TLS API refactor

Makefile

@@ -36,13 +36,13 @@ endif
 
 ifeq "$(SSL)" "MBEDTLS"
 MBEDTLS ?= /usr/local
-CFLAGS  += -DMG_ENABLE_MBEDTLS=1 -I$(MBEDTLS)/include -I/usr/include
+CFLAGS  += -DMG_TLS=MG_TLS_MBED -I$(MBEDTLS)/include -I/usr/include
 LDFLAGS += -L$(MBEDTLS)/lib -lmbedtls -lmbedcrypto -lmbedx509
 endif
 
 ifeq "$(SSL)" "OPENSSL"
 OPENSSL ?= /usr/local
-CFLAGS  += -DMG_ENABLE_OPENSSL=1 -I$(OPENSSL)/include
+CFLAGS  += -DMG_TLS=MG_TLS_OPENSSL -I$(OPENSSL)/include
 LDFLAGS += -L$(OPENSSL)/lib -lssl -lcrypto
 endif
 
@@ -175,7 +175,7 @@ mongoose.c: Makefile $(wildcard src/*.c) $(wildcard src/tcpip/*.c)
 	(cat src/license.h; echo; echo '#include "mongoose.h"' ; (for F in src/*.c src/tcpip/*.c ; do echo; echo '#ifdef MG_ENABLE_LINES'; echo "#line 1 \"$$F\""; echo '#endif'; cat $$F | sed -e 's,#include ".*,,'; done))> $@
 
 mongoose.h: $(HDRS) Makefile
-	(cat src/license.h; echo; echo '#ifndef MONGOOSE_H'; echo '#define MONGOOSE_H'; echo; cat src/version.h ; echo; echo '#ifdef __cplusplus'; echo 'extern "C" {'; echo '#endif'; cat src/arch.h src/arch_*.h src/net_*.h src/config.h src/str.h src/queue.h src/fmt.h src/printf.h src/log.h src/timer.h src/fs.h src/util.h src/url.h src/iobuf.h src/base64.h src/md5.h src/sha1.h src/event.h src/net.h src/http.h src/ssi.h src/tls.h src/tls_mbed.h src/tls_openssl.h src/ws.h src/sntp.h src/mqtt.h src/dns.h src/json.h src/rpc.h src/tcpip/tcpip.h src/tcpip/driver_*.h | sed -e '/keep/! s,#include ".*,,' -e 's,^#pragma once,,'; echo; echo '#ifdef __cplusplus'; echo '}'; echo '#endif'; echo '#endif  // MONGOOSE_H')> $@
+	(cat src/license.h; echo; echo '#ifndef MONGOOSE_H'; echo '#define MONGOOSE_H'; echo; cat src/version.h ; echo; echo '#ifdef __cplusplus'; echo 'extern "C" {'; echo '#endif'; cat src/arch.h src/arch_*.h src/net_*.h src/config.h src/str.h src/queue.h src/fmt.h src/printf.h src/log.h src/timer.h src/fs.h src/util.h src/url.h src/iobuf.h src/base64.h src/md5.h src/sha1.h src/event.h src/net.h src/http.h src/ssi.h src/tls.h src/tls_mbed.h src/tls_openssl.h src/ws.h src/sntp.h src/mqtt.h src/dns.h src/json.h src/rpc.h src/tcpip/tcpip.h src/tcpip/driver_*.h src/certs.h | sed -e '/keep/! s,#include ".*,,' -e 's,^#pragma once,,'; echo; echo '#ifdef __cplusplus'; echo '}'; echo '#endif'; echo '#endif  // MONGOOSE_H')> $@
 
 
 clean: clean_examples clean_embedded

examples/device-dashboard/Makefile

@@ -41,7 +41,7 @@ mbedtls:
 	git clone --depth 1 -b v2.28.2 https://github.com/mbed-tls/mbedtls $@
 
