mirror of
https://github.com/yhirose/cpp-httplib
synced 2024-11-21 14:29:10 -07:00
New function SSLServer::update_certs. Allows to update certificates while server is running (#1827)
* New function SSLServer::update_certs. Allows to update certificates while server is running * New function SSLServer::update_certs. Added unit test --------- Co-authored-by: CEU\schielke <Rainer.Schielke@heidelberg.com>
This commit is contained in:
parent
98cc1ec344
commit
d44031615d
2 changed files with 74 additions and 0 deletions
16
httplib.h
16
httplib.h
|
@ -1820,6 +1820,9 @@ public:
|
|||
|
||||
SSL_CTX *ssl_context() const;
|
||||
|
||||
void update_certs (X509 *cert, EVP_PKEY *private_key,
|
||||
X509_STORE *client_ca_cert_store = nullptr);
|
||||
|
||||
private:
|
||||
bool process_and_close_socket(socket_t sock) override;
|
||||
|
||||
|
@ -8753,6 +8756,19 @@ inline bool SSLServer::is_valid() const { return ctx_; }
|
|||
|
||||
inline SSL_CTX *SSLServer::ssl_context() const { return ctx_; }
|
||||
|
||||
inline void SSLServer::update_certs (X509 *cert, EVP_PKEY *private_key,
|
||||
X509_STORE *client_ca_cert_store) {
|
||||
|
||||
std::lock_guard<std::mutex> guard(ctx_mutex_);
|
||||
|
||||
SSL_CTX_use_certificate (ctx_, cert);
|
||||
SSL_CTX_use_PrivateKey (ctx_, private_key);
|
||||
|
||||
if (client_ca_cert_store != nullptr) {
|
||||
SSL_CTX_set_cert_store (ctx_, client_ca_cert_store);
|
||||
}
|
||||
}
|
||||
|
||||
inline bool SSLServer::process_and_close_socket(socket_t sock) {
|
||||
auto ssl = detail::ssl_new(
|
||||
sock, ctx_, ctx_mutex_,
|
||||
|
|
58
test/test.cc
58
test/test.cc
|
@ -1747,6 +1747,64 @@ TEST(BindServerTest, BindAndListenSeparatelySSLEncryptedKey) {
|
|||
}
|
||||
#endif
|
||||
|
||||
#ifdef CPPHTTPLIB_OPENSSL_SUPPORT
|
||||
X509* readCertificate (const std::string& strFileName) {
|
||||
std::ifstream inStream (strFileName);
|
||||
std::string strCertPEM ((std::istreambuf_iterator<char>(inStream)), std::istreambuf_iterator<char>());
|
||||
|
||||
if (strCertPEM.empty ()) return (nullptr);
|
||||
|
||||
BIO* pbCert = BIO_new (BIO_s_mem ());
|
||||
BIO_write (pbCert, strCertPEM.c_str (), (int)strCertPEM.size ());
|
||||
X509* pCert = PEM_read_bio_X509 (pbCert, NULL, 0, NULL);
|
||||
BIO_free (pbCert);
|
||||
|
||||
return (pCert);
|
||||
}
|
||||
|
||||
EVP_PKEY* readPrivateKey (const std::string& strFileName) {
|
||||
std::ifstream inStream (strFileName);
|
||||
std::string strPrivateKeyPEM ((std::istreambuf_iterator<char>(inStream)), std::istreambuf_iterator<char>());
|
||||
|
||||
if (strPrivateKeyPEM.empty ()) return (nullptr);
|
||||
|
||||
BIO* pbPrivKey = BIO_new (BIO_s_mem ());
|
||||
BIO_write (pbPrivKey, strPrivateKeyPEM.c_str (), (int) strPrivateKeyPEM.size ());
|
||||
EVP_PKEY* pPrivateKey = PEM_read_bio_PrivateKey (pbPrivKey, NULL, NULL, NULL);
|
||||
BIO_free (pbPrivKey);
|
||||
|
||||
return (pPrivateKey);
|
||||
}
|
||||
|
||||
TEST(BindServerTest, UpdateCerts) {
|
||||
SSLServer svr(SERVER_CERT_FILE, SERVER_PRIVATE_KEY_FILE, CLIENT_CA_CERT_FILE);
|
||||
int port = svr.bind_to_any_port("0.0.0.0");
|
||||
ASSERT_TRUE(svr.is_valid());
|
||||
ASSERT_TRUE(port > 0);
|
||||
|
||||
X509* cert = readCertificate (SERVER_CERT_FILE);
|
||||
X509* ca_cert = readCertificate (CLIENT_CA_CERT_FILE);
|
||||
EVP_PKEY* key = readPrivateKey (SERVER_PRIVATE_KEY_FILE);
|
||||
|
||||
ASSERT_TRUE(cert != nullptr);
|
||||
ASSERT_TRUE(ca_cert != nullptr);
|
||||
ASSERT_TRUE(key != nullptr);
|
||||
|
||||
X509_STORE* cert_store = X509_STORE_new ();
|
||||
|
||||
X509_STORE_add_cert (cert_store, ca_cert);
|
||||
|
||||
svr.update_certs (cert, key, cert_store);
|
||||
|
||||
ASSERT_TRUE(svr.is_valid());
|
||||
svr.stop();
|
||||
|
||||
X509_free (cert);
|
||||
X509_free (ca_cert);
|
||||
EVP_PKEY_free (key);
|
||||
}
|
||||
#endif
|
||||
|
||||
TEST(ErrorHandlerTest, ContentLength) {
|
||||
Server svr;
|
||||
|
||||
|
|
Loading…
Reference in a new issue