[GNUnet-SVN] r35146 - in libmicrohttpd: . doc src/include src/microhttpd

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] r35146 - in libmicrohttpd: . doc src/include src/microhttpd

From:	gnunet
Subject:	[GNUnet-SVN] r35146 - in libmicrohttpd: . doc src/include src/microhttpd
Date:	Sun, 8 Feb 2015 01:37:10 +0100

Author: grothoff
Date: 2015-02-08 01:37:10 +0100 (Sun, 08 Feb 2015)
New Revision: 35146

Modified:
   libmicrohttpd/ChangeLog
   libmicrohttpd/doc/libmicrohttpd.texi
   libmicrohttpd/src/include/microhttpd.h
   libmicrohttpd/src/microhttpd/daemon.c
   libmicrohttpd/src/microhttpd/internal.h
Log:
adding MHD_OPTION_HTTPS_KEY_PASSWORD

Modified: libmicrohttpd/ChangeLog
===================================================================
--- libmicrohttpd/ChangeLog     2015-02-07 23:22:55 UTC (rev 35145)
+++ libmicrohttpd/ChangeLog     2015-02-08 00:37:10 UTC (rev 35146)
@@ -1,3 +1,7 @@
+Sun Feb  8 01:24:38 CET 2015
+       Adding MHD_OPTION_HTTPS_KEY_PASSWORD as proposed by
+       Andrew Basile. -CG/AB
+
 Wed Feb  4 20:34:22 CET 2015
        Fix issue where for HTTP/1.0-clients that set
        Connection: Keep-Alive header a response of

Modified: libmicrohttpd/doc/libmicrohttpd.texi
===================================================================
--- libmicrohttpd/doc/libmicrohttpd.texi        2015-02-07 23:22:55 UTC (rev 
35145)
+++ libmicrohttpd/doc/libmicrohttpd.texi        2015-02-08 00:37:10 UTC (rev 
35146)
@@ -661,6 +661,19 @@
 "const char*" argument.
 This should be used in conjunction with 'MHD_OPTION_HTTPS_MEM_CERT'.
 
address@hidden MHD_OPTION_HTTPS_KEY_PASSWORD
address@hidden SSL
address@hidden TLS
+Memory pointer to the password that decrypts the
+private key to be used by the HTTPS daemon.
+This option should be followed by an
+"const char*" argument.
+This should be used in conjunction with 'MHD_OPTION_HTTPS_MEM_KEY'.
+
+The password (or passphrase) is only used immediately during
address@hidden()}.  Thus, the application may want to
+erase it from memory afterwards for additional security.
+
 @item MHD_OPTION_HTTPS_MEM_CERT
 @cindex SSL
 @cindex TLS
@@ -1103,14 +1116,14 @@
 invoked there won't be upload data, as this is done
 just after MHD parses the headers.  If supported by
 the client and the HTTP version, the application can
-at this point queue an error response to possibly 
+at this point queue an error response to possibly
 avoid the upload entirely. If no response is generated,
 MHD will (if required) automatically send a 100 CONTINUE
 reply to the client.
 
 Afterwards, POST data will be passed to the callback
 to be processed incrementally by the application. The
-application may return @code{MHD_NO} to forcefully 
+application may return @code{MHD_NO} to forcefully
 terminate the TCP connection without generating a
 proper HTTP response. Once all of the upload data has
 been provided to the application, the application

Modified: libmicrohttpd/src/include/microhttpd.h
===================================================================
--- libmicrohttpd/src/include/microhttpd.h      2015-02-07 23:22:55 UTC (rev 
35145)
+++ libmicrohttpd/src/include/microhttpd.h      2015-02-08 00:37:10 UTC (rev 
35146)
@@ -130,7 +130,7 @@
  * Current version of the library.
  * 0x01093001 = 1.9.30-1.
  */
-#define MHD_VERSION 0x00093902
+#define MHD_VERSION 0x00093903
 
 /**
  * MHD-internal return code for "YES".
@@ -863,6 +863,14 @@
    * This option must be followed by a `unsigned int` argument.
    */
   MHD_OPTION_LISTENING_ADDRESS_REUSE = 25,
+
+  /**
+   * Memory pointer for a password that decrypts the private key (key.pem)
+   * to be used by the HTTPS daemon. This option should be followed by a
+   * `const char *` argument.
+   * This should be used in conjunction with #MHD_OPTION_HTTPS_MEM_KEY.
+   */
+  MHD_OPTION_HTTPS_KEY_PASSWORD = 26
 };
 
