mirror of
https://github.com/zigzap/zap.git
synced 2025-10-20 15:14:08 +00:00
added zap.Tls, updated https example
This commit is contained in:
Rene Schallner
parent
83dd0153ef
commit
1061c2d4ba
6 changed files with 35 additions and 23 deletions
|
|
@ -44,12 +44,13 @@ pub fn main() !void {
|
|||
help_and_exit(KEY_FILE, err);
|
||||
};
|
||||
|
||||
const tls = zap.fio_tls_new(
|
||||
const tls = try zap.Tls.init(
|
||||
"localhost:4443",
|
||||
CERT_FILE,
|
||||
KEY_FILE,
|
||||
null, // key file is not password-protected
|
||||
);
|
||||
defer tls.deinit();
|
||||
|
||||
var listener = zap.SimpleHttpListener.init(.{
|
||||
.port = 4443,
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ fio_tls_s *fio_tls_new(const char *server_name, const char *public_cert_file,
|
|||
* "public_key.pem",
|
||||
* "private_key.pem", NULL );
|
||||
*/
|
||||
void fio_tls_cert_add(fio_tls_s *, const char *server_name,
|
||||
int fio_tls_cert_add(fio_tls_s *, const char *server_name,
|
||||
const char *public_cert_file,
|
||||
const char *private_key_file, const char *pk_password);
|
||||
|
||||
|
|
@ -87,7 +87,7 @@ uintptr_t fio_tls_alpn_count(fio_tls_s *tls);
|
|||
*
|
||||
* fio_tls_trust(tls, "google-ca.pem" );
|
||||
*/
|
||||
void fio_tls_trust(fio_tls_s *, const char *public_cert_file);
|
||||
int fio_tls_trust(fio_tls_s *, const char *public_cert_file);
|
||||
|
||||
/**
|
||||
* Establishes an SSL/TLS connection as an SSL/TLS Server, using the specified
|
||||
|
|
|
|||
|
|
@ -480,14 +480,18 @@ fio_tls_s *FIO_TLS_WEAK fio_tls_new(const char *server_name, const char *cert,
|
|||
REQUIRE_LIBRARY();
|
||||
fio_tls_s *tls = calloc(sizeof(*tls), 1);
|
||||
tls->ref = 1;
|
||||
fio_tls_cert_add(tls, server_name, key, cert, pk_password);
|
||||
if(fio_tls_cert_add(tls, server_name, key, cert, pk_password) != 0) {
|
||||
// file not found error
|
||||
free(tls);
|
||||
return NULL;
|
||||
}
|
||||
return tls;
|
||||
}
|
||||
|
||||
/**
|
||||
* Adds a certificate a new SSL/TLS context / settings object.
|
||||
*/
|
||||
void FIO_TLS_WEAK fio_tls_cert_add(fio_tls_s *tls, const char *server_name,
|
||||
int FIO_TLS_WEAK fio_tls_cert_add(fio_tls_s *tls, const char *server_name,
|
||||
const char *cert, const char *key,
|
||||
const char *pk_password) {
|
||||
REQUIRE_LIBRARY();
|
||||
|
|
@ -510,11 +514,11 @@ void FIO_TLS_WEAK fio_tls_cert_add(fio_tls_s *tls, const char *server_name,
|
|||
}
|
||||
fio_tls_cert_destroy(&c);
|
||||
fio_tls_build_context(tls);
|
||||
return;
|
||||
return 0;
|
||||
file_missing:
|
||||
FIO_LOG_FATAL("TLS certificate file missing for either %s or %s or both.",
|
||||
key, cert);
|
||||
exit(203); // CoalNova's suggestion. Was: -1
|
||||
return -1; // rene
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -560,22 +564,22 @@ uintptr_t FIO_TLS_WEAK fio_tls_alpn_count(fio_tls_s *tls) {
|
|||
*
|
||||
* fio_tls_trust(tls, "google-ca.pem" );
|
||||
*/
|
||||
void FIO_TLS_WEAK fio_tls_trust(fio_tls_s *tls, const char *public_cert_file) {
|
||||
int FIO_TLS_WEAK fio_tls_trust(fio_tls_s *tls, const char *public_cert_file) {
|
||||
REQUIRE_LIBRARY();
|
||||
trust_s c = {
|
||||
.pem = FIO_STR_INIT,
|
||||
};
|
||||
if (!public_cert_file)
|
||||
return;
|
||||
return 0;
|
||||
if (fio_str_readfile(&c.pem, public_cert_file, 0, 0).data == NULL)
|
||||
goto file_missing;
|
||||
trust_ary_push(&tls->trust, c);
|
||||
fio_tls_trust_destroy(&c);
|
||||
fio_tls_build_context(tls);
|
||||
return;
|
||||
return 0;
|
||||
file_missing:
|
||||
FIO_LOG_FATAL("TLS certificate file missing for %s ", public_cert_file);
|
||||
exit(204); // CoalNova's suggestion. was: -1.
