Skip to content

Commit

Permalink
Revert to the old TLS API, but keep certs as mg_str for DER
Browse files Browse the repository at this point in the history
  • Loading branch information
cpq committed Sep 19, 2023
1 parent 7ecbbc5 commit 9dc54c0
Show file tree
Hide file tree
Showing 31 changed files with 526 additions and 776 deletions.
19 changes: 9 additions & 10 deletions examples/device-dashboard/net.c
Original file line number Diff line number Diff line change
Expand Up @@ -261,7 +261,14 @@ static void handle_sys_reset(struct mg_connection *c) {

// HTTP request handler function
static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
if (ev == MG_EV_HTTP_MSG) {
if (ev == MG_EV_ACCEPT) {
if (fn_data != NULL) { // TLS listener!
struct mg_tls_opts opts = {0};
opts.cert = mg_unpacked("/certs/server_cert.pem");
opts.key = mg_unpacked("/certs/server_key.pem");
mg_tls_init(c, &opts);
}
} else if (ev == MG_EV_HTTP_MSG) {
struct mg_http_message *hm = (struct mg_http_message *) ev_data;
struct user *u = authenticate(hm);

Expand Down Expand Up @@ -306,20 +313,12 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
hm->method.ptr, (int) hm->uri.len, hm->uri.ptr, (int) 3,
&c->send.buf[9]));
}
(void) fn_data;
}

void web_init(struct mg_mgr *mgr) {
struct mg_tls_opts opts = {0};
opts.server_cert = mg_unpacked("/certs/server_cert.pem");
opts.server_key = mg_unpacked("/certs/server_key.pem");
mg_tls_ctx_init(mgr, &opts);

s_settings.device_name = strdup("My Device");

mg_http_listen(mgr, HTTP_URL, fn, NULL);
mg_http_listen(mgr, HTTPS_URL, fn, NULL);

mg_http_listen(mgr, HTTPS_URL, fn, (void *) 1);
mg_timer_add(mgr, 3600 * 1000, MG_TIMER_RUN_NOW | MG_TIMER_REPEAT,
timer_sntp_fn, mgr);
}
File renamed without changes.
8 changes: 6 additions & 2 deletions examples/http-client/main.c
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,12 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
// Connected to server. Extract host name from URL
struct mg_str host = mg_url_host(s_url);

if (mg_url_is_ssl(s_url)) {
struct mg_tls_opts opts = {.ca = mg_unpacked("/certs/ca.pem"),
.name = mg_url_host(s_url)};
mg_tls_init(c, &opts);
}

// Send request
int content_length = s_post_data ? strlen(s_post_data) : 0;
mg_printf(c,
Expand Down Expand Up @@ -59,8 +65,6 @@ int main(int argc, char *argv[]) {
if (argc > 1) s_url = argv[1]; // Use URL provided in the command line
mg_log_set(atoi(log_level)); // Set to 0 to disable debug
mg_mgr_init(&mgr); // Initialise event manager
struct mg_tls_opts opts = {.client_ca = mg_unpacked("/certs/client_ca.pem")};
mg_tls_ctx_init(&mgr, &opts);
mg_http_connect(&mgr, s_url, fn, &done); // Create client connection
while (!done) mg_mgr_poll(&mgr, 50); // Event manager loops until 'done'
mg_mgr_free(&mgr); // Free resources
Expand Down
2 changes: 1 addition & 1 deletion examples/http-client/packed_fs.c
Original file line number Diff line number Diff line change
Expand Up @@ -2556,7 +2556,7 @@ static const struct packed_file {
size_t size;
time_t mtime;
} packed_files[] = {
{"/certs/client_ca.pem", v1, sizeof(v1), 1694016785},
{"/certs/ca.pem", v1, sizeof(v1), 1694162397},
{NULL, NULL, 0, 0}
};

Expand Down
2 changes: 1 addition & 1 deletion examples/http-proxy-client/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ CFLAGS = -W -Wall -Wextra -g -I. # Build options
# Mongoose build options. See https://mongoose.ws/documentation/#build-options
CFLAGS_MONGOOSE += -DMG_ENABLE_LINES=1 -DMG_ENABLE_PACKED_FS=1

