mirror of
https://github.com/yhirose/cpp-httplib
synced 2024-11-21 14:29:10 -07:00
Simplified code
This commit is contained in:
parent
07d9843b91
commit
8d12e0d8f4
3 changed files with 32 additions and 35 deletions
3
.gitignore
vendored
3
.gitignore
vendored
|
@ -10,6 +10,7 @@ test/test
|
|||
test/test.xcodeproj/xcuser*
|
||||
test/test.xcodeproj/*/xcuser*
|
||||
test/*.pem
|
||||
test/*.srl
|
||||
|
||||
*.swp
|
||||
|
||||
|
@ -23,4 +24,4 @@ Release
|
|||
ipch
|
||||
*.dSYM
|
||||
.*
|
||||
!/.travis.yml
|
||||
!/.travis.yml
|
||||
|
|
56
httplib.h
56
httplib.h
|
@ -377,7 +377,8 @@ private:
|
|||
class SSLServer : public Server {
|
||||
public:
|
||||
SSLServer(const char *cert_path, const char *private_key_path,
|
||||
const char *client_CA_cert_path, const char *trusted_cert_path);
|
||||
const char *client_ca_cert_file_path = nullptr,
|
||||
const char *client_ca_cert_dir_path = nullptr);
|
||||
|
||||
virtual ~SSLServer();
|
||||
|
||||
|
@ -388,8 +389,6 @@ private:
|
|||
|
||||
SSL_CTX *ctx_;
|
||||
std::mutex ctx_mutex_;
|
||||
const char *client_CA_cert_path_;
|
||||
const char *trusted_cert_path_;
|
||||
};
|
||||
|
||||
class SSLClient : public Client {
|
||||
|
@ -402,7 +401,8 @@ public:
|
|||
|
||||
virtual bool is_valid() const;
|
||||
|
||||
void set_ca_cert_path(const char *ca_cert_path);
|
||||
void set_ca_cert_path(const char *ca_ceert_file_path,
|
||||
const char *ca_cert_dir_path = nullptr);
|
||||
void enable_server_certificate_verification(bool enabled);
|
||||
|
||||
long get_openssl_verify_result() const;
|
||||
|
@ -420,7 +420,8 @@ private:
|
|||
SSL_CTX *ctx_;
|
||||
std::mutex ctx_mutex_;
|
||||
std::vector<std::string> host_components_;
|
||||
std::string ca_cert_path_;
|
||||
std::string ca_cert_file_path_;
|
||||
std::string ca_cert_dir_path_;
|
||||
bool server_certificate_verification_ = false;
|
||||
long verify_result_ = 0;
|
||||
};
|
||||
|
@ -2239,9 +2240,7 @@ read_and_close_socket_ssl(socket_t sock, size_t keep_alive_max_count,
|
|||
// TODO: OpenSSL 1.0.2 occasionally crashes...
|
||||
// The upcoming 1.1.0 is going to be thread safe.
|
||||
SSL_CTX *ctx, std::mutex &ctx_mutex,
|
||||
U SSL_connect_or_accept, V setup, T callback,
|
||||
const char *client_CA_cert_path = nullptr,
|
||||
const char *trusted_cert_path = nullptr) {
|
||||
U SSL_connect_or_accept, V setup, T callback) {
|
||||
SSL *ssl = nullptr;
|
||||
{
|
||||
std::lock_guard<std::mutex> guard(ctx_mutex);
|
||||
|
@ -2267,16 +2266,6 @@ read_and_close_socket_ssl(socket_t sock, size_t keep_alive_max_count,
|
|||
return false;
|
||||
}
|
||||
|
||||
if (client_CA_cert_path) {
|
||||
STACK_OF(X509_NAME) * list;
|
||||
// list of client CAs to request from client
|
||||
list = SSL_load_client_CA_file(client_CA_cert_path);
|
||||
SSL_set_client_CA_list(ssl, list);
|
||||
// certificate chain to verify received client certificate against
|
||||
// please run c_rehash in the cert folder first
|
||||
SSL_CTX_load_verify_locations(ctx, client_CA_cert_path, trusted_cert_path);
|
||||
}
|
||||
|
||||
bool ret = false;
|
||||
|
||||
if (SSL_connect_or_accept(ssl) == 1) {
|
||||
|
@ -2360,10 +2349,8 @@ inline std::string SSLSocketStream::get_remote_addr() const {
|
|||
|
||||
// SSL HTTP server implementation
|
||||
inline SSLServer::SSLServer(const char *cert_path, const char *private_key_path,
|
||||
const char *client_CA_cert_path = nullptr,
|
||||
const char *trusted_cert_path = nullptr)
|
||||
: client_CA_cert_path_(client_CA_cert_path),
|
||||
trusted_cert_path_(trusted_cert_path) {
|
||||
const char *client_ca_cert_file_path,
|
||||
const char *client_ca_cert_dir_path) {
|
||||
ctx_ = SSL_CTX_new(SSLv23_server_method());
|
||||
|
||||
if (ctx_) {
|
||||
|
@ -2381,7 +2368,15 @@ inline SSLServer::SSLServer(const char *cert_path, const char *private_key_path,
|
