Discussion:
[libmicrohttpd] [possible feature request?] Loading key/cert from file [gnutls_certificate_set_x509_key_file2()]
silvioprog
2018-07-29 03:39:17 UTC
Permalink
Hello dudes.

I tried to pass the key/cert files to the MHD library, however, it
allows only passing via memory (using
gnutls_certificate_set_x509_key_mem2()):

MHD_OPTION_HTTPS_MEM_KEY, "private key content",
MHD_OPTION_HTTPS_MEM_CERT, "certificate content"

but it would be nice to use the GnuTLS's builtin functions to load the
key/cert files: gnutls_certificate_set_x509_key_file2(). Advantage: the
programmer just pass the path of the key/cert instead of writing own unsafe
functions for file loading. So, what do you thing about to add those new
options?:

MHD_OPTION_HTTPS_FILE_KEY, "key.pem",
MHD_OPTION_HTTPS_FILE_CERT, "cert.pem",
MHD_OPTION_HTTPS_FILE_TRUST, "ca.pem"

Thank you!
--
Silvio Clécio
Christian Grothoff
2018-09-05 09:42:25 UTC
Permalink
Hi Silvio,

I don't like the proposed feature very much, it's something an
application developer can reasonably easily write themselves, it would
introduce a dependency on file system operations to MHD, and it would
include a lot of different possible error types (file not found, access
permissions wrong, etc.) that would have to be passed back to the
application.

That said, adding a good _example_ (reference code) for how to do this
in the documentation would be totally fine.

My 2 cents!

Happy hacking!

Christian
p.s.: sorry for the delay, life's been very busy...
Post by silvioprog
Hello dudes.
I tried to pass the key/cert files to the MHD library, however, it
allows only passing via memory (using
  MHD_OPTION_HTTPS_MEM_KEY, "private key content",
  MHD_OPTION_HTTPS_MEM_CERT, "certificate content"
but it would be nice to use the GnuTLS's builtin functions to load the
key/cert files: gnutls_certificate_set_x509_key_file2(). Advantage: the
programmer just pass the path of the key/cert instead of writing own
unsafe functions for file loading. So, what do you thing about
  MHD_OPTION_HTTPS_FILE_KEY, "key.pem",
  MHD_OPTION_HTTPS_FILE_CERT, "cert.pem",
  MHD_OPTION_HTTPS_FILE_TRUST, "ca.pem"
Thank you!
--
Silvio Clécio
silvioprog
2018-12-06 05:25:02 UTC
Permalink
Hi Christian,

I totally agree with you. After using the useful gnutls_load_file() for a
long time I referenced it in the HTTPs examples in 53674dc
<https://gnunet.org/git/libmicrohttpd.git/diff/?id2=79a8955bb61d62f6dc4fc93d2f05a08adf8596d5>
.
Post by Christian Grothoff
p.s.: sorry for the delay, life's been very busy...
I'm in the same hehe. 😅
Post by Christian Grothoff
Hi Silvio,
I don't like the proposed feature very much, it's something an
application developer can reasonably easily write themselves, it would
introduce a dependency on file system operations to MHD, and it would
include a lot of different possible error types (file not found, access
permissions wrong, etc.) that would have to be passed back to the
application.
That said, adding a good _example_ (reference code) for how to do this
in the documentation would be totally fine.
My 2 cents!
Happy hacking!
Christian
p.s.: sorry for the delay, life's been very busy...
--
Silvio Clécio
Loading...