Fix tcp example for 2-way TLS

examples/tcp/Makefile

@@ -1,14 +1,16 @@
 PROG ?= example                   # Program we are building
+PACK ?= ./pack                    # Packing executable
 DELETE = rm -rf                   # Command to remove files
 OUT ?= -o $(PROG)                 # Compiler argument for output file
-SOURCES = main.c mongoose.c       # Source code files
+SOURCES = main.c mongoose.c packed_fs.c       # Source code files
 CFLAGS = -W -Wall -Wextra -g -I.  # Build options
 
 # Mongoose build options. See https://mongoose.ws/documentation/#build-options
-#CFLAGS_MONGOOSE += -DMG_ENABLE_LINES=1
+CFLAGS_MONGOOSE += -DMG_ENABLE_PACKED_FS=1
 
 ifeq ($(OS),Windows_NT)   # Windows settings. Assume MinGW compiler. To use VC: make CC=cl CFLAGS=/MD OUT=/Feprog.exe
   PROG ?= example.exe           # Use .exe suffix for the binary
+  PACK = pack.exe               # Packing executable
   CC = gcc                      # Use MinGW gcc compiler
   CFLAGS += -lws2_32            # Link against Winsock library
   DELETE = cmd /C del /Q /F /S  # Command prompt command to delete files
@@ -25,6 +27,11 @@ $(PROG): $(SOURCES)       # Build program from sources
 clean:                    # Cleanup. Delete built program and all build artifacts
 	$(DELETE) $(PROG) *.o *.obj *.exe *.dSYM mbedtls
 
+# Generate packed filesystem for serving credentials
+packed_fs.c: $(wildcard certs/*) Makefile
+	$(CC) ../../test/pack.c -o $(PACK)
+	$(PACK) $(wildcard certs/*) > $@
+
 # see https://mongoose.ws/tutorials/tls/#how-to-build for TLS build options
 
 mbedtls:                  # Pull and build mbedTLS library

examples/tcp/certs/ss_ca.pem

@@ -0,0 +1 @@
+../../../test/data/ss_ca.pem

examples/tcp/certs/ss_client.pem

@@ -0,0 +1 @@
+../../../test/data/ss_client.pem

examples/tcp/certs/ss_server.pem

@@ -0,0 +1 @@
+../../../test/data/ss_server.pem

examples/tcp/main.c

@@ -12,41 +12,6 @@ static struct c_res_s {
   struct mg_connection *c;
 } c_res;
 
