summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--nanohttp/nanohttp-common.c17
-rw-r--r--nanohttp/nanohttp-common.h7
-rwxr-xr-xnanohttp/nanohttp-request.c4
-rw-r--r--nanohttp/nanohttp-server.c19
-rw-r--r--nanohttp/nanohttp-socket.c77
-rw-r--r--nanohttp/nanohttp-socket.h48
-rw-r--r--nanohttp/nanohttp-ssl.c2
-rw-r--r--nanohttp/nanohttp-ssl.h12
8 files changed, 125 insertions, 61 deletions
diff --git a/nanohttp/nanohttp-common.c b/nanohttp/nanohttp-common.c
index 3dcee6b..0b7661b 100644
--- a/nanohttp/nanohttp-common.c
+++ b/nanohttp/nanohttp-common.c
@@ -1,5 +1,5 @@
/******************************************************************
-* $Id: nanohttp-common.c,v 1.22 2006/01/10 11:29:05 snowdrop Exp $
+* $Id: nanohttp-common.c,v 1.23 2006/01/11 10:54:43 snowdrop Exp $
*
* CSOAP Project: A http client/server library in C
* Copyright (C) 2003 Ferhat Ayaz
@@ -42,10 +42,11 @@
static char _hoption_table[MAX_OPTION_SIZE][MAX_OPTION_VALUE_SIZE];
#ifdef HAVE_SSL
-extern char *SSLCert;
+/*extern char *SSLCert;
extern char *SSLPass;
extern char *SSLCA;
extern int SSLCertLess;
+*/
#endif
/* option stuff */
@@ -100,7 +101,8 @@ hoption_init_args(int argc, char *argv[])
"WARNING: csoap compiled without '--with-ssl' flag. Parameter '%s' is disabled",
NHTTP_ARG_CERT);
#else
- SSLCert = argv[i + 1];
+ /* TODO (#1#) handle ssl arguments */
+ /* SSLCert = argv[i + 1];*/
#endif
}
else if (!strcmp(argv[i], NHTTP_ARG_CERTPASS) && i < argc - 1)
@@ -110,7 +112,8 @@ hoption_init_args(int argc, char *argv[])
"WARNING: csoap compiled without '--with-ssl' flag. Parameter '%s' is disabled",
NHTTP_ARG_CERTPASS);
#else
- SSLPass = argv[i + 1];
+ /* TODO (#1#) handle ssl arguments */
+ /* SSLPass = argv[i + 1];*/
#endif
}
else if (!strcmp(argv[i], NHTTP_ARG_CA) && i < argc - 1)
@@ -120,7 +123,8 @@ hoption_init_args(int argc, char *argv[])
"WARNING: csoap compiled without '--with-ssl' flag. Parameter '%s' is disabled",
NHTTP_ARG_CA);
#else
- SSLCA = argv[i + 1];
+ /* TODO (#1#) handle ssl arguments */
+ /*SSLCA = argv[i + 1];*/
#endif
}
else if (!strcmp(argv[i], NHTTP_ARG_HTTPS))
@@ -130,7 +134,8 @@ hoption_init_args(int argc, char *argv[])
"WARNING: csoap compiled without '--with-ssl' flag. Parameter '%s' is disabled",
NHTTP_ARG_HTTPS);
#else
- SSLCertLess = 1;
+ /* TODO (#1#) handle ssl arguments */
+ /*SSLCertLess = 1;*/
#endif
}
}
diff --git a/nanohttp/nanohttp-common.h b/nanohttp/nanohttp-common.h
index 7a957ce..eb2c426 100644
--- a/nanohttp/nanohttp-common.h
+++ b/nanohttp/nanohttp-common.h
@@ -1,5 +1,5 @@
/******************************************************************
- * $Id: nanohttp-common.h,v 1.22 2006/01/10 11:29:05 snowdrop Exp $
+ * $Id: nanohttp-common.h,v 1.23 2006/01/11 10:54:43 snowdrop Exp $
*
* CSOAP Project: A http client/server library in C
* Copyright (C) 2003-2004 Ferhat Ayaz
@@ -105,7 +105,8 @@
#define HSOCKET_ERROR_ACCEPT 1008
#define HSOCKET_ERROR_NOT_INITIALIZED 1009
#define HSOCKET_ERROR_IOCTL 1010
-#define HSOCKET_SSL_CLOSE 1011
+#define HSOCKET_ERROR_SSLCLOSE 1011
+#define HSOCKET_ERROR_SSLCTX 1011
/* URL errors */
#define URL_ERROR_UNKNOWN_PROTOCOL 1101
@@ -139,7 +140,7 @@
#define XML_ERROR_PARSE 1601
/* SSL Errors */
-#define SSL_ERROR_INIT 1700
+/*#define SSL_ERROR_INIT 1700*/
/*
Set Sleep function platform depended
diff --git a/nanohttp/nanohttp-request.c b/nanohttp/nanohttp-request.c
index 930c609..1bd8a1d 100755
--- a/nanohttp/nanohttp-request.c
+++ b/nanohttp/nanohttp-request.c
@@ -1,5 +1,5 @@
/******************************************************************
-* $Id: nanohttp-request.c,v 1.8 2006/01/10 11:29:05 snowdrop Exp $
+* $Id: nanohttp-request.c,v 1.9 2006/01/11 10:54:43 snowdrop Exp $
*
* CSOAP Project: A http client/server library in C
* Copyright (C) 2003 Ferhat Ayaz
@@ -244,7 +244,7 @@ hrequest_new_from_socket(hsocket_t sock, hrequest_t ** out)
status = hsocket_read(sock, &(buffer[i]), 1, 1, &readed);
if (status != H_OK)
{
- if (herror_code(status) != HSOCKET_SSL_CLOSE)
+ if (herror_code(status) != HSOCKET_ERROR_SSLCLOSE)
{
log_error1("Socket read error");
}
diff --git a/nanohttp/nanohttp-server.c b/nanohttp/nanohttp-server.c
index 17dca3a..cc5517b 100644
--- a/nanohttp/nanohttp-server.c
+++ b/nanohttp/nanohttp-server.c
@@ -1,5 +1,5 @@
/******************************************************************
-* $Id: nanohttp-server.c,v 1.42 2006/01/11 09:22:21 snowdrop Exp $
+* $Id: nanohttp-server.c,v 1.43 2006/01/11 10:54:43 snowdrop Exp $
*
* CSOAP Project: A http client/server library in C
* Copyright (C) 2003 Ferhat Ayaz
@@ -103,7 +103,7 @@ sigset_t thrsigset;
#endif
#ifdef HAVE_SSL
-extern SSL_CTX *SSLctx;
+/*extern SSL_CTX *SSLctx;*/
#endif
@@ -326,7 +326,7 @@ httpd_send_header (httpd_conn_t * res, int code, const char *text)
}
-int
+herror_t
httpd_send_internal_error (httpd_conn_t * conn, const char *errmsg)
{
const char *template1 =
@@ -444,7 +444,7 @@ httpd_session_main (void *data)
char buffer[256]; /* temp buffer for recv() */
char header[4064]; /* received header */
hrequest_t *req = NULL; /* only for test */
- httpd_conn_t *rconn;
+ httpd_conn_t *rconn = NULL;
hservice_t *service = NULL;
herror_t status;
@@ -453,14 +453,14 @@ httpd_session_main (void *data)
log_verbose1 ("starting httpd_session_main()");
#ifdef HAVE_SSL
- if (!SSLctx)
+ if (!conn->sock.sslCtx)
{
log_verbose1 ("Using HTTP");
}
else
{
log_verbose1 ("Using HTTPS");
- conn->sock.ssl = init_ssl (SSLctx, conn->sock.sock, SSL_SERVER);
+ conn->sock.ssl = init_ssl (conn->sock.sslCtx, conn->sock.sock, SSL_SERVER);
hsocket_block (conn->sock, 0);
if (conn->sock.ssl == NULL)
{
@@ -481,7 +481,7 @@ httpd_session_main (void *data)
if (status != H_OK)
{
- if (herror_code (status) != HSOCKET_SSL_CLOSE)
+ if (herror_code (status) != HSOCKET_ERROR_SSLCLOSE)
{
httpd_send_internal_error (rconn, herror_message (status) /* "Request
parse
@@ -799,7 +799,10 @@ httpd_run ()
/* Accept a socket */
err = hsocket_accept (_httpd_socket, &(conn->sock));
- if (err != H_OK && herror_code (err) == SSL_ERROR_INIT)
+ if (err != H_OK
+ /* TODO (#1#) is this check neccessary?
