mirror of
https://github.com/cesanta/mongoose.git
synced 2024-12-27 06:51:04 +08:00
Revert to the old TLS API, but keep certs as mg_str for DER
This commit is contained in:
parent
7ecbbc517d
commit
3f0366a514
@ -261,7 +261,14 @@ static void handle_sys_reset(struct mg_connection *c) {
|
||||
|
||||
// HTTP request handler function
|
||||
static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
|
||||
if (ev == MG_EV_HTTP_MSG) {
|
||||
if (ev == MG_EV_ACCEPT) {
|
||||
if (fn_data != NULL) { // TLS listener!
|
||||
struct mg_tls_opts opts = {0};
|
||||
opts.cert = mg_unpacked("/certs/server_cert.pem");
|
||||
opts.key = mg_unpacked("/certs/server_key.pem");
|
||||
mg_tls_init(c, &opts);
|
||||
}
|
||||
} else if (ev == MG_EV_HTTP_MSG) {
|
||||
struct mg_http_message *hm = (struct mg_http_message *) ev_data;
|
||||
struct user *u = authenticate(hm);
|
||||
|
||||
@ -306,20 +313,12 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
|
||||
hm->method.ptr, (int) hm->uri.len, hm->uri.ptr, (int) 3,
|
||||
&c->send.buf[9]));
|
||||
}
|
||||
(void) fn_data;
|
||||
}
|
||||
|
||||
void web_init(struct mg_mgr *mgr) {
|
||||
struct mg_tls_opts opts = {0};
|
||||
opts.server_cert = mg_unpacked("/certs/server_cert.pem");
|
||||
opts.server_key = mg_unpacked("/certs/server_key.pem");
|
||||
mg_tls_ctx_init(mgr, &opts);
|
||||
|
||||
s_settings.device_name = strdup("My Device");
|
||||
|
||||
mg_http_listen(mgr, HTTP_URL, fn, NULL);
|
||||
mg_http_listen(mgr, HTTPS_URL, fn, NULL);
|
||||
|
||||
mg_http_listen(mgr, HTTPS_URL, fn, (void *) 1);
|
||||
mg_timer_add(mgr, 3600 * 1000, MG_TIMER_RUN_NOW | MG_TIMER_REPEAT,
|
||||
timer_sntp_fn, mgr);
|
||||
}
|
||||
|
@ -28,6 +28,12 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
|
||||
// Connected to server. Extract host name from URL
|
||||
struct mg_str host = mg_url_host(s_url);
|
||||
|
||||
if (mg_url_is_ssl(s_url)) {
|
||||
struct mg_tls_opts opts = {.ca = mg_unpacked("/certs/ca.pem"),
|
||||
.name = mg_url_host(s_url)};
|
||||
mg_tls_init(c, &opts);
|
||||
}
|
||||
|
||||
// Send request
|
||||
int content_length = s_post_data ? strlen(s_post_data) : 0;
|
||||
mg_printf(c,
|
||||
@ -59,8 +65,6 @@ int main(int argc, char *argv[]) {
|
||||
if (argc > 1) s_url = argv[1]; // Use URL provided in the command line
|
||||
mg_log_set(atoi(log_level)); // Set to 0 to disable debug
|
||||
mg_mgr_init(&mgr); // Initialise event manager
|
||||
struct mg_tls_opts opts = {.client_ca = mg_unpacked("/certs/client_ca.pem")};
|
||||
mg_tls_ctx_init(&mgr, &opts);
|
||||
mg_http_connect(&mgr, s_url, fn, &done); // Create client connection
|
||||
while (!done) mg_mgr_poll(&mgr, 50); // Event manager loops until 'done'
|
||||
mg_mgr_free(&mgr); // Free resources
|
||||
|
@ -2556,7 +2556,7 @@ static const struct packed_file {
|
||||
size_t size;
|
||||
time_t mtime;
|
||||
} packed_files[] = {
|
||||
{"/certs/client_ca.pem", v1, sizeof(v1), 1694016785},
|
||||
{"/certs/ca.pem", v1, sizeof(v1), 1694162397},
|
||||
{NULL, NULL, 0, 0}
|
||||
};
|
||||
|
||||
|
@ -7,7 +7,7 @@ CFLAGS = -W -Wall -Wextra -g -I. # Build options
|
||||
# Mongoose build options. See https://mongoose.ws/documentation/#build-options
|
||||
CFLAGS_MONGOOSE += -DMG_ENABLE_LINES=1 -DMG_ENABLE_PACKED_FS=1
|
||||
|
||||
// see tutorial at https://mongoose.ws/tutorials/http-proxy-client/
|
||||
# See tutorial at https://mongoose.ws/tutorials/http-proxy-client/
|
||||
ARGS ?= 167.235.63.238:3128 http://info.cern.ch/ # default call arguments
|
||||
|
||||
ifeq ($(OS),Windows_NT) # Windows settings. Assume MinGW compiler. To use VC: make CC=cl CFLAGS=/MD OUT=/Feprog.exe
|
||||
|
@ -20,6 +20,13 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
|
||||
} else if (ev == MG_EV_CONNECT) {
|
||||
// Proxy TCP connection established. Send CONNECT request
|
||||
struct mg_str host = mg_url_host(url);
|
||||
|
||||
if (mg_url_is_ssl(url)) {
|
||||
struct mg_tls_opts opts = {.ca = mg_unpacked("/certs/ca.pem"),
|
||||
.name = host};
|
||||
mg_tls_init(c, &opts);
|
||||
}
|
||||
|
||||
// c->is_hexdumping = 1;
|
||||
mg_printf(c, "CONNECT %.*s:%hu HTTP/1.1\r\nHost: %.*s:%hu\r\n\r\n",
|
||||
(int) host.len, host.ptr, mg_url_port(url), (int) host.len,
|
||||
@ -35,7 +42,8 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
|
||||
("Connected to proxy, status: %.*s", (int) hm.uri.len, hm.uri.ptr));
|
||||
mg_iobuf_del(&c->recv, 0, n);
|
||||
// Send request to the target server
|
||||
mg_printf(c, "GET %s HTTP/1.0\r\n"
|
||||
mg_printf(c,
|
||||
"GET %s HTTP/1.0\r\n"
|
||||
"Host: %.*s\r\n"
|
||||
"\r\n",
|
||||
mg_url_uri(url), (int) host.len, host.ptr);
|
||||
@ -52,8 +60,6 @@ int main(int argc, char *argv[]) {
|
||||
}
|
||||
|
||||
mg_mgr_init(&mgr); // Initialise event manager
|
||||
struct mg_tls_opts opts = {.client_ca = mg_unpacked("/certs/client_ca.pem")};
|
||||
mg_tls_ctx_init(&mgr, &opts);
|
||||
mg_http_connect(&mgr, argv[1], fn, argv[2]); // Connect to the proxy
|
||||
for (;;) mg_mgr_poll(&mgr, 1000); // Event loop
|
||||
mg_mgr_free(&mgr);
|
||||
|
@ -57,6 +57,15 @@ static const char *s_tls_key =
|
||||
// We use the same event handler function for HTTP and HTTPS connections
|
||||
// fn_data is NULL for plain HTTP, and non-NULL for HTTPS
|
||||
static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
|
||||
if (ev == MG_EV_ACCEPT && fn_data != NULL) {
|
||||
struct mg_tls_opts opts = {
|
||||
#ifdef TLS_TWOWAY
|
||||
.ca = mg_str(s_tls_ca),
|
||||
#endif
|
||||
.cert = mg_str(s_tls_cert),
|
||||
.key = mg_str(s_tls_key)};
|
||||
mg_tls_init(c, &opts);
|
||||
}
|
||||
if (ev == MG_EV_HTTP_MSG) {
|
||||
struct mg_http_message *hm = (struct mg_http_message *) ev_data;
|
||||
if (mg_http_match_uri(hm, "/api/stats")) {
|
||||
@ -87,13 +96,6 @@ int main(void) {
|
||||
struct mg_mgr mgr; // Event manager
|
||||
mg_log_set(MG_LL_DEBUG); // Set log level
|
||||
mg_mgr_init(&mgr); // Initialise event manager
|
||||
struct mg_tls_opts opts = {
|
||||
#ifdef TLS_TWOWAY
|
||||
.client_ca = mg_str(s_tls_ca),
|
||||
#endif
|
||||
.server_cert = mg_str(s_tls_cert),
|
||||
.server_key = mg_str(s_tls_key)};
|
||||
mg_tls_ctx_init(&mgr, &opts);
|
||||
mg_http_listen(&mgr, s_http_addr, fn, NULL); // Create HTTP listener
|
||||
mg_http_listen(&mgr, s_https_addr, fn, (void *) 1); // HTTPS listener
|
||||
for (;;) mg_mgr_poll(&mgr, 1000); // Infinite event loop
|
||||
|
@ -58,6 +58,11 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
|
||||
if (c2 == NULL) {
|
||||
mg_error(c, "Cannot create backend connection");
|
||||
} else {
|
||||
if (mg_url_is_ssl(s_backend_url)) {
|
||||
struct mg_tls_opts opts = {.ca = mg_unpacked("/certs/ca.pem"),
|
||||
.name = mg_url_host(s_backend_url)};
|
||||
mg_tls_init(c2, &opts);
|
||||
}
|
||||
c->fn_data = c2;
|
||||
forward_request(hm, c2);
|
||||
c->is_resp = 0; // process further msgs in keep-alive connection
|
||||
@ -74,8 +79,6 @@ int main(void) {
|
||||
|
||||
mg_log_set(MG_LL_DEBUG); // Set log level
|
||||
mg_mgr_init(&mgr); // Initialise event manager
|
||||
struct mg_tls_opts opts = {.client_ca = mg_unpacked("/certs/client_ca.pem")};
|
||||
mg_tls_ctx_init(&mgr, &opts);
|
||||
mg_http_listen(&mgr, s_listen_url, fn, NULL); // Start proxy
|
||||
for (;;) mg_mgr_poll(&mgr, 1000); // Event loop
|
||||
mg_mgr_free(&mgr);
|
||||
|
@ -21,6 +21,13 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
|
||||
if (ev == MG_EV_CONNECT) {
|
||||
// Connected to server. Extract host name from URL
|
||||
struct mg_str host = mg_url_host(s_url);
|
||||
|
||||
if (mg_url_is_ssl(s_url)) {
|
||||
struct mg_tls_opts opts = {.ca = mg_unpacked("/certs/ca.pem"),
|
||||
.name = host};
|
||||
mg_tls_init(c, &opts);
|
||||
}
|
||||
|
||||
// Send request
|
||||
mg_printf(c,
|
||||
"GET %s HTTP/1.1\r\n"
|
||||
@ -56,9 +63,6 @@ int main(int argc, char *argv[]) {
|
||||
mg_log_set(atoi(log_level)); // Set to 0 to disable debug log
|
||||
if (argc > 1) s_url = argv[1]; // Use URL from command line
|
||||
|
||||
struct mg_tls_opts opts = {.client_ca = mg_unpacked("/certs/client_ca.pem")};
|
||||
mg_tls_ctx_init(&mgr, &opts);
|
||||
|
||||
mg_http_connect(&mgr, s_url, fn, &done); // Create client connection
|
||||
while (!done) mg_mgr_poll(&mgr, 1000); // Infinite event loop
|
||||
mg_mgr_free(&mgr); // Free resources
|
||||
|
@ -41,6 +41,12 @@ static int s_qos = 1;
|
||||
static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
|
||||
if (ev == MG_EV_OPEN) {
|
||||
// c->is_hexdumping = 1;
|
||||
} else if (ev == MG_EV_CONNECT) {
|
||||
if (mg_url_is_ssl(s_url)) {
|
||||
struct mg_tls_opts opts = {.ca = mg_unpacked("/certs/ca.pem"),
|
||||
.name = mg_url_host(s_url)};
|
||||
mg_tls_init(c, &opts);
|
||||
}
|
||||
} else if (ev == MG_EV_ERROR) {
|
||||
// On error, log error message
|
||||
MG_ERROR(("%p %s", c->fd, (char *) ev_data));
|
||||
@ -87,9 +93,6 @@ int main(void) {
|
||||
struct mg_mqtt_opts opts = {.clean = true};
|
||||
bool done = false;
|
||||
mg_mgr_init(&mgr); // Initialise event manager
|
||||
struct mg_tls_opts topts = {.client_ca = mg_unpacked("/certs/client_ca.pem")};
|
||||
//TODO() 2-way auth and certificate loading
|
||||
mg_tls_ctx_init(&mgr, &topts);
|
||||
MG_INFO(("Connecting to %s", s_url)); // Inform that we're starting
|
||||
mg_mqtt_connect(&mgr, s_url, &opts, fn, &done); // Create client connection
|
||||
while (!done) mg_mgr_poll(&mgr, 1000); // Loop until done
|
||||
|
@ -28,6 +28,12 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
|
||||
if (ev == MG_EV_OPEN) {
|
||||
MG_INFO(("%lu CREATED", c->id));
|
||||
// c->is_hexdumping = 1;
|
||||
} else if (ev == MG_EV_CONNECT) {
|
||||
if (mg_url_is_ssl(s_url)) {
|
||||
struct mg_tls_opts opts = {.ca = mg_unpacked("/certs/ca.pem"),
|
||||
.name = mg_url_host(s_url)};
|
||||
mg_tls_init(c, &opts);
|
||||
}
|
||||
} else if (ev == MG_EV_ERROR) {
|
||||
// On error, log error message
|
||||
MG_ERROR(("%lu ERROR %s", c->id, (char *) ev_data));
|
||||
@ -101,9 +107,6 @@ int main(int argc, char *argv[]) {
|
||||
signal(SIGTERM, signal_handler); // manager loop on SIGINT and SIGTERM
|
||||
|
||||
mg_mgr_init(&mgr);
|
||||
|
||||
struct mg_tls_opts opts = {.client_ca = mg_unpacked("/certs/client_ca.pem")};
|
||||
mg_tls_ctx_init(&mgr, &opts);
|
||||
mg_timer_add(&mgr, 3000, MG_TIMER_REPEAT | MG_TIMER_RUN_NOW, timer_fn, &mgr);
|
||||
while (s_signo == 0) mg_mgr_poll(&mgr, 1000); // Event loop, 1s timeout
|
||||
mg_mgr_free(&mgr); // Finished, cleanup
|
||||
|
@ -24,12 +24,17 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
|
||||
if (ev == MG_EV_ERROR) {
|
||||
// On error, log error message
