The patch which allow Mochiweb to work through HTTPS

[GoogleCodeExporter]

  In attached file there is a new source code of mochiweb with HTTPS support.
Alse there there is "mochiweb.diff" file. This is difference between old
source code and a new one.
  Please, use it if you want.

Original issue reported on code.google.com by vostrja...@mail.ru on 11 Aug 2008 at 6:01

Attachments:

• mochiweb_ssl.rar

[GoogleCodeExporter]

Can you post just a diff rather than an entire new source tree (including 
generated
.beam and .html files)?  Also, if necessary, please just use .zip or .tar.gz 
instead
of .rar.

Original comment by matthew....@gmail.com on 11 Aug 2008 at 6:17

[GoogleCodeExporter]

Ok. Check attached diff-file and a new hrl file (from "include" directory). 

Original comment by vostrja...@mail.ru on 11 Aug 2008 at 7:57

Attachments:

• mochiweb.diff
• mochiweb.hrl

[GoogleCodeExporter]

Thanks, that diff is much easier to read than from the .rar file.  In the 
future, you
might also consider just using your subversion client's "diff" feature (e.g., 
"svn
diff" using the standard command-line client).

A few stylistic comments:

First, this change:

+    case proplists:is_defined(ssl, Options) of
+        true ->
+            Ssl = true; 
+        false ->
+            Ssl = false
+    end,

would be simpler as just SSL = proplists:is_defined(ssl, Options).

Also, a lot of the changes are of the form

    if
        Ssl ->
            ssl:something(args);
        true ->
            gen_tcp:something(args)
    end

but the majority of the ssl and gen_tcp APIs are designed so that you can 
easily just
assign Mod to 'ssl' or 'gen_tcp' and then simply call Mod:something(args).

Original comment by matthew....@gmail.com on 11 Aug 2008 at 8:12

• Added labels: Type-Enhancement
• Removed labels: Type-Defect

[GoogleCodeExporter]

  Thank you for your comments. I'll take in account your suggestions about code. But
anyway my code works with SSL correctly :)

Original comment by vostrja...@mail.ru on 11 Aug 2008 at 8:24

[GoogleCodeExporter]

Hi Matthew,

Please find attached a (hopefully) tidied-up version of the above patch.  I've 
tested
it using a simple example for both HTTPS and HTTP:

-module(example).
-export([mochiweb_request/1, start/1]).

start(Port) ->
    mochiweb_http:start([{port, Port}, {ssl, true},
{keyfile,"/Users/puzza/src/mochiweb-read-only/zzz/server.key"},
{certfile,"/Users/puzza/src/mochiweb-read-only/zzz/server.crt"}, {loop, 
{?MODULE,
mochiweb_request}}]).
%%      mochiweb_http:start([{port, Port}, {loop, {?MODULE, mochiweb_request}}]).

mochiweb_request(Req) ->
    Req:ok({"text/html",
    <<"<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">
        <html>
        <head><title >Welcome to mochiweb</title></head>
        <body>
            Hello
        </body>
        </html>">>}).

Please let me know if there's anything else that can be done to get this patch 
accepted.

Paul.

Original comment by puzza...@gmail.com on 29 Jul 2009 at 8:16

Attachments:

• foo.diff

[GoogleCodeExporter]

Will this patch be included in the official source code?

Regards
Matteo
http://www.redaelli.org/matteo/ 

Original comment by matteo.redaelli on 29 Aug 2009 at 8:25

[GoogleCodeExporter]

I also vote for inclusion of this feature into the official release. I am 
writing an
application that I would like to license, but the client will require https for 
sure.
 I would much rather use mochiweb than yaws for this.

Original comment by hqm...@gmail.com on 4 Oct 2009 at 5:55

[GoogleCodeExporter]

any status about it ? Would be useful too, I would like to add ssl support to
http://github.com/benoitc/couchdbproxy .

Original comment by bchesn...@gmail.com on 12 Oct 2009 at 7:32

[GoogleCodeExporter]

Attaching an updated version of the foo.diff patch (based on r113).
Some changes were required to get
http://code.google.com/p/mochiweb/issues/detail?id=44 working.

Tested with the example.erl provided above and the keepalive-example attached 
with
Issue 44.

Cheers,
Davide

Original comment by nesr...@gmail.com on 2 Dec 2009 at 12:24

Attachments:

• bar.diff

[GoogleCodeExporter]

@nesrait - does this patch include support for client-supplied certificates?

R

Original comment by miser...@gmail.com on 5 Mar 2010 at 4:07

[GoogleCodeExporter]

Don't really know, just tested it using server certificates.
Hopefully the previous authors can answer your question. :)

Original comment by nesr...@gmail.com on 5 Mar 2010 at 10:10

[GoogleCodeExporter]

I'm previous author and I also don't know :) 

Original comment by a.vostrjakov on 6 Mar 2010 at 6:39

[GoogleCodeExporter]

I'm attaching a new patch for the implementation of HTTPS in MochiWeb.

Notes:

 1. Built against r151.

 2. Uses the new ssl implementation in the OTP ssl application.

 3. Includes a number of new unit tests in mochiweb.erl.

 4. Updates many of the unit tests in mochiweb_multipart.erl to
    test using an ssl transport in addition to plain TCP.     

 5. The ssl key/cert needed for the unit tests is stored in a
    new directory "support/test-materials/".

 6. This current implementation might do an excessive amount of
    error reporting if the SSL handshake is continually failing.
    You can see this happen if you use a self-signed certificate
    on the server and then use curl from the command-line without
    the "-k" option, ie:

        curl https://localhost/whatever

    This will cause an error to be logged by MochiWeb. Also, the
    ssl application itself will also print an error to screen.

 7. I haven't done any load testing yet, but I suspect that we
    might need to alter ?RECBUF_SIZE in 
    mochiweb_request:stream_unchunked_body/3 to be maybe a half,
    or a quater, the size. My worry is that by waiting on the
    receive buffer to fill up entirely, we might end up causing
    unwanted TCP window fluctuations, or other issues. 

 8. Includes a basic web storage application in
    "examples/https/https_store.erl" that might be useful for
    ad-hoc testing.

Cheers,

Rory

Original comment by r...@jinsky.com on 30 Mar 2010 at 2:47

Attachments:

• mochiweb-https.diff

[GoogleCodeExporter]

r153

Original comment by bob.ippo...@gmail.com on 30 Mar 2010 at 8:31

• Changed state: Fixed

[GoogleCodeExporter]

Does this include client-side certificate support from OTP?

Original comment by miser...@gmail.com on 30 Mar 2010 at 8:43

[GoogleCodeExporter]

I don't know whether or not it can be used to implement client-side 
certificates but you would be better off 
asking on the mailing list than in a closed ticket.

Original comment by bob.ippo...@gmail.com on 30 Mar 2010 at 8:53

[GoogleCodeExporter]

I am using mochiweb server for both http(port x) and https(port y). If I make a 
http request (using http:request("http://abc:y/...") from client) on https port 
(y). The call hangs. The vice verso i.e https request over http port returns 
error. Is it a known issue? Is there a way to get a timeout or something

Original comment by vino...@gmail.com on 28 Jun 2010 at 11:16

[GoogleCodeExporter]

It's not appropriate to post comments to closed issues about new problems.

Original comment by bob.ippo...@gmail.com on 28 Jun 2010 at 1:25