|||
1) {
|
||||
SSL_CTX_free(ctx_);
|
||||
ctx_ = nullptr;
|
||||
} else if (client_CA_cert_path_) {
|
||||
} else if (client_ca_cert_file_path || client_ca_cert_dir_path) {
|
||||
// if (client_ca_cert_file_path) {
|
||||
// auto list = SSL_load_client_CA_file(client_ca_cert_file_path);
|
||||
// SSL_CTX_set_client_CA_list(ctx_, list);
|
||||
// }
|
||||
|
||||
SSL_CTX_load_verify_locations(ctx_, client_ca_cert_file_path,
|
||||
client_ca_cert_dir_path);
|
||||
|
||||
SSL_CTX_set_verify(
|
||||
ctx_,
|
||||
SSL_VERIFY_PEER |
|
||||
|
@ -2403,8 +2398,7 @@ inline bool SSLServer::read_and_close_socket(socket_t sock) {
|
|||
[](SSL * /*ssl*/) { return true; },
|
||||
[this](Stream &strm, bool last_connection, bool &connection_close) {
|
||||
return process_request(strm, last_connection, connection_close);
|
||||
},
|
||||
client_CA_cert_path_, trusted_cert_path_);
|
||||
});
|
||||
}
|
||||
|
||||
// SSL HTTP client implementation
|
||||
|
@ -2435,8 +2429,10 @@ inline SSLClient::~SSLClient() {
|
|||
|
||||
inline bool SSLClient::is_valid() const { return ctx_; }
|
||||
|
||||
inline void SSLClient::set_ca_cert_path(const char *ca_cert_path) {
|
||||
ca_cert_path_ = ca_cert_path;
|
||||
inline void SSLClient::set_ca_cert_path(const char *ca_cert_file_path,
|
||||
const char *ca_cert_dir_path) {
|
||||
if (ca_cert_file_path) { ca_cert_file_path_ = ca_cert_file_path; }
|
||||
if (ca_cert_dir_path) { ca_cert_dir_path_ = ca_cert_dir_path; }
|
||||
}
|
||||
|
||||
inline void SSLClient::enable_server_certificate_verification(bool enabled) {
|
||||
|
@ -2454,11 +2450,11 @@ inline bool SSLClient::read_and_close_socket(socket_t sock, Request &req,
|
|||
detail::read_and_close_socket_ssl(
|
||||
sock, 0, ctx_, ctx_mutex_,
|
||||
[&](SSL *ssl) {
|
||||
if (ca_cert_path_.empty()) {
|
||||
if (ca_cert_file_path_.empty()) {
|
||||
SSL_CTX_set_verify(ctx_, SSL_VERIFY_NONE, nullptr);
|
||||
} else {
|
||||
if (!SSL_CTX_load_verify_locations(ctx_, ca_cert_path_.c_str(),
|
||||
nullptr)) {
|
||||
if (!SSL_CTX_load_verify_locations(
|
||||
ctx_, ca_cert_file_path_.c_str(), nullptr)) {
|
||||
return false;
|
||||
}
|
||||
SSL_CTX_set_verify(ctx_, SSL_VERIFY_PEER, nullptr);
|
||||
|
|
|
@ -6,9 +6,9 @@
|
|||
#define SERVER_PRIVATE_KEY_FILE "./key.pem"
|
||||
#define CA_CERT_FILE "./ca-bundle.crt"
|
||||
#define CLIENT_CA_CERT_FILE "./rootCA.cert.pem"
|
||||
#define CLIENT_CA_CERT_DIR "."
|
||||
#define CLIENT_CERT_FILE "./client.cert.pem"
|
||||
#define CLIENT_PRIVATE_KEY_FILE "./client.key.pem"
|
||||
#define TRUST_CERT_DIR "."
|
||||
|
||||
#ifdef _WIN32
|
||||
#include <process.h>
|
||||
|
@ -1381,7 +1381,7 @@ TEST(SSLClientTest, WildcardHostNameMatch) {
|
|||
|
||||
TEST(SSLClientServerTest, ClientCertPresent) {
|
||||
SSLServer svr(SERVER_CERT_FILE, SERVER_PRIVATE_KEY_FILE, CLIENT_CA_CERT_FILE,
|
||||
TRUST_CERT_DIR);
|
||||
CLIENT_CA_CERT_DIR);
|
||||
ASSERT_TRUE(svr.is_valid());
|
||||
|
||||
svr.Get("/test", [&](const Request &, Response &res) {
|
||||
|
@ -1402,7 +1402,7 @@ TEST(SSLClientServerTest, ClientCertPresent) {
|
|||
|
||||
TEST(SSLClientServerTest, ClientCertMissing) {
|
||||
SSLServer svr(SERVER_CERT_FILE, SERVER_PRIVATE_KEY_FILE, CLIENT_CA_CERT_FILE,
|
||||
TRUST_CERT_DIR);
|
||||
CLIENT_CA_CERT_DIR);
|
||||
ASSERT_TRUE(svr.is_valid());
|
||||
|
||||
svr.Get("/test", [&](const Request &, Response &res) {
|
||||
|
@ -1444,7 +1444,7 @@ TEST(SSLClientServerTest, TrustDirOptional) {
|
|||
/* Cannot test this case as there is no external access to SSL object to check
|
||||
SSL_get_peer_certificate() == NULL TEST(SSLClientServerTest,
|
||||
ClientCAPathRequired) { SSLServer svr(SERVER_CERT_FILE, SERVER_PRIVATE_KEY_FILE,
|
||||
nullptr, TRUST_CERT_DIR);
|
||||
nullptr, CLIENT_CA_CERT_DIR);
|
||||
}
|
||||
*/
|
||||
#endif
|
||||
|
|
Loading…
Reference in a new issue