|
||||
MG_ERROR(("%p %s", c->fd, (char *) ev_data));
|
||||
} else if (ev == MG_EV_CONNECT) {
|
||||
if (mg_url_is_ssl(s_url)) {
|
||||
struct mg_tls_opts opts = {.ca = mg_unpacked("/certs/ca.pem"),
|
||||
.name = mg_url_host(s_url)};
|
||||
mg_tls_init(c, &opts);
|
||||
}
|
||||
} else if (ev == MG_EV_WS_OPEN) {
|
||||
// WS connection established. Perform MQTT login
|
||||
MG_INFO(("Connected to WS. Logging in to MQTT..."));
|
||||
struct mg_mqtt_opts opts = {.qos = 1,
|
||||
.topic = mg_str(s_topic),
|
||||
.message = mg_str("goodbye")};
|
||||
struct mg_mqtt_opts opts = {
|
||||
.qos = 1, .topic = mg_str(s_topic), .message = mg_str("goodbye")};
|
||||
size_t len = c->send.len;
|
||||
mg_mqtt_login(c, &opts);
|
||||
mg_ws_wrap(c, c->send.len - len, WEBSOCKET_OP_BINARY);
|
||||
@ -92,8 +97,6 @@ int main(void) {
|
||||
struct mg_mgr mgr; // Event manager
|
||||
bool done = false; // Event handler flips it to true when done
|
||||
mg_mgr_init(&mgr); // Initialise event manager
|
||||
struct mg_tls_opts opts = {.client_ca = mg_unpacked("/certs/client_ca.pem")};
|
||||
mg_tls_ctx_init(&mgr, &opts);
|
||||
mg_log_set(MG_LL_DEBUG); // Set log level
|
||||
mg_ws_connect(&mgr, s_url, fn, &done, NULL); // Create client connection
|
||||
while (done == false) mg_mgr_poll(&mgr, 1000); // Event loop
|
||||
|
@ -28,8 +28,9 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
|
||||
mg_printf(c, "STARTTLS\r\n");
|
||||
*state = STARTTLS_WAIT;
|
||||
} else if (*state == STARTTLS_WAIT) {
|
||||
struct mg_str host = mg_url_host(server);
|
||||
mg_tls_init(c, host);
|
||||
struct mg_tls_opts opts = {.ca = mg_unpacked("/certs/ca.pem"),
|
||||
.name = mg_url_host(server)};
|
||||
mg_tls_init(c, &opts);
|
||||
*state = AUTH;
|
||||
} else if (*state == AUTH) {
|
||||
char a[100], b[300] = "";
|
||||
@ -74,10 +75,6 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
|
||||
int main(void) {
|
||||
struct mg_mgr mgr;
|
||||
mg_mgr_init(&mgr);
|
||||
|
||||
struct mg_tls_opts opts = {.client_ca = mg_unpacked("/certs/client_ca.pem")};
|
||||
mg_tls_ctx_init(&mgr, &opts);
|
||||
|
||||
mg_log_set(MG_LL_DEBUG);
|
||||
mg_connect(&mgr, server, fn, NULL);
|
||||
while (s_quit == false) mg_mgr_poll(&mgr, 1000);
|
||||
|
@ -54,10 +54,12 @@ static void cfn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
|
||||
MG_INFO(("CLIENT has been initialized"));
|
||||
} else if (ev == MG_EV_CONNECT) {
|
||||
MG_INFO(("CLIENT connected"));
|
||||
#if MG_TLS
|
||||
struct mg_str host = mg_url_host(s_conn);
|
||||
mg_tls_init(c, host);
|
||||
#endif
|
||||
if (mg_url_is_ssl(s_conn)) {
|
||||
struct mg_tls_opts opts = {.ca = mg_str(s_tls_ca),
|
||||
.cert = mg_str(s_tls_cert),
|
||||
.key = mg_str(s_tls_key)};
|
||||
mg_tls_init(c, &opts);
|
||||
}
|
||||
*i = 1; // do something
|
||||
} else if (ev == MG_EV_READ) {
|
||||
struct mg_iobuf *r = &c->recv;
|
||||
@ -89,9 +91,12 @@ static void sfn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
|
||||
MG_INFO(("SERVER is listening"));
|
||||
} else if (ev == MG_EV_ACCEPT) {
|
||||
MG_INFO(("SERVER accepted a connection"));
|
||||
#if MG_TLS
|
||||
mg_tls_init(c, mg_str(""));
|
||||
#endif
|
||||
if (mg_url_is_ssl(s_lsn)) {
|
||||
struct mg_tls_opts opts = {.ca = mg_str(s_tls_ca),
|
||||
.cert = mg_str(s_tls_cert),
|
||||
.key = mg_str(s_tls_key)};
|
||||
mg_tls_init(c, &opts);
|
||||
}
|
||||
} else if (ev == MG_EV_READ) {
|
||||
struct mg_iobuf *r = &c->recv;
|
||||
MG_INFO(("SERVER got data: %.*s", r->len, r->buf));
|
||||
@ -109,13 +114,9 @@ static void sfn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
|
||||
static void timer_fn(void *arg) {
|
||||
struct mg_mgr *mgr = (struct mg_mgr *) arg;
|
||||
if (c_res.c == NULL) {
|
||||
// connect
|
||||
c_res.i = 0;
|
||||
c_res.c = mg_connect(mgr, s_conn, cfn, &c_res);
|
||||
if (c_res.c == NULL)
|
||||
MG_INFO(("CLIENT cant' open a connection"));
|
||||
else
|
||||
MG_INFO(("CLIENT is connecting"));
|
||||
MG_INFO(("CLIENT %s", c_res.c ? "connecting" : "failed"));
|
||||
}
|
||||
}
|
||||
|
||||
@ -126,11 +127,6 @@ int main(void) {
|
||||
mg_log_set(MG_LL_INFO); // Set log level
|
||||
mg_mgr_init(&mgr); // Initialize event manager
|
||||
|
||||
struct mg_tls_opts opts = {.client_ca = mg_str(s_tls_ca),
|
||||
.server_cert = mg_str(s_tls_cert),
|
||||
.server_key = mg_str(s_tls_key)};
|
||||
mg_tls_ctx_init(&mgr, &opts);
|
||||
|
||||
mg_timer_add(&mgr, 15000, MG_TIMER_REPEAT | MG_TIMER_RUN_NOW, timer_fn, &mgr);
|
||||
c = mg_listen(&mgr, s_lsn, sfn, NULL); // Create server connection
|
||||
if (c == NULL) {
|
||||
|
@ -31,15 +31,13 @@ struct device {
|
||||
char *last_seen;
|
||||
};
|
||||
|
||||
static struct device s_devices[] = {
|
||||
{ .dev_name = "espressif",
|
||||
static struct device s_devices[] = {{.dev_name = "espressif",
|
||||
.mac = "02:11:22:33:44:55",
|
||||
.ip_addr = "192.168.1.1/24",
|
||||
.speed = 1000,
|
||||
.connected_to = "Ethernet",
|
||||
.lease_time_left = 1000,
|
||||
.last_seen = "13h20m ago"
|
||||
},
|
||||
.last_seen = "13h20m ago"},
|
||||
|
||||
{.dev_name = "windows11",
|
||||
.mac = "01:22:11:44:33:55",
|
||||
@ -47,8 +45,7 @@ static struct device s_devices[] = {
|
||||
.speed = 200,
|
||||
.connected_to = "Wifi 2.4 GHz",
|
||||
.lease_time_left = 4141,
|
||||
.last_seen = "23s ago"
|
||||
},
|
||||
.last_seen = "23s ago"},
|
||||
|
||||
{.dev_name = "iRobot-2",
|
||||
.mac = "01:22:11:44:33:42",
|
||||
@ -56,9 +53,7 @@ static struct device s_devices[] = {
|
||||
.speed = 600,
|
||||
.connected_to = "Wifi 5GHz",
|
||||
.lease_time_left = 1141,
|
||||
.last_seen = "20m ago"
|
||||
}
|
||||
};
|
||||
.last_seen = "20m ago"}};
|
||||
|
||||
// DHCP configuration
|
||||
struct dhcp {
|
||||
@ -232,7 +227,8 @@ static void handle_devices_get(struct mg_connection *c) {
|
||||
for (int i = 0; i < nr_devs; i++) {
|
||||
size_t current_length = strlen(test_json);
|
||||
|
||||
mg_snprintf(test_json + current_length, sizeof(test_json) - current_length,
|
||||
mg_snprintf(
|
||||
test_json + current_length, sizeof(test_json) - current_length,
|
||||
"{%m:\"%s\",%m:\"%s\", %m:\"%s\", %m:%d,%m:\"%s\",%m:%d,%m:\"%s\"}", //
|
||||
MG_ESC("dev_name"), s_devices[i].dev_name, //
|
||||
MG_ESC("mac"), s_devices[i].mac, //
|
||||
@ -276,7 +272,14 @@ static void handle_dhcp_get(struct mg_connection *c) {
|
||||
|
||||
// HTTP request handler function
|
||||
static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
|
||||
if (ev == MG_EV_HTTP_MSG) {
|
||||
if (ev == MG_EV_ACCEPT) {
|
||||
if (fn_data != NULL) { // TLS
|
||||
struct mg_tls_opts opts = {0};
|
||||
opts.cert = mg_str(s_tls_cert);
|
||||
opts.key = mg_str(s_tls_key);
|
||||
mg_tls_init(c, &opts);
|
||||
}
|
||||
} else if (ev == MG_EV_HTTP_MSG) {
|
||||
struct mg_http_message *hm = (struct mg_http_message *) ev_data;
|
||||
struct user *u = authenticate(hm);
|
||||
|
||||
@ -317,12 +320,8 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
|
||||
}
|
||||
|
||||
void web_init(struct mg_mgr *mgr) {
|
||||
struct mg_tls_opts opts = {0};
|
||||
opts.server_cert = mg_str(s_tls_cert);
|
||||
opts.server_key = mg_str(s_tls_key);
|
||||
mg_tls_ctx_init(mgr, &opts);
|
||||
mg_http_listen(mgr, HTTP_URL, fn, NULL);
|
||||
mg_http_listen(mgr, HTTPS_URL, fn, NULL);
|
||||
mg_http_listen(mgr, HTTPS_URL, fn, (void *) 1);
|
||||
|
||||
// mg_timer_add(c->mgr, 1000, MG_TIMER_REPEAT, timer_mqtt_fn, c->mgr);
|
||||
mg_timer_add(mgr, 3600 * 1000, MG_TIMER_RUN_NOW | MG_TIMER_REPEAT,
|
||||
|
409
mongoose.c
409
mongoose.c
@ -405,7 +405,7 @@ void mg_error(struct mg_connection *c, const char *fmt, ...) {
|
||||
va_start(ap, fmt);
|
||||
mg_vsnprintf(buf, sizeof(buf), fmt, &ap);
|
||||
va_end(ap);
|
||||
MG_ERROR(("%lu %p %s", c->id, c->fd, buf));
|
||||
MG_ERROR(("%lu %ld %s", c->id, c->fd, buf));
|
||||
c->is_closing = 1; // Set is_closing before sending MG_EV_CALL
|
||||
mg_call(c, MG_EV_ERROR, buf); // Let user handler to override it
|
||||
}
|
||||
@ -3700,7 +3700,7 @@ void mg_close_conn(struct mg_connection *c) {
|
||||
// Order of operations is important. `MG_EV_CLOSE` event must be fired
|
||||
// before we deallocate received data, see #1331
|
||||
mg_call(c, MG_EV_CLOSE, NULL);
|
||||
MG_DEBUG(("%lu %p closed", c->id, c->fd));
|
||||
MG_DEBUG(("%lu %ld closed", c->id, c->fd));
|
||||
|
||||
mg_tls_free(c);
|
||||
mg_iobuf_free(&c->recv);
|
||||
@ -3723,13 +3723,9 @@ struct mg_connection *mg_connect(struct mg_mgr *mgr, const char *url,
|
||||
c->fn = fn;
|
||||
c->is_client = true;
|
||||
c->fn_data = fn_data;
|
||||
MG_DEBUG(("%lu %p %s", c->id, c->fd, url));
|
||||
MG_DEBUG(("%lu %ld %s", c->id, c->fd, url));
|
||||
mg_call(c, MG_EV_OPEN, (void *) url);
|
||||
mg_resolve(c, url);
|
||||
if (mg_url_is_ssl(url)) {
|
||||
struct mg_str host = mg_url_host(url);
|
||||
mg_tls_init(c, host);
|
||||
}
|
||||
}
|
||||
return c;
|
||||
}
|
||||
@ -3751,7 +3747,7 @@ struct mg_connection *mg_listen(struct mg_mgr *mgr, const char *url,
|
||||
c->fn_data = fn_data;
|
||||
mg_call(c, MG_EV_OPEN, NULL);
|
||||
if (mg_url_is_ssl(url)) c->is_tls = 1; // Accepted connection must
|
||||
MG_DEBUG(("%lu %p %s", c->id, c->fd, url));
|
||||
MG_DEBUG(("%lu %ld %s", c->id, c->fd, url));
|
||||
}
|
||||
return c;
|
||||
}
|
||||
@ -3794,7 +3790,6 @@ void mg_mgr_free(struct mg_mgr *mgr) {
|
||||
#if MG_ENABLE_EPOLL
|
||||
if (mgr->epoll_fd >= 0) close(mgr->epoll_fd), mgr->epoll_fd = -1;
|
||||
#endif
|
||||
mg_tls_ctx_free(mgr);
|
||||
}
|
||||
|
||||
void mg_mgr_init(struct mg_mgr *mgr) {
|
||||
@ -4370,7 +4365,6 @@ static struct mg_connection *accept_conn(struct mg_connection *lsn,
|
||||
c->fn_data = lsn->fn_data;
|
||||
mg_call(c, MG_EV_OPEN, NULL);
|
||||
mg_call(c, MG_EV_ACCEPT, NULL);
|
||||
if (lsn->is_tls) mg_tls_init(c, mg_str(""));
|
||||
return c;
|
||||
}
|
||||
|
||||
@ -5993,7 +5987,7 @@ long mg_io_send(struct mg_connection *c, const void *buf, size_t len) {
|
||||
bool mg_send(struct mg_connection *c, const void *buf, size_t len) {
|
||||
if (c->is_udp) {
|
||||
long n = mg_io_send(c, buf, len);
|
||||
MG_DEBUG(("%lu %p %d:%d %ld err %d", c->id, c->fd, (int) c->send.len,
|
||||
MG_DEBUG(("%lu %ld %d:%d %ld err %d", c->id, c->fd, (int) c->send.len,
|
||||
(int) c->recv.len, n, MG_SOCK_ERR(n)));
|
||||
iolog(c, (char *) buf, n, false);
|
||||
return n > 0;
|
||||
@ -6123,7 +6117,7 @@ static void read_conn(struct mg_connection *c) {
|
||||
char *buf = (char *) &c->recv.buf[c->recv.len];
|
||||
size_t len = c->recv.size - c->recv.len;
|
||||
n = c->is_tls ? mg_tls_recv(c, buf, len) : mg_io_recv(c, buf, len);
|
||||
MG_DEBUG(("%lu %p snd %ld/%ld rcv %ld/%ld n=%ld err=%d", c->id, c->fd,
|
||||
MG_DEBUG(("%lu %ld snd %ld/%ld rcv %ld/%ld n=%ld err=%d", c->id, c->fd,
|
||||
(long) c->send.len, (long) c->send.size, (long) c->recv.len,
|
||||
(long) c->recv.size, n, MG_SOCK_ERR(n)));
|
||||
iolog(c, buf, n, true);
|
||||
@ -6134,7 +6128,7 @@ static void write_conn(struct mg_connection *c) {
|
||||
char *buf = (char *) c->send.buf;
|
||||
size_t len = c->send.len;
|
||||
long n = c->is_tls ? mg_tls_send(c, buf, len) : mg_io_send(c, buf, len);
|
||||
MG_DEBUG(("%lu %p snd %ld/%ld rcv %ld/%ld n=%ld err=%d", c->id, c->fd,
|
||||
MG_DEBUG(("%lu %ld snd %ld/%ld rcv %ld/%ld n=%ld err=%d", c->id, c->fd,
|
||||
(long) c->send.len, (long) c->send.size, (long) c->recv.len,
|
||||
(long) c->recv.size, n, MG_SOCK_ERR(n)));
|
||||
iolog(c, buf, n, false);
|
||||
@ -6212,7 +6206,7 @@ void mg_connect_resolved(struct mg_connection *c) {
|
||||
if (rc == 0) { // Success
|
||||
mg_call(c, MG_EV_CONNECT, NULL); // Send MG_EV_CONNECT to the user
|
||||
} else if (MG_SOCK_PENDING(rc)) { // Need to wait for TCP handshake
|
||||
MG_DEBUG(("%lu %p -> %M pend", c->id, c->fd, mg_print_ip_port, &c->rem));
|
||||
MG_DEBUG(("%lu %ld -> %M pend", c->id, c->fd, mg_print_ip_port, &c->rem));
|
||||
c->is_connecting = 1;
|
||||
} else {
|
||||
mg_error(c, "connect: %d", MG_SOCK_ERR(rc));
|
||||
@ -6266,11 +6260,10 @@ static void accept_conn(struct mg_mgr *mgr, struct mg_connection *lsn) {
|
||||
c->pfn_data = lsn->pfn_data;
|
||||
c->fn = lsn->fn;
|
||||
c->fn_data = lsn->fn_data;
|
||||
MG_DEBUG(("%lu %p accepted %M -> %M", c->id, c->fd, mg_print_ip_port,
|
||||
MG_DEBUG(("%lu %ld accepted %M -> %M", c->id, c->fd, mg_print_ip_port,
|
||||
&c->rem, mg_print_ip_port, &c->loc));
|
||||
mg_call(c, MG_EV_OPEN, NULL);
|
||||
mg_call(c, MG_EV_ACCEPT, NULL);
|
||||
if (lsn->is_tls) mg_tls_init(c, mg_str(""));
|
||||
}
|
||||
}
|
||||
|
||||
@ -6978,8 +6971,8 @@ void mg_tls_ctx_init(struct mg_mgr *mgr, const struct mg_tls_opts *opts) {
|
||||
|
||||
|
||||
#if MG_TLS == MG_TLS_NONE
|
||||
void mg_tls_init(struct mg_connection *c, struct mg_str hostname) {
|
||||
(void) hostname;
|
||||
void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
|
||||
(void) opts;
|
||||
mg_error(c, "TLS is not enabled");
|
||||
}
|
||||
void mg_tls_handshake(struct mg_connection *c) {
|
||||
@ -6998,12 +6991,6 @@ size_t mg_tls_pending(struct mg_connection *c) {
|
||||
(void) c;
|
||||
return 0;
|
||||
}
|
||||
void mg_tls_ctx_free(struct mg_mgr *mgr) {
|
||||
mgr->tls_ctx = NULL;
|
||||
}
|
||||
void mg_tls_ctx_init(struct mg_mgr *mgr, const struct mg_tls_opts *opts) {
|
||||
(void) opts, (void) mgr;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef MG_ENABLE_LINES
|
||||
@ -7012,20 +6999,54 @@ void mg_tls_ctx_init(struct mg_mgr *mgr, const struct mg_tls_opts *opts) {
|
||||
|
||||
|
||||
|
||||
|
||||
#if MG_TLS == MG_TLS_MBED
|
||||
|
||||
#if defined(MBEDTLS_VERSION_NUMBER) && MBEDTLS_VERSION_NUMBER >= 0x03000000
|
||||
#define MGRNG , rng_get, NULL
|
||||
#define MG_MBEDTLS_RNG_GET , mg_mbed_rng, NULL
|
||||
#else
|
||||
#define MGRNG
|
||||
#define MG_MBEDTLS_RNG_GET
|
||||
#endif
|
||||
|
||||
static int mg_mbed_rng(void *ctx, unsigned char *buf, size_t len) {
|
||||
mg_random(buf, len);
|
||||
(void) ctx;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static bool mg_load_cert(struct mg_str str, mbedtls_x509_crt *p) {
|
||||
int rc;
|
||||
if (str.ptr == NULL || str.ptr[0] == '\0' || str.ptr[0] == '*') return true;
|
||||
if (str.ptr[0] == '-') str.len++; // PEM, include trailing NUL
|
||||
if ((rc = mbedtls_x509_crt_parse(p, (uint8_t *) str.ptr, str.len)) != 0) {
|
||||
MG_ERROR(("cert err %#x", -rc));
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool mg_load_key(struct mg_str str, mbedtls_pk_context *p) {
|
||||
int rc;
|
||||
if (str.ptr == NULL || str.ptr[0] == '\0' || str.ptr[0] == '*') return true;
|
||||
if (str.ptr[0] == '-') str.len++; // PEM, include trailing NUL
|
||||
if ((rc = mbedtls_pk_parse_key(p, (uint8_t *) str.ptr, str.len, NULL,
|
||||
0 MG_MBEDTLS_RNG_GET)) != 0) {
|
||||
MG_ERROR(("key err %#x", -rc));
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
void mg_tls_free(struct mg_connection *c) {
|
||||
struct mg_tls *tls = (struct mg_tls *) c->tls;
|
||||
if (tls != NULL) {
|
||||
mbedtls_ssl_free(&tls->ssl);
|
||||
mbedtls_pk_free(&tls->pk);
|
||||
mbedtls_x509_crt_free(&tls->ca);
|
||||
mbedtls_x509_crt_free(&tls->cert);
|
||||
mbedtls_ssl_config_free(&tls->conf);
|
||||
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||
mbedtls_ssl_ticket_free(&tls->ticket);
|
||||
#endif
|
||||
free(tls);
|
||||
c->tls = NULL;
|
||||
}
|
||||
@ -7065,40 +7086,27 @@ void mg_tls_handshake(struct mg_connection *c) {
|
||||
}
|
||||
}
|
||||
|
||||
static int mbed_rng(void *ctx, unsigned char *buf, size_t len) {
|
||||
mg_random(buf, len);
|
||||
(void) ctx;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void debug_cb(void *c, int lev, const char *s, int n, const char *s2) {
|
||||
n = (int) strlen(s2) - 1;
|
||||
MG_INFO(("%lu %d %.*s", ((struct mg_connection *) c)->id, lev, n, s2));
|
||||
(void) s;
|
||||
}
|
||||
|
||||
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||
static int rng_get(void *p_rng, unsigned char *buf, size_t len) {
|
||||
(void) p_rng;
|
||||
mg_random(buf, len);
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
void mg_tls_init(struct mg_connection *c, struct mg_str hostname) {
|
||||
struct mg_tls_ctx *ctx = (struct mg_tls_ctx *) c->mgr->tls_ctx;
|
||||
void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
|
||||
struct mg_tls *tls = (struct mg_tls *) calloc(1, sizeof(*tls));
|
||||
int rc = 0;
|
||||
|
||||
c->tls = tls;
|
||||
if (c->tls == NULL) {
|
||||
mg_error(c, "TLS OOM");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if (c->is_listening) goto fail;
|
||||
MG_DEBUG(("%lu Setting TLS", c->id));
|
||||
mbedtls_ssl_init(&tls->ssl);
|
||||
mbedtls_ssl_config_init(&tls->conf);
|
||||
mbedtls_x509_crt_init(&tls->ca);
|
||||
mbedtls_x509_crt_init(&tls->cert);
|
||||
mbedtls_pk_init(&tls->pk);
|
||||
mbedtls_ssl_conf_dbg(&tls->conf, debug_cb, c);
|
||||
#if defined(MG_MBEDTLS_DEBUG_LEVEL)
|
||||
mbedtls_debug_set_threshold(MG_MBEDTLS_DEBUG_LEVEL);
|
||||
@ -7110,49 +7118,44 @@ void mg_tls_init(struct mg_connection *c, struct mg_str hostname) {
|
||||
mg_error(c, "tls defaults %#x", -rc);
|
||||
goto fail;
|
||||
}
|
||||
mbedtls_ssl_conf_rng(&tls->conf, mbed_rng, c);
|
||||
mbedtls_ssl_conf_rng(&tls->conf, mg_mbed_rng, c);
|
||||
|
||||
if (c->is_client && ctx->client_ca.version) {
|
||||
mbedtls_ssl_conf_ca_chain(&tls->conf, &ctx->client_ca, NULL);
|
||||
mbedtls_ssl_conf_authmode(&tls->conf, MBEDTLS_SSL_VERIFY_REQUIRED);
|
||||
if (hostname.ptr != NULL && hostname.ptr[0] != '\0') {
|
||||
struct mg_addr addr;
|
||||
if (!mg_aton(hostname, &addr)) { // if srvname is not an IP address
|
||||
char *host = mg_mprintf("%.*s", (int) hostname.len, hostname.ptr);
|
||||
if (opts->ca.len == 0 || mg_vcmp(&opts->ca, "*") == 0) {
|
||||
mbedtls_ssl_conf_authmode(&tls->conf, MBEDTLS_SSL_VERIFY_NONE);
|
||||
} else {
|
||||
if (mg_load_cert(opts->ca, &tls->ca) == false) goto fail;
|
||||
mbedtls_ssl_conf_ca_chain(&tls->conf, &tls->ca, NULL);
|
||||
if (c->is_client && opts->name.ptr != NULL && opts->name.ptr[0] != '\0') {
|
||||
char *host = mg_mprintf("%.*s", opts->name.len, opts->name.ptr);
|
||||
mbedtls_ssl_set_hostname(&tls->ssl, host);
|
||||
MG_DEBUG(("%lu hostname verification: %s", c->id, host));
|
||||
free(host);
|
||||
}
|
||||
}
|
||||
} else if (!c->is_client && ctx->server_ca.version) {
|
||||
mbedtls_ssl_conf_ca_chain(&tls->conf, &ctx->server_ca, NULL);
|
||||
mbedtls_ssl_conf_authmode(&tls->conf, MBEDTLS_SSL_VERIFY_REQUIRED);
|
||||
} else {
|
||||
mbedtls_ssl_conf_authmode(&tls->conf, MBEDTLS_SSL_VERIFY_NONE);
|
||||
}
|
||||
if (c->is_client && ctx->client_cert.version &&
|
||||
(rc = mbedtls_ssl_conf_own_cert(&tls->conf, &ctx->client_cert,
|
||||
&ctx->client_key)) != 0) {
|
||||
mg_error(c, "own cert %#x", -rc);
|
||||
goto fail;
|
||||
}
|
||||
if (!c->is_client && ctx->server_cert.version &&
|
||||
(rc = mbedtls_ssl_conf_own_cert(&tls->conf, &ctx->server_cert,
|
||||
&ctx->server_key)) != 0) {
|
||||
if (!mg_load_cert(opts->cert, &tls->cert)) goto fail;
|
||||
if (!mg_load_key(opts->key, &tls->pk)) goto fail;
|
||||
if (tls->cert.version &&
|
||||
(rc = mbedtls_ssl_conf_own_cert(&tls->conf, &tls->cert, &tls->pk)) != 0) {
|
||||
mg_error(c, "own cert %#x", -rc);
|
||||
goto fail;
|
||||
}
|
||||
|
||||
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||
mbedtls_ssl_ticket_init(&tls->ticket);
|
||||
if ((rc = mbedtls_ssl_ticket_setup(&tls->ticket, mg_mbed_rng, NULL,
|
||||
MBEDTLS_CIPHER_AES_128_GCM, 86400)) != 0) {
|
||||
mg_error(c, " mbedtls_ssl_ticket_setup %#x", -rc);
|
||||
goto fail;
|
||||
}
|
||||
mbedtls_ssl_conf_session_tickets_cb(&tls->conf, mbedtls_ssl_ticket_write,
|
||||
mbedtls_ssl_ticket_parse,
|
||||
&ctx->ticket_ctx);
|
||||
mbedtls_ssl_ticket_parse, &tls->ticket);
|
||||
#endif
|
||||
|
||||
if ((rc = mbedtls_ssl_setup(&tls->ssl, &tls->conf)) != 0) {
|
||||
mg_error(c, "setup err %#x", -rc);
|
||||
goto fail;
|
||||
}
|
||||
|
||||
c->tls = tls;
|
||||
c->is_tls = 1;
|
||||
c->is_tls_hs = 1;
|
||||
mbedtls_ssl_set_bio(&tls->ssl, c, mg_net_send, mg_net_recv, 0);
|
||||
@ -7186,80 +7189,6 @@ long mg_tls_send(struct mg_connection *c, const void *buf, size_t len) {
|
||||
if (n <= 0) return MG_IO_ERR;
|
||||
return n;
|
||||
}
|
||||
|
||||
static bool load_cert(struct mg_str str, mbedtls_x509_crt *p) {
|
||||
int rc;
|
||||
if (str.ptr == NULL || str.ptr[0] == '\0' || str.ptr[0] == '*') return true;
|
||||
if (str.ptr[0] == '-') str.len++; // PEM, include trailing NUL
|
||||
if ((rc = mbedtls_x509_crt_parse(p, (uint8_t *) str.ptr, str.len)) != 0) {
|
||||
MG_ERROR(("cert err %#x", -rc));
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool load_key(struct mg_str str, mbedtls_pk_context *p) {
|
||||
int rc;
|
||||
if (str.ptr == NULL || str.ptr[0] == '\0' || str.ptr[0] == '*') return true;
|
||||
if (str.ptr[0] == '-') str.len++; // PEM, include trailing NUL
|
||||
if ((rc = mbedtls_pk_parse_key(p, (uint8_t *) str.ptr, str.len, NULL,
|
||||
0 MGRNG)) != 0) {
|
||||
MG_ERROR(("key err %#x", -rc));
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
void mg_tls_ctx_init(struct mg_mgr *mgr, const struct mg_tls_opts *opts) {
|
||||
struct mg_tls_ctx *ctx = (struct mg_tls_ctx *) calloc(1, sizeof(*ctx));
|