 ifeq ($(TLS), mbedtls)
-CFLAGS += -DMG_ENABLE_MBEDTLS=1 -Wno-conversion -Imbedtls/include
+CFLAGS += -DMG_TLS=MG_TLS_MBED -Wno-conversion -Imbedtls/include
 CFLAGS += -DMBEDTLS_CONFIG_FILE=\"mbedtls_config.h\" mbedtls/library/*.c
 $(PROG): mbedtls
 endif

examples/device-dashboard/mbedtls_config.h

@@ -6,6 +6,7 @@
 #define MBEDTLS_SSL_OUT_CONTENT_LEN    2048
 #define MBEDTLS_ALLOW_PRIVATE_ACCESS
 #define MBEDTLS_HAVE_TIME
+#define MBEDTLS_SSL_SESSION_TICKETS
 
 #define MBEDTLS_CIPHER_MODE_CBC
 #define MBEDTLS_ECP_DP_SECP192R1_ENABLED
@@ -51,13 +52,13 @@
 #define MBEDTLS_AES_FEWER_TABLES
 #define MBEDTLS_PEM_PARSE_C
 #define MBEDTLS_BASE64_C
+#define MBEDTLS_SSL_TICKET_C
 
-// TLS 1.2
+#define MBEDTLS_SSL_PROTO_TLS1_3
 #define MBEDTLS_SSL_PROTO_TLS1_2
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 #define MBEDTLS_GCM_C
 #define MBEDTLS_ECDH_C
 #define MBEDTLS_ECP_C
 #define MBEDTLS_ECDSA_C
 #define MBEDTLS_ASN1_WRITE_C
-

examples/device-dashboard/net.c

@@ -31,7 +31,7 @@ static uint64_t s_boot_timestamp = 0;  // Updated by SNTP
 // Certificate generation procedure:
 // openssl ecparam -name prime256v1 -genkey -noout -out key.pem
 // openssl req -new -key key.pem -x509 -nodes -days 3650 -out cert.pem
-static const char *s_ssl_cert =
+static const char *s_tls_cert =
     "-----BEGIN CERTIFICATE-----\n"
     "MIIBCTCBsAIJAK9wbIDkHnAoMAoGCCqGSM49BAMCMA0xCzAJBgNVBAYTAklFMB4X\n"
     "DTIzMDEyOTIxMjEzOFoXDTMzMDEyNjIxMjEzOFowDTELMAkGA1UEBhMCSUUwWTAT\n"
@@ -41,7 +41,7 @@ static const char *s_ssl_cert =
     "aEWiBp1xshs4iz6WbpxrS1IHucrqkZuJLfNZGZI=\n"
     "-----END CERTIFICATE-----\n";
 
-static const char *s_ssl_key =
+static const char *s_tls_key =
     "-----BEGIN EC PRIVATE KEY-----\n"
     "MHcCAQEEICBz3HOkQLPBDtdknqC7k1PNsWj6HfhyNB5MenfjmqiooAoGCCqGSM49\n"
     "AwEHoUQDQgAEc0kEuTh3de5VHjSPupKfVmLtHMbhCIvyU46YWwpnSQ9XFL4ZszPf\n"
@@ -54,19 +54,18 @@ uint64_t mg_now(void) {
 }
 
 int ui_event_next(int no, struct ui_event *e) {
-  if (no < 0 || no >= MAX_EVENTS_NO)
-    return 0;
+  if (no < 0 || no >= MAX_EVENTS_NO) return 0;
 
   srand(no);
   e->type = (uint8_t) rand() % 4;
   e->prio = (uint8_t) rand() % 3;
-  e->timestamp = (unsigned long) (mg_now() - 86400 * 1000 /* one day back */ +
-                              no * 300 * 1000 /* 5 mins between alerts */ +
-                              1000 * (rand() % 300) /* randomize event time */) /
-             1000;
-             
-  mg_snprintf(e->text, MAX_EVENT_TEXT_SIZE,
-              "event#%d", no);
+  e->timestamp =
+      (unsigned long) (mg_now() - 86400 * 1000 /* one day back */ +
+                       no * 300 * 1000 /* 5 mins between alerts */ +
+                       1000 * (rand() % 300) /* randomize event time */) /
+      1000;
+
+  mg_snprintf(e->text, MAX_EVENT_TEXT_SIZE, "event#%d", no);
   return no + 1;
 }
 
