mirrors/zap
1
0
Fork 0
mirror of https://github.com/zigzap/zap.git synced 2025-10-20 15:14:08 +00:00
Code Activity

added zap.Tls, updated https example

Browse source
This commit is contained in:
Rene Schallner 2023-12-30 03:13:36 +01:00
parent 83dd0153ef
commit 1061c2d4ba
6 changed files with 35 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
examples/https/https.zig
View file

@ -44,12 +44,13 @@ pub fn main() !void {
help_and_exit(KEY_FILE, err); help_and_exit(KEY_FILE, err);
}; };
const tls = zap.fio_tls_new( const tls = try zap.Tls.init(
"localhost:4443", "localhost:4443",
CERT_FILE, CERT_FILE,
KEY_FILE, KEY_FILE,
null, // key file is not password-protected null, // key file is not password-protected
); );
defer tls.deinit();
var listener = zap.SimpleHttpListener.init(.{ var listener = zap.SimpleHttpListener.init(.{
.port = 4443, .port = 4443,

4
facil.io/lib/facil/tls/fio_tls.h
View file

@ -42,7 +42,7 @@ fio_tls_s *fio_tls_new(const char *server_name, const char *public_cert_file,
* "public_key.pem", * "public_key.pem",
* "private_key.pem", NULL ); * "private_key.pem", NULL );
*/ */
void fio_tls_cert_add(fio_tls_s *, const char *server_name, int fio_tls_cert_add(fio_tls_s *, const char *server_name,
const char *public_cert_file, const char *public_cert_file,
const char *private_key_file, const char *pk_password); const char *private_key_file, const char *pk_password);
@ -87,7 +87,7 @@ uintptr_t fio_tls_alpn_count(fio_tls_s *tls);
* *
* fio_tls_trust(tls, "google-ca.pem" ); * fio_tls_trust(tls, "google-ca.pem" );
*/ */
void fio_tls_trust(fio_tls_s *, const char *public_cert_file); int fio_tls_trust(fio_tls_s *, const char *public_cert_file);
/** /**
* Establishes an SSL/TLS connection as an SSL/TLS Server, using the specified * Establishes an SSL/TLS connection as an SSL/TLS Server, using the specified

20
facil.io/lib/facil/tls/fio_tls_missing.c
View file

@ -480,14 +480,18 @@ fio_tls_s *FIO_TLS_WEAK fio_tls_new(const char *server_name, const char *cert,
REQUIRE_LIBRARY(); REQUIRE_LIBRARY();
fio_tls_s *tls = calloc(sizeof(*tls), 1); fio_tls_s *tls = calloc(sizeof(*tls), 1);
tls->ref = 1; tls->ref = 1;
fio_tls_cert_add(tls, server_name, key, cert, pk_password); if(fio_tls_cert_add(tls, server_name, key, cert, pk_password) != 0) {
// file not found error
free(tls);
return NULL;
}
return tls; return tls;
} }
/** /**
* Adds a certificate a new SSL/TLS context / settings object. * Adds a certificate a new SSL/TLS context / settings object.
*/ */
void FIO_TLS_WEAK fio_tls_cert_add(fio_tls_s *tls, const char *server_name, int FIO_TLS_WEAK fio_tls_cert_add(fio_tls_s *tls, const char *server_name,
const char *cert, const char *key, const char *cert, const char *key,
const char *pk_password) { const char *pk_password) {
REQUIRE_LIBRARY(); REQUIRE_LIBRARY();
@ -510,11 +514,11 @@ void FIO_TLS_WEAK fio_tls_cert_add(fio_tls_s *tls, const char *server_name,
} }
fio_tls_cert_destroy(&c); fio_tls_cert_destroy(&c);
fio_tls_build_context(tls); fio_tls_build_context(tls);
return; return 0;
file_missing: file_missing:
FIO_LOG_FATAL("TLS certificate file missing for either %s or %s or both.", FIO_LOG_FATAL("TLS certificate file missing for either %s or %s or both.",
key, cert); key, cert);
exit(203); // CoalNova's suggestion. Was: -1 return -1; // rene
} }
/** /**
@ -560,22 +564,22 @@ uintptr_t FIO_TLS_WEAK fio_tls_alpn_count(fio_tls_s *tls) {
* *
* fio_tls_trust(tls, "google-ca.pem" ); * fio_tls_trust(tls, "google-ca.pem" );
*/ */
void FIO_TLS_WEAK fio_tls_trust(fio_tls_s *tls, const char *public_cert_file) { int FIO_TLS_WEAK fio_tls_trust(fio_tls_s *tls, const char *public_cert_file) {
REQUIRE_LIBRARY(); REQUIRE_LIBRARY();
trust_s c = { trust_s c = {
.pem = FIO_STR_INIT, .pem = FIO_STR_INIT,
}; };
if (!public_cert_file) if (!public_cert_file)
return; return 0;
if (fio_str_readfile(&c.pem, public_cert_file, 0, 0).data == NULL) if (fio_str_readfile(&c.pem, public_cert_file, 0, 0).data == NULL)
goto file_missing; goto file_missing;
trust_ary_push(&tls->trust, c); trust_ary_push(&tls->trust, c);
fio_tls_trust_destroy(&c); fio_tls_trust_destroy(&c);
fio_tls_build_context(tls); fio_tls_build_context(tls);
return; return 0;
file_missing: file_missing:
FIO_LOG_FATAL("TLS certificate file missing for %s ", public_cert_file); FIO_LOG_FATAL("TLS certificate file missing for %s ", public_cert_file);
exit(204); // CoalNova's suggestion. was: -1. return -1; // rene
} }
/** /**

