mirror/mongoose
1
0
Fork 0
mirror of https://github.com/cesanta/mongoose.git synced 2025-08-02 02:47:41 +08:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

Allow mbedtls CA being inline PEM

Browse Source
This commit is contained in:
cpq 2021-02-08 17:50:00 +00:00
parent fd8db5c53a
commit a3f8f33d50
3 changed files with 65 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
mongoose.c
View File

@ -3404,12 +3404,14 @@ static void debug_cb(void *c, int lev, const char *s, int n, const char *s2) {
int mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) { int mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) {
struct mg_tls *tls = (struct mg_tls *) calloc(1, sizeof(*tls)); struct mg_tls *tls = (struct mg_tls *) calloc(1, sizeof(*tls));
int rc = 0; int rc = 0;
const char *ca = opts->ca == NULL ? "-"
: opts->ca[0] == '-' ? "(emb)"
: opts->ca;
if (tls == NULL) { if (tls == NULL) {
mg_error(c, "TLS OOM"); mg_error(c, "TLS OOM");
goto fail; goto fail;
} }
LOG(LL_DEBUG, ("%lu Setting TLS, CA: %s, cert: %s, key: %s", c->id, LOG(LL_DEBUG, ("%lu Setting TLS, CA: %s, cert: %s, key: %s", c->id, ca,
opts->ca == NULL ? "null" : opts->ca,
opts->cert == NULL ? "null" : opts->cert, opts->cert == NULL ? "null" : opts->cert,
opts->certkey == NULL ? "null" : opts->certkey)); opts->certkey == NULL ? "null" : opts->certkey));
mbedtls_ssl_init(&tls->ssl); mbedtls_ssl_init(&tls->ssl);
@ -3434,13 +3436,17 @@ int mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) {
tls->cafile = strdup(opts->ca); tls->cafile = strdup(opts->ca);
rc = mbedtls_ssl_conf_ca_chain_file(&tls->conf, tls->cafile, NULL); rc = mbedtls_ssl_conf_ca_chain_file(&tls->conf, tls->cafile, NULL);
if (rc != 0) { if (rc != 0) {
mg_error(c, "parse on-disk chain(%s) err %#x", opts->ca, -rc); mg_error(c, "parse on-disk chain(%s) err %#x", ca, -rc);
goto fail; goto fail;
} }
#else #else
mbedtls_x509_crt_init(&tls->ca); mbedtls_x509_crt_init(&tls->ca);
if ((rc = mbedtls_x509_crt_parse_file(&tls->ca, opts->ca)) != 0) { rc = opts->ca[0] == '-'
mg_error(c, "parse(%s) err %#x", opts->ca, -rc); ? mbedtls_x509_crt_parse(&tls->ca, (uint8_t *) opts->ca,
strlen(opts->ca) + 1)
: mbedtls_x509_crt_parse_file(&tls->ca, opts->ca);
if (rc != 0) {
mg_error(c, "parse(%s) err %#x", ca, -rc);
goto fail; goto fail;
} }
mbedtls_ssl_conf_ca_chain(&tls->conf, &tls->ca, NULL); mbedtls_ssl_conf_ca_chain(&tls->conf, &tls->ca, NULL);
@ -3876,17 +3882,32 @@ bool mg_file_printf(const char *path, const char *fmt, ...) {
if (buf != tmp) free(buf); if (buf != tmp) free(buf);
return result; return result;
} }
#endif
void mg_random(void *buf, size_t len) { void mg_random(void *buf, size_t len) {
FILE *fp = mg_fopen("/dev/urandom", "rb"); bool done = false;
size_t i, n = 0; #if MG_ENABLE_FS
if (fp != NULL) n = fread(buf, 1, len, fp); if (!done) {
if (fp == NULL || n <= 0) { FILE *fp = mg_fopen("/dev/urandom", "rb");
if (fp != NULL) {
fread(buf, 1, len, fp);
fclose(fp);
done = true;
}
}
#endif
#if MG_ENABLE_MBEDTLS
if (!done && mbedtls_entropy_func(NULL, buf, len) == 0) {
done = true;
LOG(LL_DEBUG, ("RAND %d", done));
}
#endif
if (!done) {
// Fallback to a pseudo random gen
size_t i;
for (i = 0; i < len; i++) ((unsigned char *) buf)[i] = rand() % 0xff; for (i = 0; i < len; i++) ((unsigned char *) buf)[i] = rand() % 0xff;
} }
if (fp != NULL) fclose(fp);
} }
#endif
bool mg_globmatch(const char *s1, int n1, const char *s2, int n2) { bool mg_globmatch(const char *s1, int n1, const char *s2, int n2) {
int i = 0, j = 0, ni = 0, nj = 0; int i = 0, j = 0, ni = 0, nj = 0;

