --- a/examples/http-restful-server/main.c +++ b/examples/http-restful-server/main.c @@ -1,9 +1,14 @@ // Copyright (c) 2020 Cesanta Software Limited // All rights reserved +// +// To enable SSL/TLS, +// 1. Change s_listen_on from http:// to https:// +// 2. make MBEDTLS_DIR=/path/to/your/mbedtls/installation +// 3. curl -k https://127.0.0.1:8000 #include "mongoose.h" -static const char *s_listen_on = "http://localhost:8000"; +static const char *s_listen_on = "https://localhost:8000"; static const char *s_web_directory = "."; // This RESTful server implements the following endpoints: @@ -11,7 +16,15 @@ static const char *s_web_directory = "."; // /api/f2/:id - wildcard example, respond with JSON string {"result": "URI"} // any other URI serves static files from s_web_directory static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) { - if (ev == MG_EV_HTTP_MSG) { + if (ev == MG_EV_ACCEPT && mg_url_is_ssl(s_listen_on)) { + // If s_listen_on URL is https://, tell listening connection to use TLS + struct mg_tls_opts opts = { + //.ca = "ca.pem", // Uncomment to enable two-way SSL + .cert = "server.pem", // Certificate PEM file + .certkey = "server.pem", // This pem conains both cert and key + }; + mg_tls_init(c, &opts); + } else if (ev == MG_EV_HTTP_MSG) { struct mg_http_message *hm = (struct mg_http_message *) ev_data; if (mg_http_match_uri(hm, "/api/f1")) { mg_http_reply(c, 200, "", "{\"result\": %d}\n", 123); // Serve REST @@ -27,6 +40,7 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) { int main(void) { struct mg_mgr mgr; // Event manager + mg_log_set("2"); // Set to 3 to enable debug mg_mgr_init(&mgr); // Initialise event manager mg_http_listen(&mgr, s_listen_on, fn, NULL); // Create HTTP listener for (;;) mg_mgr_poll(&mgr, 1000); // Infinite event loop diff --git a/examples/http-restful-server/server.pem b/examples/http-restful-server/server.pem new file mode 100644 index 00000000..2f628cc7 --- /dev/null +++ b/examples/http-restful-server/server.pem @@ -0,0 +1,50 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6e:73:28:55:df:13:b5:61:f5:4f:4f:5d:00:d9:0a:d8:b5:3a:21:4b + Signature Algorithm: ecdsa-with-SHA256 + Issuer: C = IE, L = Dublin, O = Cesanta, CN = Test Root + Validity + Not Before: May 9 21:51:49 2020 GMT + Not After : May 9 21:51:49 2030 GMT + Subject: CN = server + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:92:e0:46:9c:89:c3:37:a9:74:eb:35:55:43:55: + 5c:ac:eb:c7:e4:50:ee:f4:c0:ba:17:02:5c:d9:ed: + b4:d4:ff:21:12:9a:b4:43:f4:89:4b:69:e4:6d:2b: + 96:1f:fc:01:4d:30:5a:79:73:76:ba:19:41:cc:c5: + 16:2b:bf:74:28 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature, Key Encipherment, Key Agreement + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: ecdsa-with-SHA256 + 30:46:02:21:00:fa:3a:c7:1e:cb:8c:27:59:41:8d:77:dd:7b: + cb:8c:08:15:16:b9:6e:70:e6:47:38:d1:55:42:e0:d7:66:c8: + f0:02:21:00:cc:70:4d:96:28:00:d3:c7:39:53:74:b2:49:87: + 27:92:1b:ab:1a:0e:74:06:59:42:23:47:98:43:d8:20:a7:fa +-----BEGIN CERTIFICATE----- +MIIBhzCCASygAwIBAgIUbnMoVd8TtWH1T09dANkK2LU6IUswCgYIKoZIzj0EAwIw +RDELMAkGA1UEBhMCSUUxDzANBgNVBAcMBkR1YmxpbjEQMA4GA1UECgwHQ2VzYW50 +YTESMBAGA1UEAwwJVGVzdCBSb290MB4XDTIwMDUwOTIxNTE0OVoXDTMwMDUwOTIx +NTE0OVowETEPMA0GA1UEAwwGc2VydmVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD +QgAEkuBGnInDN6l06zVVQ1VcrOvH5FDu9MC6FwJc2e201P8hEpq0Q/SJS2nkbSuW +H/wBTTBaeXN2uhlBzMUWK790KKMvMC0wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gw +EwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0EAwIDSQAwRgIhAPo6xx7LjCdZ +QY133XvLjAgVFrlucOZHONFVQuDXZsjwAiEAzHBNligA08c5U3SySYcnkhurGg50 +BllCI0eYQ9ggp/o= +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQglNni0t9Dg9icgG8w +kbfxWSS+TuNgbtNybIQXcm3NHpmhRANCAASS4EacicM3qXTrNVVDVVys68fkUO70 +wLoXAlzZ7bTU/yESmrRD9IlLaeRtK5Yf/AFNMFp5c3a6GUHMxRYrv3Qo +-----END PRIVATE KEY----- diff --git a/mongoose.c b/mongoose.c index 2973b5dd..4b83ed45 100644 --- a/mongoose.c +++ b/mongoose.c @@ -2597,8 +2597,7 @@ static void accept_conn(struct mg_mgr *mgr, struct mg_connection *lsn) { socklen_t sa_len = sizeof(usa.sin); SOCKET fd = accept(FD(lsn), &usa.sa, &sa_len); if (fd == INVALID_SOCKET) { - LOG(LL_ERROR, - ("%p accept(%d) failed, errno %d", lsn->fd, FD(lsn), MG_SOCK_ERRNO)); + LOG(LL_ERROR, ("%p accept failed, errno %d", lsn->fd, MG_SOCK_ERRNO)); #if !defined(_WIN32) } else if (fd >= FD_SETSIZE) { LOG(LL_ERROR, ("%ld > %ld", (long) fd, (long) FD_SETSIZE)); diff --git a/src/sock.c b/src/sock.c index 15eb9b23..dc39d104 100644 --- a/src/sock.c +++ b/src/sock.c @@ -329,8 +329,7 @@ static void accept_conn(struct mg_mgr *mgr, struct mg_connection *lsn) { socklen_t sa_len = sizeof(usa.sin); SOCKET fd = accept(FD(lsn), &usa.sa, &sa_len); if (fd == INVALID_SOCKET) { - LOG(LL_ERROR, - ("%p accept(%d) failed, errno %d", lsn->fd, FD(lsn), MG_SOCK_ERRNO)); + LOG(LL_ERROR, ("%p accept failed, errno %d", lsn->fd, MG_SOCK_ERRNO)); #if !defined(_WIN32) } else if (fd >= FD_SETSIZE) { LOG(LL_ERROR, ("%ld > %ld", (long) fd, (long) FD_SETSIZE));