// see tutorial at https://mongoose.ws/tutorials/http-proxy-client/
# See tutorial at https://mongoose.ws/tutorials/http-proxy-client/
ARGS ?= 167.235.63.238:3128 http://info.cern.ch/ # default call arguments

ifeq ($(OS),Windows_NT) # Windows settings. Assume MinGW compiler. To use VC: make CC=cl CFLAGS=/MD OUT=/Feprog.exe
Expand Down
18 changes: 12 additions & 6 deletions examples/http-proxy-client/main.c
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,13 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
} else if (ev == MG_EV_CONNECT) {
// Proxy TCP connection established. Send CONNECT request
struct mg_str host = mg_url_host(url);

if (mg_url_is_ssl(url)) {
struct mg_tls_opts opts = {.ca = mg_unpacked("/certs/ca.pem"),
.name = host};
mg_tls_init(c, &opts);
}

// c->is_hexdumping = 1;
mg_printf(c, "CONNECT %.*s:%hu HTTP/1.1\r\nHost: %.*s:%hu\r\n\r\n",
(int) host.len, host.ptr, mg_url_port(url), (int) host.len,
Expand All @@ -35,10 +42,11 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
("Connected to proxy, status: %.*s", (int) hm.uri.len, hm.uri.ptr));
mg_iobuf_del(&c->recv, 0, n);
// Send request to the target server
mg_printf(c, "GET %s HTTP/1.0\r\n"
"Host: %.*s\r\n"
"\r\n",
mg_url_uri(url), (int) host.len, host.ptr);
mg_printf(c,
"GET %s HTTP/1.0\r\n"
"Host: %.*s\r\n"
"\r\n",
mg_url_uri(url), (int) host.len, host.ptr);
}
}
}
Expand All @@ -52,8 +60,6 @@ int main(int argc, char *argv[]) {
}

mg_mgr_init(&mgr); // Initialise event manager
struct mg_tls_opts opts = {.client_ca = mg_unpacked("/certs/client_ca.pem")};
mg_tls_ctx_init(&mgr, &opts);
mg_http_connect(&mgr, argv[1], fn, argv[2]); // Connect to the proxy
for (;;) mg_mgr_poll(&mgr, 1000); // Event loop
mg_mgr_free(&mgr);
Expand Down
16 changes: 9 additions & 7 deletions examples/http-restful-server/main.c
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,15 @@ static const char *s_tls_key =
// We use the same event handler function for HTTP and HTTPS connections
// fn_data is NULL for plain HTTP, and non-NULL for HTTPS
static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
if (ev == MG_EV_ACCEPT && fn_data != NULL) {
struct mg_tls_opts opts = {
#ifdef TLS_TWOWAY
.ca = mg_str(s_tls_ca),
#endif
.cert = mg_str(s_tls_cert),
.key = mg_str(s_tls_key)};
mg_tls_init(c, &opts);
}
if (ev == MG_EV_HTTP_MSG) {
struct mg_http_message *hm = (struct mg_http_message *) ev_data;
if (mg_http_match_uri(hm, "/api/stats")) {
Expand Down Expand Up @@ -87,13 +96,6 @@ int main(void) {
struct mg_mgr mgr; // Event manager
mg_log_set(MG_LL_DEBUG); // Set log level
mg_mgr_init(&mgr); // Initialise event manager
struct mg_tls_opts opts = {
#ifdef TLS_TWOWAY
.client_ca = mg_str(s_tls_ca),
#endif
.server_cert = mg_str(s_tls_cert),
.server_key = mg_str(s_tls_key)};
mg_tls_ctx_init(&mgr, &opts);
mg_http_listen(&mgr, s_http_addr, fn, NULL); // Create HTTP listener
mg_http_listen(&mgr, s_https_addr, fn, (void *) 1); // HTTPS listener
for (;;) mg_mgr_poll(&mgr, 1000); // Infinite event loop
Expand Down
11 changes: 7 additions & 4 deletions examples/http-reverse-proxy/main.c
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ static void forward_request(struct mg_http_message *hm,
}

