Mirror of forum.nim-lang.org

646 :: HTTPS Server for Nim?

• Kratos (orginal) [2014-11-28T14:16:30+01:00] view original

  First of all I would like to thank everyone involved in developing this great language. Keep it up!

  Are there any plans for SSL/TLS support for Nim's HTTP Server?

---

• dom96 (orginal) [2014-11-29T13:16:07+01:00] view original

  The HTTP server's main purpose is currently for local testing of your web apps. You should probably run nginx or another HTTP server in front of it. That said, our sockets support SSL/TLS so the HTTP server may get SSL/TLS support eventually. It's not a priority right now. Pull requests are always welcome so if you're interested then please implement it and create a pull request.

  Also if you need any assistance with implementing it do let us know!

---

• xafizoff (orginal) [2015-12-01T19:49:47+01:00] view original

  Hello!

  I'm trying to implement https server via net module.

  
  import net
  
  var server = newSocket()
  server.bindAddr(Port(5000))
  server.listen()
  while true:
    var
      client: Socket
    new(client)
    server.accept(client)
    
    var ctx = newContext(certFile = "cert.pem", keyFile = "key.pem")
    wrapSocket(ctx, client)
    
    var data: array[1024,cchar]
    echo "recv: ", client.recv(addr data, sizeof(data))
  Run

  I managed to read requests using low level functions from openssl module. But I'm getting negative response from recv function. What am I doing wrong?

  Thanks.

---

• xafizoff (orginal) [2015-12-01T20:53:47+01:00] view original

  I've tried to wrapSocket before accept, but still getting negative response (-1). Also tried wrapConnectedSocket, then I got some error.

  Here's the way to read HTTPS request using openssl's API. Note that I hacked net module to access to SocketHandle field of Socket object.

  
  import openssl, mynet, winlean
  
  const
    keyFile = "key.pem"
    certFile = "cert.pem"
  
  proc run_server*()=
    
    var
      meth = SSLv23_method()
      ctx = SSL_CTX_new(meth)
    if ctx == nil:
      ERR_print_errors_fp(stderr)
      return
    if SSL_CTX_use_certificate_file(ctx, certFile, SSL_FILETYPE_PEM) <= 0:
      ERR_print_errors_fp(stderr)
      return
    
    if SSL_CTX_use_PrivateKey_file(ctx, keyFile, SSL_FILETYPE_PEM) <= 0:
      ERR_print_errors_fp(stderr)
      return
    if SSL_CTX_check_private_key(ctx) <= 0:
      echo "Private key does not match the public certificate"
      return
    
    var server = newSocket()
    server.bindAddr(Port(5000))
    server.listen()
    while true:
      var
        client: Socket
        address: string = ""
      new(client)
      server.accept(client)
      
      var ssl = SSL_new(ctx)
      discard SSL_set_fd(ssl, client.fd)
      if SSL_accept(ssl) != 1:
        ERR_print_errors_fp(stderr)
      else:
        var
          buf: array[1024,cchar]
          bytes = SSL_read(ssl, addr buf, sizeof(buf))
        if bytes > 0:
          echo "buffer: ", buf
        else:
          ERR_print_errors_fp(stderr)
      SSL_free(ssl)
      discard closesocket(client.fd)
    close(server)
    SSL_CTX_free(ctx)
  
  run_server()
  Run

---

• xafizoff (orginal) [2015-12-03T11:01:26+01:00] view original

  My problem is solved by passing verifyMode = CVerifyNone to newContext.

---