net.http: in memory cert verification
parent
c8d4a64512
commit
d1e9aa49ea
|
@ -5,6 +5,8 @@ module http
|
||||||
|
|
||||||
import strings
|
import strings
|
||||||
import net.openssl
|
import net.openssl
|
||||||
|
import os
|
||||||
|
import time
|
||||||
|
|
||||||
const (
|
const (
|
||||||
is_used = openssl.is_used
|
is_used = openssl.is_used
|
||||||
|
@ -22,21 +24,39 @@ fn (req &Request) ssl_do(port int, method Method, host_name string, path string)
|
||||||
flags := C.SSL_OP_NO_SSLv2 | C.SSL_OP_NO_SSLv3 | C.SSL_OP_NO_COMPRESSION
|
flags := C.SSL_OP_NO_SSLv2 | C.SSL_OP_NO_SSLv3 | C.SSL_OP_NO_COMPRESSION
|
||||||
C.SSL_CTX_set_options(ctx, flags)
|
C.SSL_CTX_set_options(ctx, flags)
|
||||||
// Support client certificates:
|
// Support client certificates:
|
||||||
|
mut verify := req.verify
|
||||||
|
mut cert := req.cert
|
||||||
|
mut cert_key := req.cert_key
|
||||||
|
if req.in_memory_verification {
|
||||||
|
now := time.now().unix.str()
|
||||||
|
verify = os.temp_dir() + '/v_verify' + now
|
||||||
|
cert = os.temp_dir() + '/v_cert' + now
|
||||||
|
cert_key = os.temp_dir() + '/v_cert_key' + now
|
||||||
|
if req.verify != '' {
|
||||||
|
os.write_file(verify, req.verify) ?
|
||||||
|
}
|
||||||
|
if req.cert != '' {
|
||||||
|
os.write_file(cert, req.cert) ?
|
||||||
|
}
|
||||||
|
if req.cert_key != '' {
|
||||||
|
os.write_file(cert_key, req.cert_key) ?
|
||||||
|
}
|
||||||
|
}
|
||||||
mut res := 0
|
mut res := 0
|
||||||
if req.verify != '' {
|
if req.verify != '' {
|
||||||
res = C.SSL_CTX_load_verify_locations(ctx, &char(req.verify.str), 0)
|
res = C.SSL_CTX_load_verify_locations(ctx, &char(verify.str), 0)
|
||||||
if req.validate && res != 1 {
|
if req.validate && res != 1 {
|
||||||
return error('http: openssl: SSL_CTX_load_verify_locations failed')
|
return error('http: openssl: SSL_CTX_load_verify_locations failed')
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if req.cert != '' {
|
if req.cert != '' {
|
||||||
res = C.SSL_CTX_use_certificate_file(ctx, &char(req.cert.str), C.SSL_FILETYPE_PEM)
|
res = C.SSL_CTX_use_certificate_file(ctx, &char(cert.str), C.SSL_FILETYPE_PEM)
|
||||||
if req.validate && res != 1 {
|
if req.validate && res != 1 {
|
||||||
return error('http: openssl: SSL_CTX_use_certificate_file failed, res: $res')
|
return error('http: openssl: SSL_CTX_use_certificate_file failed, res: $res')
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if req.cert_key != '' {
|
if req.cert_key != '' {
|
||||||
res = C.SSL_CTX_use_PrivateKey_file(ctx, &char(req.cert_key.str), C.SSL_FILETYPE_PEM)
|
res = C.SSL_CTX_use_PrivateKey_file(ctx, &char(cert_key.str), C.SSL_FILETYPE_PEM)
|
||||||
if req.validate && res != 1 {
|
if req.validate && res != 1 {
|
||||||
return error('http: openssl: SSL_CTX_use_PrivateKey_file failed, res: $res')
|
return error('http: openssl: SSL_CTX_use_PrivateKey_file failed, res: $res')
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,10 +23,11 @@ pub mut:
|
||||||
user_agent string = 'v.http'
|
user_agent string = 'v.http'
|
||||||
verbose bool
|
verbose bool
|
||||||
//
|
//
|
||||||
validate bool // set this to true, if you want to stop requests, when their certificates are found to be invalid
|
validate bool // set this to true, if you want to stop requests, when their certificates are found to be invalid
|
||||||
verify string // the path to a rootca.pem file, containing trusted CA certificate(s)
|
verify string // the path to a rootca.pem file, containing trusted CA certificate(s)
|
||||||
cert string // the path to a cert.pem file, containing client certificate(s) for the request
|
cert string // the path to a cert.pem file, containing client certificate(s) for the request
|
||||||
cert_key string // the path to a key.pem file, containing private keys for the client certificate(s)
|
cert_key string // the path to a key.pem file, containing private keys for the client certificate(s)
|
||||||
|
in_memory_verification bool // if true, verify, cert, and cert_key are read from memory, not from a file
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn new_request(method Method, url_ string, data string) ?Request {
|
pub fn new_request(method Method, url_ string, data string) ?Request {
|
||||||
|
@ -128,6 +129,7 @@ pub fn fetch(config FetchConfig) ?Response {
|
||||||
verify: config.verify
|
verify: config.verify
|
||||||
cert: config.cert
|
cert: config.cert
|
||||||
cert_key: config.cert_key
|
cert_key: config.cert_key
|
||||||
|
in_memory_verification: config.in_memory_verification
|
||||||
}
|
}
|
||||||
res := req.do() ?
|
res := req.do() ?
|
||||||
return res
|
return res
|
||||||
|
|
|
@ -27,10 +27,11 @@ pub mut:
|
||||||
read_timeout i64 = 30 * time.second
|
read_timeout i64 = 30 * time.second
|
||||||
write_timeout i64 = 30 * time.second
|
write_timeout i64 = 30 * time.second
|
||||||
//
|
//
|
||||||
validate bool // when true, certificate failures will stop further processing
|
validate bool // when true, certificate failures will stop further processing
|
||||||
verify string
|
verify string
|
||||||
cert string
|
cert string
|
||||||
cert_key string
|
cert_key string
|
||||||
|
in_memory_verification bool // if true, verify, cert, and cert_key are read from memory, not from a file
|
||||||
}
|
}
|
||||||
|
|
||||||
fn (mut req Request) free() {
|
fn (mut req Request) free() {
|
||||||
|
|
Loading…
Reference in New Issue