hyung-hwan/qse
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added qse_httpd_serverstd_ssl_t

Browse Source
This commit is contained in:
hyung-hwan 2013-03-04 04:46:22 +00:00
parent d0897866a4
commit 096628f7a7
7 changed files with 83 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
qse/cmd/http/httpd.c
View File

@ -179,6 +179,8 @@ enum
SCFG_AUTH, SCFG_AUTH,
SCFG_DIRCSS, SCFG_DIRCSS,
SCFG_ERRCSS, SCFG_ERRCSS,
SCFG_SSLCERTFILE,
SCFG_SSLKEYFILE,
SCFG_MAX SCFG_MAX
}; };
@ -241,6 +243,7 @@ struct server_xtn_t
int num; int num;
qse_nwad_t bind; qse_nwad_t bind;
int secure;
qse_httpd_serverstd_makersrc_t orgmakersrc; qse_httpd_serverstd_makersrc_t orgmakersrc;
qse_httpd_serverstd_freersrc_t orgfreersrc; qse_httpd_serverstd_freersrc_t orgfreersrc;
@ -250,6 +253,12 @@ struct server_xtn_t
int root_is_nwad; int root_is_nwad;
qse_nwad_t root_nwad; qse_nwad_t root_nwad;
struct
{
qse_mchar_t* certfile;
qse_mchar_t* keyfile;
} ssl;
struct struct
{ {
qse_size_t count; qse_size_t count;
@ -571,6 +580,16 @@ static int query_server (
} }
return 0; return 0;
} }
case QSE_HTTPD_SERVERSTD_SSL:
{
qse_httpd_serverstd_ssl_t* ssl;
ssl = (qse_httpd_serverstd_ssl_t*)result;
ssl->certfile = server_xtn->scfg[SCFG_SSLCERTFILE];
ssl->keyfile = server_xtn->scfg[SCFG_SSLKEYFILE];
return 0;
}
} }
return server_xtn->orgquery (httpd, server, req, xpath, code, result); return server_xtn->orgquery (httpd, server, req, xpath, code, result);
@ -589,7 +608,9 @@ static struct
{ QSE_T("host['*'].location['/'].realm"), QSE_T("default.realm") }, { QSE_T("host['*'].location['/'].realm"), QSE_T("default.realm") },
{ QSE_T("host['*'].location['/'].auth"), QSE_T("default.auth") }, { QSE_T("host['*'].location['/'].auth"), QSE_T("default.auth") },
{ QSE_T("host['*'].location['/'].dir-css"), QSE_T("default.dir-css") }, { QSE_T("host['*'].location['/'].dir-css"), QSE_T("default.dir-css") },
{ QSE_T("host['*'].location['/'].error-css"), QSE_T("default.error-css") } { QSE_T("host['*'].location['/'].error-css"), QSE_T("default.error-css") },
{ QSE_T("ssl-cert-file"), QSE_T("default.ssl-cert-file") },
{ QSE_T("ssl-key-file"), QSE_T("default.ssl-key-file") }
}; };
static int load_server_config ( static int load_server_config (
@ -882,6 +903,7 @@ static qse_httpd_server_t* attach_server (qse_httpd_t* httpd, int num, qse_xli_l
return QSE_NULL; return QSE_NULL;
} }
qse_memset (&dope, 0, QSE_SIZEOF(dope)); qse_memset (&dope, 0, QSE_SIZEOF(dope));
if (qse_strtonwad (((qse_xli_str_t*)pair->val)->ptr, &dope.nwad) <= -1) if (qse_strtonwad (((qse_xli_str_t*)pair->val)->ptr, &dope.nwad) <= -1)
{ {
@ -890,6 +912,10 @@ static qse_httpd_server_t* attach_server (qse_httpd_t* httpd, int num, qse_xli_l
return QSE_NULL; return QSE_NULL;
} }
pair = qse_xli_findpairbyname (httpd_xtn->xli, list, QSE_T("ssl"));
if (!pair) pair = qse_xli_findpairbyname (httpd_xtn->xli, QSE_NULL, QSE_T("default.ssl"));
if (pair && pair->val->type == QSE_XLI_STR) dope.flags |= QSE_HTTPD_SERVER_SECURE;
dope.detach = detach_server; dope.detach = detach_server;
xserver = qse_httpd_attachserverstd (httpd, &dope, QSE_SIZEOF(server_xtn_t)); xserver = qse_httpd_attachserverstd (httpd, &dope, QSE_SIZEOF(server_xtn_t));
if (xserver == QSE_NULL) if (xserver == QSE_NULL)
@ -914,6 +940,7 @@ static qse_httpd_server_t* attach_server (qse_httpd_t* httpd, int num, qse_xli_l
/* remember the binding address used */ /* remember the binding address used */
server_xtn->num = num; server_xtn->num = num;
server_xtn->bind = dope.nwad; server_xtn->bind = dope.nwad;
server_xtn->secure = (dope.flags & QSE_HTTPD_SERVER_SECURE);
return xserver; return xserver;
} }
@ -1343,7 +1370,8 @@ int qse_main (int argc, qse_achar_t* argv[])
ret = qse_runmain (argc, argv, httpd_main); ret = qse_runmain (argc, argv, httpd_main);
#if defined(HAVE_SSL) #if defined(HAVE_SSL)
/*ERR_remove_state ();*/ /* ERR_remove_state() should be called for each thread if the application is thread */
ERR_remove_state (0);
ENGINE_cleanup (); ENGINE_cleanup ();
ERR_free_strings (); ERR_free_strings ();
EVP_cleanup (); EVP_cleanup ();