|
||||
return -1; // rene
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -855,14 +855,18 @@ fio_tls_s *FIO_TLS_WEAK fio_tls_new(const char *server_name, const char *cert,
|
|||
REQUIRE_LIBRARY();
|
||||
fio_tls_s *tls = calloc(sizeof(*tls), 1);
|
||||
tls->ref = 1;
|
||||
fio_tls_cert_add(tls, server_name, key, cert, pk_password);
|
||||
if(fio_tls_cert_add(tls, server_name, key, cert, pk_password) != 0) {
|
||||
// file not found error
|
||||
free(tls);
|
||||
return NULL;
|
||||
}
|
||||
return tls;
|
||||
}
|
||||
|
||||
/**
|
||||
* Adds a certificate a new SSL/TLS context / settings object.
|
||||
*/
|
||||
void FIO_TLS_WEAK fio_tls_cert_add(fio_tls_s *tls, const char *server_name,
|
||||
int FIO_TLS_WEAK fio_tls_cert_add(fio_tls_s *tls, const char *server_name,
|
||||
const char *cert, const char *key,
|
||||
const char *pk_password) {
|
||||
REQUIRE_LIBRARY();
|
||||
|
|
@ -885,11 +889,11 @@ void FIO_TLS_WEAK fio_tls_cert_add(fio_tls_s *tls, const char *server_name,
|
|||
}
|
||||
fio_tls_cert_destroy(&c);
|
||||
fio_tls_build_context(tls);
|
||||
return;
|
||||
return 0;
|
||||
file_missing:
|
||||
FIO_LOG_FATAL("TLS certificate file missing for either %s or %s or both.",
|
||||
key, cert);
|
||||
exit(200); // CoalNova's suggestion. Was: -1
|
||||
return -1;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -937,22 +941,22 @@ uintptr_t FIO_TLS_WEAK fio_tls_alpn_count(fio_tls_s *tls) {
|
|||
*
|
||||
* fio_tls_trust(tls, "google-ca.pem" );
|
||||
*/
|
||||
void FIO_TLS_WEAK fio_tls_trust(fio_tls_s *tls, const char *public_cert_file) {
|
||||
int FIO_TLS_WEAK fio_tls_trust(fio_tls_s *tls, const char *public_cert_file) {
|
||||
REQUIRE_LIBRARY();
|
||||
trust_s c = {
|
||||
.pem = FIO_STR_INIT,
|
||||
};
|
||||
if (!public_cert_file)
|
||||
return;
|
||||
return 0;
|
||||
if (fio_str_readfile(&c.pem, public_cert_file, 0, 0).data == NULL)
|
||||
goto file_missing;
|
||||
trust_ary_push(&tls->trust, c);
|
||||
fio_tls_trust_destroy(&c);
|
||||
fio_tls_build_context(tls);
|
||||
return;
|
||||
return 0;
|
||||
file_missing:
|
||||
FIO_LOG_FATAL("TLS certificate file missing for %s ", public_cert_file);
|
||||
exit(201); // CoalNova's suggestion. Was: -1
|
||||
return -1; // CoalNova's suggestion. Was: -1
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -195,12 +195,12 @@ pub extern fn fio_tls_cert_add(
|
|||
public_certificate_file: ?[*:0]const u8,
|
||||
private_key_file: ?[*:0]const u8,
|
||||
private_key_password: ?[*:0]const u8,
|
||||
) void;
|
||||
) c_int;
|
||||
|
||||
/// Adds a certificate to the "trust" list, which automatically adds a peer verification requirement.
|
||||
/// Note: when the fio_tls_s object is used for server connections, this will limit connections to
|
||||
/// clients that connect using a trusted certificate.
|
||||
pub extern fn fio_tls_trust(tls: ?*anyopaque, public_cert_file: ?[*:0]const u8) void;
|
||||
pub extern fn fio_tls_trust(tls: ?*anyopaque, public_cert_file: ?[*:0]const u8) c_int;
|
||||
|
||||
/// Establishes an SSL/TLS connection as an SSL/TLS Server, using the specified context / settings object.
|
||||
/// The uuid should be a socket UUID that is already connected to a peer (i.e., the result of fio_accept).
|
||||
|
|
|
|||
|
|
@ -4,6 +4,9 @@
|
|||
const std = @import("std");
|
||||
const fio = @import("fio.zig");
|
||||
|
||||
/// Server-Side TLS function wrapper
|
||||
pub const Tls = @import("tls.zig");
|
||||
|
||||
pub usingnamespace @import("fio.zig");
|
||||
pub usingnamespace @import("endpoint.zig");
|
||||
pub usingnamespace @import("util.zig");
|
||||
|
|
@ -770,7 +773,7 @@ pub const SimpleHttpListenerSettings = struct {
|
|||
log: bool = false,
|
||||
ws_timeout: u8 = 40,
|
||||
ws_max_msg_size: usize = 262144,
|
||||
tls: ?*anyopaque = null,
|
||||
tls: ?Tls = null,
|
||||
};
|
||||
|
||||
pub const SimpleHttpListener = struct {
|
||||
|
|
@ -884,7 +887,7 @@ pub const SimpleHttpListener = struct {
|
|||
.max_body_size = self.settings.max_body_size orelse 50 * 1024 * 1024,
|
||||
// fio provides good default:
|
||||
.max_clients = self.settings.max_clients orelse 0,
|
||||
.tls = self.settings.tls,
|
||||
.tls = if (self.settings.tls) |tls| tls.fio_tls else null,
|
||||
.reserved1 = 0,
|
||||
.reserved2 = 0,
|
||||
.reserved3 = 0,
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue