Enable SSL in goAhead web server


goAhead web server comes with internal ssl support. It's disabled by default, and I haven't seen a tutorial around this topic on the web. So here is the my adventure of enabling it.

Difficulties with goAhead
According to the goAhead's feature page, ssl is fully supported. But it's not so convienent to enable it. The downloaded source package doesn't include the source code of the ssl library that it depends it. Even the distribution package (header file and library file) isn't there.
If we trun the macro WEBS_SSL_SUPPORT definition on, what we get eventually is compilcation error. You may see the error of type SSL isn't defined.
Then we can see there is a mocana project file, so we guess go ahead is using mocana library. And now problem comes, mocana is a comerical product and it's not freely available.

Use openssl instead
Luckily, we found there was a macro named OPENSSL. It's a symbol of openssl can be an alternative option here.
Looking deeply inside the code, we can see that goAhead provides a abstract layer above the underlying ssl library. So that we can change the implementaion easily. See? It's a typical usage of adapter design pattern.
We downloaded the openssl source, compile a linux version binary set. The openssl is a powerful ssl tool set. In addition to the ssl library itself, it also contains several utility tools. Within those tools, openssl is a useful terminal tool. It can act as a ssl server, ssl client, and certificate file generator.
What's specifically useful is we can generate and sign certificate file with it and use them to test our server. This page tells how to generate and sign certificates.
In goAhead's code, it uses three certificate files.
privkey.pem : the private key
cacert.pem : the certificate
server.pem : A combination of private key and cacert. The first part of its content is privkey.pem and the second part is cacert.pem.

Having got those files, we changed the makefile to define WEBS_SSL_SUPPORT and OPENSSL macro to enable ssl. Compiled again and run.

How to visit
The goAhead web server listens on a differnt port for incoming secure connection. The port is defined as SSL_PORT macro n in websSSL.c with default value 433. To test, open the browser and visit https://address:SSL_PORT .
Since we used a self signed certificates, the firefox won't allow access to it. We have to add our site to firefox exception list from "tools - advanced - encryption - view certificates - add exception" .
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值