Merge pull request #2422 from cesanta/tcp

Fix tcp example for 2-way TLS
This commit is contained in:
Sergio R. Caprile 2023-10-11 16:34:12 -03:00 committed by GitHub
commit 9be36eb9cb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 24 additions and 43 deletions

View File

@ -1,14 +1,16 @@
PROG ?= example # Program we are building
PACK ?= ./pack # Packing executable
DELETE = rm -rf # Command to remove files
OUT ?= -o $(PROG) # Compiler argument for output file
SOURCES = main.c mongoose.c # Source code files
SOURCES = main.c mongoose.c packed_fs.c # Source code files
CFLAGS = -W -Wall -Wextra -g -I. # Build options
# Mongoose build options. See https://mongoose.ws/documentation/#build-options
#CFLAGS_MONGOOSE += -DMG_ENABLE_LINES=1
CFLAGS_MONGOOSE += -DMG_ENABLE_PACKED_FS=1
ifeq ($(OS),Windows_NT) # Windows settings. Assume MinGW compiler. To use VC: make CC=cl CFLAGS=/MD OUT=/Feprog.exe
PROG ?= example.exe # Use .exe suffix for the binary
PACK = pack.exe # Packing executable
CC = gcc # Use MinGW gcc compiler
CFLAGS += -lws2_32 # Link against Winsock library
DELETE = cmd /C del /Q /F /S # Command prompt command to delete files
@ -25,6 +27,11 @@ $(PROG): $(SOURCES) # Build program from sources
clean: # Cleanup. Delete built program and all build artifacts
$(DELETE) $(PROG) *.o *.obj *.exe *.dSYM mbedtls
# Generate packed filesystem for serving credentials
packed_fs.c: $(wildcard certs/*) Makefile
$(CC) ../../test/pack.c -o $(PACK)
$(PACK) $(wildcard certs/*) > $@
# see https://mongoose.ws/tutorials/tls/#how-to-build for TLS build options
mbedtls: # Pull and build mbedTLS library

