Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in / Register
Toggle navigation
M
mongoose
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Packages
Packages
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
submodule
mongoose
Commits
4a0cc822
Commit
4a0cc822
authored
Feb 24, 2016
by
Deomid Ryabkov
Committed by
rojer
Feb 25, 2016
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add SSL options to mg_{bind,connect}_opt
PUBLISHED_FROM=7e28eb43742b76c073c9c2c879c64d7b4d3e9a7e
parent
7db10857
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
65 additions
and
7 deletions
+65
-7
mongoose.c
mongoose.c
+38
-0
mongoose.h
mongoose.h
+27
-7
No files found.
mongoose.c
View file @
4a0cc822
...
...
@@ -2525,6 +2525,10 @@ const char *mg_set_ssl(struct mg_connection *nc, const char *cert,
const
char
*
result
=
NULL
;
DBG
((
"%p %s %s"
,
nc
,
(
cert
?
cert
:
""
),
(
ca_cert
?
ca_cert
:
""
)));
if
(
nc
->
flags
&
MG_F_UDP
)
{
return
"SSL for UDP is not supported"
;
}
if
(
nc
->
ssl
!=
NULL
)
{
SSL_free
(
nc
->
ssl
);
nc
->
ssl
=
NULL
;
...
...
@@ -2786,6 +2790,30 @@ struct mg_connection *mg_connect_opt(struct mg_mgr *mgr, const char *address,
nc
->
flags
|=
(
proto
==
SOCK_DGRAM
)
?
MG_F_UDP
:
0
;
nc
->
user_data
=
opts
.
user_data
;
#ifdef MG_ENABLE_SSL
if
(
opts
.
ssl_cert
!=
NULL
||
opts
.
ssl_ca_cert
!=
NULL
)
{
const
char
*
err
=
mg_set_ssl
(
nc
,
opts
.
ssl_cert
,
opts
.
ssl_ca_cert
);
if
(
err
!=
NULL
)
{
MG_SET_PTRPTR
(
opts
.
error_string
,
err
);
mg_destroy_conn
(
nc
);
return
NULL
;
}
if
(
opts
.
ssl_ca_cert
!=
NULL
&&
(
opts
.
ssl_server_name
==
NULL
||
strcmp
(
opts
.
ssl_server_name
,
"*"
)
!=
0
))
{
if
(
opts
.
ssl_server_name
==
NULL
)
opts
.
ssl_server_name
=
host
;
#ifdef SSL_KRYPTON
SSL_CTX_kr_set_verify_name
(
nc
->
ssl_ctx
,
opts
.
ssl_server_name
);
#else
/* TODO(rojer): Implement server name verification on OpenSSL. */
MG_SET_PTRPTR
(
opts
.
error_string
,
"Server name verification requested but is not supported"
);
mg_destroy_conn
(
nc
);
return
NULL
;
#endif
/* SSL_KRYPTON */
}
}
#endif
/* MG_ENABLE_SSL */
if
(
rc
==
0
)
{
#ifndef MG_DISABLE_RESOLVER
/*
...
...
@@ -2858,6 +2886,16 @@ struct mg_connection *mg_bind_opt(struct mg_mgr *mgr, const char *address,
mg_destroy_conn
(
nc
);
return
NULL
;
}
#ifdef MG_ENABLE_SSL
if
(
opts
.
ssl_cert
!=
NULL
||
opts
.
ssl_ca_cert
!=
NULL
)
{
const
char
*
err
=
mg_set_ssl
(
nc
,
opts
.
ssl_cert
,
opts
.
ssl_ca_cert
);
if
(
err
!=
NULL
)
{
MG_SET_PTRPTR
(
opts
.
error_string
,
err
);
mg_destroy_conn
(
nc
);
return
NULL
;
}
}
#endif
/* MG_ENABLE_SSL */
mg_add_conn
(
nc
->
mgr
,
nc
);
return
nc
;
...
...
mongoose.h
View file @
4a0cc822
...
...
@@ -1191,6 +1191,11 @@ struct mg_bind_opts {
void
*
user_data
;
/* Initial value for connection's user_data */
unsigned
int
flags
;
/* Extra connection flags */
const
char
**
error_string
;
/* Placeholder for the error string */
#ifdef MG_ENABLE_SSL
/* SSL settings. */
const
char
*
ssl_cert
;
/* Server certificate to present to clients */
const
char
*
ssl_ca_cert
;
/* Verify client certificates with this CA bundle */
#endif
};
/*
...
...
@@ -1217,14 +1222,29 @@ struct mg_connection *mg_bind(struct mg_mgr *, const char *,
* Return a new listening connection, or `NULL` on error.
* NOTE: Connection remains owned by the manager, do not free().
*/
struct
mg_connection
*
mg_bind_opt
(
struct
mg_mgr
*
,
const
char
*
,
mg_event_handler_t
,
struct
mg_bind_opts
);
struct
mg_connection
*
mg_bind_opt
(
struct
mg_mgr
*
mgr
,
const
char
*
address
,
mg_event_handler_t
handler
,
struct
mg_bind_opts
opts
);
/* Optional parameters to mg_connect_opt() */
struct
mg_connect_opts
{
void
*
user_data
;
/* Initial value for connection's user_data */
unsigned
int
flags
;
/* Extra connection flags */
const
char
**
error_string
;
/* Placeholder for the error string */
#ifdef MG_ENABLE_SSL
/* SSL settings. */
const
char
*
ssl_cert
;
/* Client certificate to present to the server */
const
char
*
ssl_ca_cert
;
/* Verify server certificate using this CA bundle */
/*
* Server name verification. If ssl_ca_cert is set and the certificate has
* passed verification, its subject will be verified against this string.
* By default (if ssl_server_name is NULL) hostname part of the address will
* be used. Wildcard matching is supported. A special value of "*" disables
* name verification.
*/
const
char
*
ssl_server_name
;
#endif
};
/*
...
...
@@ -1232,8 +1252,8 @@ struct mg_connect_opts {
*
* See `mg_connect_opt()` for full documentation.
*/
struct
mg_connection
*
mg_connect
(
struct
mg_mgr
*
,
const
char
*
,
mg_event_handler_t
);
struct
mg_connection
*
mg_connect
(
struct
mg_mgr
*
mgr
,
const
char
*
address
,
mg_event_handler_t
handler
);
/*
* Connect to a remote host.
...
...
@@ -1284,9 +1304,9 @@ struct mg_connection *mg_connect(struct mg_mgr *, const char *,
* mg_connect(mgr, "my_site.com:80", ev_handler);
* ----
*/
struct
mg_connection
*
mg_connect_opt
(
struct
mg_mgr
*
,
const
char
*
,
mg_event_handler_t
,
struct
mg_connect_opts
);
struct
mg_connection
*
mg_connect_opt
(
struct
mg_mgr
*
mgr
,
const
char
*
address
,
mg_event_handler_t
handler
,
struct
mg_connect_opts
opts
);
/*
* Enable SSL for a given connection.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment