From 59496b8f47ef1ceb7564ea5a052a57018374029f Mon Sep 17 00:00:00 2001 From: m0gg Date: Wed, 3 Jan 2007 13:41:52 +0000 Subject: README.ssl moved to nanohttp-ssl.h --- Makefile.am | 19 ++++++-- README.ssl | 90 ------------------------------------- TODO | 27 +++++++---- nanohttp/nanohttp-server.h | 3 +- nanohttp/nanohttp-ssl.h | 110 ++++++++++++++++++++++++++++++++++++++++++++- 5 files changed, 145 insertions(+), 104 deletions(-) delete mode 100644 README.ssl diff --git a/Makefile.am b/Makefile.am index 551aeff..2f51a0c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,4 +1,12 @@ -SUBDIRS=nanohttp libcsoap xsd2c wsdl2c examples +# +# $Revision: 1.14 $ +# + +SUBDIRS=nanohttp \ + libcsoap \ + xsd2c \ + wsdl2c \ + examples bin_SCRIPTS=csoap-config @@ -28,6 +36,11 @@ win32_env=win32/MinGW/Makefile \ win32/MinGW/readme.txt \ win32/include/wsockcompat.h -EXTRA_DIST=$(documentation) $(win32_env) libcsoap.pc.in libcsoap.m4 \ - indent.pro README.ssl README.xmlsec $(broken_examples) +EXTRA_DIST=$(documentation) \ + $(win32_env) \ + libcsoap.pc.in \ + libcsoap.m4 \ + indent.pro \ + README.xmlsec \ + $(broken_examples) diff --git a/README.ssl b/README.ssl deleted file mode 100644 index 3d462c7..0000000 --- a/README.ssl +++ /dev/null @@ -1,90 +0,0 @@ -$Id: README.ssl,v 1.3 2006/12/10 12:23:40 m0gg Exp $ -=============================================================================== - -How to use SSL with nanoHTTP/cSOAP - - 1. Simple key generation - 2. Generate a key with a certificate - 3. Generate a certification authority - 3.1 Create the directory structure - 3.2 Generate the CA key - 3.3 Sign a certification request - 4. Commandline arguments at startup - 5. Howto hide the password - 6. What else? - -1. Simple key generation - - $ openssl req -nodes -days 1825 -subj "/CN=`hostname`" -newkey rsa:1024 -keyout sslkey.pem -out sslreq.pem - -2. Generate a key with a certificate - -2.1. Create a key and a certification request as in 1. -2.2. Post the sslreq.pem to your favorite CA -2.3. Join your key with the certificate from yout CA - $ cat ssl.cert >> sslkey.pem - -3. Generate a certification authority - -3.1 Create the directory structure - - $ mkdir ca - $ echo '01' > $1 ca/serial - $ touch ca/index.txt - $ mkdir ca/crl - $ mkdir ca/newcerts - $ mkdir ca/private - $ chmod 700 ca/private - -3.2 Generate the CA key - - $ openssl req -x509 -nodes -days 1826 -subj "/CN=myCa" -newkey rsa:1024 -keyout ca/private/cakey.pem -out ca/cacert.pem - -3.3 Sign a certification request - - $ openssl ca -in sslreq.pem -out ssl.cert - -4. Commandline arguments at startup - --NHTTPS Enable https protocol in the nanoHTTP server - --NHTTPcert CERTfile A file containing a certificate chain from file. The - certificates must be in PEM format and must be sorted - starting with the subject's certificate (actual client - or server certificate), followed by intermediate CA - certificates if applicable, and ending at the highest - level (root) CA. - --NHTTPcertpass password The password to be used during decryption of the - certificate. - --NHTTPCA CAfile File pointing to a file of CA certificates in PEM - format. The file can contain several CA certificates - identified by - - -----BEGIN CERTIFICATE----- - ... (CA certificate in base64 encoding) ... - -----END CERTIFICATE----- - - sequences. Before, between, and after the certificates - text is allowed which can be used e.g. for descriptions - of the certificates. - -5. Howto hide the