||||
if (ctx == NULL) goto fail;
|
||||
MG_DEBUG(("Setting up TLS context"));
|
||||
|
||||
#if defined(MG_MBEDTLS_DEBUG_LEVEL)
|
||||
mbedtls_debug_set_threshold(MG_MBEDTLS_DEBUG_LEVEL);
|
||||
#endif
|
||||
|
||||
if (!load_cert(opts->client_ca, &ctx->client_ca)) goto fail;
|
||||
if (!load_cert(opts->server_ca, &ctx->server_ca)) goto fail;
|
||||
if (!load_cert(opts->client_cert, &ctx->client_cert)) goto fail;
|
||||
if (!load_cert(opts->server_cert, &ctx->server_cert)) goto fail;
|
||||
if (!load_key(opts->server_key, &ctx->server_key)) goto fail;
|
||||
if (!load_key(opts->client_key, &ctx->client_key)) goto fail;
|
||||
|
||||
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||
{
|
||||
int rc;
|
||||
mbedtls_ssl_ticket_init(&ctx->ticket_ctx);
|
||||
if ((rc = mbedtls_ssl_ticket_setup(&ctx->ticket_ctx, rng_get, NULL,
|
||||
MBEDTLS_CIPHER_AES_128_GCM, 86400)) !=
|
||||
0) {
|
||||
MG_ERROR(("setup session tickets err %#x", -rc));
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
mgr->tls_ctx = ctx;
|
||||
return;
|
||||
fail:
|
||||
mg_tls_ctx_free(mgr);
|
||||
}
|
||||
|
||||
void mg_tls_ctx_free(struct mg_mgr *mgr) {
|
||||
struct mg_tls_ctx *ctx = (struct mg_tls_ctx *) mgr->tls_ctx;
|
||||
if (ctx != NULL) {
|
||||
mbedtls_x509_crt_free(&ctx->server_cert);
|
||||
mbedtls_pk_free(&ctx->server_key);
|
||||
mbedtls_x509_crt_free(&ctx->client_cert);
|
||||
mbedtls_pk_free(&ctx->client_key);
|
||||
mbedtls_x509_crt_free(&ctx->client_ca);
|
||||
mbedtls_x509_crt_free(&ctx->server_ca);
|
||||
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||
mbedtls_ssl_ticket_free(&ctx->ticket_ctx);
|
||||
#endif
|
||||
free(ctx);
|
||||
mgr->tls_ctx = NULL;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef MG_ENABLE_LINES
|
||||
@ -7287,11 +7216,11 @@ static int mg_tls_err(struct mg_tls *tls, int res) {
|
||||
return err;
|
||||
}
|
||||
|
||||
static STACK_OF(X509_INFO) * load_ca_certs(const char *ca, int ca_len) {
|
||||
BIO *ca_bio = BIO_new_mem_buf(ca, ca_len);
|
||||
if (!ca_bio) return NULL;
|
||||
STACK_OF(X509_INFO) *certs = PEM_X509_INFO_read_bio(ca_bio, NULL, NULL, NULL);
|
||||
BIO_free(ca_bio);
|
||||
static STACK_OF(X509_INFO) * load_ca_certs(struct mg_str ca) {
|
||||
BIO *bio = BIO_new_mem_buf(ca.ptr, (int) ca.len);
|
||||
STACK_OF(X509_INFO) *certs =
|
||||
bio ? PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL) : NULL;
|
||||
if (bio) BIO_free(bio);
|
||||
return certs;
|
||||
}
|
||||
|
||||
@ -7305,45 +7234,52 @@ static bool add_ca_certs(SSL_CTX *ctx, STACK_OF(X509_INFO) * certs) {
|
||||
return true;
|
||||
}
|
||||
|
||||
static EVP_PKEY *load_key(const char *key, int key_len) {
|
||||
BIO *key_bio = BIO_new_mem_buf(key, key_len);
|
||||
if (!key_bio) return NULL;
|
||||
EVP_PKEY *priv_key = PEM_read_bio_PrivateKey(key_bio, NULL, 0, NULL);
|
||||
BIO_free(key_bio);
|
||||
return priv_key;
|
||||
static EVP_PKEY *load_key(struct mg_str s) {
|
||||
BIO *bio = BIO_new_mem_buf(s.ptr, (int) (long) s.len);
|
||||
EVP_PKEY *key = bio ? PEM_read_bio_PrivateKey(bio, NULL, 0, NULL) : NULL;
|
||||
if (bio) BIO_free(bio);
|
||||
return key;
|
||||
}
|
||||
|
||||
static X509 *load_cert(const char *cert, int cert_len) {
|
||||
BIO *cert_bio = BIO_new_mem_buf(cert, cert_len);
|
||||
if (!cert_bio) return NULL;
|
||||
X509 *x509 = PEM_read_bio_X509(cert_bio, NULL, 0, NULL);
|
||||
BIO_free(cert_bio);
|
||||
return x509;
|
||||
static X509 *load_cert(struct mg_str s) {
|
||||
BIO *bio = BIO_new_mem_buf(s.ptr, (int) (long) s.len);
|
||||
X509 *cert = bio == NULL ? NULL
|
||||
: s.ptr[0] == '-'
|
||||
? PEM_read_bio_X509(bio, NULL, NULL, NULL) // PEM
|
||||
: d2i_X509_bio(bio, NULL); // DER
|
||||
if (bio) BIO_free(bio);
|
||||
return cert;
|
||||
}
|
||||
|
||||
void mg_tls_init(struct mg_connection *c, struct mg_str hostname) {
|
||||
struct mg_tls_ctx *ctx = (struct mg_tls_ctx *) c->mgr->tls_ctx;
|
||||
void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
|
||||
struct mg_tls *tls = (struct mg_tls *) calloc(1, sizeof(*tls));
|
||||
|
||||
if (ctx == NULL) {
|
||||
mg_error(c, "TLS context not initialized");
|
||||
goto fail;
|
||||
}
|
||||
const char *id = "mongoose";
|
||||
static unsigned char s_initialised = 0;
|
||||
int rc;
|
||||
|
||||
if (tls == NULL) {
|
||||
mg_error(c, "TLS OOM");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
tls->ctx = c->is_client ? SSL_CTX_new(TLS_client_method())
|
||||
: SSL_CTX_new(TLS_server_method());
|
||||
if (!s_initialised) {
|
||||
SSL_library_init();
|
||||
s_initialised++;
|
||||
}
|
||||
MG_DEBUG(("%lu Setting TLS", c->id));
|
||||
tls->ctx = c->is_client ? SSL_CTX_new(SSLv23_client_method())
|
||||
: SSL_CTX_new(SSLv23_server_method());
|
||||
if ((tls->ssl = SSL_new(tls->ctx)) == NULL) {
|
||||
mg_error(c, "SSL_new");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
SSL_set_min_proto_version(tls->ssl, TLS1_2_VERSION);
|
||||
|
||||
SSL_set_session_id_context(tls->ssl, (const uint8_t *) id,
|
||||
(unsigned) strlen(id));
|
||||
// Disable deprecated protocols
|
||||
SSL_set_options(tls->ssl, SSL_OP_NO_SSLv2);
|
||||
SSL_set_options(tls->ssl, SSL_OP_NO_SSLv3);
|
||||
SSL_set_options(tls->ssl, SSL_OP_NO_TLSv1);
|
||||
SSL_set_options(tls->ssl, SSL_OP_NO_TLSv1_1);
|
||||
#ifdef MG_ENABLE_OPENSSL_NO_COMPRESSION
|
||||
SSL_set_options(tls->ssl, SSL_OP_NO_COMPRESSION);
|
||||
#endif
|
||||
@ -7351,37 +7287,33 @@ void mg_tls_init(struct mg_connection *c, struct mg_str hostname) {
|
||||
SSL_set_options(tls->ssl, SSL_OP_CIPHER_SERVER_PREFERENCE);
|
||||
#endif
|
||||
|
||||
if (c->is_client) {
|
||||
if (ctx->client_ca) {
|
||||
SSL_set_verify(tls->ssl,
|
||||
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
|
||||
if (!add_ca_certs(tls->ctx, ctx->client_ca)) goto fail;
|
||||
}
|
||||
if (ctx->client_cert && ctx->client_key) {
|
||||
if (SSL_use_certificate(tls->ssl, ctx->client_cert) != 1) {
|
||||
mg_error(c, "SSL_CTX_use_certificate");
|
||||
goto fail;
|
||||
}
|
||||
if (SSL_use_PrivateKey(tls->ssl, ctx->client_key) != 1) {
|
||||
mg_error(c, "SSL_CTX_use_PrivateKey");
|
||||
if (opts->ca.ptr != NULL && opts->ca.ptr[0] != '\0') {
|
||||
SSL_set_verify(tls->ssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
|
||||
NULL);
|
||||
STACK_OF(X509_INFO) *certs = load_ca_certs(opts->ca);
|
||||
rc = add_ca_certs(tls->ctx, certs);
|
||||
sk_X509_INFO_pop_free(certs, X509_INFO_free);
|
||||
if (!rc) {
|
||||
mg_error(c, "CA err");
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if (ctx->server_ca) {
|
||||
SSL_set_verify(tls->ssl,
|
||||
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
|
||||
if (!add_ca_certs(tls->ctx, ctx->server_ca)) goto fail;
|
||||
}
|
||||
if (ctx->server_cert && ctx->server_key) {
|
||||
if (SSL_use_certificate(tls->ssl, ctx->server_cert) != 1) {
|
||||
mg_error(c, "SSL_CTX_use_certificate");
|
||||
if (opts->cert.ptr != NULL && opts->cert.ptr[0] != '\0') {
|
||||
X509 *cert = load_cert(opts->cert);
|
||||
rc = cert == NULL ? 0 : SSL_use_certificate(tls->ssl, cert);
|
||||
X509_free(cert);
|
||||
if (cert == NULL || rc != 1) {
|
||||
mg_error(c, "CERT err %d", mg_tls_err(tls, rc));
|
||||
goto fail;
|
||||
}
|
||||
if (SSL_use_PrivateKey(tls->ssl, ctx->server_key) != 1) {
|
||||
mg_error(c, "SSL_CTX_use_PrivateKey");
|
||||
goto fail;
|
||||
}
|
||||
if (opts->key.ptr != NULL && opts->key.ptr[0] != '\0') {
|
||||
EVP_PKEY *key = load_key(opts->key);
|
||||
rc = key == NULL ? 0 : SSL_use_PrivateKey(tls->ssl, key);
|
||||
EVP_PKEY_free(key);
|
||||
if (key == NULL || rc != 1) {
|
||||
mg_error(c, "KEY err %d", mg_tls_err(tls, rc));
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
|
||||
@ -7389,16 +7321,14 @@ void mg_tls_init(struct mg_connection *c, struct mg_str hostname) {
|
||||
#if OPENSSL_VERSION_NUMBER > 0x10002000L
|
||||
SSL_set_ecdh_auto(tls->ssl, 1);
|
||||
#endif
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
if (c->is_client && hostname.ptr && hostname.ptr[0] != '\0') {
|
||||
char *s = mg_mprintf("%.*s", (int) hostname.len, hostname.ptr);
|
||||
if (opts->name.len > 0) {
|
||||
char *s = mg_mprintf("%.*s", (int) opts->name.len, opts->name.ptr);
|
||||
SSL_set1_host(tls->ssl, s);
|
||||
SSL_set_tlsext_host_name(tls->ssl, s);
|
||||
free(s);
|
||||
}
|
||||
#endif
|
||||
|
||||
c->tls = tls;
|
||||
c->is_tls = 1;
|
||||
c->is_tls_hs = 1;
|
||||
@ -7407,9 +7337,7 @@ void mg_tls_init(struct mg_connection *c, struct mg_str hostname) {
|
||||
}
|
||||
MG_DEBUG(("%lu SSL %s OK", c->id, c->is_accepted ? "accept" : "client"));
|
||||
return;
|
||||
|
||||
fail:
|
||||
c->is_closing = 1;
|
||||
free(tls);
|
||||
}
|
||||
|
||||
@ -7457,70 +7385,6 @@ long mg_tls_send(struct mg_connection *c, const void *buf, size_t len) {
|
||||
if (n <= 0) return MG_IO_ERR;
|
||||
return n;
|
||||
}
|
||||
|
||||
void mg_tls_ctx_free(struct mg_mgr *mgr) {
|
||||
struct mg_tls_ctx *ctx = (struct mg_tls_ctx *) mgr->tls_ctx;
|
||||
if (ctx) {
|
||||
if (ctx->server_cert) X509_free(ctx->server_cert);
|
||||
if (ctx->server_key) EVP_PKEY_free(ctx->server_key);
|
||||
if (ctx->server_ca)
|
||||
sk_X509_INFO_pop_free(ctx->server_ca, X509_INFO_free);
|
||||
if (ctx->client_cert) X509_free(ctx->client_cert);
|
||||
if (ctx->client_key) EVP_PKEY_free(ctx->client_key);
|
||||
if (ctx->client_ca)
|
||||
sk_X509_INFO_pop_free(ctx->client_ca, X509_INFO_free);
|
||||
free(ctx);
|
||||
mgr->tls_ctx = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
void mg_tls_ctx_init(struct mg_mgr *mgr, const struct mg_tls_opts *opts) {
|
||||
static unsigned char s_initialised = 0;
|
||||
if (!s_initialised) {
|
||||
SSL_library_init();
|
||||
s_initialised++;
|
||||
}
|
||||
|
||||
struct mg_tls_ctx *ctx = (struct mg_tls_ctx *) calloc(1, sizeof(*ctx));
|
||||
if (ctx == NULL) return;
|
||||
|
||||
if (opts->server_cert.ptr && opts->server_cert.ptr[0] != '\0') {
|
||||
struct mg_str key = opts->server_key;
|
||||
if (!key.ptr) key = opts->server_cert;
|
||||
if (!(ctx->server_cert =
|
||||
load_cert(opts->server_cert.ptr, (int) opts->server_cert.len)))
|
||||
goto fail;
|
||||
if (!(ctx->server_key = load_key(key.ptr, (int) key.len))) goto fail;
|
||||
}
|
||||
|
||||
if (opts->server_ca.ptr && opts->server_ca.ptr[0] != '\0') {
|
||||
if (!(ctx->server_ca =
|
||||
load_ca_certs(opts->server_ca.ptr, (int) opts->server_ca.len)))
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if (opts->client_cert.ptr && opts->client_cert.ptr[0] != '\0') {
|
||||
struct mg_str key = opts->client_key;
|
||||
if (!key.ptr) key = opts->client_cert;
|
||||
if (!(ctx->client_cert =