20
facil.io/lib/facil/tls/fio_tls_openssl.c
View file

@ -855,14 +855,18 @@ fio_tls_s *FIO_TLS_WEAK fio_tls_new(const char *server_name, const char *cert,
REQUIRE_LIBRARY(); REQUIRE_LIBRARY();
fio_tls_s *tls = calloc(sizeof(*tls), 1); fio_tls_s *tls = calloc(sizeof(*tls), 1);
tls->ref = 1; tls->ref = 1;
fio_tls_cert_add(tls, server_name, key, cert, pk_password); if(fio_tls_cert_add(tls, server_name, key, cert, pk_password) != 0) {
// file not found error
free(tls);
return NULL;
}
return tls; return tls;
} }
/** /**
* Adds a certificate a new SSL/TLS context / settings object. * Adds a certificate a new SSL/TLS context / settings object.
*/ */
void FIO_TLS_WEAK fio_tls_cert_add(fio_tls_s *tls, const char *server_name, int FIO_TLS_WEAK fio_tls_cert_add(fio_tls_s *tls, const char *server_name,
const char *cert, const char *key, const char *cert, const char *key,
const char *pk_password) { const char *pk_password) {
REQUIRE_LIBRARY(); REQUIRE_LIBRARY();
@ -885,11 +889,11 @@ void FIO_TLS_WEAK fio_tls_cert_add(fio_tls_s *tls, const char *server_name,
} }
fio_tls_cert_destroy(&c); fio_tls_cert_destroy(&c);
fio_tls_build_context(tls); fio_tls_build_context(tls);
return; return 0;
file_missing: file_missing:
FIO_LOG_FATAL("TLS certificate file missing for either %s or %s or both.", FIO_LOG_FATAL("TLS certificate file missing for either %s or %s or both.",
key, cert); key, cert);
exit(200); // CoalNova's suggestion. Was: -1 return -1;
} }
/** /**
@ -937,22 +941,22 @@ uintptr_t FIO_TLS_WEAK fio_tls_alpn_count(fio_tls_s *tls) {
* *
* fio_tls_trust(tls, "google-ca.pem" ); * fio_tls_trust(tls, "google-ca.pem" );
*/ */
void FIO_TLS_WEAK fio_tls_trust(fio_tls_s *tls, const char *public_cert_file) { int FIO_TLS_WEAK fio_tls_trust(fio_tls_s *tls, const char *public_cert_file) {
REQUIRE_LIBRARY(); REQUIRE_LIBRARY();
trust_s c = { trust_s c = {
.pem = FIO_STR_INIT, .pem = FIO_STR_INIT,
}; };
if (!public_cert_file) if (!public_cert_file)
return; return 0;
if (fio_str_readfile(&c.pem, public_cert_file, 0, 0).data == NULL) if (fio_str_readfile(&c.pem, public_cert_file, 0, 0).data == NULL)
goto file_missing; goto file_missing;
trust_ary_push(&tls->trust, c); trust_ary_push(&tls->trust, c);
fio_tls_trust_destroy(&c); fio_tls_trust_destroy(&c);
fio_tls_build_context(tls); fio_tls_build_context(tls);
return; return 0;
file_missing: file_missing:
FIO_LOG_FATAL("TLS certificate file missing for %s ", public_cert_file); FIO_LOG_FATAL("TLS certificate file missing for %s ", public_cert_file);
exit(201); // CoalNova's suggestion. Was: -1 return -1; // CoalNova's suggestion. Was: -1
} }
/** /**

