jyapayne/Simple-Web-Server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added client verification when a verify file is passed to Server<HTTPS>. Also sets session_id_context for session reuse. See #89

Browse source
This commit is contained in:
eidheim 2016-12-18 17:22:04 +01:00
commit 7a97f8218d
2 changed files with 20 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

20
server_https.hpp
View file

@ -3,12 +3,15 @@
#include "server_http.hpp"
#include <boost/asio/ssl.hpp>
#include <openssl/ssl.h>
namespace SimpleWeb {
typedef boost::asio::ssl::stream<boost::asio::ip::tcp::socket> HTTPS;
template<>
class Server<HTTPS> : public ServerBase<HTTPS> {
std::string session_id_context;
bool set_session_id_context=false;
public:
Server(unsigned short port, size_t num_threads, const std::string& cert_file, const std::string& private_key_file,
long timeout_request=5, long timeout_content=300,
@ -18,8 +21,23 @@ namespace SimpleWeb {
context.use_certificate_chain_file(cert_file);
context.use_private_key_file(private_key_file, boost::asio::ssl::context::pem);
if(verify_file.size()>0)
if(verify_file.size()>0) {
context.load_verify_file(verify_file);
context.set_verify_mode(boost::asio::ssl::verify_peer | boost::asio::ssl::verify_fail_if_no_peer_cert |
boost::asio::ssl::verify_client_once);
set_session_id_context=true;
}
}
void start() {
if(set_session_id_context) {
// Creating session_id_context from address:port but reversed due to small SSL_MAX_SSL_SESSION_ID_LENGTH
session_id_context=std::to_string(config.port)+':';
session_id_context.append(config.address.rbegin(), config.address.rend());
SSL_CTX_set_session_id_context(context.native_handle(), reinterpret_cast<const unsigned char*>(session_id_context.data()),
session_id_context.size()<=SSL_MAX_SSL_SESSION_ID_LENGTH?session_id_context.size():SSL_MAX_SSL_SESSION_ID_LENGTH);
}
ServerBase::start();
}
protected: