Merge pull request #2215 from cesanta/tlsdash

improve TLS behaviour in dashboard

examples/device-dashboard/Makefile

@@ -24,14 +24,13 @@ all: $(PROG)              # Default target. Build and run program
 	$(RUN) ./$(PROG) $(ARGS)
 
 # Before embedding files, gzip them to save space
-packed_fs.c: $(FILES_TO_EMBED) Makefile
+packed_fs.c: ca.pem $(FILES_TO_EMBED) Makefile
 	$(CC) ../../test/pack.c -o $(PACK)
 ifeq ($(OS),Windows_NT)
-	$(PACK) $(FILES_TO_EMBED) > $@
+	$(PACK) ca.pem $(FILES_TO_EMBED) > $@
 else
-	rm -rf tmp/web_root && mkdir tmp && cp -r web_root tmp/
-	find tmp -type f | xargs -n1 gzip
-	cd tmp && ../pack `find web_root -type f` > ../$@
+	rm -rf tmp/web_root && mkdir tmp && cp -r web_root tmp/ && cp -f ca.pem tmp/
+	cd tmp && echo $(FILES_TO_EMBED) | xargs -n1 gzip && ../pack ca.pem `find web_root -type f` > ../$@
 endif
 
 $(PROG): $(SOURCES)       # Build program from sources

examples/device-dashboard/main.c

@@ -12,10 +12,12 @@ int main(void) {
   struct mg_mgr mgr;
   mg_log_set(MG_LL_DEBUG);  // Set debug log level
   mg_mgr_init(&mgr);
-  mg_http_listen(&mgr, s_listening_url, device_dashboard_fn, NULL);
+  mg_http_listen(&mgr, s_listening_url, device_dashboard_fn,
+                 NULL);  // see net.c
   MG_INFO(("Listening on %s", s_listening_url));
 #if MG_ENABLE_MBEDTLS || MG_ENABLE_OPENSSL
-  mg_http_listen(&mgr, s_listening_surl, device_dashboard_fn, "");
+  mg_http_listen(&mgr, s_listening_surl, device_dashboard_fn,
+                 (void *) 3);  // see net.c
   MG_INFO(("Listening on %s", s_listening_surl));
 #endif
   while (mgr.conns != NULL) mg_mgr_poll(&mgr, 500);

examples/device-dashboard/net.c

@@ -126,8 +126,15 @@ static void timer_metrics_fn(void *param) {
 // MQTT event handler function
 static void mqtt_fn(struct mg_connection *c, int ev, void *ev_data, void *fnd) {
   if (ev == MG_EV_CONNECT && mg_url_is_ssl(s_config.url)) {
-    struct mg_tls_opts opts = {.ca = "ca.pem",
-                               .srvname = mg_url_host(s_config.url)};
+    struct mg_tls_opts opts;
+    memset(&opts, 0, sizeof(opts));
+    opts.srvname = mg_url_host(s_config.url);
+#ifndef DISABLE_PACKEDFS
+    opts.ca = "/ca.pem";
+    opts.fs = &mg_fs_packed;
+#else
+    opts.ca = "ca.pem";
+#endif
     mg_tls_init(c, &opts);
   } else if (ev == MG_EV_MQTT_OPEN) {
     s_connected = true;
@@ -195,9 +202,10 @@ static void timer_sntp_fn(void *param) {  // SNTP timer function. Sync up time
 #endif
 
 // HTTP request handler function
+// fn_data: bit0 -> don't start services, bit1 -> use TLS
 void device_dashboard_fn(struct mg_connection *c, int ev, void *ev_data,
                          void *fn_data) {
-  if (ev == MG_EV_OPEN && c->is_listening) {
+  if (ev == MG_EV_OPEN && c->is_listening && !((size_t) fn_data & (1 << 0))) {
     mg_timer_add(c->mgr, 1000, MG_TIMER_REPEAT, timer_metrics_fn, c->mgr);
 #ifndef DISABLE_ROUTING
     mg_timer_add(c->mgr, 1000, MG_TIMER_REPEAT, timer_mqtt_fn, c->mgr);
@@ -206,7 +214,7 @@ void device_dashboard_fn(struct mg_connection *c, int ev, void *ev_data,
     s_config.url = strdup(MQTT_SERVER);
     s_config.pub = strdup(MQTT_PUBLISH_TOPIC);
     s_config.sub = strdup(MQTT_SUBSCRIBE_TOPIC);
-  } else if (ev == MG_EV_ACCEPT && fn_data != NULL) {
+  } else if (ev == MG_EV_ACCEPT && ((size_t) fn_data & (1 << 1))) {
     struct mg_tls_opts opts = {.cert = s_ssl_cert, .certkey = s_ssl_key};
     mg_tls_init(c, &opts);
   } else if (ev == MG_EV_HTTP_MSG) {
@@ -269,7 +277,7 @@ void device_dashboard_fn(struct mg_connection *c, int ev, void *ev_data,
     } else {
       struct mg_http_serve_opts opts;
       memset(&opts, 0, sizeof(opts));
-#if 1
+#ifndef DISABLE_PACKEDFS
       opts.root_dir = "/web_root";
       opts.fs = &mg_fs_packed;
 #else