password - -You can use the following functions before calling httpd_init, httpc_init and -accordingly soap_server_init, soap_client_init. The are roughly the same then the -commandline versions. - - - hssl_enable(void) - - hssl_set_certificate(const char *CERTfile) - - hssl_set_certpass(const char *pass) - - hssl_set_ca(const char *CAfile) - -NOTE: If you use this functions an specify the commandline arguments, then the -commandline arguments take precedence. - -6. What else? - - - int hssl_enabled(void) - diff --git a/TODO b/TODO index 8381e81..abe2b30 100644 --- a/TODO +++ b/TODO @@ -1,4 +1,4 @@ -$Id: TODO,v 1.17 2007/01/03 12:16:02 m0gg Exp $ +$Id: TODO,v 1.18 2007/01/03 13:41:52 m0gg Exp $ =============================================================================== Things to do _before_ 1.2 release: @@ -11,8 +11,8 @@ nanohttp: - "GET http://fdqn/service HTTP/1.1" segfaults - Check portability to Win32/MaxOS (only tested on FreeBSD/Solaris/Linux) - remove CFLAGS="-D_XOPEN_SOURCE=600" ./configure on Linux -- Elaborate README.ssl (more text and references to csoap API docs, OpenSSL) - - move this documentation to nanohttp-ssl.h +- Elaborate nanohttp_ssl_page + - (more text and references OpenSSL (project and man pages)) - delete or fix broken examples (see Makefile.am) - Improve API documentation @@ -23,7 +23,15 @@ csoap: - Check portability to Win32/Linux/MaxOS (only tested on FreeBSD 6.2) - Improve API documentation - Add reference to http://www.w3.org/TR/SOAP-attachments -- Write README.xmlsec like README.ssl +- document xmlsec (like nanohttp_ssl_page) + +xsd2c: +====== +- Check portability + +wsdl2c: +======= +- Check portability Things to do _after_ 1.2 release: ================================= @@ -54,12 +62,13 @@ csoap: wsdl2c: ======= +- generate csoap client/server skeletons xsd2c: ====== - -+ Add extension base functionality OK -+ Add deserialize functionality OK -+ Add simpleTypes (list, restriction?, ...) -+ List free must use ( _Free(..->value) ) instead of ( free() ) +- Check if this is already done: + - Add extension base functionality OK + - Add deserialize functionality OK + - Add simpleTypes (list, restriction?, ...) + - List free must use ( _Free(..->value) ) instead of ( free() ) diff --git a/nanohttp/nanohttp-server.h b/nanohttp/nanohttp-server.h index 71c0370..68d61c3 100644 --- a/nanohttp/nanohttp-server.h +++ b/nanohttp/nanohttp-server.h @@ -1,5 +1,5 @@ /****************************************************************** - * $Id: nanohttp-server.h,v 1.36 2007/01/01 22:54:46 m0gg Exp $ + * $Id: nanohttp-server.h,v 1.37 2007/01/03 13:41:52 m0gg Exp $ * * CSOAP Project: A http client/server library in C * Copyright (C) 2003 Ferhat Ayaz @@ -51,6 +51,7 @@ * - @subpage nanohttp_client_page * - @subpage nanohttp_server_page * - @subpage nanohttp_mime_page + * - @subpage nanohttp_ssl_page * * @author Ferhat Ayaz * @author Michael Rans diff --git a/nanohttp/nanohttp-ssl.h b/nanohttp/nanohttp-ssl.h index aa5c781..5794c63 100644 --- a/nanohttp/nanohttp-ssl.h +++ b/nanohttp/nanohttp-ssl.h @@ -1,5 +1,5 @@ /****************************************************************** -* $Id: nanohttp-ssl.h,v 1.26 2006/12/11 08:13:19 m0gg Exp $ +* $Id: nanohttp-ssl.h,v 1.27 2007/01/03 13:41:52 m0gg Exp $ * * CSOAP Project: A http client/server library in C * Copyright (C) 2001-2005 Rochester Institute of Technology @@ -24,6 +24,114 @@ #ifndef __nanohttp_ssl_h #define __nanohttp_ssl_h +/** @page nanohttp_ssl_page How to use SSL with nanoHTTP/cSOAP + * + * @section nanohttp_ssl_toc_sec Table of contents + * + * - @ref nanohttp_ssl_key_generation_sec + * - @ref nanohttp_ssl_cert_generation_sec + * - @ref nanohttp_ssl_ca_generation_sec + * - @ref nanohttp_ssl_ca_dir_sec + * - @ref nanohttp_ssl_ca_key_sec + * - @ref nanohttp_ssl_sign_sec + * - @ref nanohttp_cmdline_sec + * - @ref nanohttp_faq_sec + * + * @section nanohttp_ssl_key_generation_sec Simple key generation + * + * @code + * $ openssl req -nodes -days 1825 -subj "/CN=`hostname`" -newkey rsa:1024 -keyout sslkey.pem -out sslreq.pem + * @endcode + * + * @section nanohttp_ssl_cert_generation_sec Generate a key with a certificate + * + * @subsection nanohttp_ssl_a_sec Create a key and a certification request + * @subsection nanohttp_ssl_b_sec Post the sslreq.pem to your favorite CA + * @subsection nanohttp_ssl_c_sec Join your key with the certificate from yout CA + * + * @code + * $ cat ssl.cert >> sslkey.pem + * @endcode + * + * @section nanohttp_ssl_ca_generation_sec Generate a certification authority + * + * @subsection nanohttp_ssl_ca_dir_sec Create the directory structure + * + * @code + * $ mkdir ca + * $ echo '01' > $1 ca/serial + * $ touch ca/index.txt + * $ mkdir ca/crl + * $ mkdir ca/newcerts + * $ mkdir ca/private + * $ chmod 700 ca/private + * @endcode + * + * @subsection nanohttp_ssl_ca_key_sec Generate the CA key + * + * @code + * $ openssl req -x509 -nodes -days 1826 -subj "/CN=myCa" -newkey rsa:1024 -keyout ca/private/cakey.pem -out ca/cacert.pem + * @endcode + * + * @subsection nanohttp_ssl_sign_sec Sign a certification request + * + * @code + * $ openssl ca -in sslreq.pem -out ssl.cert + * @endcode + * + * @section nanohttp_cmdline_sec Commandline arguments at startup + * + * @code + * -NHTTPS Enable https protocol in the nanoHTTP server + * + * -NHTTPcert CERTfile A file containing a certificate chain from file. The + * certificates must be in PEM format and must be sorted + * starting with the subject's certificate (actual client + * or server certificate), followed by intermediate CA + * certificates if applicable, and ending at the highest + * level (root) CA. + * + * -NHTTPcertpass password The password to be used during decryption of the + * certificate. + * + * -NHTTPCA CAfile File pointing to a file of CA certificates in PEM + * format. The file can contain several CA certificates + * identified by + * + * -----BEGIN CERTIFICATE----- + * ... (CA certificate in base64 encoding) ... + * -----END CERTIFICATE----- + * + * sequences. Before, between, and after the certificates + * text is allowed which can be used e.g. for descriptions + * of the certificates. + * @endcode + * + * @section nanohttp_ssl_faq_sec Frequently asked questions + * + * - Howto hide the password + * You can use the following functions before calling httpd_init, httpc_init + * and accordingly soap_server_init, soap_client_init. The are roughly the same + * then the commandline versions. + * + * @code + * hssl_enable(void) + * hssl_set_certificate(const char *CERTfile) + * hssl_set_certpass(const char *pass) + * hssl_set_ca(const char *CAfile) + * @endcode + * + * NOTE: If you use this functions an specify the commandline arguments, then + * the commandline arguments take precedence. + * + * - What else? + * + * @code + * int hssl_enabled(void) + * @endcode + * + */ + /** * * Commandline argument to enabled SSL in the nanoHTTP server. -- cgit v1.1-32-gdbae