+ && herror_code (err) == SSL_ERROR_INIT*/
+ )
{
hsocket_close (conn->sock);
conn->sock.sock = -1;
diff --git a/nanohttp/nanohttp-socket.c b/nanohttp/nanohttp-socket.c
index 018f42d..3110aea 100644
--- a/nanohttp/nanohttp-socket.c
+++ b/nanohttp/nanohttp-socket.c
@@ -1,5 +1,5 @@
/******************************************************************
-* $Id: nanohttp-socket.c,v 1.43 2006/01/10 11:29:05 snowdrop Exp $
+* $Id: nanohttp-socket.c,v 1.44 2006/01/11 10:54:43 snowdrop Exp $
*
* CSOAP Project: A http client/server library in C
* Copyright (C) 2003 Ferhat Ayaz
@@ -78,11 +78,11 @@ typedef int ssize_t;
#ifdef HAVE_SSL
-SSL_CTX *SSLctx = NULL;
+/*SSL_CTX *SSLctx = NULL;
char *SSLCert = NULL;
char *SSLPass = NULL;
char *SSLCA = NULL;
-int SSLCertLess = 0;
+int SSLCertLess = 0;*/
#endif
/*--------------------------------------------------
@@ -126,22 +126,41 @@ hsocket_init(hsocket_t * sock)
log_verbose1("Starting hsocket init");
/* just set the descriptor to -1 */
sock->sock = -1;
+
#ifdef HAVE_SSL
sock->ssl = NULL;
- if (SSLCert || SSLCertLess)
+ sock->sslCtx = NULL;
+#endif
+
+ return H_OK;
+}
+
+/*--------------------------------------------------
+FUNCTION: hsocket_init_ssl
+----------------------------------------------------*/
+#ifdef HAVE_SSL
+herror_t
+hsocket_init_ssl(hsocket_t * sock,
+ const char* sslCert,
+ const char* sslPass,
+ const char* sslCA)
+{
+ hsocket_init(sock);
+
+ log_verbose1("calling initialize_ctx()");
+ sock->sslCtx = initialize_ctx(sslCert, sslPass, sslCA);
+ if (sock->sslCtx == NULL)
{
- log_verbose1("calling init ctx");
- SSLctx = initialize_ctx(SSLCert, SSLPass, SSLCA);
- if (SSLctx == NULL)
- {
- return herror_new("hsocket_init", HSOCKET_ERROR_CONNECT,
- "Unable to initialize SSL CTX");
- }
+ return herror_new("hsocket_init_ctx", HSOCKET_ERROR_SSLCTX,
+ "Unable to initialize SSL CTX");
}
-#endif
+
return H_OK;
}
+#endif
+
+
/*--------------------------------------------------
FUNCTION: hsocket_free
----------------------------------------------------*/
@@ -186,7 +205,7 @@ hsocket_open(hsocket_t * dsock, const char *hostname, int port)
"Socket error: %d", errno);
#ifdef HAVE_SSL
- if (!SSLctx)
+ if (!dsock->sslCtx)
{
#endif
log_verbose1("Using HTTP");
@@ -196,7 +215,7 @@ hsocket_open(hsocket_t * dsock, const char *hostname, int port)
else
{
log_verbose1("Using HTTPS");
- dsock->ssl = init_ssl(SSLctx, sock.sock, SSL_CLIENT);
+ dsock->ssl = init_ssl(dsock->sslCtx, sock.sock, SSL_CLIENT);