@@ -171,16 +170,17 @@ static size_t print_events(void (*out)(char, void *), void *ptr, va_list *ap) {
   while ((no = ui_event_next(no, &ev)) != 0 && no <= end) {
     len += mg_xprintf(out, ptr, "%s{%m:%lu,%m:%d,%m:%d,%m:%m}",  //
                       len == 0 ? "" : ",",                       //
-                      MG_ESC("time"), ev.timestamp,       //
-                      MG_ESC("type"), ev.type,            //
-                      MG_ESC("prio"), ev.prio,            //
+                      MG_ESC("time"), ev.timestamp,              //
+                      MG_ESC("type"), ev.type,                   //
+                      MG_ESC("prio"), ev.prio,                   //
                       MG_ESC("text"), MG_ESC(ev.text));
   }
 
   return len;
 }
 
-static void handle_events_get(struct mg_connection *c, struct mg_http_message *hm) {
+static void handle_events_get(struct mg_connection *c,
+                              struct mg_http_message *hm) {
   int pageno = mg_json_get_long(hm->body, "$.page", 1);
   mg_http_reply(c, 200, s_json_header, "{%m:[%M], %m:%d}", MG_ESC("arr"),
                 print_events, pageno, MG_ESC("totalCount"), MAX_EVENTS_NO);
@@ -220,10 +220,7 @@ static void handle_settings_get(struct mg_connection *c) {
 
 // HTTP request handler function
 static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
-  if (ev == MG_EV_ACCEPT && fn_data != NULL) {
-    struct mg_tls_opts opts = {.cert = s_ssl_cert, .certkey = s_ssl_key};
-    mg_tls_init(c, &opts);
-  } else if (ev == MG_EV_HTTP_MSG) {
+  if (ev == MG_EV_HTTP_MSG) {
     struct mg_http_message *hm = (struct mg_http_message *) ev_data;
     struct user *u = authenticate(hm);
 
@@ -258,15 +255,19 @@ static void fn(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
               hm->method.ptr, (int) hm->uri.len, hm->uri.ptr, (int) 3,
               &c->send.buf[9]));
   }
+  (void) fn_data;
 }
 
 void web_init(struct mg_mgr *mgr) {
+  struct mg_tls_opts opts = {0};
+  opts.server_cert = mg_str(s_tls_cert);
+  opts.server_key = mg_str(s_tls_key);
+  mg_tls_ctx_init(mgr, &opts);
+
   s_settings.device_name = strdup("My Device");
 
   mg_http_listen(mgr, HTTP_URL, fn, NULL);
-#if MG_ENABLE_MBEDTLS || MG_ENABLE_OPENSSL
-  mg_http_listen(mgr, HTTPS_URL, fn, "");
-#endif
+  mg_http_listen(mgr, HTTPS_URL, fn, NULL);
 
   // mg_timer_add(c->mgr, 1000, MG_TIMER_REPEAT, timer_mqtt_fn, c->mgr);
   mg_timer_add(mgr, 3600 * 1000, MG_TIMER_RUN_NOW | MG_TIMER_REPEAT,

examples/device-dashboard/net.h

@@ -9,7 +9,7 @@
 #endif
 
 #if !defined(HTTPS_URL)
-#define HTTPS_URL "http://0.0.0.0:8443"
+#define HTTPS_URL "https://0.0.0.0:8443"
 #endif
 
 #define MAX_DEVICE_NAME 40