|
||||
load_cert(opts->client_cert.ptr, (int) opts->client_cert.len)))
|
||||
goto fail;
|
||||
if (!(ctx->client_key = load_key(key.ptr, (int) key.len))) goto fail;
|
||||
}
|
||||
|
||||
if (opts->client_ca.ptr && opts->client_ca.ptr[0] != '\0') {
|
||||
if (!(ctx->client_ca =
|
||||
load_ca_certs(opts->client_ca.ptr, (int) opts->client_ca.len)))
|
||||
goto fail;
|
||||
}
|
||||
|
||||
mgr->tls_ctx = ctx;
|
||||
return;
|
||||
fail:
|
||||
MG_ERROR(("TLS ctx init error"));
|
||||
mg_tls_ctx_free(mgr);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#ifdef MG_ENABLE_LINES
|
||||
@ -7535,7 +7399,7 @@ struct url {
|
||||
int mg_url_is_ssl(const char *url) {
|
||||
return strncmp(url, "wss:", 4) == 0 || strncmp(url, "https:", 6) == 0 ||
|
||||
strncmp(url, "mqtts:", 6) == 0 || strncmp(url, "ssl:", 4) == 0 ||
|
||||
strncmp(url, "tls:", 4) == 0;
|
||||
strncmp(url, "tls:", 4) == 0 || strncmp(url, "tcps:", 5) == 0;
|
||||
}
|
||||
|
||||
static struct url urlparse(const char *url) {
|
||||
@ -7730,9 +7594,8 @@ uint64_t mg_millis(void) {
|
||||
return GetTickCount();
|
||||
#elif MG_ARCH == MG_ARCH_RP2040
|
||||
return time_us_64() / 1000;
|
||||
#elif MG_ARCH == MG_ARCH_ESP32
|
||||
return esp_timer_get_time() / 1000;
|
||||
#elif MG_ARCH == MG_ARCH_ESP8266 || MG_ARCH == MG_ARCH_FREERTOS
|
||||
#elif MG_ARCH == MG_ARCH_ESP8266 || MG_ARCH == MG_ARCH_ESP32 || \
|
||||
MG_ARCH == MG_ARCH_FREERTOS
|
||||
return xTaskGetTickCount() * portTICK_PERIOD_MS;
|
||||
#elif MG_ARCH == MG_ARCH_AZURERTOS
|
||||
return tx_time_get() * (1000 /* MS per SEC */ / TX_TIMER_TICKS_PER_SECOND);
|
||||
|
42
mongoose.h
42
mongoose.h
@ -1176,7 +1176,6 @@ struct mg_mgr {
|
||||
unsigned long nextid; // Next connection ID
|
||||
unsigned long timerid; // Next timer ID
|
||||
void *userdata; // Arbitrary user data pointer
|
||||
void *tls_ctx; // TLS context shared by all TLS sessions
|
||||
uint16_t mqtt_id; // MQTT IDs for pub/sub
|
||||
void *active_dns_requests; // DNS requests in progress
|
||||
struct mg_timer *timers; // Active timers
|
||||
@ -1342,17 +1341,13 @@ void mg_http_serve_ssi(struct mg_connection *c, const char *root,
|
||||
|
||||
|
||||
struct mg_tls_opts {
|
||||
struct mg_str client_ca;
|
||||
struct mg_str server_ca;
|
||||
struct mg_str server_cert;
|
||||
struct mg_str server_key;
|
||||
struct mg_str client_cert;
|
||||
struct mg_str client_key;
|
||||
struct mg_str ca; // PEM or DER
|
||||
struct mg_str cert; // PEM or DER
|
||||
struct mg_str key; // PEM or DER
|
||||
struct mg_str name; // If not empty, enable host name verification
|
||||
};
|
||||
|
||||
void mg_tls_ctx_init(struct mg_mgr *, const struct mg_tls_opts *);
|
||||
void mg_tls_ctx_free(struct mg_mgr *);
|
||||
void mg_tls_init(struct mg_connection *, struct mg_str hostname);
|
||||
void mg_tls_init(struct mg_connection *, const struct mg_tls_opts *opts);
|
||||
void mg_tls_free(struct mg_connection *);
|
||||
long mg_tls_send(struct mg_connection *, const void *buf, size_t len);
|
||||
long mg_tls_recv(struct mg_connection *, void *buf, size_t len);
|
||||
@ -1371,21 +1366,15 @@ void mg_tls_handshake(struct mg_connection *);
|
||||
#include <mbedtls/ssl.h>
|
||||
#include <mbedtls/ssl_ticket.h>
|
||||
|
||||
struct mg_tls_ctx {
|
||||
mbedtls_x509_crt server_ca; // Parsed CA certificate
|
||||
mbedtls_x509_crt client_ca; // Parsed CA certificate
|
||||
mbedtls_x509_crt server_cert; // Parsed server certificate
|
||||
mbedtls_pk_context server_key; // Parsed server private key context
|
||||
mbedtls_x509_crt client_cert; // Parsed client certificate
|
||||
mbedtls_pk_context client_key; // Parsed client private key context
|
||||
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||
mbedtls_ssl_ticket_context ticket_ctx; // Session tickets context
|
||||
#endif
|
||||
};
|
||||
|
||||
struct mg_tls {
|
||||
mbedtls_x509_crt ca; // Parsed CA certificate
|
||||
mbedtls_x509_crt cert; // Parsed certificate
|
||||
mbedtls_pk_context pk; // Private key context
|
||||
mbedtls_ssl_context ssl; // SSL/TLS context
|
||||
mbedtls_ssl_config conf; // SSL-TLS config
|
||||
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||
mbedtls_ssl_ticket_context ticket; // Session tickets context
|
||||
#endif
|
||||
};
|
||||
#endif
|
||||
|
||||
@ -1395,15 +1384,6 @@ struct mg_tls {
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
struct mg_tls_ctx {
|
||||
X509 *server_cert;
|
||||
EVP_PKEY *server_key;
|
||||
STACK_OF(X509_INFO) *server_ca;
|
||||
X509 *client_cert;
|
||||
EVP_PKEY *client_key;
|
||||
STACK_OF(X509_INFO) *client_ca;
|
||||
};
|
||||
|
||||
struct mg_tls {
|
||||
SSL_CTX *ctx;
|
||||
SSL *ssl;
|
||||
|
@ -17,7 +17,7 @@ void mg_error(struct mg_connection *c, const char *fmt, ...) {
|
||||
va_start(ap, fmt);
|
||||
mg_vsnprintf(buf, sizeof(buf), fmt, &ap);
|
||||
va_end(ap);
|
||||
MG_ERROR(("%lu %p %s", c->id, c->fd, buf));
|
||||
MG_ERROR(("%lu %ld %s", c->id, c->fd, buf));
|
||||
c->is_closing = 1; // Set is_closing before sending MG_EV_CALL
|
||||
mg_call(c, MG_EV_ERROR, buf); // Let user handler to override it
|
||||
}
|
||||
|
11
src/net.c
11
src/net.c
@ -138,7 +138,7 @@ void mg_close_conn(struct mg_connection *c) {
|
||||
// Order of operations is important. `MG_EV_CLOSE` event must be fired
|
||||
// before we deallocate received data, see #1331
|
||||
mg_call(c, MG_EV_CLOSE, NULL);
|
||||
MG_DEBUG(("%lu %p closed", c->id, c->fd));
|
||||
MG_DEBUG(("%lu %ld closed", c->id, c->fd));
|
||||
|
||||
mg_tls_free(c);
|
||||
mg_iobuf_free(&c->recv);
|
||||
@ -161,13 +161,9 @@ struct mg_connection *mg_connect(struct mg_mgr *mgr, const char *url,
|
||||
c->fn = fn;
|
||||
c->is_client = true;
|
||||
c->fn_data = fn_data;
|
||||
MG_DEBUG(("%lu %p %s", c->id, c->fd, url));
|
||||
MG_DEBUG(("%lu %ld %s", c->id, c->fd, url));
|
||||
mg_call(c, MG_EV_OPEN, (void *) url);
|
||||
mg_resolve(c, url);
|
||||
if (mg_url_is_ssl(url)) {
|
||||
struct mg_str host = mg_url_host(url);
|
||||
mg_tls_init(c, host);
|
||||
}
|
||||
}
|
||||
return c;
|
||||
}
|
||||
@ -189,7 +185,7 @@ struct mg_connection *mg_listen(struct mg_mgr *mgr, const char *url,
|
||||
c->fn_data = fn_data;
|
||||
mg_call(c, MG_EV_OPEN, NULL);
|
||||
if (mg_url_is_ssl(url)) c->is_tls = 1; // Accepted connection must
|
||||
MG_DEBUG(("%lu %p %s", c->id, c->fd, url));
|
||||
MG_DEBUG(("%lu %ld %s", c->id, c->fd, url));
|
||||
}
|
||||
return c;
|
||||
}
|
||||
@ -232,7 +228,6 @@ void mg_mgr_free(struct mg_mgr *mgr) {
|
||||
#if MG_ENABLE_EPOLL
|
||||
if (mgr->epoll_fd >= 0) close(mgr->epoll_fd), mgr->epoll_fd = -1;
|
||||
#endif
|
||||
mg_tls_ctx_free(mgr);
|
||||
}
|
||||
|
||||
void mg_mgr_init(struct mg_mgr *mgr) {
|
||||
|
@ -27,7 +27,6 @@ struct mg_mgr {
|
||||
unsigned long nextid; // Next connection ID
|
||||
unsigned long timerid; // Next timer ID
|
||||
void *userdata; // Arbitrary user data pointer
|
||||
void *tls_ctx; // TLS context shared by all TLS sessions
|
||||
uint16_t mqtt_id; // MQTT IDs for pub/sub
|
||||
void *active_dns_requests; // DNS requests in progress
|
||||
struct mg_timer *timers; // Active timers
|
||||
|
@ -544,7 +544,6 @@ static struct mg_connection *accept_conn(struct mg_connection *lsn,
|
||||
c->fn_data = lsn->fn_data;
|
||||
mg_call(c, MG_EV_OPEN, NULL);
|
||||
mg_call(c, MG_EV_ACCEPT, NULL);
|
||||
if (lsn->is_tls) mg_tls_init(c, mg_str(""));
|
||||
return c;
|
||||
}
|
||||
|
||||
|
11
src/sock.c
11
src/sock.c
@ -137,7 +137,7 @@ long mg_io_send(struct mg_connection *c, const void *buf, size_t len) {
|
||||
bool mg_send(struct mg_connection *c, const void *buf, size_t len) {
|
||||
if (c->is_udp) {
|
||||
long n = mg_io_send(c, buf, len);
|
||||
MG_DEBUG(("%lu %p %d:%d %ld err %d", c->id, c->fd, (int) c->send.len,
|
||||
MG_DEBUG(("%lu %ld %d:%d %ld err %d", c->id, c->fd, (int) c->send.len,
|
||||
(int) c->recv.len, n, MG_SOCK_ERR(n)));
|
||||
iolog(c, (char *) buf, n, false);
|
||||
return n > 0;
|
||||
@ -267,7 +267,7 @@ static void read_conn(struct mg_connection *c) {
|
||||
char *buf = (char *) &c->recv.buf[c->recv.len];
|
||||
size_t len = c->recv.size - c->recv.len;
|
||||
n = c->is_tls ? mg_tls_recv(c, buf, len) : mg_io_recv(c, buf, len);
|
||||
MG_DEBUG(("%lu %p snd %ld/%ld rcv %ld/%ld n=%ld err=%d", c->id, c->fd,
|
||||
MG_DEBUG(("%lu %ld snd %ld/%ld rcv %ld/%ld n=%ld err=%d", c->id, c->fd,
|
||||
(long) c->send.len, (long) c->send.size, (long) c->recv.len,
|
||||
(long) c->recv.size, n, MG_SOCK_ERR(n)));
|
||||
iolog(c, buf, n, true);
|
||||
@ -278,7 +278,7 @@ static void write_conn(struct mg_connection *c) {
|
||||
char *buf = (char *) c->send.buf;
|
||||
size_t len = c->send.len;
|
||||
long n = c->is_tls ? mg_tls_send(c, buf, len) : mg_io_send(c, buf, len);
|
||||
MG_DEBUG(("%lu %p snd %ld/%ld rcv %ld/%ld n=%ld err=%d", c->id, c->fd,
|
||||
MG_DEBUG(("%lu %ld snd %ld/%ld rcv %ld/%ld n=%ld err=%d", c->id, c->fd,
|
||||
(long) c->send.len, (long) c->send.size, (long) c->recv.len,
|
||||
(long) c->recv.size, n, MG_SOCK_ERR(n)));
|
||||
iolog(c, buf, n, false);
|
||||
@ -356,7 +356,7 @@ void mg_connect_resolved(struct mg_connection *c) {
|
||||
if (rc == 0) { // Success
|
||||
mg_call(c, MG_EV_CONNECT, NULL); // Send MG_EV_CONNECT to the user
|
||||
} else if (MG_SOCK_PENDING(rc)) { // Need to wait for TCP handshake
|
||||
MG_DEBUG(("%lu %p -> %M pend", c->id, c->fd, mg_print_ip_port, &c->rem));
|
||||
MG_DEBUG(("%lu %ld -> %M pend", c->id, c->fd, mg_print_ip_port, &c->rem));
|
||||
c->is_connecting = 1;
|
||||
} else {
|
||||
mg_error(c, "connect: %d", MG_SOCK_ERR(rc));
|
||||
@ -410,11 +410,10 @@ static void accept_conn(struct mg_mgr *mgr, struct mg_connection *lsn) {
|
||||
c->pfn_data = lsn->pfn_data;
|
||||
c->fn = lsn->fn;
|
||||
c->fn_data = lsn->fn_data;
|
||||
MG_DEBUG(("%lu %p accepted %M -> %M", c->id, c->fd, mg_print_ip_port,
|
||||
MG_DEBUG(("%lu %ld accepted %M -> %M", c->id, c->fd, mg_print_ip_port,
|
||||
&c->rem, mg_print_ip_port, &c->loc));
|
||||
mg_call(c, MG_EV_OPEN, NULL);
|
||||
mg_call(c, MG_EV_ACCEPT, NULL);
|
||||
if (lsn->is_tls) mg_tls_init(c, mg_str(""));
|
||||
}
|
||||
}
|
||||
|
||||
|
14
src/tls.h
14
src/tls.h
@ -15,17 +15,13 @@
|
||||
#include "tls_openssl.h"
|
||||
|
||||
struct mg_tls_opts {
|
||||
struct mg_str client_ca;
|
||||
struct mg_str server_ca;
|
||||
struct mg_str server_cert;
|
||||
struct mg_str server_key;
|
||||
struct mg_str client_cert;
|
||||
struct mg_str client_key;
|
||||
struct mg_str ca; // PEM or DER
|
||||
struct mg_str cert; // PEM or DER
|
||||
struct mg_str key; // PEM or DER
|
||||
struct mg_str name; // If not empty, enable host name verification
