Closed dancesWithCycles closed 1 year ago
My guess is that this is the way I am supposed to go for HTTPS, right?
int ulfius_start_secure_framework(struct _u_instance u_instance, const char key_pem, const char * cert_pem);
or
ulfius_start_secure_ca_trust_framework(struct _u_instance u_instance, const char key_pem, const char cert_pem, const char root_ca_pem);
Do you allow me a question about ulfius_start_secure_framework
?
I am loading the entire key and cert file into a char pointer respectively to use those two pointers as arguments like this.
frameworkRet = ulfius_start_secure_framework(&instance,bufP,bufF);
The function returns 4
instead of U_OK
. It looks like the 4
stands for:
define U_ERROR_LIBMHD 4 ///< Error in libmicrohttpd execution
Am I asked to chop first and last line of key and cert of the char buffer?
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
To be sure and rule out an error I made sure libgnutls is installed.
sudo apt install libgnutls28-dev --no-install-recommends
Hello,
You have to generate or use a pair of private key/certificate to use Ulfius in https mode.
Besides the documentation, you have this thread in the discussion which addresses it. Hope that helps.
Hi @babelouest , Thank you so much for your advice and the link. My example is more or less the same as your example. Anyhow, the function
frameworkRet = ulfius_start_secure_framework(&instance,bufP,bufF);
still returns 4
instead of U_OK
.
This is how I generated the key/certificate according to your post.
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365
This is my example code.
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <ulfius.h>
#define ROUTE_HELLO "/hello"
/**
* static read file function
*/
static char * read_file(const char * filename) {
char * buffer = NULL;
long length;
FILE * f;
if (filename != NULL) {
f = fopen (filename, "rb");
if (f) {
fseek (f, 0, SEEK_END);
length = ftell (f);
fseek (f, 0, SEEK_SET);
buffer = malloc ((size_t)(length + 1));
if (buffer != NULL) {
fread (buffer, 1, (size_t)length, f);
buffer[length] = '\0';
}
fclose (f);
}
return buffer;
} else {
return NULL;
}
}
/**
* callback functions declaration
*/
int callback_get_hello (const struct _u_request * request, struct _u_response * response, void * user_data);
int callback_default (const struct _u_request * request, struct _u_response * response, void * user_data);
int main(int argc, char *argv[]) {
/*declaration*/
struct _u_instance instance;
unsigned int port;
int ret;
printf("main() Started...\n");
if (argc < 2) {
fprintf(stderr, "Usage: %s <port>\n", argv[0]);
exit(1);
}
printf("main() argv[1]: %s\n", argv[1]);
/*store command line argument in int variable*/
/*validate user input*/
/*omit injection*/
/*stream:argv*/
ret = sscanf(argv[1], "%d", &port);
/*valid user input:1 successfully filled item*/
if (ret != 1) {
fprintf(stderr, "The argument must be an integer\n");
exit(1);
}
if (port < 0) {
fprintf(stderr, "Error passing a negative port\n");
exit(1);
}
printf("main() port: %d\n", port);
if (ulfius_init_instance(&instance, port, NULL, NULL) != U_OK) {
printf("main() Error ulfius_init_instance, abort");
return(1);
}
//TODO Why?
u_map_put(instance.default_headers, "Access-Control-Allow-Origin", "*");
// Maximum body size sent by the client is 1 Kb
instance.max_post_body_size = 1024;
// Endpoint list declaration
ulfius_add_endpoint_by_val(&instance, "GET", ROUTE_HELLO, NULL, 0, &callback_get_hello, NULL);
// default_endpoint declaration
ulfius_set_default_endpoint(&instance, &callback_default, NULL);
// Start the framework
if (argc == 5 && strcmp("-secure", argv[2]) == 0) {
printf("main() https mode\n");
// If command-line options are -secure <key_file> <cert_file>, then open an https connection
char * key_pem = read_file(argv[3]);
char * cert_pem = read_file(argv[4]);
ret = ulfius_start_secure_framework(&instance, key_pem, cert_pem);
free(key_pem);
free(cert_pem);
} else {
printf("main() http mode\n");
// Open an http connection
ret = ulfius_start_framework(&instance);
}
if (ret == U_OK) {
printf("main() Start framework on port %d", instance.port);
// Wait for the user to press <enter> on the console to quit the application
getchar();
} else {
printf("main() Error starting framework; frameworkRet: %d\n",ret);
}
printf("main() End framework\n");
ulfius_stop_framework(&instance);
ulfius_clean_instance(&instance);
printf("main() Done.\n");
return 0;
}
/**
* Callback function that put a "Hello World!" string in the response
*/
int callback_get_hello (const struct _u_request * request, struct _u_response * response, void * user_data) {
ulfius_set_string_body_response(response, 200, "Hello World!");
return U_CALLBACK_CONTINUE;
}
/**
* Default callback function called if no endpoint has a match
*/
int callback_default (const struct _u_request * request, struct _u_response * response, void * user_data) {
ulfius_set_string_body_response(response, 404, "Page not found, do what you want");
return U_CALLBACK_CONTINUE;
}
This is my makefile.
# Others
RM = /bin/rm -f
#
# Source, Executable, Includes, Library Defines
EXE = main
#
# Compiler, Linker Defines
CC = /usr/bin/gcc
#
all: main.o
$(CC) main.c -L/usr/lib/x86_64-linux-gnu -lulfius -Wall -o $(EXE)
#
main.o:
$(CC) -c main.c
# Clean Up Objects, Exectuables, Dumps out of source directory
clean:
$(RM) *.o $(EXE) *~
This is the make instruction.
make
This is the run instruction with the error reply.
./main 65535 -secure key.pem cert.pem
main() Started...
main() argv[1]: 65535
main() port: 65535
main() https mode
main() Error starting framework; frameworkRet: 4
main() End framework
main() Done.
I appreciate any idea to make this example code run in https mode.
Cheers!
Hi folks, Thank you so much for maintaining this repository.
I have a ulfius-based API service running behind an Apache Proxy Virtual Host. The thing is, that Virtual Host is using HTTPS on port 443 as it is standard for web servers.
When I call an endpoint of my ulfius-based API service the Proxy is complaining about a lack in HTTPS ability like this.
To solve this, I could switch to a Proxy in HTTP mode. Anyhow, that is not what I am aiming for. I am aiming for a production solution using standard HTTPS.
I appreciate any hint about how to enable HTTPS in my ulfius-based API service.
Cheers!