Add SSL support to server mock-up

a2532482 · Micha Mueller · 067d1077 · a2532482 · a2532482 · a2532482
Commit a2532482 authored Jun 01, 2018 by Micha Mueller
--- a/Makefile
+++ b/Makefile
@@ -11,9 +11,9 @@ DISTFILES_HASHES = bacnet-stack-0.8.5.tgz|66b69111d91432fa67a7c6c1a653434d;freei

 include $(DCDBCOREPATH)/common.mk

-CXXFLAGS =	-std=c++11 -DBOOST_DATE_TIME_POSIX_TIME_STD_CONFIG -O2 -g -Wall -Wno-unused-function -Wno-deprecated-declarations -Wno-unused-variable -DBOOST_LOG_DYN_LINK -I$(DCDBBASEPATH)/dcdb/include -I$(DCDBDEPLOYPATH)/include -I$(DCDBDEPSPATH)/cpp-netlib-0.12.0-final/deps/asio/asio/include
+CXXFLAGS =	-std=c++11 -DBOOST_DATE_TIME_POSIX_TIME_STD_CONFIG -DBOOST_NETWORK_ENABLE_HTTPS -O2 -g -Wall -Wno-unused-function -Wno-deprecated-declarations -Wno-unused-variable -DBOOST_LOG_DYN_LINK -I$(DCDBBASEPATH)/dcdb/include -I$(DCDBDEPLOYPATH)/include -I$(DCDBDEPSPATH)/cpp-netlib-0.12.0-final/deps/asio/asio/include

-LIBS = -L../deps/mosquitto_build/lib -L$(DCDBDEPLOYPATH)/lib/ -ldl -lmosquitto -lboost_system -lboost_thread -lboost_log_setup -lboost_log -lpthread -lcppnetlib-server-parsers -rdynamic
+LIBS = -L../deps/mosquitto_build/lib -L$(DCDBDEPLOYPATH)/lib/ -ldl -lmosquitto -lboost_system -lboost_thread -lboost_log_setup -lboost_log -lpthread -lcrypto -lssl -lcppnetlib-server-parsers -rdynamic
 OBJS = src/dcdbpusher.o src/Configuration.o src/Sensor.o src/MQTTPusher.o src/HttpsServer.o
 PLUGINS_BASE = libdcdbplugin_pdu libdcdbplugin_sysfs libdcdbplugin_ipmi libdcdbplugin_bacnet


--- a/src/HttpsServer.cpp
+++ b/src/HttpsServer.cpp
@@ -7,6 +7,8 @@

 #include "HttpsServer.h"
 #include <iostream>
+#include <memory>
+#include <functional>

 void HttpsServer::requestHandler::operator()(server::request const &request, server::connection_ptr connection) {
 	server::string_type ip = source(request);
@@ -29,11 +31,26 @@ HttpsServer::HttpsServer(const std::string& host, const std::string& port,
 		pluginVector_t& plugins) :
 		_host(host), _port(port), _plugins(plugins) {

+	std::shared_ptr<asio::ssl::context> ctx = std::make_shared<asio::ssl::context>(asio::ssl::context::sslv23);
+	ctx->set_options(asio::ssl::context::default_workarounds | asio::ssl::context::no_sslv3 | asio::ssl::context::single_dh_use);
+
+	// Set keys
+	// Currently we are only using the demo certificates provided by the OpenSSL lib...
+	//ctx->set_password_callback(HttpsServer::password_callback);
+	ctx->use_certificate_chain_file("../deps/openssl-1.0.2l/certs/demo/ca-cert.pem");
+	ctx->use_private_key_file("../deps/openssl-1.0.2l/certs/demo/ca-cert.pem", asio::ssl::context::pem);
+	ctx->use_tmp_dh_file("../deps/openssl-1.0.2l/crypto/dh/dh2048.pem");
+
 	server::options options(_handler);
-	_server = new server(options.address(_host).port(_port));
+	_server = new server(options.address(_host).port(_port).context(ctx));
 }

 HttpsServer::~HttpsServer() {
 	delete _server;
 }

+/*
+std::string HttpsServer::password_callback(std::size_t max_length, asio::ssl::context_base::password_purpose purpose) {
+    return std::string("pwd");
+}
+*/
--- a/src/HttpsServer.h
+++ b/src/HttpsServer.h
@@ -10,6 +10,10 @@

 //Caution: include order matters! server.hpp needs to be included first
 #include <boost/network/protocol/http/server.hpp>
+
+#include <asio.hpp>
+#include <asio/ssl.hpp>
+
 #include "Configuration.h"
 #include "Logging.h"

@@ -45,6 +49,10 @@ private:
 		boost::log::sources::severity_logger<boost::log::trivial::severity_level> lg;
 	};

+	/*
+	static std::string password_callback(std::size_t max_length, asio::ssl::context_base::password_purpose purpose);
+	*/
+
 	std::string _host;
 	std::string _port;
 	pluginVector_t& _plugins;