On Tue, Aug 30, 2011 at 5:39 PM, Mark Ellzey <mtho...@strcpy.net> wrote: > On Tue, Aug 30, 2011 at 09:56:01PM +0200, Graham Leggett wrote: >> Hi all, >> >> I have seen mention of support for https from within libevent, but >> I'm struggling to find details of where to find it. Is there any >> example code anywhere to show how one might support such a thing?
Folks have submitted patches, and I commented on the patches to suggest revisions, and they never revised. I can try to look more closely in the future. But see below. > There is no direct HTTP+SSL (https) support in libevent that I know of. > If there is, it's a manual process. > > But you are welcome to try out libevhtp (https://github.com/ellzey/libevhtp) > which > does include native https support. > > The API works much like the current evhttp API but has more > functionality. > > An example can be found here: > https://github.com/ellzey/libevhtp/blob/master/test.c > > To be more specific with HTTPS, check here: > https://github.com/ellzey/libevhtp/blob/master/test.c#L347 > > With this you can create a HTTPS server in a flash: > > #include <stdio.h> > #include <stdlib.h> > #include <string.h> > #include <stdint.h> > #include <errno.h> > #include <evhtp.h> > > void > my_default_callback(evhtp_request_t * request, void * arg) { > evhtp_send_reply(request, EVHTP_RES_OK); > } > > int > main(int argc, char ** argv) { > struct event_base * evbase = event_base_new(); > evhtp_t * htp = evhtp_new(evbase, NULL); > > memset(&sslcfg, 0, sizeof(evhtp_ssl_cfg_t)); > > sslcfg.pemfile = "./server.crt"; > sslcfg.privfile = "./server.key"; > sslcfg.scache_type = evhtp_ssl_scache_type_internal; > sslcfg.scache_timeout = 5000; > > evhtp_ssl_init(htp, &sslcfg); > evhtp_set_gencb(htp, my_default_callback, NULL); > evhtp_bind_socket(htp, "0.0.0.0", 4433); > > event_base_loop(evbase, 0); > > return 0; > } > > bam, now you have a http server listening on port 4433 Neat! APIwise, is there also a way to just pass in an SSL_CTX or use a factory function to create SSL objects? This kind of "config structure" trick is neat, but a lot of time, I need to do some pretty heavy unanticipated SSL hackery. Also, this is a yet another good sign that Mark's "libevhtp" might be more maintainable going forward than our current evhttp.c http implementation. People should definitely try it out, look at the source code, etc: once it's feature-complete and passes all of Libevent's current http unit tests, I'd like to start talking about whether and how we can eventually migrate towards it as a drop-in seamless source-compatible evhttp replacement, and away from having to maintain the current evhttp.c code indefinitely. If this is a bad idea for some reason, we should figure that out soon. yrs, -- Nick *********************************************************************** To unsubscribe, send an e-mail to majord...@freehaven.net with unsubscribe libevent-users in the body.
