Added feature: loading DH params from the file

Author: awwit

samples/apps.conf

@@ -14,8 +14,10 @@ server {
 #	tls_certificate /media/projects/sites/servertest/cert/cert1.pem;
 #	tls_certificate_key /media/projects/sites/servertest/cert/privkey1.pem;
 
+# [Optional]
 #	tls_certificate_chain /media/projects/sites/servertest/cert/chain1.pem;
 #	tls_certificate_crl /media/projects/sites/servertest/cert/crl.pem;
 
 #	tls_stapling_file /media/projects/sites/servertest/cert/ocsp.der;
+#	tls_dh_params_file /media/projects/sites/servertest/cert/dh.pem;
 }

src/ConfigParser.cpp

@@ -137,6 +137,7 @@ namespace HttpServer
 		std::string chain_file;
 		std::string crl_file;
 		std::string stapling_file;
+		std::string dh_file;
 
 		if (false == tls_ports.empty() )
 		{
@@ -161,6 +162,13 @@ namespace HttpServer
 				stapling_file = it_stapling_file->second;
 			}
 
+			auto const it_dh_params_file = app.find("tls_dh_params_file");
+
+			if (app.cend() != it_dh_params_file)
+			{
+				dh_file = it_dh_params_file->second;
+			}
+
 			auto const it_cert_file = app.find("tls_certificate");
 
 			if (app.cend() == it_cert_file)
@@ -283,7 +291,7 @@ namespace HttpServer
 		std::string module_update = app.cend() != it_module_update ? it_module_update->second : "";
 
 		// Calculate module index
-		size_t module_index = ~0;
+		size_t module_index = std::numeric_limits<size_t>::max();
 
 		for (size_t i = 0; i < modules.size(); ++i)
 		{
@@ -294,7 +302,7 @@ namespace HttpServer
 			}
 		}
 
-		if (module_index == ~0)
+		if (std::numeric_limits<size_t>::max() == module_index)
 		{
 			module_index = modules.size();
 			modules.emplace_back(std::move(module) );
@@ -333,6 +341,7 @@ namespace HttpServer
 			std::move(chain_file),
 			std::move(crl_file),
 			std::move(stapling_file),
+			std::move(dh_file),
 
 			std::move(app_call),
 			std::move(app_clear),

src/Server.cpp

@@ -1508,9 +1508,49 @@ namespace HttpServer
 
 		::gnutls_dh_params_init(&dh_params);
 
-		const unsigned int bits = ::gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, GNUTLS_SEC_PARAM_LEGACY);
+		if (app.dh_file.empty() )
+		{
+			const unsigned int bits = ::gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, GNUTLS_SEC_PARAM_HIGH);
+
+			ret = ::gnutls_dh_params_generate2(dh_params, bits);
+		}
+		else
+		{
+			std::ifstream dh_file(app.dh_file);
+
+			if (dh_file)
+			{
+				const size_t max_file_size = 1024 * 1024;
 
-		::gnutls_dh_params_generate2(dh_params, bits);
+				std::vector<char> buf(max_file_size);
+
+				dh_file.read(buf.data(), buf.size() );
+
+				gnutls_datum_t datum {
+					reinterpret_cast<unsigned char *>(buf.data() ),
+					static_cast<unsigned int>(dh_file.gcount() )
+				};
+
+				ret = ::gnutls_dh_params_import_pkcs3(dh_params, &datum, GNUTLS_X509_FMT_PEM);
+			}
+			else
+			{
+				ret = -1;
+
+				std::cout << "Error: DH params file has not been opened;" << std::endl;;
+			}
+
+			dh_file.close();
+		}
+
+		if (ret < 0)
+		{
+			::gnutls_certificate_free_credentials(x509_cred);
+
+			std::cout << "Error: failed tls DH params get;" << std::endl;
+
+			return false;
+		}
 
 		::gnutls_certificate_set_dh_params(x509_cred, dh_params);
 

src/ServerApplicationSettings.h

@@ -28,6 +28,7 @@ namespace HttpServer
 		std::string chain_file;
 		std::string crl_file;
 		std::string stapling_file;
+		std::string dh_file;
 
 		std::function<int(server_request *, server_response *)> application_call;
 		std::function<void(Utils::raw_pair [], const size_t)> application_clear;

src/SignalHandlers.cpp

@@ -7,13 +7,15 @@
 	#include <thread>
 
 	static std::thread threadMessageLoop;
-	extern ::TCHAR myWndClassName[];
 #endif
 
 #include <csignal>
 
 static HttpServer::Server *globalServerPtr = nullptr;
 
+/**
+ * Terminate signal
+ */
 static void handlerSigTerm(const int sig)
 {
 	if (globalServerPtr)
@@ -22,6 +24,9 @@ static void handlerSigTerm(const int sig)
 	}
 }
 
+/**
+ * Interrupt signal
+ */
 static void handlerSigInt(const int sig)
 {
 	if (globalServerPtr)
@@ -30,6 +35,9 @@ static void handlerSigInt(const int sig)
 	}
 }
 
+/**
+ * Signal to restart
+ */
 static void handlerSigUsr1(const int sig)
 {
 	if (globalServerPtr)
@@ -39,6 +47,9 @@ static void handlerSigUsr1(const int sig)
 	}
 }
 
+/**
+ * Signal to update modules
+ */
 static void handlerSigUsr2(const int sig)
 {
 	if (globalServerPtr)
@@ -60,6 +71,7 @@ static ::LRESULT CALLBACK WndProc(const ::HWND hWnd, const ::UINT message, const
 	switch (message)
 	{
 		case SIGTERM:
+		case WM_CLOSE:
 		{
 			handlerSigTerm(message);
 			::PostMessage(hWnd, WM_QUIT, 0, 0); // Fuck ::PostQuitMessage(0);
@@ -96,11 +108,11 @@ static ::LRESULT CALLBACK WndProc(const ::HWND hWnd, const ::UINT message, const
 	return 0;
 }
 
-static ::WPARAM mainMessageLoop(const ::HINSTANCE hInstance, HttpServer::Event *pCreatedWindow)
+static ::WPARAM mainMessageLoop(const ::HINSTANCE hInstance, HttpServer::Event * const eventWindowCreation)
 {
 	const ::HWND hWnd = ::CreateWindow(myWndClassName, nullptr, 0, CW_USEDEFAULT, CW_USEDEFAULT, 0, 0, nullptr, nullptr, hInstance, nullptr);
 
-	pCreatedWindow->notify();
+	eventWindowCreation->notify(); // After this action, eventWindowCreation will be destroyed (in the other thread)
 
 	if (0 == hWnd)
 	{
@@ -166,11 +178,11 @@ bool bindSignalHandlers(HttpServer::Server *server)
 		return false;
 	}
 
-	HttpServer::Event createdWindow;
+	HttpServer::Event eventWindowCreation;
 
-	threadMessageLoop = std::thread(mainMessageLoop, hInstance, &createdWindow);
+	threadMessageLoop = std::thread(mainMessageLoop, hInstance, &eventWindowCreation);
 
-	createdWindow.wait();
+	eventWindowCreation.wait();
 
 #elif POSIX
 

src/SocketAdapterTls.cpp

@@ -55,7 +55,7 @@ namespace HttpServer
 
 		while (total < length)
 		{
-			::gnutls_record_set_timeout(this->session, timeout.count() );
+			::gnutls_record_set_timeout(this->session, static_cast<unsigned int>(timeout.count() ) );
 
 			if (record_size > length - total)
 			{
@@ -92,7 +92,7 @@ namespace HttpServer
 
 	long SocketAdapterTls::nonblock_recv(std::vector<std::string::value_type> &buf, const std::chrono::milliseconds &timeout) const
 	{
-		::gnutls_record_set_timeout(this->session, timeout.count() );
+		::gnutls_record_set_timeout(this->session, static_cast<unsigned int>(timeout.count() ) );
 		return ::gnutls_record_recv(this->session, buf.data(), buf.size() );
 	}
 

src/System.h

@@ -3,6 +3,9 @@
 #ifdef WIN32
 	#include <WS2tcpip.h>
 	#include <Windows.h>
+	#undef min
+	#undef max
+
 	::TCHAR myWndClassName[];
 
     #ifdef SIGTERM

src/Utils.cpp

@@ -280,7 +280,7 @@ namespace Utils
 
 		// Parse RFC 822
 	#ifdef WIN32
-		if (~0 != ::sscanf_s(strTime.c_str(), "%*s %d %3s %d %d:%d:%d", &tc.tm_mday, s_mon.data(), s_mon.size(), &tc.tm_year, &tc.tm_hour, &tc.tm_min, &tc.tm_sec) )
+		if (~0 != ::sscanf_s(strTime.c_str(), "%*s %d %3s %d %d:%d:%d", &tc.tm_mday, s_mon.data(), static_cast<unsigned int>(s_mon.size() ), &tc.tm_year, &tc.tm_hour, &tc.tm_min, &tc.tm_sec) )
 	#else
 		if (~0 != ::sscanf(strTime.c_str(), "%*s %d %3s %d %d:%d:%d", &tc.tm_mday, s_mon.data(), &tc.tm_year, &tc.tm_hour, &tc.tm_min, &tc.tm_sec) )
 	#endif