static void fn2(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
struct mg_connection *c2 = (struct mg_connection *)fn_data;
struct mg_connection *c2 = (struct mg_connection *) fn_data;
if (ev == MG_EV_READ) {
// All incoming data from the backend, forward to the client
if (c2 != NULL) mg_send(c2, c->recv.buf, c->recv.len);
Expand All @@ -58,9 +58,14 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
if (c2 == NULL) {
mg_error(c, "Cannot create backend connection");
} else {
if (mg_url_is_ssl(s_backend_url)) {
struct mg_tls_opts opts = {.ca = mg_unpacked("/certs/ca.pem"),
.name = mg_url_host(s_backend_url)};
mg_tls_init(c2, &opts);
}
c->fn_data = c2;
forward_request(hm, c2);
c->is_resp = 0; // process further msgs in keep-alive connection
c->is_resp = 0; // process further msgs in keep-alive connection
c2->is_hexdumping = 1;
}
} else if (ev == MG_EV_CLOSE) {
Expand All @@ -74,8 +79,6 @@ int main(void) {

mg_log_set(MG_LL_DEBUG); // Set log level
mg_mgr_init(&mgr); // Initialise event manager
struct mg_tls_opts opts = {.client_ca = mg_unpacked("/certs/client_ca.pem")};
mg_tls_ctx_init(&mgr, &opts);
mg_http_listen(&mgr, s_listen_url, fn, NULL); // Start proxy
for (;;) mg_mgr_poll(&mgr, 1000); // Event loop
mg_mgr_free(&mgr);
Expand Down
10 changes: 7 additions & 3 deletions examples/http-streaming-client/main.c
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,13 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
if (ev == MG_EV_CONNECT) {
// Connected to server. Extract host name from URL
struct mg_str host = mg_url_host(s_url);

if (mg_url_is_ssl(s_url)) {
struct mg_tls_opts opts = {.ca = mg_unpacked("/certs/ca.pem"),
.name = host};
mg_tls_init(c, &opts);
}

// Send request
mg_printf(c,
"GET %s HTTP/1.1\r\n"
Expand Down Expand Up @@ -56,9 +63,6 @@ int main(int argc, char *argv[]) {
mg_log_set(atoi(log_level)); // Set to 0 to disable debug log
if (argc > 1) s_url = argv[1]; // Use URL from command line

struct mg_tls_opts opts = {.client_ca = mg_unpacked("/certs/client_ca.pem")};
mg_tls_ctx_init(&mgr, &opts);

mg_http_connect(&mgr, s_url, fn, &done); // Create client connection
while (!done) mg_mgr_poll(&mgr, 1000); // Infinite event loop
mg_mgr_free(&mgr); // Free resources
Expand Down
13 changes: 8 additions & 5 deletions examples/mqtt-client-aws-iot/main.c
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,8 @@ static const char *s_url =
// 3. From the dialog box that appears, download:
// xxx-certificate.pem.crt as cert.pem to the example directory
// xxx-private.pem.key as key.pem to the example directory
//static const char *s_cert = "cert.pem";
//static const char *s_key = "key.pem";
// static const char *s_cert = "cert.pem";
// static const char *s_key = "key.pem";