View File

@ -0,0 +1 @@
../../../test/data/ss_ca.pem

View File

@ -0,0 +1 @@
../../../test/data/ss_client.pem

View File

@ -0,0 +1 @@
../../../test/data/ss_server.pem

View File

@ -12,41 +12,6 @@ static struct c_res_s {
struct mg_connection *c;
} c_res;
// Self signed certificates
// https://mongoose.ws/documentation/tutorials/tls/#self-signed-certificates
static const char *s_tls_ca =
"-----BEGIN CERTIFICATE-----\n"
"MIIBqjCCAU+gAwIBAgIUESoOPGqMhf9uarzblVFwzrQweMcwCgYIKoZIzj0EAwIw\n"
"RDELMAkGA1UEBhMCSUUxDzANBgNVBAcMBkR1YmxpbjEQMA4GA1UECgwHQ2VzYW50\n"
"YTESMBAGA1UEAwwJVGVzdCBSb290MCAXDTIwMDUwOTIxNTE0NFoYDzIwNTAwNTA5\n"
"MjE1MTQ0WjBEMQswCQYDVQQGEwJJRTEPMA0GA1UEBwwGRHVibGluMRAwDgYDVQQK\n"
"DAdDZXNhbnRhMRIwEAYDVQQDDAlUZXN0IFJvb3QwWTATBgcqhkjOPQIBBggqhkjO\n"
"PQMBBwNCAAQsq9ECZiSW1xI+CVBP8VDuUehVA166sR2YsnJ5J6gbMQ1dUCH/QvLa\n"
"dBdeU7JlQcH8hN5KEbmM9BnZxMor6ussox0wGzAMBgNVHRMEBTADAQH/MAsGA1Ud\n"
"DwQEAwIBrjAKBggqhkjOPQQDAgNJADBGAiEAnHFsAIwGQQyRL81B04dH6d86Iq0l\n"
"fL8OKzndegxOaB0CIQCPwSIwEGFdURDqCC0CY2dnMrUGY5ZXu3hHCojZGS7zvg==\n"
"-----END CERTIFICATE-----\n";
static const char *s_tls_cert =
"-----BEGIN CERTIFICATE-----\n"
"MIIBhzCCASygAwIBAgIUbnMoVd8TtWH1T09dANkK2LU6IUswCgYIKoZIzj0EAwIw\n"
"RDELMAkGA1UEBhMCSUUxDzANBgNVBAcMBkR1YmxpbjEQMA4GA1UECgwHQ2VzYW50\n"
"YTESMBAGA1UEAwwJVGVzdCBSb290MB4XDTIwMDUwOTIxNTE0OVoXDTMwMDUwOTIx\n"
"NTE0OVowETEPMA0GA1UEAwwGc2VydmVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n"
"QgAEkuBGnInDN6l06zVVQ1VcrOvH5FDu9MC6FwJc2e201P8hEpq0Q/SJS2nkbSuW\n"
"H/wBTTBaeXN2uhlBzMUWK790KKMvMC0wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gw\n"
"EwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0EAwIDSQAwRgIhAPo6xx7LjCdZ\n"
"QY133XvLjAgVFrlucOZHONFVQuDXZsjwAiEAzHBNligA08c5U3SySYcnkhurGg50\n"
"BllCI0eYQ9ggp/o=\n"
"-----END CERTIFICATE-----\n";
static const char *s_tls_key =
"-----BEGIN PRIVATE KEY-----\n"
"MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQglNni0t9Dg9icgG8w\n"
"kbfxWSS+TuNgbtNybIQXcm3NHpmhRANCAASS4EacicM3qXTrNVVDVVys68fkUO70\n"
"wLoXAlzZ7bTU/yESmrRD9IlLaeRtK5Yf/AFNMFp5c3a6GUHMxRYrv3Qo\n"
"-----END PRIVATE KEY-----\n";
// CLIENT event handler
static void cfn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
int *i = &((struct c_res_s *) fn_data)->i;
@ -55,9 +20,9 @@ static void cfn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
} else if (ev == MG_EV_CONNECT) {
MG_INFO(("CLIENT connected"));
if (mg_url_is_ssl(s_conn)) {
struct mg_tls_opts opts = {.ca = mg_str(s_tls_ca),
.cert = mg_str(s_tls_cert),
.key = mg_str(s_tls_key)};
struct mg_tls_opts opts = {.ca = mg_unpacked("/certs/ss_ca.pem"),
.cert = mg_unpacked("/certs/ss_client.pem"),
.key = mg_unpacked("/certs/ss_client.pem")};
mg_tls_init(c, &opts);
}
*i = 1; // do something
@ -92,9 +57,9 @@ static void sfn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
} else if (ev == MG_EV_ACCEPT) {
MG_INFO(("SERVER accepted a connection"));
if (mg_url_is_ssl(s_lsn)) {
struct mg_tls_opts opts = {.ca = mg_str(s_tls_ca),
.cert = mg_str(s_tls_cert),
.key = mg_str(s_tls_key)};
struct mg_tls_opts opts = {.ca = mg_unpacked("/certs/ss_ca.pem"),
.cert = mg_unpacked("/certs/ss_server.pem"),
.key = mg_unpacked("/certs/ss_server.pem")};
mg_tls_init(c, &opts);
}
} else if (ev == MG_EV_READ) {

View File

@ -1,3 +1,5 @@
- Make sure your PEM file starts with a dash -
Certificate:
Data:
Version: 3 (0x2)

View File

@ -1,3 +1,5 @@
- Make sure your PEM file starts with a dash -
Certificate:
Data:
Version: 3 (0x2)

View File

@ -1,3 +1,5 @@
- Make sure your PEM file starts with a dash -
Certificate:
Data:
Version: 3 (0x2)