From a51802ecaf9682ec40b4e84a1a876379022ad5a1 Mon Sep 17 00:00:00 2001 From: "Sergio R. Caprile" Date: Wed, 11 Oct 2023 16:25:24 -0300 Subject: [PATCH] Fix tcp example for 2-way TLS --- examples/tcp/Makefile | 11 ++++++-- examples/tcp/certs/ss_ca.pem | 1 + examples/tcp/certs/ss_client.pem | 1 + examples/tcp/certs/ss_server.pem | 1 + examples/tcp/main.c | 47 ++++---------------------------- test/data/ss_ca.pem | 2 ++ test/data/ss_client.pem | 2 ++ test/data/ss_server.pem | 2 ++ 8 files changed, 24 insertions(+), 43 deletions(-) create mode 120000 examples/tcp/certs/ss_ca.pem create mode 120000 examples/tcp/certs/ss_client.pem create mode 120000 examples/tcp/certs/ss_server.pem diff --git a/examples/tcp/Makefile b/examples/tcp/Makefile index 762728ec..3b50ee0b 100644 --- a/examples/tcp/Makefile +++ b/examples/tcp/Makefile @@ -1,14 +1,16 @@ PROG ?= example # Program we are building +PACK ?= ./pack # Packing executable DELETE = rm -rf # Command to remove files OUT ?= -o $(PROG) # Compiler argument for output file -SOURCES = main.c mongoose.c # Source code files +SOURCES = main.c mongoose.c packed_fs.c # Source code files CFLAGS = -W -Wall -Wextra -g -I. # Build options # Mongoose build options. See https://mongoose.ws/documentation/#build-options -#CFLAGS_MONGOOSE += -DMG_ENABLE_LINES=1 +CFLAGS_MONGOOSE += -DMG_ENABLE_PACKED_FS=1 ifeq ($(OS),Windows_NT) # Windows settings. Assume MinGW compiler. To use VC: make CC=cl CFLAGS=/MD OUT=/Feprog.exe PROG ?= example.exe # Use .exe suffix for the binary + PACK = pack.exe # Packing executable CC = gcc # Use MinGW gcc compiler CFLAGS += -lws2_32 # Link against Winsock library DELETE = cmd /C del /Q /F /S # Command prompt command to delete files @@ -25,6 +27,11 @@ $(PROG): $(SOURCES) # Build program from sources clean: # Cleanup. Delete built program and all build artifacts $(DELETE) $(PROG) *.o *.obj *.exe *.dSYM mbedtls +# Generate packed filesystem for serving credentials +packed_fs.c: $(wildcard certs/*) Makefile + $(CC) ../../test/pack.c -o $(PACK) + $(PACK) $(wildcard certs/*) > $@ + # see https://mongoose.ws/tutorials/tls/#how-to-build for TLS build options mbedtls: # Pull and build mbedTLS library diff --git a/examples/tcp/certs/ss_ca.pem b/examples/tcp/certs/ss_ca.pem new file mode 120000 index 00000000..74fb0c3b --- /dev/null +++ b/examples/tcp/certs/ss_ca.pem @@ -0,0 +1 @@ +../../../test/data/ss_ca.pem \ No newline at end of file diff --git a/examples/tcp/certs/ss_client.pem b/examples/tcp/certs/ss_client.pem new file mode 120000 index 00000000..2514cfac --- /dev/null +++ b/examples/tcp/certs/ss_client.pem @@ -0,0 +1 @@ +../../../test/data/ss_client.pem \ No newline at end of file diff --git a/examples/tcp/certs/ss_server.pem b/examples/tcp/certs/ss_server.pem new file mode 120000 index 00000000..50f966dd --- /dev/null +++ b/examples/tcp/certs/ss_server.pem @@ -0,0 +1 @@ +../../../test/data/ss_server.pem \ No newline at end of file diff --git a/examples/tcp/main.c b/examples/tcp/main.c index 70f544db..e5175288 100644 --- a/examples/tcp/main.c +++ b/examples/tcp/main.c @@ -12,41 +12,6 @@ static struct c_res_s { struct mg_connection *c; } c_res; -// Self signed certificates -// https://mongoose.ws/documentation/tutorials/tls/#self-signed-certificates -static const char *s_tls_ca = - "-----BEGIN