18
qse/cmd/http/httpd.conf
View File

@ -3,6 +3,11 @@
# #
default { default {
# default ssl certificate file
#ssl-cert-file = "/etc/qse/cert.pem";
# default ssl private key file
#ssl-key-file = "/etc/qse/key.pem";
# the default name is used in http headers and in pages # the default name is used in http headers and in pages
# generated by httpd. # generated by httpd.
name = "QSEHTTPD v1"; name = "QSEHTTPD v1";
@ -55,14 +60,13 @@ default {
server { server {
bind = "0.0.0.0:1999"; bind = "0.0.0.0:1999";
ssl = yes;
# ssl is not supported yet. # openssl genrsa -out key.pem
#ssl { # openssl req -new -key key.pem -out cert.csr
# certificate { # openssl req -new -x509 -key key.pem -out cert.pem -days 1095
# private = "xxxx"; ssl-cert-file = "/etc/qse/cert.pem";
# public = "xxxx"; ssl-key-file = "/etc/qse/key.pem";
# }
#}
host "*" { host "*" {
location "/" { location "/" {

2
qse/configure vendored
View File

@ -17442,7 +17442,7 @@ fi
done done
for ac_header in crt_externs.h prctl.h uci.h for ac_header in crt_externs.h sys/prctl.h uci.h
do : do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"

2
qse/configure.ac
View File

@ -121,7 +121,7 @@ AC_CHECK_HEADERS([net/if.h net/if_dl.h], [], [], [
#include <sys/types.h> #include <sys/types.h>
#include <sys/socket.h>]) #include <sys/socket.h>])
AC_CHECK_HEADERS([sys/stropts.h sys/macstat.h linux/ethtool.h linux/sockios.h]) AC_CHECK_HEADERS([sys/stropts.h sys/macstat.h linux/ethtool.h linux/sockios.h])
AC_CHECK_HEADERS([crt_externs.h prctl.h uci.h]) AC_CHECK_HEADERS([crt_externs.h sys/prctl.h uci.h])
dnl check data types dnl check data types
AC_CHECK_TYPE([wchar_t], AC_CHECK_TYPE([wchar_t],

6
qse/include/qse/config.h.in
View File

@ -302,9 +302,6 @@
/* Define to 1 if you have the `prctl' function. */ /* Define to 1 if you have the `prctl' function. */
#undef HAVE_PRCTL #undef HAVE_PRCTL
/* Define to 1 if you have the <prctl.h> header file. */
#undef HAVE_PRCTL_H
/* Define if libtool can extract symbol lists from object files. */ /* Define if libtool can extract symbol lists from object files. */
#undef HAVE_PRELOADED_SYMBOLS #undef HAVE_PRELOADED_SYMBOLS
@ -469,6 +466,9 @@
*/ */
#undef HAVE_SYS_NDIR_H #undef HAVE_SYS_NDIR_H
/* Define to 1 if you have the <sys/prctl.h> header file. */
#undef HAVE_SYS_PRCTL_H
/* Define to 1 if you have the <sys/resource.h> header file. */ /* Define to 1 if you have the <sys/resource.h> header file. */
#undef HAVE_SYS_RESOURCE_H #undef HAVE_SYS_RESOURCE_H

11
qse/include/qse/http/stdhttpd.h
View File

@ -85,6 +85,13 @@ struct qse_httpd_serverstd_index_t
const qse_mchar_t* files; /* "value1\0value2\0" */ const qse_mchar_t* files; /* "value1\0value2\0" */
}; };
typedef struct qse_httpd_serverstd_ssl_t qse_httpd_serverstd_ssl_t;
struct qse_httpd_serverstd_ssl_t
{
const qse_mchar_t* certfile;
const qse_mchar_t* keyfile;
};
enum qse_httpd_serverstd_query_code_t enum qse_httpd_serverstd_query_code_t
{ {
QSE_HTTPD_SERVERSTD_NAME, /* const qse_mchar_t* */ QSE_HTTPD_SERVERSTD_NAME, /* const qse_mchar_t* */
@ -98,7 +105,9 @@ enum qse_httpd_serverstd_query_code_t
QSE_HTTPD_SERVERSTD_CGI, /* qse_httpd_serverstd_cgi_t */ QSE_HTTPD_SERVERSTD_CGI, /* qse_httpd_serverstd_cgi_t */
QSE_HTTPD_SERVERSTD_MIME, /* const qse_mchar_t* */ QSE_HTTPD_SERVERSTD_MIME, /* const qse_mchar_t* */
QSE_HTTPD_SERVERSTD_DIRACC, /* int (http error code) */ QSE_HTTPD_SERVERSTD_DIRACC, /* int (http error code) */
QSE_HTTPD_SERVERSTD_FILEACC /* int (http error code) */ QSE_HTTPD_SERVERSTD_FILEACC, /* int (http error code) */
QSE_HTTPD_SERVERSTD_SSL /* qse_httpd_serverstd_ssl_t */
}; };
typedef enum qse_httpd_serverstd_query_code_t qse_httpd_serverstd_query_code_t; typedef enum qse_httpd_serverstd_query_code_t qse_httpd_serverstd_query_code_t;

