mirror/mongoose
1
0
Fork 0
mirror of https://github.com/cesanta/mongoose.git synced 2025-07-31 01:46:16 +08:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

Allow mbedtls CA being inline PEM

Browse Source
This commit is contained in:
cpq 2021-02-08 17:50:00 +00:00
parent fd8db5c53a
commit a3f8f33d50
3 changed files with 65 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
mongoose.c
View File

@ -3404,12 +3404,14 @@ static void debug_cb(void *c, int lev, const char *s, int n, const char *s2) {
int mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) {
struct mg_tls *tls = (struct mg_tls *) calloc(1, sizeof(*tls));
int rc = 0;
const char *ca = opts->ca == NULL ? "-"
: opts->ca[0] == '-' ? "(emb)"
: opts->ca;
if (tls == NULL) {
mg_error(c, "TLS OOM");
goto fail;
}
LOG(LL_DEBUG, ("%lu Setting TLS, CA: %s, cert: %s, key: %s", c->id,
opts->ca == NULL ? "null" : opts->ca,
LOG(LL_DEBUG, ("%lu Setting TLS, CA: %s, cert: %s, key: %s", c->id, ca,
opts->cert == NULL ? "null" : opts->cert,
opts->certkey == NULL ? "null" : opts->certkey));
mbedtls_ssl_init(&tls->ssl);
@ -3434,13 +3436,17 @@ int mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) {
tls->cafile = strdup(opts->ca);
rc = mbedtls_ssl_conf_ca_chain_file(&tls->conf, tls->cafile, NULL);
if (rc != 0) {
mg_error(c, "parse on-disk chain(%s) err %#x", opts->ca, -rc);
mg_error(c, "parse on-disk chain(%s) err %#x", ca, -rc);
goto fail;
}
#else
mbedtls_x509_crt_init(&tls->ca);
if ((rc = mbedtls_x509_crt_parse_file(&tls->ca, opts->ca)) != 0) {
mg_error(c, "parse(%s) err %#x", opts->ca, -rc);
rc = opts->ca[0] == '-'
? mbedtls_x509_crt_parse(&tls->ca, (uint8_t *) opts->ca,
strlen(opts->ca) + 1)
: mbedtls_x509_crt_parse_file(&tls->ca, opts->ca);
if (rc != 0) {
mg_error(c, "parse(%s) err %#x", ca, -rc);
goto fail;
}
mbedtls_ssl_conf_ca_chain(&tls->conf, &tls->ca, NULL);
@ -3876,17 +3882,32 @@ bool mg_file_printf(const char *path, const char *fmt, ...) {
if (buf != tmp) free(buf);
return result;
}
#endif
void mg_random(void *buf, size_t len) {
FILE *fp = mg_fopen("/dev/urandom", "rb");
size_t i, n = 0;
if (fp != NULL) n = fread(buf, 1, len, fp);
if (fp == NULL || n <= 0) {
bool done = false;
#if MG_ENABLE_FS
if (!done) {
FILE *fp = mg_fopen("/dev/urandom", "rb");
if (fp != NULL) {
fread(buf, 1, len, fp);
fclose(fp);
done = true;
}
}
#endif
#if MG_ENABLE_MBEDTLS
if (!done && mbedtls_entropy_func(NULL, buf, len) == 0) {
done = true;
LOG(LL_DEBUG, ("RAND %d", done));
}
#endif
if (!done) {
// Fallback to a pseudo random gen
size_t i;
for (i = 0; i < len; i++) ((unsigned char *) buf)[i] = rand() % 0xff;
}
if (fp != NULL) fclose(fp);
}
#endif
bool mg_globmatch(const char *s1, int n1, const char *s2, int n2) {
int i = 0, j = 0, ni = 0, nj = 0;

16
src/tls.c
View File

@ -64,12 +64,14 @@ static void debug_cb(void *c, int lev, const char *s, int n, const char *s2) {
int mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) {
struct mg_tls *tls = (struct mg_tls *) calloc(1, sizeof(*tls));
int rc = 0;
const char *ca = opts->ca == NULL ? "-"
: opts->ca[0] == '-' ? "(emb)"
: opts->ca;
if (tls == NULL) {
mg_error(c, "TLS OOM");
goto fail;
}
LOG(LL_DEBUG, ("%lu Setting TLS, CA: %s, cert: %s, key: %s", c->id,
opts->ca == NULL ? "null" : opts->ca,
LOG(LL_DEBUG, ("%lu Setting TLS, CA: %s, cert: %s, key: %s", c->id, ca,
opts->cert == NULL ? "null" : opts->cert,
opts->certkey == NULL ? "null" : opts->certkey));
mbedtls_ssl_init(&tls->ssl);
@ -94,13 +96,17 @@ int mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) {
tls->cafile = strdup(opts->ca);
rc = mbedtls_ssl_conf_ca_chain_file(&tls->conf, tls->cafile, NULL);
if (rc != 0) {
mg_error(c, "parse on-disk chain(%s) err %#x", opts->ca, -rc);
mg_error(c, "parse on-disk chain(%s) err %#x", ca, -rc);
goto fail;
}
#else
mbedtls_x509_crt_init(&tls->ca);
if ((rc = mbedtls_x509_crt_parse_file(&tls->ca, opts->ca)) != 0) {
mg_error(c, "parse(%s) err %#x", opts->ca, -rc);
rc = opts->ca[0] == '-'
? mbedtls_x509_crt_parse(&tls->ca, (uint8_t *) opts->ca,
strlen(opts->ca) + 1)
: mbedtls_x509_crt_parse_file(&tls->ca, opts->ca);
if (rc != 0) {
mg_error(c, "parse(%s) err %#x", ca, -rc);
goto fail;
}
mbedtls_ssl_conf_ca_chain(&tls->conf, &tls->ca, NULL);

28
src/util.c
View File

@ -83,17 +83,33 @@ bool mg_file_printf(const char *path, const char *fmt, ...) {
if (buf != tmp) free(buf);
return result;
}
#endif
void mg_random(void *buf, size_t len) {
FILE *fp = mg_fopen("/dev/urandom", "rb");
size_t i, n = 0;
if (fp != NULL) n = fread(buf, 1, len, fp);
if (fp == NULL || n <= 0) {
bool done = false;
#if MG_ENABLE_FS
if (!done) {
FILE *fp = mg_fopen("/dev/urandom", "rb");
if (fp != NULL) {
fread(buf, 1, len, fp);
fclose(fp);
done = true;
}
}
#endif
#if MG_ENABLE_MBEDTLS
extern int mbedtls_entropy_func(void *, void *, size_t);
if (!done && mbedtls_entropy_func(NULL, buf, len) == 0) {
done = true;
LOG(LL_DEBUG, ("RAND %d", done));
}
#endif
if (!done) {
// Fallback to a pseudo random gen
size_t i;
for (i = 0; i < len; i++) ((unsigned char *) buf)[i] = rand() % 0xff;
}
if (fp != NULL) fclose(fp);
}
#endif
bool mg_globmatch(const char *s1, int n1, const char *s2, int n2) {
int i = 0, j = 0, ni = 0, nj = 0;