-// Self signed certificates
-// https://mongoose.ws/documentation/tutorials/tls/#self-signed-certificates
-static const char *s_tls_ca =
-    "-----BEGIN CERTIFICATE-----\n"
-    "MIIBqjCCAU+gAwIBAgIUESoOPGqMhf9uarzblVFwzrQweMcwCgYIKoZIzj0EAwIw\n"
-    "RDELMAkGA1UEBhMCSUUxDzANBgNVBAcMBkR1YmxpbjEQMA4GA1UECgwHQ2VzYW50\n"
-    "YTESMBAGA1UEAwwJVGVzdCBSb290MCAXDTIwMDUwOTIxNTE0NFoYDzIwNTAwNTA5\n"
-    "MjE1MTQ0WjBEMQswCQYDVQQGEwJJRTEPMA0GA1UEBwwGRHVibGluMRAwDgYDVQQK\n"
-    "DAdDZXNhbnRhMRIwEAYDVQQDDAlUZXN0IFJvb3QwWTATBgcqhkjOPQIBBggqhkjO\n"
-    "PQMBBwNCAAQsq9ECZiSW1xI+CVBP8VDuUehVA166sR2YsnJ5J6gbMQ1dUCH/QvLa\n"
-    "dBdeU7JlQcH8hN5KEbmM9BnZxMor6ussox0wGzAMBgNVHRMEBTADAQH/MAsGA1Ud\n"
-    "DwQEAwIBrjAKBggqhkjOPQQDAgNJADBGAiEAnHFsAIwGQQyRL81B04dH6d86Iq0l\n"
-    "fL8OKzndegxOaB0CIQCPwSIwEGFdURDqCC0CY2dnMrUGY5ZXu3hHCojZGS7zvg==\n"
-    "-----END CERTIFICATE-----\n";
-
-static const char *s_tls_cert =
-    "-----BEGIN CERTIFICATE-----\n"
-    "MIIBhzCCASygAwIBAgIUbnMoVd8TtWH1T09dANkK2LU6IUswCgYIKoZIzj0EAwIw\n"
-    "RDELMAkGA1UEBhMCSUUxDzANBgNVBAcMBkR1YmxpbjEQMA4GA1UECgwHQ2VzYW50\n"
-    "YTESMBAGA1UEAwwJVGVzdCBSb290MB4XDTIwMDUwOTIxNTE0OVoXDTMwMDUwOTIx\n"
-    "NTE0OVowETEPMA0GA1UEAwwGc2VydmVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n"
-    "QgAEkuBGnInDN6l06zVVQ1VcrOvH5FDu9MC6FwJc2e201P8hEpq0Q/SJS2nkbSuW\n"
-    "H/wBTTBaeXN2uhlBzMUWK790KKMvMC0wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gw\n"
-    "EwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0EAwIDSQAwRgIhAPo6xx7LjCdZ\n"
-    "QY133XvLjAgVFrlucOZHONFVQuDXZsjwAiEAzHBNligA08c5U3SySYcnkhurGg50\n"
-    "BllCI0eYQ9ggp/o=\n"
-    "-----END CERTIFICATE-----\n";
-
-static const char *s_tls_key =
-    "-----BEGIN PRIVATE KEY-----\n"
-    "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQglNni0t9Dg9icgG8w\n"
-    "kbfxWSS+TuNgbtNybIQXcm3NHpmhRANCAASS4EacicM3qXTrNVVDVVys68fkUO70\n"
-    "wLoXAlzZ7bTU/yESmrRD9IlLaeRtK5Yf/AFNMFp5c3a6GUHMxRYrv3Qo\n"
-    "-----END PRIVATE KEY-----\n";
-
 // CLIENT event handler
 static void cfn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
   int *i = &((struct c_res_s *) fn_data)->i;
@@ -55,9 +20,9 @@ static void cfn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
   } else if (ev == MG_EV_CONNECT) {
     MG_INFO(("CLIENT connected"));
     if (mg_url_is_ssl(s_conn)) {
-      struct mg_tls_opts opts = {.ca = mg_str(s_tls_ca),
-                                 .cert = mg_str(s_tls_cert),
-                                 .key = mg_str(s_tls_key)};
+      struct mg_tls_opts opts = {.ca = mg_unpacked("/certs/ss_ca.pem"),
+                                 .cert = mg_unpacked("/certs/ss_client.pem"),
+                                 .key = mg_unpacked("/certs/ss_client.pem")};
       mg_tls_init(c, &opts);
     }
     *i = 1;  // do something
@@ -92,9 +57,9 @@ static void sfn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
   } else if (ev == MG_EV_ACCEPT) {
     MG_INFO(("SERVER accepted a connection"));
     if (mg_url_is_ssl(s_lsn)) {
-      struct mg_tls_opts opts = {.ca = mg_str(s_tls_ca),
-                                 .cert = mg_str(s_tls_cert),
-                                 .key = mg_str(s_tls_key)};
+      struct mg_tls_opts opts = {.ca = mg_unpacked("/certs/ss_ca.pem"),
+                                 .cert = mg_unpacked("/certs/ss_server.pem"),
+                                 .key = mg_unpacked("/certs/ss_server.pem")};
       mg_tls_init(c, &opts);
     }
   } else if (ev == MG_EV_READ) {

test/data/ss_ca.pem

@@ -1,3 +1,5 @@
+- Make sure your PEM file starts with a dash -
+
 Certificate:
     Data:
         Version: 3 (0x2)

test/data/ss_client.pem

@@ -1,3 +1,5 @@
+- Make sure your PEM file starts with a dash -
+
 Certificate:
     Data:
         Version: 3 (0x2)

test/data/ss_server.pem

@@ -1,3 +1,5 @@
+- Make sure your PEM file starts with a dash -
+
 Certificate:
     Data:
         Version: 3 (0x2)