}
#endif
return H_OK;
@@ -434,7 +453,7 @@ hsocket_nsend(hsocket_t sock, const byte_t * bytes, int n)
return herror_new("hsocket_nsend", HSOCKET_ERROR_NOT_INITIALIZED,
"Called hsocket_listen() before initializing!");
- // log_verbose2( "SENDING %s", bytes );
+ /* log_verbose2( "SENDING %s", bytes );*/
/* TODO (#1#): check return value and send again until n bytes sent */
while (1)
@@ -513,7 +532,7 @@ hsocket_read(hsocket_t sock, byte_t * buffer, int total, int force,
if (sock.ssl)
{
struct timeval timeout;
- int i = 0;
+ /*int i = 0;*/
fd_set fds;
FD_ZERO(&fds);
FD_SET(sock.sock, &fds);
@@ -523,14 +542,14 @@ hsocket_read(hsocket_t sock, byte_t * buffer, int total, int force,
#else
fcntl(sock.sock, F_SETFL, O_NONBLOCK);
#endif
- // log_verbose1("START READ LOOP");
- // do{
- // log_verbose2("DEBUG A %d",i);
+ /* log_verbose1("START READ LOOP");
+ do{
+ log_verbose2("DEBUG A %d",i); */
status = SSL_read(sock.ssl, &buffer[totalRead], total - totalRead);
if (status < 1)
{
int ret = select(sock.sock + 1, &fds, NULL, NULL, &timeout);
- // log_verbose2("DEBUG %d",ret);
+ /* log_verbose2("DEBUG %d",ret);*/
#ifdef WIN32
if (ret == SOCKET_ERROR)
{
@@ -544,17 +563,17 @@ hsocket_read(hsocket_t sock, byte_t * buffer, int total, int force,
if (ret == 0)
{
log_verbose1("Socket timeout");
- return herror_new("hsocket_read", HSOCKET_SSL_CLOSE, "Timeout");
+ return herror_new("hsocket_read", HSOCKET_ERROR_SSLCLOSE, "Timeout");
}
else
{
- // log_verbose1("DEBUG C");
+ /* log_verbose1("DEBUG C"); */
status = SSL_read(sock.ssl, &buffer[totalRead], total - totalRead);
}
- // log_verbose3("DEBUG D char: %d status: %d",
- // buffer[totalRead], SSL_get_error(sock.ssl, status));
+ /* log_verbose3("DEBUG D char: %d status: %d",
+ buffer[totalRead], SSL_get_error(sock.ssl, status));*/
}
- // } while( SSL_get_error(sock.ssl, status) == SSL_ERROR_WANT_READ);
+ /* } while( SSL_get_error(sock.ssl, status) == SSL_ERROR_WANT_READ); */
#ifdef WIN32
#else
fcntl(sock.sock, F_SETFL, 0);
@@ -562,9 +581,9 @@ hsocket_read(hsocket_t sock, byte_t * buffer, int total, int force,
}
else
{
-#else // HAVE_SSL
+#else /* HAVE_SSL */
{
-#endif // HAVE_SSL
+#endif /* HAVE_SSL */
status = recv(sock.sock, &buffer[totalRead], total - totalRead, 0);
#ifdef WIN32
@@ -598,12 +617,12 @@ hsocket_read(hsocket_t sock, byte_t * buffer, int total, int force,
if (sock.ssl && status < 1)
{
- // XXX I'm not sure this err_syscall is right here...
+ /* XXX I'm not sure this err_syscall is right here... */
if (SSL_get_shutdown(sock.ssl) == SSL_RECEIVED_SHUTDOWN ||
SSL_get_error(sock.ssl, status) == SSL_ERROR_SYSCALL)
{
*received = NULL;;
- return herror_new("hsocket_read", HSOCKET_SSL_CLOSE, "SSL Closed");
+ return herror_new("hsocket_read", HSOCKET_ERROR_SSLCLOSE, "SSL Closed");
}
log_error2("Read error (%d)", status);
log_ssl_error(sock.ssl, status);
diff --git a/nanohttp/nanohttp-socket.h b/nanohttp/nanohttp-socket.h
index b75a637..e0228e9 100644
--- a/nanohttp/nanohttp-socket.h
+++ b/nanohttp/nanohttp-socket.h
@@ -1,5 +1,5 @@
/******************************************************************
- * $Id: nanohttp-socket.h,v 1.20 2006/01/10 11:29:05 snowdrop Exp $
+ * $Id: nanohttp-socket.h,v 1.21 2006/01/11 10:54:43 snowdrop Exp $
*
* CSOAP Project: A http client/server library in C
* Copyright (C) 2003 Ferhat Ayaz
@@ -37,25 +37,30 @@
#endif
-#ifdef WIN32
+/*
+ Socket definition
+*/
typedef struct hsocket_t
{
+
#ifdef HAVE_SSL
SSL *ssl;
+ SSL_CTX *sslCtx;
#endif
+
+#ifdef WIN32
SOCKET sock;
-} hsocket_t;
-typedef int socklen_t;
#else
-typedef struct hsocket_t
-{
-#ifdef HAVE_SSL
- SSL *ssl;
-#endif
int sock;
-} hsocket_t;
#endif
+} hsocket_t; /* end of socket definition */
+
+#ifdef WIN32
+typedef int socklen_t;
+#endif
+
+
/**
@@ -75,17 +80,38 @@ void hsocket_module_destroy();
/**
- Initializes a given socket object. This function should
+ Initializes a given socket object. This function (or
+ hsokcet_init_ssl) should
be called for every socket before using it.
@param sock the destination socket to initialize.
+ @see hsocket_init_ssl
@returns This function should always return H_OK.
*/
herror_t hsocket_init(hsocket_t * sock);
/**
+ Initializes a given socket object with ssl context.
+ To initialize the socket without ssl, you should use
+ hsocket_init()
+
+ @param sock the destination socket to initialize.
+ @param sslCert keyfile
+ @param sslPass passwort
+ @param sslCA calist
+
+ @see hsocket_init
+ @returns HSOCKET_ERROR_SSLCTX if failed. H_OK otherwise
+ */
+herror_t
+hsocket_init_ssl(hsocket_t * sock,
+ const char* sslCert,
+ const char* sslPass,
+ const char* sslCA);
+
+/**
Destroys and releases a given socket.
@param sock the socket to destroy
diff --git a/nanohttp/nanohttp-ssl.c b/nanohttp/nanohttp-ssl.c
index 798d623..254b718 100644
--- a/nanohttp/nanohttp-ssl.c
+++ b/nanohttp/nanohttp-ssl.c
@@ -167,7 +167,7 @@ user_verify (X509 * cert)
#endif
SSL_CTX *
-initialize_ctx (char *keyfile, char *password, char *calist)
+initialize_ctx (const char *keyfile, const char *password, const char *calist)
{
SSL_CTX *ctx = NULL;
diff --git a/nanohttp/nanohttp-ssl.h b/nanohttp/nanohttp-ssl.h
index f4ec7ef..5cb4cc3 100644
--- a/nanohttp/nanohttp-ssl.h
+++ b/nanohttp/nanohttp-ssl.h
@@ -63,7 +63,9 @@ typedef struct Con
* Initialize the context
*/
-SSL_CTX *initialize_ctx(char *keyfile, char *password, char *calist);
+SSL_CTX *initialize_ctx(const char *keyfile,
+ const char *password,
+ const char *calist);
/*
* Quick function for verifying a portion of the cert
@@ -98,6 +100,14 @@ SSL *init_ssl(SSL_CTX * ctx, int sock, int type);
void ssl_cleanup();
+/**
+ Log funtion to report ssl failures
+ @param ssl
+ @param ret
+ */
+void
+log_ssl_error (SSL * ssl, int ret);
+
#endif
#endif /* HAVE_SSL */