|
||||
};
|
||||
|
||||
void mg_tls_ctx_init(struct mg_mgr *, const struct mg_tls_opts *);
|
||||
void mg_tls_ctx_free(struct mg_mgr *);
|
||||
void mg_tls_init(struct mg_connection *, struct mg_str hostname);
|
||||
void mg_tls_init(struct mg_connection *, const struct mg_tls_opts *opts);
|
||||
void mg_tls_free(struct mg_connection *);
|
||||
long mg_tls_send(struct mg_connection *, const void *buf, size_t len);
|
||||
long mg_tls_recv(struct mg_connection *, void *buf, size_t len);
|
||||
|
@ -1,8 +1,8 @@
|
||||
#include "tls.h"
|
||||
|
||||
#if MG_TLS == MG_TLS_NONE
|
||||
void mg_tls_init(struct mg_connection *c, struct mg_str hostname) {
|
||||
(void) hostname;
|
||||
void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
|
||||
(void) opts;
|
||||
mg_error(c, "TLS is not enabled");
|
||||
}
|
||||
void mg_tls_handshake(struct mg_connection *c) {
|
||||
@ -21,10 +21,4 @@ size_t mg_tls_pending(struct mg_connection *c) {
|
||||
(void) c;
|
||||
return 0;
|
||||
}
|
||||
void mg_tls_ctx_free(struct mg_mgr *mgr) {
|
||||
mgr->tls_ctx = NULL;
|
||||
}
|
||||
void mg_tls_ctx_init(struct mg_mgr *mgr, const struct mg_tls_opts *opts) {
|
||||
(void) opts, (void) mgr;
|
||||
}
|
||||
#endif
|
||||
|
186
src/tls_mbed.c
186
src/tls_mbed.c
@ -1,20 +1,54 @@
|
||||
#include "fs.h"
|
||||
#include "printf.h"
|
||||
#include "log.h"
|
||||
#include "tls.h"
|
||||
|
||||
#if MG_TLS == MG_TLS_MBED
|
||||
|
||||
#if defined(MBEDTLS_VERSION_NUMBER) && MBEDTLS_VERSION_NUMBER >= 0x03000000
|
||||
#define MGRNG , rng_get, NULL
|
||||
#define MG_MBEDTLS_RNG_GET , mg_mbed_rng, NULL
|
||||
#else
|
||||
#define MGRNG
|
||||
#define MG_MBEDTLS_RNG_GET
|
||||
#endif
|
||||
|
||||
static int mg_mbed_rng(void *ctx, unsigned char *buf, size_t len) {
|
||||
mg_random(buf, len);
|
||||
(void) ctx;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static bool mg_load_cert(struct mg_str str, mbedtls_x509_crt *p) {
|
||||
int rc;
|
||||
if (str.ptr == NULL || str.ptr[0] == '\0' || str.ptr[0] == '*') return true;
|
||||
if (str.ptr[0] == '-') str.len++; // PEM, include trailing NUL
|
||||
if ((rc = mbedtls_x509_crt_parse(p, (uint8_t *) str.ptr, str.len)) != 0) {
|
||||
MG_ERROR(("cert err %#x", -rc));
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool mg_load_key(struct mg_str str, mbedtls_pk_context *p) {
|
||||
int rc;
|
||||
if (str.ptr == NULL || str.ptr[0] == '\0' || str.ptr[0] == '*') return true;
|
||||
if (str.ptr[0] == '-') str.len++; // PEM, include trailing NUL
|
||||
if ((rc = mbedtls_pk_parse_key(p, (uint8_t *) str.ptr, str.len, NULL,
|
||||
0 MG_MBEDTLS_RNG_GET)) != 0) {
|
||||
MG_ERROR(("key err %#x", -rc));
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
void mg_tls_free(struct mg_connection *c) {
|
||||
struct mg_tls *tls = (struct mg_tls *) c->tls;
|
||||
if (tls != NULL) {
|
||||
mbedtls_ssl_free(&tls->ssl);
|
||||
mbedtls_pk_free(&tls->pk);
|
||||
mbedtls_x509_crt_free(&tls->ca);
|
||||
mbedtls_x509_crt_free(&tls->cert);
|
||||
mbedtls_ssl_config_free(&tls->conf);
|
||||
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||
mbedtls_ssl_ticket_free(&tls->ticket);
|
||||
#endif
|
||||
free(tls);
|
||||
c->tls = NULL;
|
||||
}
|
||||
@ -54,40 +88,27 @@ void mg_tls_handshake(struct mg_connection *c) {
|
||||
}
|
||||
}
|
||||
|
||||
static int mbed_rng(void *ctx, unsigned char *buf, size_t len) {
|
||||
mg_random(buf, len);
|
||||
(void) ctx;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void debug_cb(void *c, int lev, const char *s, int n, const char *s2) {
|
||||
n = (int) strlen(s2) - 1;
|
||||
MG_INFO(("%lu %d %.*s", ((struct mg_connection *) c)->id, lev, n, s2));
|
||||
(void) s;
|
||||
}
|
||||
|
||||
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||
static int rng_get(void *p_rng, unsigned char *buf, size_t len) {
|
||||
(void) p_rng;
|
||||
mg_random(buf, len);
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
void mg_tls_init(struct mg_connection *c, struct mg_str hostname) {
|
||||
struct mg_tls_ctx *ctx = (struct mg_tls_ctx *) c->mgr->tls_ctx;
|
||||
void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
|
||||
struct mg_tls *tls = (struct mg_tls *) calloc(1, sizeof(*tls));
|
||||
int rc = 0;
|
||||
|
||||
c->tls = tls;
|
||||
if (c->tls == NULL) {
|
||||
mg_error(c, "TLS OOM");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if (c->is_listening) goto fail;
|
||||
MG_DEBUG(("%lu Setting TLS", c->id));
|
||||
mbedtls_ssl_init(&tls->ssl);
|
||||
mbedtls_ssl_config_init(&tls->conf);
|
||||
mbedtls_x509_crt_init(&tls->ca);
|
||||
mbedtls_x509_crt_init(&tls->cert);
|
||||
mbedtls_pk_init(&tls->pk);
|
||||
mbedtls_ssl_conf_dbg(&tls->conf, debug_cb, c);
|
||||
#if defined(MG_MBEDTLS_DEBUG_LEVEL)
|
||||
mbedtls_debug_set_threshold(MG_MBEDTLS_DEBUG_LEVEL);
|
||||
@ -99,49 +120,44 @@ void mg_tls_init(struct mg_connection *c, struct mg_str hostname) {
|
||||
mg_error(c, "tls defaults %#x", -rc);
|
||||
goto fail;
|
||||
}
|
||||
mbedtls_ssl_conf_rng(&tls->conf, mbed_rng, c);
|
||||
mbedtls_ssl_conf_rng(&tls->conf, mg_mbed_rng, c);
|
||||
|
||||
if (c->is_client && ctx->client_ca.version) {
|
||||
mbedtls_ssl_conf_ca_chain(&tls->conf, &ctx->client_ca, NULL);
|
||||
mbedtls_ssl_conf_authmode(&tls->conf, MBEDTLS_SSL_VERIFY_REQUIRED);
|
||||
if (hostname.ptr != NULL && hostname.ptr[0] != '\0') {
|
||||
struct mg_addr addr;
|
||||
if (!mg_aton(hostname, &addr)) { // if srvname is not an IP address
|
||||
char *host = mg_mprintf("%.*s", (int) hostname.len, hostname.ptr);
|
||||
if (opts->ca.len == 0 || mg_vcmp(&opts->ca, "*") == 0) {
|
||||
mbedtls_ssl_conf_authmode(&tls->conf, MBEDTLS_SSL_VERIFY_NONE);
|
||||
} else {
|
||||
if (mg_load_cert(opts->ca, &tls->ca) == false) goto fail;
|
||||
mbedtls_ssl_conf_ca_chain(&tls->conf, &tls->ca, NULL);
|
||||
if (c->is_client && opts->name.ptr != NULL && opts->name.ptr[0] != '\0') {
|
||||
char *host = mg_mprintf("%.*s", opts->name.len, opts->name.ptr);
|
||||
mbedtls_ssl_set_hostname(&tls->ssl, host);
|
||||
MG_DEBUG(("%lu hostname verification: %s", c->id, host));
|
||||
free(host);
|
||||
}
|
||||
}
|
||||
} else if (!c->is_client && ctx->server_ca.version) {
|
||||
mbedtls_ssl_conf_ca_chain(&tls->conf, &ctx->server_ca, NULL);
|
||||
mbedtls_ssl_conf_authmode(&tls->conf, MBEDTLS_SSL_VERIFY_REQUIRED);
|
||||
} else {
|
||||
mbedtls_ssl_conf_authmode(&tls->conf, MBEDTLS_SSL_VERIFY_NONE);
|
||||
}
|
||||
if (c->is_client && ctx->client_cert.version &&
|
||||
(rc = mbedtls_ssl_conf_own_cert(&tls->conf, &ctx->client_cert,
|
||||
&ctx->client_key)) != 0) {
|
||||
mg_error(c, "own cert %#x", -rc);
|
||||
goto fail;
|
||||
}
|
||||
if (!c->is_client && ctx->server_cert.version &&
|
||||
(rc = mbedtls_ssl_conf_own_cert(&tls->conf, &ctx->server_cert,
|
||||
&ctx->server_key)) != 0) {
|
||||
if (!mg_load_cert(opts->cert, &tls->cert)) goto fail;
|
||||
if (!mg_load_key(opts->key, &tls->pk)) goto fail;
|
||||
if (tls->cert.version &&
|
||||
(rc = mbedtls_ssl_conf_own_cert(&tls->conf, &tls->cert, &tls->pk)) != 0) {
|
||||
mg_error(c, "own cert %#x", -rc);
|
||||
goto fail;
|
||||
}
|
||||
|
||||
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||
mbedtls_ssl_ticket_init(&tls->ticket);
|
||||
if ((rc = mbedtls_ssl_ticket_setup(&tls->ticket, mg_mbed_rng, NULL,
|
||||
MBEDTLS_CIPHER_AES_128_GCM, 86400)) != 0) {
|
||||
mg_error(c, " mbedtls_ssl_ticket_setup %#x", -rc);
|
||||
goto fail;
|
||||
}
|
||||
mbedtls_ssl_conf_session_tickets_cb(&tls->conf, mbedtls_ssl_ticket_write,
|
||||
mbedtls_ssl_ticket_parse,
|
||||
&ctx->ticket_ctx);
|
||||
mbedtls_ssl_ticket_parse, &tls->ticket);
|
||||
#endif
|
||||
|
||||
if ((rc = mbedtls_ssl_setup(&tls->ssl, &tls->conf)) != 0) {
|
||||
mg_error(c, "setup err %#x", -rc);
|
||||
goto fail;
|
||||
}
|
||||
|
||||
c->tls = tls;
|
||||
c->is_tls = 1;
|
||||
c->is_tls_hs = 1;
|
||||
mbedtls_ssl_set_bio(&tls->ssl, c, mg_net_send, mg_net_recv, 0);
|
||||
@ -175,78 +191,4 @@ long mg_tls_send(struct mg_connection *c, const void *buf, size_t len) {
|
||||
if (n <= 0) return MG_IO_ERR;
|
||||
return n;
|
||||
}
|
||||
|
||||
static bool load_cert(struct mg_str str, mbedtls_x509_crt *p) {
|
||||
int rc;
|
||||
if (str.ptr == NULL || str.ptr[0] == '\0' || str.ptr[0] == '*') return true;
|
||||
if (str.ptr[0] == '-') str.len++; // PEM, include trailing NUL
|
||||
if ((rc = mbedtls_x509_crt_parse(p, (uint8_t *) str.ptr, str.len)) != 0) {
|
||||
MG_ERROR(("cert err %#x", -rc));
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool load_key(struct mg_str str, mbedtls_pk_context *p) {
|
||||
int rc;
|
||||
if (str.ptr == NULL || str.ptr[0] == '\0' || str.ptr[0] == '*') return true;
|
||||
if (str.ptr[0] == '-') str.len++; // PEM, include trailing NUL
|
||||
if ((rc = mbedtls_pk_parse_key(p, (uint8_t *) str.ptr, str.len, NULL,
|
||||
0 MGRNG)) != 0) {
|
||||
MG_ERROR(("key err %#x", -rc));
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
void mg_tls_ctx_init(struct mg_mgr *mgr, const struct mg_tls_opts *opts) {
|
||||
struct mg_tls_ctx *ctx = (struct mg_tls_ctx *) calloc(1, sizeof(*ctx));
|
||||
if (ctx == NULL) goto fail;
|
||||
MG_DEBUG(("Setting up TLS context"));
|
||||
|
||||
#if defined(MG_MBEDTLS_DEBUG_LEVEL)
|
||||
mbedtls_debug_set_threshold(MG_MBEDTLS_DEBUG_LEVEL);
|
||||
#endif
|
||||
|
||||
if (!load_cert(opts->client_ca, &ctx->client_ca)) goto fail;
|
||||
if (!load_cert(opts->server_ca, &ctx->server_ca)) goto fail;
|
||||
if (!load_cert(opts->client_cert, &ctx->client_cert)) goto fail;
|
||||
if (!load_cert(opts->server_cert, &ctx->server_cert)) goto fail;
|
||||
if (!load_key(opts->server_key, &ctx->server_key)) goto fail;
|
||||
if (!load_key(opts->client_key, &ctx->client_key)) goto fail;
|
||||
|
||||
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||
{
|
||||
int rc;
|
||||
mbedtls_ssl_ticket_init(&ctx->ticket_ctx);
|
||||
if ((rc = mbedtls_ssl_ticket_setup(&ctx->ticket_ctx, rng_get, NULL,
|
||||
MBEDTLS_CIPHER_AES_128_GCM, 86400)) !=
|
||||
0) {
|
||||
MG_ERROR(("setup session tickets err %#x", -rc));
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
mgr->tls_ctx = ctx;
|
||||
return;
|
||||
fail:
|
||||
mg_tls_ctx_free(mgr);
|
||||
}
|
||||
|
||||
void mg_tls_ctx_free(struct mg_mgr *mgr) {
|
||||
struct mg_tls_ctx *ctx = (struct mg_tls_ctx *) mgr->tls_ctx;
|
||||
if (ctx != NULL) {
|
||||
mbedtls_x509_crt_free(&ctx->server_cert);
|
||||
mbedtls_pk_free(&ctx->server_key);
|
||||
mbedtls_x509_crt_free(&ctx->client_cert);
|
||||
mbedtls_pk_free(&ctx->client_key);
|
||||
mbedtls_x509_crt_free(&ctx->client_ca);
|
||||