16
src/tls.c
View File

@ -64,12 +64,14 @@ static void debug_cb(void *c, int lev, const char *s, int n, const char *s2) {
int mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) { int mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) {
struct mg_tls *tls = (struct mg_tls *) calloc(1, sizeof(*tls)); struct mg_tls *tls = (struct mg_tls *) calloc(1, sizeof(*tls));
int rc = 0; int rc = 0;
const char *ca = opts->ca == NULL ? "-"
: opts->ca[0] == '-' ? "(emb)"
: opts->ca;
if (tls == NULL) { if (tls == NULL) {
mg_error(c, "TLS OOM"); mg_error(c, "TLS OOM");
goto fail; goto fail;
} }
LOG(LL_DEBUG, ("%lu Setting TLS, CA: %s, cert: %s, key: %s", c->id, LOG(LL_DEBUG, ("%lu Setting TLS, CA: %s, cert: %s, key: %s", c->id, ca,
opts->ca == NULL ? "null" : opts->ca,
opts->cert == NULL ? "null" : opts->cert, opts->cert == NULL ? "null" : opts->cert,
opts->certkey == NULL ? "null" : opts->certkey)); opts->certkey == NULL ? "null" : opts->certkey));
mbedtls_ssl_init(&tls->ssl); mbedtls_ssl_init(&tls->ssl);
@ -94,13 +96,17 @@ int mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) {
tls->cafile = strdup(opts->ca); tls->cafile = strdup(opts->ca);
rc = mbedtls_ssl_conf_ca_chain_file(&tls->conf, tls->cafile, NULL); rc = mbedtls_ssl_conf_ca_chain_file(&tls->conf, tls->cafile, NULL);
if (rc != 0) { if (rc != 0) {
mg_error(c, "parse on-disk chain(%s) err %#x", opts->ca, -rc); mg_error(c, "parse on-disk chain(%s) err %#x", ca, -rc);
goto fail; goto fail;
} }
#else #else
mbedtls_x509_crt_init(&tls->ca); mbedtls_x509_crt_init(&tls->ca);
if ((rc = mbedtls_x509_crt_parse_file(&tls->ca, opts->ca)) != 0) { rc = opts->ca[0] == '-'
mg_error(c, "parse(%s) err %#x", opts->ca, -rc); ? mbedtls_x509_crt_parse(&tls->ca, (uint8_t *) opts->ca,
strlen(opts->ca) + 1)
: mbedtls_x509_crt_parse_file(&tls->ca, opts->ca);
if (rc != 0) {
mg_error(c, "parse(%s) err %#x", ca, -rc);
goto fail; goto fail;
} }
mbedtls_ssl_conf_ca_chain(&tls->conf, &tls->ca, NULL); mbedtls_ssl_conf_ca_chain(&tls->conf, &tls->ca, NULL);

28
src/util.c
View File

@ -83,17 +83,33 @@ bool mg_file_printf(const char *path, const char *fmt, ...) {
if (buf != tmp) free(buf); if (buf != tmp) free(buf);
return result; return result;
} }
#endif
void mg_random(void *buf, size_t len) { void mg_random(void *buf, size_t len) {
FILE *fp = mg_fopen("/dev/urandom", "rb"); bool done = false;
size_t i, n = 0; #if MG_ENABLE_FS
if (fp != NULL) n = fread(buf, 1, len, fp); if (!done) {
if (fp == NULL || n <= 0) { FILE *fp = mg_fopen("/dev/urandom", "rb");
if (fp != NULL) {
fread(buf, 1, len, fp);
fclose(fp);
done = true;
}
}
#endif
#if MG_ENABLE_MBEDTLS
extern int mbedtls_entropy_func(void *, void *, size_t);
if (!done && mbedtls_entropy_func(NULL, buf, len) == 0) {
done = true;
LOG(LL_DEBUG, ("RAND %d", done));
}
#endif
if (!done) {
// Fallback to a pseudo random gen
size_t i;
for (i = 0; i < len; i++) ((unsigned char *) buf)[i] = rand() % 0xff; for (i = 0; i < len; i++) ((unsigned char *) buf)[i] = rand() % 0xff;
} }
if (fp != NULL) fclose(fp);
} }
#endif
bool mg_globmatch(const char *s1, int n1, const char *s2, int n2) { bool mg_globmatch(const char *s1, int n1, const char *s2, int n2) {
int i = 0, j = 0, ni = 0, nj = 0; int i = 0, j = 0, ni = 0, nj = 0;