[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [Libevent-users] https support within libevent



On Tue, Aug 30, 2011 at 5:39 PM, Mark Ellzey <mthomas@xxxxxxxxxx> wrote:
> On Tue, Aug 30, 2011 at 09:56:01PM +0200, Graham Leggett wrote:
>> Hi all,
>>
>> I have seen mention of support for https from within libevent, but
>> I'm struggling to find details of where to find it. Is there any
>> example code anywhere to show how one might support such a thing?

Folks have submitted patches, and I commented on the patches to
suggest revisions, and they never revised. I can try to look more
closely in the future.  But see below.

> There is no direct HTTP+SSL (https) support in libevent that I know of.
> If there is, it's a manual process.
>
> But you are welcome to try out libevhtp (https://github.com/ellzey/libevhtp) which
> does include native https support.
>
> The API works much like the current evhttp API but has more
> functionality.
>
> An example can be found here:
> https://github.com/ellzey/libevhtp/blob/master/test.c
>
> To be more specific with HTTPS, check here:
> https://github.com/ellzey/libevhtp/blob/master/test.c#L347
>
> With this you can create a HTTPS server in a flash:
>
> #include <stdio.h>
> #include <stdlib.h>
> #include <string.h>
> #include <stdint.h>
> #include <errno.h>
> #include <evhtp.h>
>
> void
> my_default_callback(evhtp_request_t * request, void * arg) {
>    evhtp_send_reply(request, EVHTP_RES_OK);
> }
>
> int
> main(int argc, char ** argv) {
>    struct event_base * evbase = event_base_new();
>    evhtp_t           * htp    = evhtp_new(evbase, NULL);
>
>    memset(&sslcfg, 0, sizeof(evhtp_ssl_cfg_t));
>
>    sslcfg.pemfile        = "./server.crt";
>    sslcfg.privfile       = "./server.key";
>    sslcfg.scache_type    = evhtp_ssl_scache_type_internal;
>    sslcfg.scache_timeout = 5000;
>
>    evhtp_ssl_init(htp, &sslcfg);
>    evhtp_set_gencb(htp, my_default_callback, NULL);
>    evhtp_bind_socket(htp, "0.0.0.0", 4433);
>
>    event_base_loop(evbase, 0);
>
>    return 0;
> }
>
> bam, now you have a http server listening on port 4433

Neat!   APIwise, is there also a way to just pass in an SSL_CTX or use
a factory function to create SSL objects?  This kind of "config
structure" trick is neat, but a lot of time, I need to do some pretty
heavy unanticipated SSL hackery.


Also, this is a yet another good sign that Mark's "libevhtp" might be
more maintainable going forward than our current evhttp.c http
implementation.  People should definitely try it out, look at the
source code, etc: once it's feature-complete and passes all of
Libevent's current http unit tests, I'd like to start talking about
whether and how we can eventually migrate towards it as a drop-in
seamless source-compatible evhttp replacement, and away from having to
maintain the current evhttp.c code indefinitely.  If this is a bad
idea for some reason, we should figure that out soon.

yrs,
-- 
Nick
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.