4
src/fio.zig
View file

@ -195,12 +195,12 @@ pub extern fn fio_tls_cert_add(
public_certificate_file: ?[*:0]const u8, public_certificate_file: ?[*:0]const u8,
private_key_file: ?[*:0]const u8, private_key_file: ?[*:0]const u8,
private_key_password: ?[*:0]const u8, private_key_password: ?[*:0]const u8,
) void; ) c_int;
/// Adds a certificate to the "trust" list, which automatically adds a peer verification requirement. /// Adds a certificate to the "trust" list, which automatically adds a peer verification requirement.
/// Note: when the fio_tls_s object is used for server connections, this will limit connections to /// Note: when the fio_tls_s object is used for server connections, this will limit connections to
/// clients that connect using a trusted certificate. /// clients that connect using a trusted certificate.
pub extern fn fio_tls_trust(tls: ?*anyopaque, public_cert_file: ?[*:0]const u8) void; pub extern fn fio_tls_trust(tls: ?*anyopaque, public_cert_file: ?[*:0]const u8) c_int;
/// Establishes an SSL/TLS connection as an SSL/TLS Server, using the specified context / settings object. /// Establishes an SSL/TLS connection as an SSL/TLS Server, using the specified context / settings object.
/// The uuid should be a socket UUID that is already connected to a peer (i.e., the result of fio_accept). /// The uuid should be a socket UUID that is already connected to a peer (i.e., the result of fio_accept).

7
src/zap.zig
View file

@ -4,6 +4,9 @@
const std = @import("std"); const std = @import("std");
const fio = @import("fio.zig"); const fio = @import("fio.zig");
/// Server-Side TLS function wrapper
pub const Tls = @import("tls.zig");
pub usingnamespace @import("fio.zig"); pub usingnamespace @import("fio.zig");
pub usingnamespace @import("endpoint.zig"); pub usingnamespace @import("endpoint.zig");
pub usingnamespace @import("util.zig"); pub usingnamespace @import("util.zig");
@ -770,7 +773,7 @@ pub const SimpleHttpListenerSettings = struct {
log: bool = false, log: bool = false,
ws_timeout: u8 = 40, ws_timeout: u8 = 40,
ws_max_msg_size: usize = 262144, ws_max_msg_size: usize = 262144,
tls: ?*anyopaque = null, tls: ?Tls = null,
}; };
pub const SimpleHttpListener = struct { pub const SimpleHttpListener = struct {
@ -884,7 +887,7 @@ pub const SimpleHttpListener = struct {
.max_body_size = self.settings.max_body_size orelse 50 * 1024 * 1024, .max_body_size = self.settings.max_body_size orelse 50 * 1024 * 1024,
// fio provides good default: // fio provides good default:
.max_clients = self.settings.max_clients orelse 0, .max_clients = self.settings.max_clients orelse 0,
.tls = self.settings.tls, .tls = if (self.settings.tls) |tls| tls.fio_tls else null,
.reserved1 = 0, .reserved1 = 0,
.reserved2 = 0, .reserved2 = 0,
.reserved3 = 0, .reserved3 = 0,