static const char *s_rx_topic = "d/rx";
static const char *s_tx_topic = "d/tx";
Expand All @@ -41,6 +41,12 @@ static int s_qos = 1;
static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
if (ev == MG_EV_OPEN) {
// c->is_hexdumping = 1;
} else if (ev == MG_EV_CONNECT) {
if (mg_url_is_ssl(s_url)) {
struct mg_tls_opts opts = {.ca = mg_unpacked("/certs/ca.pem"),
.name = mg_url_host(s_url)};
mg_tls_init(c, &opts);
}
} else if (ev == MG_EV_ERROR) {
// On error, log error message
MG_ERROR(("%p %s", c->fd, (char *) ev_data));
Expand Down Expand Up @@ -87,9 +93,6 @@ int main(void) {
struct mg_mqtt_opts opts = {.clean = true};
bool done = false;
mg_mgr_init(&mgr); // Initialise event manager
struct mg_tls_opts topts = {.client_ca = mg_unpacked("/certs/client_ca.pem")};
//TODO() 2-way auth and certificate loading
mg_tls_ctx_init(&mgr, &topts);
MG_INFO(("Connecting to %s", s_url)); // Inform that we're starting
mg_mqtt_connect(&mgr, s_url, &opts, fn, &done); // Create client connection
while (!done) mg_mgr_poll(&mgr, 1000); // Loop until done
Expand Down
9 changes: 6 additions & 3 deletions examples/mqtt-client/main.c
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,12 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
if (ev == MG_EV_OPEN) {
MG_INFO(("%lu CREATED", c->id));
// c->is_hexdumping = 1;
} else if (ev == MG_EV_CONNECT) {
if (mg_url_is_ssl(s_url)) {
struct mg_tls_opts opts = {.ca = mg_unpacked("/certs/ca.pem"),
.name = mg_url_host(s_url)};
mg_tls_init(c, &opts);
}
} else if (ev == MG_EV_ERROR) {
// On error, log error message
MG_ERROR(("%lu ERROR %s", c->id, (char *) ev_data));
Expand Down Expand Up @@ -101,9 +107,6 @@ int main(int argc, char *argv[]) {
signal(SIGTERM, signal_handler); // manager loop on SIGINT and SIGTERM

mg_mgr_init(&mgr);

struct mg_tls_opts opts = {.client_ca = mg_unpacked("/certs/client_ca.pem")};
mg_tls_ctx_init(&mgr, &opts);
mg_timer_add(&mgr, 3000, MG_TIMER_REPEAT | MG_TIMER_RUN_NOW, timer_fn, &mgr);
while (s_signo == 0) mg_mgr_poll(&mgr, 1000); // Event loop, 1s timeout
mg_mgr_free(&mgr); // Finished, cleanup
Expand Down
19 changes: 11 additions & 8 deletions examples/mqtt-over-ws-client/main.c
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,11 @@

#include "mongoose.h"

static const char *s_url =
static const char *s_url =
#if MG_TLS
"wss://broker.hivemq.com:8884/mqtt";
"wss://broker.hivemq.com:8884/mqtt";
#else
"ws://broker.hivemq.com:8000/mqtt";
"ws://broker.hivemq.com:8000/mqtt";
#endif

static const char *s_topic = "mg/test";
Expand All @@ -24,12 +24,17 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
if (ev == MG_EV_ERROR) {
// On error, log error message
MG_ERROR(("%p %s", c->fd, (char *) ev_data));
} else if (ev == MG_EV_CONNECT) {
if (mg_url_is_ssl(s_url)) {
struct mg_tls_opts opts = {.ca = mg_unpacked("/certs/ca.pem"),
.name = mg_url_host(s_url)};
mg_tls_init(c, &opts);
}
} else if (ev == MG_EV_WS_OPEN) {
// WS connection established. Perform MQTT login
MG_INFO(("Connected to WS. Logging in to MQTT..."));
struct mg_mqtt_opts opts = {.qos = 1,
.topic = mg_str(s_topic),
.message = mg_str("goodbye")};
struct mg_mqtt_opts opts = {
.qos = 1, .topic = mg_str(s_topic), .message = mg_str("goodbye")};
size_t len = c->send.len;
mg_mqtt_login(c, &opts);
mg_ws_wrap(c, c->send.len - len, WEBSOCKET_OP_BINARY);
Expand Down Expand Up @@ -92,8 +97,6 @@ int main(void) {
struct mg_mgr mgr; // Event manager
bool done = false; // Event handler flips it to true when done
mg_mgr_init(&mgr); // Initialise event manager
struct mg_tls_opts opts = {.client_ca = mg_unpacked("/certs/client_ca.pem")};
mg_tls_ctx_init(&mgr, &opts);
mg_log_set(MG_LL_DEBUG); // Set log level
mg_ws_connect(&mgr, s_url, fn, &done, NULL); // Create client connection
while (done == false) mg_mgr_poll(&mgr, 1000); // Event loop
Expand Down
9 changes: 3 additions & 6 deletions examples/smtp-client/main.c
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,9 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
mg_printf(c, "STARTTLS\r\n");
*state = STARTTLS_WAIT;
} else if (*state == STARTTLS_WAIT) {
struct mg_str host = mg_url_host(server);
mg_tls_init(c, host);
struct mg_tls_opts opts = {.ca = mg_unpacked("/certs/ca.pem"),
.name = mg_url_host(server)};
mg_tls_init(c, &opts);
*state = AUTH;
} else if (*state == AUTH) {
char a[100], b[300] = "";
Expand Down Expand Up @@ -74,10 +75,6 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
int main(void) {
struct mg_mgr mgr;
mg_mgr_init(&mgr);

