Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding TLS-PSK authentication method via function callback. #333

Open
wants to merge 18 commits into
base: master
Choose a base branch
from
Open

Adding TLS-PSK authentication method via function callback. #333

wants to merge 18 commits into from

Conversation

oberdorc
Copy link

@oberdorc oberdorc commented Mar 2, 2024

Identify the Bug adding a Feature

  • There was a bug int the automake configuration file. The ' HAVE_GNUTLS' tag is never defined in the compilation although presence of TLS header files has been verified.
  • Corrected for an error message by libmicrohttpd that complains about possibly missing log messages if an external logger is not assigned immediately set as the first option.
  • Eventually, added callback function for TLS-PSK authentication.

Description of the Change

  • The configuration file has been updated to correct for the aforementioned bug. I also run autoupdate on the configuration file to deal with deprecated behavior on STDC_HEADER.
  • The order of options in the list of configuarion options has been changed (iov...).
  • Remaining changes circle around adding PSK authentication:
  1. Added option to set a callback function of type psk_cred_handler_callback for PSK authentication to create_webserver.hpp. The function is wrapped inside a std::function and stored as a value type in the create_webserver instance (no need for pointers with std::function IMO. Maybe this should be changed for the other callback function handlers there as well, e.g. log_access_ptr, ... ).
  2. Added a static wrapper function psk_cred_handler_func that will be called by the libmicrohttpd library as the PSK callback and that will in turn call the dedicated callback function from libhttpserver. This function converts the original hex-encoded PSK to the binary key sequence required by libmicrohttpd by calling gnutls_hex2bin from the gnutls library.
  3. PSK authentication works with and without providing a certificate and key. Checks during the initialization of the webserver have been changed accordingly. SSL related options are initialized if SSL is enabled and a non empty option value has been assigned.
  4. Eventually, the README.md has been edited to account for the added PSK authentication feature.

Verification Process

Obviously without HAVE_GNUTLS beeing defined essential parts of the code are not compiled. This has been checked making sure that the flag is included in the config.h file that is created for the build process.

The error message from libmicrohttpd has dissappeared.

A mininimal example and test case for HTTPS PSK authentication has been added and test with the openssl command.

oberdorc and others added 18 commits March 2, 2024 13:26
@oberdorc
Added TLS-PSK authentication method via function callback.
cf3ed74
@oberdorc
Update README.md
9a27ce0
@oberdorc
Update README.md
cd3968b
@oberdorc
Update webserver.cpp
e8cf540 
Needs include of _gnutls.h_ if HAVE_GNUTLS is defined.
@oberdorc
Update webserver.cpp
f336fec 
Address an error that _key_ in the static PSK handler function is assigned a value that is never used in the case if the Gnu TLS libary is not present, i.e. HAVE_GNUTLS has not been defined.

The intended behavior is such that calling the static callback handler function of the webserver guarantees that the user registered callback function is invoked.
@oberdorc
Update webserver.cpp
0e24af6
@oberdorc
Update webserver.cpp
d6d0c47
@oberdorc
Update minimal_https_psk.cpp
2c46df5 
Obviously, the example fails to run if enumaration values in _enum htttp:http_utils:cred_type_T_ are not defined. I would think the condtional compilation here is not a good idea.
Anyhow. Without HAVE_GNUTLS beeing defined, the example will now compile but always returns with an error.
@oberdorc
Update Makefile.am
c60071d 
Set library dependency for Gnu TLS if it is present.
@oberdorc
Added conditional for Gnu TLS.
5eb1f03
@oberdorc
Update Makefile.am
beb7732 
Added conditional for Gnu TLS.
@oberdorc
Update minimal_https_psk.cpp
7f79202 
Correct for formatting issues highlighted by cpplint.
@oberdorc
Update create_webserver.hpp
454447f 
Correct for formatting issues highlighted by cpplint.
@oberdorc
Update webserver.cpp
6db4099 
Correct for formatting issues highlighted by cpplint.
@oberdorc
Update minimal_https_psk.cpp
e069f45
@oberdorc
Update create_webserver.hpp
dfe3045 
Corrected for formatting issues highlighted by cpplint.
@oberdorc
Update minimal_https_psk.cpp
5b98977 
Fixing formatting issue highlighted by cpplint.
@oberdorc
Update webserver.cpp
1400946 
Correct for error from cpplint: "Missing space after ,  [whitespace/comma] [3]"
@oberdorc
Copy link
Author

So, there remains one formatting issue indicated by cpplint, which seems to be a false-positive. Quite sad. And then there is some issue with a conftest program which fails to compile for some reason. I give up on that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@oberdorc