barant/ServerCore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

some TLS work.

Browse Source
This commit is contained in:
Brad Arant 2025-01-28 16:26:40 -08:00
parent f9c12f4ba2
commit df0e7cd6da
8 changed files with 85 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
TCPServer.h
View File

@ -19,7 +19,7 @@ namespace core {
///
/// A list of connections is maintained in a vector object.
///
/// This object extends the BMACommand object as well so it can be added to a Console object and
/// This object extends the Command object as well so it can be added to a Console object and
/// process commands to display status information.
///

2
TCPSocket.cpp
View File

@ -10,6 +10,8 @@ namespace core {
TCPSocket::TCPSocket(EPoll &ePoll, std::string text) : Socket(ePoll, text) {}
TCPSocket::TCPSocket(EPoll &ePoll, TLSInfo *tlsInfo, std::string text) : Socket(ePoll, text), TLS(tlsInfo) {}
TCPSocket::TCPSocket(EPoll &ePoll, SSL_CTX *ctx, std::string text) : Socket(ePoll, text), TLS(ctx) {}
TCPSocket::~TCPSocket() {}

7
TCPSocket.h
View File

@ -4,6 +4,7 @@
#include "Socket.h"
#include "TLS.h"
#include "TLSInfo.h"
#include "IPAddress.h"
namespace core {
@ -38,6 +39,12 @@ namespace core {
///
///
TCPSocket(EPoll &ePoll, TLSInfo *tlsInfo, std::string text);
///
///
///
TCPSocket(EPoll &ePoll, SSL_CTX *ctx, std::string text);
///

70
TLS.cpp
View File

@ -45,46 +45,48 @@ namespace core {
coreutils::Log(coreutils::LOG_DEBUG_3) << "No client certificate.";
}
TLS::TLS() {}
TLS::TLS() {}
TLS::TLS(TLSInfo *tlsInfo) {
createContext(tlsInfo);
}
TLS::TLS(SSL_CTX *ctx) : ctx(ctx) {}
TLS::~TLS() {}
void TLS::createContext() {
void TLS::createContext(TLSInfo *tlsInfo) {
SSL_library_init();
SSL_load_error_strings();
lockarray = (pthread_mutex_t *)OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
for(int i = 0; i < CRYPTO_num_locks(); ++i)
pthread_mutex_init(&(lockarray[i]), NULL);
CRYPTO_set_id_callback((unsigned long (*)())thread_id);
CRYPTO_set_locking_callback((void (*)(int, int, const char *, int))lock_callback);
SSLeay_add_ssl_algorithms();
RAND_load_file("/dev/hwrng", 1024);
if(!(ctx = SSL_CTX_new(SSLv23_server_method())))
throw coreutils::Exception("Error while setting server method SSLv23.");
SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET);
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
// SSL_CTX_set_generate_session_id(ctx, generate_session_id);
SSL_CTX_set_cipher_list(ctx, "ECDH-ECDSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA");
if(SSL_CTX_use_certificate_file(ctx, sip_cert, SSL_FILETYPE_PEM) <= 0)
throw coreutils::Exception("Error looking up certificate.");
if(SSL_CTX_use_PrivateKey_file(ctx, sip_key, SSL_FILETYPE_PEM) < 0)
throw coreutils::Exception("Error with private key.");
if(SSL_CTX_check_private_key(ctx) != 1)
throw coreutils::Exception("Private key does not match certificate.");
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
SSL_CTX_set_verify_depth(ctx, 1);
if(!SSL_CTX_load_verify_locations(ctx, sip_cacert, NULL))
throw coreutils::Exception("Cannot verify locations.");
SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(sip_cacert));
coreutils::Log(coreutils::LOG_DEBUG_1) << "Server key authenticated.";
if(tlsInfo) {
SSL_library_init();
SSL_load_error_strings();
lockarray = (pthread_mutex_t *)OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
for(int i = 0; i < CRYPTO_num_locks(); ++i)
pthread_mutex_init(&(lockarray[i]), NULL);
CRYPTO_set_id_callback((unsigned long (*)())thread_id);
CRYPTO_set_locking_callback((void (*)(int, int, const char *, int))lock_callback);
SSLeay_add_ssl_algorithms();
RAND_load_file("/dev/hwrng", 1024);
if(!(ctx = SSL_CTX_new(SSLv23_server_method())))
throw coreutils::Exception("Error while setting server method SSLv23.");
SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET);
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
// SSL_CTX_set_generate_session_id(ctx, generate_session_id);
SSL_CTX_set_cipher_list(ctx, "ECDH-ECDSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA");
if(SSL_CTX_use_certificate_file(ctx, tlsInfo->certificate.c_str(), SSL_FILETYPE_PEM) <= 0)
throw coreutils::Exception("Error looking up certificate.");
if(SSL_CTX_use_PrivateKey_file(ctx, tlsInfo->key.c_str(), SSL_FILETYPE_PEM) < 0)
throw coreutils::Exception("Error with private key.");
if(SSL_CTX_check_private_key(ctx) != 1)
throw coreutils::Exception("Private key does not match certificate.");
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
SSL_CTX_set_verify_depth(ctx, 1);
if(!SSL_CTX_load_verify_locations(ctx, tlsInfo->cACertificate.c_str(), NULL))
throw coreutils::Exception("Cannot verify locations.");
SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(tlsInfo->cACertificate.c_str()));
coreutils::Log(coreutils::LOG_DEBUG_1) << "Server key authenticated.";
}
}
void TLS::registerSocket(int fd) {

11
TLS.h
View File

@ -2,6 +2,7 @@
#define __TLS_h__
#include "ZString.h"
#include "TLSInfo.h"
#include <openssl/ssl.h>
namespace core {
@ -17,12 +18,18 @@ namespace core {
public:
///
///
///
TLS();
///
/// Use this constructor when the SSL context needs to be created as when opening
/// a server TCPSocket.
///
TLS();
TLS(TLSInfo *tlsInfo);
///
/// Use this constructor on creation of a new TCPSocket that needs access to
@ -37,7 +44,7 @@ namespace core {
~TLS();
void createContext();
void createContext(TLSInfo *tlsInfo);
SSL_CTX *ctx;

27
TLSInfo.h Normal file
View File

@ -0,0 +1,27 @@
#ifndef __TLSInfo_h__
#define __TLSInfo_h__
#include "ZString.h"
namespace core {
///
/// TLSInfo
///
/// This object provides the support data to handle TLS on the server core and
/// session environment.
///
class TLSInfo {
public:
coreutils::ZString cACertificate;
coreutils::ZString certificate;
coreutils::ZString key;
};
}
#endif

BIN
testing/consoleserver Executable file
View File

Binary file not shown.

8
testing/main.cpp
View File

@ -10,18 +10,16 @@ int main(int argc, char **argv) {
try {
coreutils::Log(new coreutils::File("/tmp/http.log", O_WRONLY | O_APPEND | O_CREAT, 0644));
coreutils::Log(coreutils::LOG_INFO) << "Terminal Server starting. Build " << __DATE__ << " " << __TIME__;
coreutils::Log(new coreutils::File("/tmp/console.log", O_WRONLY | O_APPEND | O_CREAT, 0644));
coreutils::Log(coreutils::LOG_INFO) << "Console Server starting. Build " << __DATE__ << " " << __TIME__;
std::string ipAddress = "0.0.0.0";
core::EPoll ePoll;
core::TerminalServer terminals(ePoll, core::IPAddress(ipAddress, 1026));
core::ConsoleServer console(ePoll, core::IPAddress(ipAddress, 1027));
console.commands.add(ePoll, "threads");
console.commands.add(httpSessions, "sessions");
console.commands.add(console, "consoles");
console.commands.add(console.commands, "help");
ePoll.start(2, 1000);