 

Modified: libmicrohttpd/src/microhttpd/daemon.c
===================================================================
--- libmicrohttpd/src/microhttpd/daemon.c       2015-02-07 23:22:55 UTC (rev 
35145)
+++ libmicrohttpd/src/microhttpd/daemon.c       2015-02-08 00:37:10 UTC (rev 
35146)
@@ -508,6 +508,7 @@
 {
   gnutls_datum_t key;
   gnutls_datum_t cert;
+  int ret;
 
 #if GNUTLS_VERSION_MAJOR >= 3
   if (NULL != daemon->cert_callback)
@@ -545,9 +546,24 @@
       cert.data = (unsigned char *) daemon->https_mem_cert;
       cert.size = strlen (daemon->https_mem_cert);
 
-      return gnutls_certificate_set_x509_key_mem (daemon->x509_cred,
-                                                 &cert, &key,
-                                                 GNUTLS_X509_FMT_PEM);
+      if (NULL != daemon->https_key_password)
+        ret = gnutls_certificate_set_x509_key_mem2 (daemon->x509_cred,
+                                                    &cert, &key,
+                                                    GNUTLS_X509_FMT_PEM,
+                                                    daemon->https_key_password,
+                                                    0);
+
+      else
+        ret = gnutls_certificate_set_x509_key_mem (daemon->x509_cred,
+                                                   &cert, &key,
+                                                   GNUTLS_X509_FMT_PEM);
+#if HAVE_MESSAGES
+      if (0 != ret)
+        MHD_DLOG (daemon,
+                  "GnuTLS failed to setup x509 certificate/key: %s\n",
+                  gnutls_strerror (ret));
+#endif
+      return ret;
     }
 #if GNUTLS_VERSION_MAJOR >= 3
   if (NULL != daemon->cert_callback)
@@ -3002,6 +3018,16 @@
                      opt);
 #endif
           break;
+        case MHD_OPTION_HTTPS_KEY_PASSWORD:
+         if (0 != (daemon->options & MHD_USE_SSL))
+           daemon->https_key_password = va_arg (ap, const char *);
+#if HAVE_MESSAGES
+         else
+           MHD_DLOG (daemon,
+                     "MHD HTTPS option %d passed to MHD but MHD_USE_SSL not 
set\n",
+                     opt);
+#endif
+          break;
         case MHD_OPTION_HTTPS_MEM_CERT:
          if (0 != (daemon->options & MHD_USE_SSL))
            daemon->https_mem_cert = va_arg (ap, const char *);
@@ -3183,6 +3209,7 @@
                  /* all options taking one pointer */
                case MHD_OPTION_SOCK_ADDR:
                case MHD_OPTION_HTTPS_MEM_KEY:
+               case MHD_OPTION_HTTPS_KEY_PASSWORD:
                case MHD_OPTION_HTTPS_MEM_CERT:
                case MHD_OPTION_HTTPS_MEM_TRUST:
                case MHD_OPTION_HTTPS_PRIORITIES:
@@ -4049,6 +4076,9 @@
             }
         }
     }
+  /* API promises to never use the password after initialization,
+     so we additionally NULL it here to not deref a dangling pointer. */
+  daemon->https_key_password = NULL;
   return daemon;
 
 thread_failed:

Modified: libmicrohttpd/src/microhttpd/internal.h
===================================================================
--- libmicrohttpd/src/microhttpd/internal.h     2015-02-07 23:22:55 UTC (rev 
35145)
+++ libmicrohttpd/src/microhttpd/internal.h     2015-02-08 00:37:10 UTC (rev 
35146)
@@ -1205,6 +1205,11 @@
   const char *https_mem_cert;
 
   /**
+   * Pointer to 0-terminated HTTPS passphrase in memory.
+   */
+  const char *https_key_password;
+
+  /**
    * Pointer to our SSL/TLS certificate authority (in ASCII) in memory.
    */
   const char *https_mem_trust;

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] r35146 - in libmicrohttpd: . doc src/include src/microhttpd, gnunet <=

Prev by Date: [GNUnet-SVN] r35145 - Extractor gnunet-fuse/src/fuse
Next by Date: [GNUnet-SVN] r35147 - libmicrohttpd/doc
Previous by thread: [GNUnet-SVN] r35145 - Extractor gnunet-fuse/src/fuse
Next by thread: [GNUnet-SVN] r35147 - libmicrohttpd/doc
Index(es):
- Date
- Thread