[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [Libevent-users] [PATCH] Add sample/https-client.c, an example of stacking evhttp as a client on top of bufferevent_ssl.
Hello,
I've added support of POST requests to sample/https-client.c:
https://github.com/resetius/libevent/commit/c5887f73b707a7e95b986a0c5eede80ef7741d09
This is useful to reproduce the bug http://sourceforge.net/tracker/index.php?func=detail&aid=3526934&group_id=50884&atid=461322
$ ls -l *K *M
-rw-rw-r-- 1 statbox statbox 104857600 Mar 11 14:23 100M
-rw-rw-r-- 1 statbox statbox 10485760 Mar 11 14:20 10M
-rw-rw-r-- 1 statbox statbox 1048576 Mar 11 14:20 1M
-rw-rw-r-- 1 statbox statbox 4096 Mar 11 14:23 4K
-rw-rw-r-- 1 statbox statbox 524288 Mar 11 14:21 512K
curl works fine:
$ curl -k --data-binary @4K https://localhost/proxy
OK
$ curl -k --data-binary @512K https://localhost/proxy
OK
$ curl -k --data-binary @10M https://localhost/proxy
OK
libevent does something wrong:
$ ./sample/https-client -url https://localhost/proxy -data 4K -ignore-cert
Response line: 200 OK
OK
$ ./sample/https-client -url https://localhost/proxy -data 512K -ignore-cert
Response line: 502 Bad Gateway
<html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.2.1</center>
</body>
</html>
$ ./sample/https-client -url https://localhost/proxy -data 10M -ignore-cert
some request failed - no idea which one though!
socket error = Resource temporarily unavailable (11)
nginx config:
server {
listen [::]:443;
server_name localhost;
access_log /var/log/nginx/localhost.ssl.access.log;
ssl on;
ssl_protocols SSLv3;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_certificate /etc/nginx/certs/storage.server.crt;
ssl_certificate_key /etc/nginx/certs/storage.server.key;
ssl_session_cache off;
location /proxy {
proxy_pass http://127.0.0.1:8000;
client_max_body_size 1024m;
}
}
server code:
#!/usr/bin/python
import sys
import BaseHTTPServer
class myHandler(BaseHTTPServer.BaseHTTPRequestHandler):
def do_GET(self):
self.send_response(200)
self.end_headers()
self.wfile.write("OK\n")
def do_POST(self):
self.do_GET()
HandlerClass = myHandler
ServerClass = BaseHTTPServer.HTTPServer
Protocol = "HTTP/1.0"
if sys.argv[1:]:
port = int(sys.argv[1])
else:
port = 8000
server_address = ('127.0.0.1', port)
HandlerClass.protocol_version = Protocol
httpd = ServerClass(server_address, HandlerClass)
sa = httpd.socket.getsockname()
print "Serving HTTP on", sa[0], "port", sa[1], "..."
httpd.serve_forever()
20.02.2013, 00:05, "Nick Mathewson" <nickm@xxxxxxxxxxxxx>:
> On Tue, Feb 19, 2013 at 12:22 PM, Catalin Patulea <catalinp@xxxxxxxxxx> wrote:
>
>> Signed-off-by: Catalin Patulea <catalinp@xxxxxxxxxx>
>> ---
>> .gitignore | 1 +
>> sample/https-client.c | 207 ++++++++++++++++++++++++++++++++++++++++++++++++++
>> sample/include.am | 5 ++
>> 3 files changed, 213 insertions(+)
>> create mode 100644 sample/https-client.c
>
> Looks like a good start!
>
> Patrick, do you have time to have a look at this? I'm hoping you'll
> have some ideas of whether or not this is the right way to write this.
>
> Some initial comments:
>
> * It could sure use comments!
>
> * This is dangerous code; it doesn't do any certificate validation
> so far as I can see, and as such gets zero protection from
> man-in-the-middle attacks. People who don't know how to use TLS will
> be copying our examples here, so we need to make sure to get the
> security right.
> ***********************************************************************
> To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
> unsubscribe libevent-users in the body.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users in the body.