CERTIFICATE-----\n" - "MIIBqjCCAU+gAwIBAgIUESoOPGqMhf9uarzblVFwzrQweMcwCgYIKoZIzj0EAwIw\n" - "RDELMAkGA1UEBhMCSUUxDzANBgNVBAcMBkR1YmxpbjEQMA4GA1UECgwHQ2VzYW50\n" - "YTESMBAGA1UEAwwJVGVzdCBSb290MCAXDTIwMDUwOTIxNTE0NFoYDzIwNTAwNTA5\n" - "MjE1MTQ0WjBEMQswCQYDVQQGEwJJRTEPMA0GA1UEBwwGRHVibGluMRAwDgYDVQQK\n" - "DAdDZXNhbnRhMRIwEAYDVQQDDAlUZXN0IFJvb3QwWTATBgcqhkjOPQIBBggqhkjO\n" - "PQMBBwNCAAQsq9ECZiSW1xI+CVBP8VDuUehVA166sR2YsnJ5J6gbMQ1dUCH/QvLa\n" - "dBdeU7JlQcH8hN5KEbmM9BnZxMor6ussox0wGzAMBgNVHRMEBTADAQH/MAsGA1Ud\n" - "DwQEAwIBrjAKBggqhkjOPQQDAgNJADBGAiEAnHFsAIwGQQyRL81B04dH6d86Iq0l\n" - "fL8OKzndegxOaB0CIQCPwSIwEGFdURDqCC0CY2dnMrUGY5ZXu3hHCojZGS7zvg==\n" - "-----END CERTIFICATE-----\n"; - -static const char *s_tls_cert = - "-----BEGIN CERTIFICATE-----\n" - "MIIBhzCCASygAwIBAgIUbnMoVd8TtWH1T09dANkK2LU6IUswCgYIKoZIzj0EAwIw\n" - "RDELMAkGA1UEBhMCSUUxDzANBgNVBAcMBkR1YmxpbjEQMA4GA1UECgwHQ2VzYW50\n" - "YTESMBAGA1UEAwwJVGVzdCBSb290MB4XDTIwMDUwOTIxNTE0OVoXDTMwMDUwOTIx\n" - "NTE0OVowETEPMA0GA1UEAwwGc2VydmVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n" - "QgAEkuBGnInDN6l06zVVQ1VcrOvH5FDu9MC6FwJc2e201P8hEpq0Q/SJS2nkbSuW\n" - "H/wBTTBaeXN2uhlBzMUWK790KKMvMC0wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gw\n" - "EwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0EAwIDSQAwRgIhAPo6xx7LjCdZ\n" - "QY133XvLjAgVFrlucOZHONFVQuDXZsjwAiEAzHBNligA08c5U3SySYcnkhurGg50\n" - "BllCI0eYQ9ggp/o=\n" - "-----END CERTIFICATE-----\n"; - -static const char *s_tls_key = - "-----BEGIN PRIVATE KEY-----\n" - "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQglNni0t9Dg9icgG8w\n" - "kbfxWSS+TuNgbtNybIQXcm3NHpmhRANCAASS4EacicM3qXTrNVVDVVys68fkUO70\n" - "wLoXAlzZ7bTU/yESmrRD9IlLaeRtK5Yf/AFNMFp5c3a6GUHMxRYrv3Qo\n" - "-----END PRIVATE KEY-----\n"; - // CLIENT event handler static void cfn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) { int *i = &((struct c_res_s *) fn_data)->i; @@ -55,9 +20,9 @@ static void cfn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) { } else if (ev == MG_EV_CONNECT) { MG_INFO(("CLIENT connected")); if (mg_url_is_ssl(s_conn)) { - struct mg_tls_opts opts = {.ca = mg_str(s_tls_ca), - .cert = mg_str(s_tls_cert), - .key = mg_str(s_tls_key)}; + struct mg_tls_opts opts = {.ca = mg_unpacked("/certs/ss_ca.pem"), + .cert = mg_unpacked("/certs/ss_client.pem"), + .key = mg_unpacked("/certs/ss_client.pem")}; mg_tls_init(c, &opts); } *i = 1; // do something @@ -92,9 +57,9 @@ static void sfn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) { } else if (ev == MG_EV_ACCEPT) { MG_INFO(("SERVER accepted a connection")); if (mg_url_is_ssl(s_lsn)) { - struct mg_tls_opts opts = {.ca = mg_str(s_tls_ca), - .cert = mg_str(s_tls_cert), - .key = mg_str(s_tls_key)}; + struct mg_tls_opts opts = {.ca = mg_unpacked("/certs/ss_ca.pem"), + .cert = mg_unpacked("/certs/ss_server.pem"), + .key = mg_unpacked("/certs/ss_server.pem")}; mg_tls_init(c, &opts); } } else if (ev == MG_EV_READ) { diff --git a/test/data/ss_ca.pem b/test/data/ss_ca.pem index d3ce06a0..6908183d 100644 --- a/test/data/ss_ca.pem +++ b/test/data/ss_ca.pem @@ -1,3 +1,5 @@ +- Make sure your PEM file starts with a dash - + Certificate: Data: Version: 3 (0x2) diff --git a/test/data/ss_client.pem b/test/data/ss_client.pem index 80352505..5740aead 100644 --- a/test/data/ss_client.pem +++ b/test/data/ss_client.pem @@ -1,3 +1,5 @@ +- Make sure your PEM file starts with a dash - + Certificate: Data: Version: 3 (0x2) diff --git a/test/data/ss_server.pem b/test/data/ss_server.pem index 2f628cc7..eadf4584 100644 --- a/test/data/ss_server.pem +++ b/test/data/ss_server.pem @@ -1,3 +1,5 @@ +- Make sure your PEM file starts with a dash - + Certificate: Data: Version: 3 (0x2)