struct mg_tls_opts opts = {.client_ca = mg_unpacked("/certs/client_ca.pem")};
mg_tls_ctx_init(&mgr, &opts);

mg_log_set(MG_LL_DEBUG);
mg_connect(&mgr, server, fn, NULL);
while (s_quit == false) mg_mgr_poll(&mgr, 1000);
Expand Down
30 changes: 13 additions & 17 deletions examples/tcp/main.c
Original file line number Diff line number Diff line change
Expand Up @@ -54,10 +54,12 @@ static void cfn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
MG_INFO(("CLIENT has been initialized"));
} else if (ev == MG_EV_CONNECT) {
MG_INFO(("CLIENT connected"));
#if MG_TLS
struct mg_str host = mg_url_host(s_conn);
mg_tls_init(c, host);
#endif
if (mg_url_is_ssl(s_conn)) {
struct mg_tls_opts opts = {.ca = mg_str(s_tls_ca),
.cert = mg_str(s_tls_cert),
.key = mg_str(s_tls_key)};
mg_tls_init(c, &opts);
}
*i = 1; // do something
} else if (ev == MG_EV_READ) {
struct mg_iobuf *r = &c->recv;
Expand Down Expand Up @@ -89,9 +91,12 @@ static void sfn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
MG_INFO(("SERVER is listening"));
} else if (ev == MG_EV_ACCEPT) {
MG_INFO(("SERVER accepted a connection"));
#if MG_TLS
mg_tls_init(c, mg_str(""));
#endif
if (mg_url_is_ssl(s_lsn)) {
struct mg_tls_opts opts = {.ca = mg_str(s_tls_ca),
.cert = mg_str(s_tls_cert),
.key = mg_str(s_tls_key)};
mg_tls_init(c, &opts);
}
} else if (ev == MG_EV_READ) {
struct mg_iobuf *r = &c->recv;
MG_INFO(("SERVER got data: %.*s", r->len, r->buf));
Expand All @@ -109,13 +114,9 @@ static void sfn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
static void timer_fn(void *arg) {
struct mg_mgr *mgr = (struct mg_mgr *) arg;
if (c_res.c == NULL) {
// connect
c_res.i = 0;
c_res.c = mg_connect(mgr, s_conn, cfn, &c_res);
if (c_res.c == NULL)
MG_INFO(("CLIENT cant' open a connection"));
else
MG_INFO(("CLIENT is connecting"));
MG_INFO(("CLIENT %s", c_res.c ? "connecting" : "failed"));
}
}

Expand All @@ -126,11 +127,6 @@ int main(void) {
mg_log_set(MG_LL_INFO); // Set log level
mg_mgr_init(&mgr); // Initialize event manager

struct mg_tls_opts opts = {.client_ca = mg_str(s_tls_ca),
.server_cert = mg_str(s_tls_cert),
.server_key = mg_str(s_tls_key)};
mg_tls_ctx_init(&mgr, &opts);

mg_timer_add(&mgr, 15000, MG_TIMER_REPEAT | MG_TIMER_RUN_NOW, timer_fn, &mgr);
c = mg_listen(&mgr, s_lsn, sfn, NULL); // Create server connection
if (c == NULL) {
Expand Down
Loading

0 comments on commit 9dc54c0

Please sign in to comment.