40
qse/lib/http/httpd-std.c
View File

@ -530,32 +530,44 @@ struct httpd_xtn_t
}; };
#if defined(HAVE_SSL) #if defined(HAVE_SSL)
static int init_xtn_ssl ( static int init_xtn_ssl (qse_httpd_t* httpd, qse_httpd_server_t* server)
qse_httpd_t* httpd,
const qse_mchar_t* pemfile,
const qse_mchar_t* keyfile/*,
const qse_mchar_t* chainfile*/)
{ {
SSL_CTX* ctx; SSL_CTX* ctx;
httpd_xtn_t* xtn; httpd_xtn_t* xtn;
server_xtn_t* server_xtn;
qse_httpd_serverstd_ssl_t ssl;
xtn = (httpd_xtn_t*)qse_httpd_getxtn (httpd); xtn = (httpd_xtn_t*)qse_httpd_getxtn (httpd);
server_xtn = (server_xtn_t*)qse_httpd_getserverxtn (httpd, server);
if (server_xtn->query (httpd, server, QSE_NULL, QSE_NULL, QSE_HTTPD_SERVERSTD_SSL, &ssl) <= -1)
{
return -1;
}
if (ssl.certfile == QSE_NULL || ssl.keyfile == QSE_NULL)
{
qse_httpd_seterrnum (httpd, QSE_HTTPD_EINVAL);
return -1;
}
ctx = SSL_CTX_new (SSLv23_server_method()); ctx = SSL_CTX_new (SSLv23_server_method());
if (ctx == QSE_NULL) return -1; if (ctx == QSE_NULL) return -1;
/*SSL_CTX_set_info_callback(ctx,ssl_info_callback);*/ /*SSL_CTX_set_info_callback(ctx,ssl_info_callback);*/
if (SSL_CTX_use_certificate_file (ctx, pemfile, SSL_FILETYPE_PEM) == 0 || if (SSL_CTX_use_certificate_file (ctx, ssl.certfile, SSL_FILETYPE_PEM) == 0 ||
SSL_CTX_use_PrivateKey_file (ctx, keyfile, SSL_FILETYPE_PEM) == 0 || SSL_CTX_use_PrivateKey_file (ctx, ssl.keyfile, SSL_FILETYPE_PEM) == 0 ||
SSL_CTX_check_private_key (ctx) == 0 /*|| SSL_CTX_check_private_key (ctx) == 0 /*||
SSL_CTX_use_certificate_chain_file (ctx, chainfile) == 0*/) SSL_CTX_use_certificate_chain_file (ctx, chainfile) == 0*/)
{ {
if (httpd->opt.trait & QSE_HTTPD_LOGACT) if (httpd->opt.trait & QSE_HTTPD_LOGACT)
{ {
qse_httpd_act_t msg; qse_httpd_act_t msg;
qse_size_t len;
msg.code = QSE_HTTPD_CATCH_MERRMSG; msg.code = QSE_HTTPD_CATCH_MERRMSG;
ERR_error_string_n (ERR_get_error(), msg.u.merrmsg, QSE_COUNTOF(msg.u.merrmsg)); len = qse_mbscpy (msg.u.merrmsg, QSE_MT("cert/key file error - "));
ERR_error_string_n (ERR_get_error(), &msg.u.merrmsg[len], QSE_COUNTOF(msg.u.merrmsg) - len);
httpd->opt.rcb.logact (httpd, &msg); httpd->opt.rcb.logact (httpd, &msg);
} }
@ -606,10 +618,6 @@ qse_httpd_t* qse_httpd_openstdwithmmgr (qse_mmgr_t* mmgr, qse_size_t xtnsize)
xtn = (httpd_xtn_t*)qse_httpd_getxtn (httpd); xtn = (httpd_xtn_t*)qse_httpd_getxtn (httpd);
#if defined(HAVE_SSL)
/*init_xtn_ssl (httpd, "http01.pem", "http01.key");*/
#endif
set_httpd_callbacks (httpd); set_httpd_callbacks (httpd);
xtn->ecb.close = cleanup_standard_httpd; xtn->ecb.close = cleanup_standard_httpd;
@ -1725,8 +1733,7 @@ static int client_accepted (qse_httpd_t* httpd, qse_httpd_client_t* client)
if (!xtn->ssl_ctx) if (!xtn->ssl_ctx)
{ {
/* delayed initialization of ssl */ /* delayed initialization of ssl */
/* TODO: certificate from options */ if (init_xtn_ssl (httpd, client->server) <= -1)
if (init_xtn_ssl (httpd, "http01.pem", "http01.key") <= -1)
{ {
return -1; return -1;
} }
@ -2679,6 +2686,11 @@ static int query_server (
*(int*)result = 200; *(int*)result = 200;
return 0; return 0;
case QSE_HTTPD_SERVERSTD_SSL:
/* you must specify the certificate and the key file to be able
* to use SSL */
qse_httpd_seterrnum (httpd, QSE_HTTPD_ENOENT);
return -1;
} }
qse_httpd_seterrnum (httpd, QSE_HTTPD_EINVAL); qse_httpd_seterrnum (httpd, QSE_HTTPD_EINVAL);