mbedtls_x509_crt_free(&ctx->server_ca);
|
||||
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||
mbedtls_ssl_ticket_free(&ctx->ticket_ctx);
|
||||
#endif
|
||||
free(ctx);
|
||||
mgr->tls_ctx = NULL;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
@ -11,20 +11,14 @@
|
||||
#include <mbedtls/ssl.h>
|
||||
#include <mbedtls/ssl_ticket.h>
|
||||
|
||||
struct mg_tls_ctx {
|
||||
mbedtls_x509_crt server_ca; // Parsed CA certificate
|
||||
mbedtls_x509_crt client_ca; // Parsed CA certificate
|
||||
mbedtls_x509_crt server_cert; // Parsed server certificate
|
||||
mbedtls_pk_context server_key; // Parsed server private key context
|
||||
mbedtls_x509_crt client_cert; // Parsed client certificate
|
||||
mbedtls_pk_context client_key; // Parsed client private key context
|
||||
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||
mbedtls_ssl_ticket_context ticket_ctx; // Session tickets context
|
||||
#endif
|
||||
};
|
||||
|
||||
struct mg_tls {
|
||||
mbedtls_x509_crt ca; // Parsed CA certificate
|
||||
mbedtls_x509_crt cert; // Parsed certificate
|
||||
mbedtls_pk_context pk; // Private key context
|
||||
mbedtls_ssl_context ssl; // SSL/TLS context
|
||||
mbedtls_ssl_config conf; // SSL-TLS config
|
||||
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||
mbedtls_ssl_ticket_context ticket; // Session tickets context
|
||||
#endif
|
||||
};
|
||||
#endif
|
||||
|
@ -20,11 +20,11 @@ static int mg_tls_err(struct mg_tls *tls, int res) {
|
||||
return err;
|
||||
}
|
||||
|
||||
static STACK_OF(X509_INFO) * load_ca_certs(const char *ca, int ca_len) {
|
||||
BIO *ca_bio = BIO_new_mem_buf(ca, ca_len);
|
||||
if (!ca_bio) return NULL;
|
||||
STACK_OF(X509_INFO) *certs = PEM_X509_INFO_read_bio(ca_bio, NULL, NULL, NULL);
|
||||
BIO_free(ca_bio);
|
||||
static STACK_OF(X509_INFO) * load_ca_certs(struct mg_str ca) {
|
||||
BIO *bio = BIO_new_mem_buf(ca.ptr, (int) ca.len);
|
||||
STACK_OF(X509_INFO) *certs =
|
||||
bio ? PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL) : NULL;
|
||||
if (bio) BIO_free(bio);
|
||||
return certs;
|
||||
}
|
||||
|
||||
@ -38,45 +38,52 @@ static bool add_ca_certs(SSL_CTX *ctx, STACK_OF(X509_INFO) * certs) {
|
||||
return true;
|
||||
}
|
||||
|
||||
static EVP_PKEY *load_key(const char *key, int key_len) {
|
||||
BIO *key_bio = BIO_new_mem_buf(key, key_len);
|
||||
if (!key_bio) return NULL;
|
||||
EVP_PKEY *priv_key = PEM_read_bio_PrivateKey(key_bio, NULL, 0, NULL);
|
||||
BIO_free(key_bio);
|
||||
return priv_key;
|
||||
static EVP_PKEY *load_key(struct mg_str s) {
|
||||
BIO *bio = BIO_new_mem_buf(s.ptr, (int) (long) s.len);
|
||||
EVP_PKEY *key = bio ? PEM_read_bio_PrivateKey(bio, NULL, 0, NULL) : NULL;
|
||||
if (bio) BIO_free(bio);
|
||||
return key;
|
||||
}
|
||||
|
||||
static X509 *load_cert(const char *cert, int cert_len) {
|
||||
BIO *cert_bio = BIO_new_mem_buf(cert, cert_len);
|
||||
if (!cert_bio) return NULL;
|
||||
X509 *x509 = PEM_read_bio_X509(cert_bio, NULL, 0, NULL);
|
||||
BIO_free(cert_bio);
|
||||
return x509;
|
||||
static X509 *load_cert(struct mg_str s) {
|
||||
BIO *bio = BIO_new_mem_buf(s.ptr, (int) (long) s.len);
|
||||
X509 *cert = bio == NULL ? NULL
|
||||
: s.ptr[0] == '-'
|
||||
? PEM_read_bio_X509(bio, NULL, NULL, NULL) // PEM
|
||||
: d2i_X509_bio(bio, NULL); // DER
|
||||
if (bio) BIO_free(bio);
|
||||
return cert;
|
||||
}
|
||||
|
||||
void mg_tls_init(struct mg_connection *c, struct mg_str hostname) {
|
||||
struct mg_tls_ctx *ctx = (struct mg_tls_ctx *) c->mgr->tls_ctx;
|
||||
void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
|
||||
struct mg_tls *tls = (struct mg_tls *) calloc(1, sizeof(*tls));
|
||||
|
||||
if (ctx == NULL) {
|
||||
mg_error(c, "TLS context not initialized");
|
||||
goto fail;
|
||||
}
|
||||
const char *id = "mongoose";
|
||||
static unsigned char s_initialised = 0;
|
||||
int rc;
|
||||
|
||||
if (tls == NULL) {
|
||||
mg_error(c, "TLS OOM");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
tls->ctx = c->is_client ? SSL_CTX_new(TLS_client_method())
|
||||
: SSL_CTX_new(TLS_server_method());
|
||||
if (!s_initialised) {
|
||||
SSL_library_init();
|
||||
s_initialised++;
|
||||
}
|
||||
MG_DEBUG(("%lu Setting TLS", c->id));
|
||||
tls->ctx = c->is_client ? SSL_CTX_new(SSLv23_client_method())
|
||||
: SSL_CTX_new(SSLv23_server_method());
|
||||
if ((tls->ssl = SSL_new(tls->ctx)) == NULL) {
|
||||
mg_error(c, "SSL_new");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
SSL_set_min_proto_version(tls->ssl, TLS1_2_VERSION);
|
||||
|
||||
SSL_set_session_id_context(tls->ssl, (const uint8_t *) id,
|
||||
(unsigned) strlen(id));
|
||||
// Disable deprecated protocols
|
||||
SSL_set_options(tls->ssl, SSL_OP_NO_SSLv2);
|
||||
SSL_set_options(tls->ssl, SSL_OP_NO_SSLv3);
|
||||
SSL_set_options(tls->ssl, SSL_OP_NO_TLSv1);
|
||||
SSL_set_options(tls->ssl, SSL_OP_NO_TLSv1_1);
|
||||
#ifdef MG_ENABLE_OPENSSL_NO_COMPRESSION
|
||||
SSL_set_options(tls->ssl, SSL_OP_NO_COMPRESSION);
|
||||
#endif
|
||||
@ -84,37 +91,33 @@ void mg_tls_init(struct mg_connection *c, struct mg_str hostname) {
|
||||
SSL_set_options(tls->ssl, SSL_OP_CIPHER_SERVER_PREFERENCE);
|
||||
#endif
|
||||
|
||||
if (c->is_client) {
|
||||
if (ctx->client_ca) {
|
||||
SSL_set_verify(tls->ssl,
|
||||
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
|
||||
if (!add_ca_certs(tls->ctx, ctx->client_ca)) goto fail;
|
||||
}
|
||||
if (ctx->client_cert && ctx->client_key) {
|
||||
if (SSL_use_certificate(tls->ssl, ctx->client_cert) != 1) {
|
||||
mg_error(c, "SSL_CTX_use_certificate");
|
||||
goto fail;
|
||||
}
|
||||
if (SSL_use_PrivateKey(tls->ssl, ctx->client_key) != 1) {
|
||||
mg_error(c, "SSL_CTX_use_PrivateKey");
|
||||
if (opts->ca.ptr != NULL && opts->ca.ptr[0] != '\0') {
|
||||
SSL_set_verify(tls->ssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
|
||||
NULL);
|
||||
STACK_OF(X509_INFO) *certs = load_ca_certs(opts->ca);
|
||||
rc = add_ca_certs(tls->ctx, certs);
|
||||
sk_X509_INFO_pop_free(certs, X509_INFO_free);
|
||||
if (!rc) {
|
||||
mg_error(c, "CA err");
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if (ctx->server_ca) {
|
||||
SSL_set_verify(tls->ssl,
|
||||
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
|
||||
if (!add_ca_certs(tls->ctx, ctx->server_ca)) goto fail;
|
||||
}
|
||||
if (ctx->server_cert && ctx->server_key) {
|
||||
if (SSL_use_certificate(tls->ssl, ctx->server_cert) != 1) {
|
||||
mg_error(c, "SSL_CTX_use_certificate");
|
||||
if (opts->cert.ptr != NULL && opts->cert.ptr[0] != '\0') {
|
||||
X509 *cert = load_cert(opts->cert);
|
||||
rc = cert == NULL ? 0 : SSL_use_certificate(tls->ssl, cert);
|
||||
X509_free(cert);
|
||||
if (cert == NULL || rc != 1) {
|
||||
mg_error(c, "CERT err %d", mg_tls_err(tls, rc));
|
||||
goto fail;
|
||||
}
|
||||
if (SSL_use_PrivateKey(tls->ssl, ctx->server_key) != 1) {
|
||||
mg_error(c, "SSL_CTX_use_PrivateKey");
|
||||
goto fail;
|
||||
}
|
||||
if (opts->key.ptr != NULL && opts->key.ptr[0] != '\0') {
|
||||
EVP_PKEY *key = load_key(opts->key);
|
||||
rc = key == NULL ? 0 : SSL_use_PrivateKey(tls->ssl, key);
|
||||
EVP_PKEY_free(key);
|
||||
if (key == NULL || rc != 1) {
|
||||
mg_error(c, "KEY err %d", mg_tls_err(tls, rc));
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
|
||||
@ -122,16 +125,14 @@ void mg_tls_init(struct mg_connection *c, struct mg_str hostname) {
|
||||
#if OPENSSL_VERSION_NUMBER > 0x10002000L
|
||||
SSL_set_ecdh_auto(tls->ssl, 1);
|
||||
#endif
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
if (c->is_client && hostname.ptr && hostname.ptr[0] != '\0') {
|
||||
char *s = mg_mprintf("%.*s", (int) hostname.len, hostname.ptr);
|
||||
if (opts->name.len > 0) {
|
||||
char *s = mg_mprintf("%.*s", (int) opts->name.len, opts->name.ptr);
|
||||
SSL_set1_host(tls->ssl, s);
|
||||
SSL_set_tlsext_host_name(tls->ssl, s);
|
||||
free(s);
|
||||
}
|
||||
#endif
|
||||
|
||||
c->tls = tls;
|
||||
c->is_tls = 1;
|
||||
c->is_tls_hs = 1;
|
||||
@ -140,9 +141,7 @@ void mg_tls_init(struct mg_connection *c, struct mg_str hostname) {
|
||||
}
|
||||
MG_DEBUG(("%lu SSL %s OK", c->id, c->is_accepted ? "accept" : "client"));
|
||||
return;
|
||||
|
||||
fail:
|
||||
c->is_closing = 1;
|
||||
free(tls);
|
||||
}
|
||||
|
||||
@ -190,68 +189,4 @@ long mg_tls_send(struct mg_connection *c, const void *buf, size_t len) {
|
||||
if (n <= 0) return MG_IO_ERR;
|
||||
return n;
|
||||
}
|
||||
|
||||
void mg_tls_ctx_free(struct mg_mgr *mgr) {
|
||||
struct mg_tls_ctx *ctx = (struct mg_tls_ctx *) mgr->tls_ctx;
|
||||
if (ctx) {
|
||||
if (ctx->server_cert) X509_free(ctx->server_cert);
|
||||
if (ctx->server_key) EVP_PKEY_free(ctx->server_key);
|
||||
if (ctx->server_ca)
|
||||
sk_X509_INFO_pop_free(ctx->server_ca, X509_INFO_free);
|
||||
if (ctx->client_cert) X509_free(ctx->client_cert);
|
||||
if (ctx->client_key) EVP_PKEY_free(ctx->client_key);
|
||||
if (ctx->client_ca)
|
||||
sk_X509_INFO_pop_free(ctx->client_ca, X509_INFO_free);
|
||||
free(ctx);
|
||||
mgr->tls_ctx = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
void mg_tls_ctx_init(struct mg_mgr *mgr, const struct mg_tls_opts *opts) {
|
||||
static unsigned char s_initialised = 0;
|
||||
if (!s_initialised) {
|
||||
SSL_library_init();
|
||||
s_initialised++;
|
||||
}
|
||||
|
||||
struct mg_tls_ctx *ctx = (struct mg_tls_ctx *) calloc(1, sizeof(*ctx));
|
||||
if (ctx == NULL) return;
|
||||
|
||||
if (opts->server_cert.ptr && opts->server_cert.ptr[0] != '\0') {
|
||||
struct mg_str key = opts->server_key;
|
||||
if (!key.ptr) key = opts->server_cert;
|
||||
if (!(ctx->server_cert =
|
||||
load_cert(opts->server_cert.ptr, (int) opts->server_cert.len)))
|
||||
goto fail;
|
||||
if (!(ctx->server_key = load_key(key.ptr, (int) key.len))) goto fail;
|
||||
}
|
||||
|
||||
if (opts->server_ca.ptr && opts->server_ca.ptr[0] != '\0') {
|
||||
if (!(ctx->server_ca =
|
||||
load_ca_certs(opts->server_ca.ptr, (int) opts->server_ca.len)))
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if (opts->client_cert.ptr && opts->client_cert.ptr[0] != '\0') {
|
||||
struct mg_str key = opts->client_key;
|
||||
if (!key.ptr) key = opts->client_cert;
|
||||
if (!(ctx->client_cert =
|
||||
load_cert(opts->client_cert.ptr, (int) opts->client_cert.len)))
|
||||
goto fail;
|
||||
if (!(ctx->client_key = load_key(key.ptr, (int) key.len))) goto fail;
|
||||
}
|
||||
|
||||
if (opts->client_ca.ptr && opts->client_ca.ptr[0] != '\0') {
|
||||
if (!(ctx->client_ca =
|
||||
load_ca_certs(opts->client_ca.ptr, (int) opts->client_ca.len)))
|
||||
goto fail;
|
||||
}
|
||||
|
||||
mgr->tls_ctx = ctx;
|
||||
return;
|
||||
fail:
|
||||
MG_ERROR(("TLS ctx init error"));
|
||||
mg_tls_ctx_free(mgr);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -5,15 +5,6 @@
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
struct mg_tls_ctx {
|
||||
X509 *server_cert;
|
||||
EVP_PKEY *server_key;
|
||||
STACK_OF(X509_INFO) *server_ca;
|
||||
X509 *client_cert;
|
||||
EVP_PKEY *client_key;
|
||||
STACK_OF(X509_INFO) *client_ca;
|
||||
};
|
||||
|
||||
struct mg_tls {
|
||||
SSL_CTX *ctx;
|
||||
SSL *ssl;
|
||||
|
@ -7,7 +7,7 @@ struct url {
|
||||
int mg_url_is_ssl(const char *url) {
|
||||
return strncmp(url, "wss:", 4) == 0 || strncmp(url, "https:", 6) == 0 ||
|
||||
strncmp(url, "mqtts:", 6) == 0 || strncmp(url, "ssl:", 4) == 0 ||
|
||||
strncmp(url, "tls:", 4) == 0;
|
||||
strncmp(url, "tls:", 4) == 0 || strncmp(url, "tcps:", 5) == 0;
|
||||
}
|
||||
|
||||
static struct url urlparse(const char *url) {
|
||||
|
@ -113,9 +113,8 @@ uint64_t mg_millis(void) {
|
||||
return GetTickCount();
|
||||
#elif MG_ARCH == MG_ARCH_RP2040
|
||||
return time_us_64() / 1000;
|
||||
#elif MG_ARCH == MG_ARCH_ESP32
|
||||
return esp_timer_get_time() / 1000;
|
||||
#elif MG_ARCH == MG_ARCH_ESP8266 || MG_ARCH == MG_ARCH_FREERTOS
|
||||
#elif MG_ARCH == MG_ARCH_ESP8266 || MG_ARCH == MG_ARCH_ESP32 || \
|
||||
MG_ARCH == MG_ARCH_FREERTOS
|
||||
return xTaskGetTickCount() * portTICK_PERIOD_MS;
|
||||
#elif MG_ARCH == MG_ARCH_AZURERTOS
|
||||
return tx_time_get() * (1000 /* MS per SEC */ / TX_TIMER_TICKS_PER_SECOND);
|
||||
|
127
test/unit_test.c
127
test/unit_test.c
@ -17,7 +17,7 @@ static int s_num_tests = 0;
|
||||
#define FETCH_BUF_SIZE (256 * 1024)
|
||||
|
||||
// Self-signed CA, CERT, KEY
|
||||
static const char *s_tls_ca =
|
||||
const char *s_tls_ca =
|
||||
"-----BEGIN CERTIFICATE-----\n"
|
||||
"MIIBqjCCAU+gAwIBAgIUESoOPGqMhf9uarzblVFwzrQweMcwCgYIKoZIzj0EAwIw\n"
|
||||
"RDELMAkGA1UEBhMCSUUxDzANBgNVBAcMBkR1YmxpbjEQMA4GA1UECgwHQ2VzYW50\n"
|
||||
@ -30,7 +30,7 @@ static const char *s_tls_ca =
|
||||
"fL8OKzndegxOaB0CIQCPwSIwEGFdURDqCC0CY2dnMrUGY5ZXu3hHCojZGS7zvg==\n"
|
||||
"-----END CERTIFICATE-----\n";
|
||||
|
||||
static const char *s_tls_cert =
|
||||
const char *s_tls_cert =
|
||||
"-----BEGIN CERTIFICATE-----\n"
|
||||
"MIIBhzCCASygAwIBAgIUbnMoVd8TtWH1T09dANkK2LU6IUswCgYIKoZIzj0EAwIw\n"
|
||||
"RDELMAkGA1UEBhMCSUUxDzANBgNVBAcMBkR1YmxpbjEQMA4GA1UECgwHQ2VzYW50\n"
|
||||
@ -43,7 +43,7 @@ static const char *s_tls_cert =
|
||||
"BllCI0eYQ9ggp/o=\n"
|
||||
"-----END CERTIFICATE-----\n";
|
||||
|
||||
static const char *s_tls_key =
|
||||
const char *s_tls_key =
|
||||
"-----BEGIN PRIVATE KEY-----\n"
|
||||
"MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQglNni0t9Dg9icgG8w\n"
|
||||
"kbfxWSS+TuNgbtNybIQXcm3NHpmhRANCAASS4EacicM3qXTrNVVDVVys68fkUO70\n"
|
||||
@ -666,6 +666,8 @@ static void test_mqtt(void) {
|
||||
}
|
||||
|
||||
static void eh1(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
|
||||
struct mg_tls_opts *topts = (struct mg_tls_opts *) fn_data;
|
||||
if (ev == MG_EV_ACCEPT && topts != NULL) mg_tls_init(c, topts);
|
||||
if (ev == MG_EV_HTTP_MSG) {
|
||||
struct mg_http_message *hm = (struct mg_http_message *) ev_data;
|
||||
MG_INFO(("[%.*s %.*s] message len %d", (int) hm->method.len, hm->method.ptr,
|
||||
@ -757,21 +759,20 @@ static int fetch(struct mg_mgr *mgr, char *buf, const char *url,
|
||||
int i;
|
||||
struct mg_connection *c = NULL;
|
||||
va_list ap;
|
||||
if (mgr->tls_ctx == NULL) {
|
||||
struct mg_tls_opts opts;
|
||||
memset(&opts, 0, sizeof(opts)); // read CA from packed_fs
|
||||
opts.client_ca = mg_unpacked("test/data/ca.pem");
|
||||
if (strstr(url, "127.0.0.1") != NULL) {
|
||||
// Local connection, use self-signed certificates
|
||||
opts.client_ca = mg_str(s_tls_ca);
|
||||
opts.server_cert = mg_str(s_tls_cert);
|
||||
opts.server_key = mg_str(s_tls_key);
|
||||
}
|
||||
mg_tls_ctx_init(mgr, &opts);
|
||||
if (mgr->tls_ctx == NULL) fd.closed = 1;
|
||||
}
|
||||
c = mg_http_connect(mgr, url, fcb, &fd);
|
||||
ASSERT(c != NULL);
|
||||
if (c != NULL && mg_url_is_ssl(url)) {
|
||||
struct mg_tls_opts opts;
|
||||
memset(&opts, 0, sizeof(opts)); // read CA from packed_fs
|
||||
opts.ca = mg_unpacked("test/data/ca.pem");
|
||||
if (strstr(url, "127.0.0.1") != NULL) {
|
||||
// Local connection, use self-signed certificates
|
||||
opts.ca = mg_str(s_tls_ca);
|
||||
//opts.cert = mg_str(s_tls_cert);
|
||||
//opts.key = mg_str(s_tls_key);
|
||||
}
|
||||
mg_tls_init(c, &opts);
|
||||
}
|
||||
// c->is_hexdumping = 1;
|
||||
va_start(ap, fmt);
|
||||
mg_vprintf(c, fmt, &ap);
|
||||
@ -1198,19 +1199,19 @@ static void test_http_404(void) {
|
||||
}
|
||||
|
||||
static void test_tls(void) {
|
||||
return;
|
||||
#if MG_TLS
|
||||
struct mg_tls_opts opts;
|
||||
memset(&opts, 0, sizeof(opts));
|
||||
opts.client_ca = mg_str(s_tls_ca);
|
||||
opts.server_cert = mg_str(s_tls_cert);
|
||||
opts.server_key = mg_str(s_tls_key);
|
||||
struct mg_mgr mgr;
|
||||
struct mg_connection *c;
|
||||
const char *url = "https://127.0.0.1:12347";
|
||||
char buf[FETCH_BUF_SIZE];
|
||||
struct mg_tls_opts opts;
|
||||
memset(&opts, 0, sizeof(opts));
|
||||
//opts.ca = mg_str(s_tls_ca);
|
||||
opts.cert = mg_str(s_tls_cert);
|
||||
opts.key = mg_str(s_tls_key);
|
||||
mg_mgr_init(&mgr);
|
||||
mg_tls_ctx_init(&mgr, &opts);
|
||||
c = mg_http_listen(&mgr, url, eh1, NULL);
|
||||
c = mg_http_listen(&mgr, url, eh1, &opts);
|
||||
ASSERT(c != NULL);
|
||||
ASSERT(fetch(&mgr, buf, url, "GET /a.txt HTTP/1.0\n\n") == 200);
|
||||
// MG_INFO(("%s", buf));
|
||||
@ -1242,19 +1243,19 @@ static void f3(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
|
||||
}
|
||||
|
||||
static void test_http_client(void) {
|
||||
struct mg_tls_opts opts;
|
||||
struct mg_mgr mgr;
|
||||
struct mg_connection *c = NULL;
|
||||
const char *url = "http://cesanta.com";
|
||||
int i, ok = 0;
|
||||
size_t size = 0; // read CA certs from plain file
|
||||
char *data = mg_file_read(&mg_fs_posix, "test/data/ca.pem", &size);
|
||||
struct mg_tls_opts opts;
|
||||
memset(&opts, 0, sizeof(opts));
|
||||
mg_mgr_init(&mgr);
|
||||
opts.client_ca = mg_str_n(data, size);
|
||||
mg_tls_ctx_init(&mgr, &opts);
|
||||
c = mg_http_connect(&mgr, "http://cesanta.com", f3, &ok);
|
||||
c = mg_http_connect(&mgr, url, f3, &ok);
|
||||
ASSERT(c != NULL);
|
||||
for (i = 0; i < 500 && ok <= 0; i++) mg_mgr_poll(&mgr, 10);
|
||||
for (i = 0; i < 500 && ok <= 0; i++) mg_mgr_poll(&mgr, 1);
|
||||
MG_INFO(("%d", ok));
|
||||
ASSERT(ok == 301);
|
||||
c->is_closing = 1;
|
||||
mg_mgr_poll(&mgr, 0);
|
||||
@ -1262,25 +1263,37 @@ static void test_http_client(void) {
|
||||
#if MG_TLS
|
||||
c = mg_http_connect(&mgr, "https://cesanta.com", f3, &ok);
|
||||
ASSERT(c != NULL);
|
||||
for (i = 0; i < 1500 && ok <= 0; i++) mg_mgr_poll(&mgr, 1000);
|
||||
if (c != NULL) {
|
||||
opts.ca = mg_str_n(data, size);
|
||||
//opts.name = mg_url_host(url);
|
||||
mg_tls_init(c, &opts);
|
||||
}
|
||||
for (i = 0; i < 1500 && ok <= 0; i++) mg_mgr_poll(&mgr, 1);
|
||||
ASSERT(ok == 200);
|
||||
c->is_closing = 1;
|
||||
mg_mgr_poll(&mgr, 1);
|
||||
|
||||
#if 0
|
||||
{
|
||||
// TODO(): Test failed host validation, mg_tls_init() is called on
|
||||
// mg_connect() if url is https,
|
||||
// hence we fake it and manually call it later with a wrong host name
|
||||
const char *furl = "http://cesanta.com:443";
|
||||
struct mg_str srvname;
|
||||
srvname = mg_str("dummy");
|
||||
c = mg_http_connect(&mgr, furl, f3, &ok);
|
||||
// Test failed host validation
|
||||
c = mg_http_connect(&mgr, "https://cesanta.com", f3, &ok);
|
||||
ASSERT(c != NULL);
|
||||
mg_tls_init(c, srvname);
|
||||
opts.name = mg_str("dummy"); // Set some invalid hostname value
|
||||
mg_tls_init(c, &opts);
|
||||
ok = 0;
|
||||
for (i = 0; i < 500 && ok <= 0; i++) mg_mgr_poll(&mgr, 10);
|
||||
MG_INFO(("OK: %d", ok));
|
||||
ASSERT(ok == 777);
|
||||
mg_mgr_poll(&mgr, 1);
|
||||
}
|
||||
|
||||
opts.name = mg_str("cesanta.com");
|
||||
opts.ca = mg_str("");
|
||||
c = mg_http_connect(&mgr, "https://cesanta.com", f3, &ok);
|
||||
mg_tls_init(c, &opts);
|
||||
ok = 0;
|
||||
for (i = 0; i < 500 && ok <= 0; i++) mg_mgr_poll(&mgr, 10);
|
||||
MG_INFO(("OK: %d", ok));
|
||||
ASSERT(ok == 200);
|
||||
mg_mgr_poll(&mgr, 1);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
@ -1308,11 +1321,12 @@ static void test_host_validation(void) {
|
||||
int i, ok = 0;
|
||||
memset(&opts, 0, sizeof(opts));
|
||||
mg_mgr_init(&mgr);
|
||||
mg_tls_ctx_init(&mgr, &opts);
|
||||
|
||||
ok = 0;
|
||||
c = mg_http_connect(&mgr, url, f3, &ok);
|
||||
ASSERT(c != NULL);
|
||||
opts.ca = mg_unpacked("test/data/ca.pem");
|
||||
mg_tls_init(c, &opts);
|
||||
for (i = 0; i < 1500 && ok <= 0; i++) mg_mgr_poll(&mgr, 10);
|
||||
ASSERT(ok == 200);
|
||||
c->is_closing = 1;
|
||||
@ -1734,12 +1748,43 @@ static void test_timer(void) {
|
||||
mg_timer_free(&head, &t3);
|
||||
ASSERT(head == NULL);
|
||||
|
||||
// Start a timer, then shift system time a long time back and long time forth
|
||||
v1 = 0;
|
||||
mg_timer_init(&head, &t1, 5, MG_TIMER_REPEAT, f1, &v1);
|
||||
mg_timer_poll(&head, 0);
|
||||
ASSERT(v1 == 0);
|
||||
|
||||
// Shift a long time forth, make sure it ticks
|
||||
mg_timer_poll(&head, 100);
|
||||
ASSERT(v1 == 1);
|
||||
mg_timer_poll(&head, 101);
|
||||
ASSERT(v1 == 1);
|
||||
mg_timer_poll(&head, 102);
|
||||
ASSERT(v1 == 1);
|
||||
mg_timer_poll(&head, 103);
|
||||
ASSERT(v1 == 1);
|
||||
mg_timer_poll(&head, 104);
|
||||
ASSERT(v1 == 1);
|
||||
mg_timer_poll(&head, 105);
|
||||
ASSERT(v1 == 2);
|
||||
|
||||
// Shift a long time back, make sure it ticks
|
||||
mg_timer_poll(&head, 50);
|
||||
ASSERT(v1 == 2);
|
||||
mg_timer_poll(&head, 60);
|
||||
ASSERT(v1 == 3);
|
||||
|
||||
mg_timer_free(&head, &t1);
|
||||
ASSERT(head == NULL);
|
||||
|
||||
// Test proper timer deallocation, see #1539
|
||||
{
|
||||
struct mg_mgr mgr;
|
||||
mg_mgr_init(&mgr);
|
||||
mg_timer_add(&mgr, 1, MG_TIMER_REPEAT, f1, NULL);
|
||||
ASSERT(mgr.timers != NULL);
|
||||
mg_mgr_free(&mgr);
|
||||
ASSERT(mgr.timers == NULL);
|
||||
ASSERT(mgr.conns == NULL);
|
||||
}
|
||||
}
|
||||
@ -3162,10 +3207,10 @@ int main(void) {
|
||||
test_commalist();
|
||||
test_base64();
|
||||
test_http_get_var();
|
||||
test_http_client();
|
||||
test_tls();
|
||||
test_ws();
|
||||
test_ws_fragmentation();
|
||||
test_http_client();
|
||||
test_host_validation();
|
||||
test_http_server();
|
||||
test_http_404();
|
||||
|
Loading…
x
Reference in New Issue
Block a user