2015-02-11 20:05:40 +01:00
|
|
|
------------------------------------------------------------------------------
|
|
|
|
|
-- Ada Web Server --
|
|
|
|
|
-- --
|
|
|
|
|
-- Copyright (C) 2015, AdaCore --
|
|
|
|
|
-- --
|
|
|
|
|
-- This is free software; you can redistribute it and/or modify it --
|
|
|
|
|
-- under terms of the GNU General Public License as published by the --
|
|
|
|
|
-- Free Software Foundation; either version 3, or (at your option) any --
|
|
|
|
|
-- later version. This software is distributed in the hope that it will --
|
|
|
|
|
-- be useful, but WITHOUT ANY WARRANTY; without even the implied warranty --
|
|
|
|
|
-- of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU --
|
|
|
|
|
-- General Public License for more details. --
|
|
|
|
|
-- --
|
|
|
|
|
-- You should have received a copy of the GNU General Public License --
|
|
|
|
|
-- distributed with this software; see file COPYING3. If not, go --
|
|
|
|
|
-- to http://www.gnu.org/licenses for a complete copy of the license. --
|
|
|
|
|
------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
-- Demos using TLS 1.2 only
|
|
|
|
|
|
|
|
|
|
with Ada.Text_IO;
|
|
|
|
|
|
|
|
|
|
with AWS.Config;
|
2015-03-20 18:20:28 +01:00
|
|
|
with AWS.Net.SSL.Certificate;
|
2015-02-11 20:05:40 +01:00
|
|
|
with AWS.Server;
|
|
|
|
|
|
|
|
|
|
with HTTPS_CB;
|
|
|
|
|
|
|
|
|
|
procedure HTTPS is
|
|
|
|
|
|
|
|
|
|
use Ada;
|
|
|
|
|
use AWS;
|
|
|
|
|
|
|
|
|
|
WS : Server.HTTP;
|
|
|
|
|
SSL : Net.SSL.Config;
|
|
|
|
|
|
|
|
|
|
begin
|
|
|
|
|
Text_IO.Put_Line ("Call me on port 4433, press Q to exit");
|
|
|
|
|
Text_IO.New_Line;
|
|
|
|
|
|
2015-02-11 20:44:02 +01:00
|
|
|
-- Allows only TLS 1.2
|
2015-02-11 20:05:40 +01:00
|
|
|
|
2015-03-20 18:20:28 +01:00
|
|
|
Net.SSL.Certificate.Set_Password_Callback
|
|
|
|
|
(HTTPS_CB.Set_Password'Access);
|
|
|
|
|
|
Rework SSL API to allow for certificate & host verification.
First the parameter Certificate_Required has been renamed Check_Certificate
to better describe the actual semantic.
The default is now to verify the certificate and the host. Both
default values in AWS.Default (Check_Certificate & Check_Host) have
been set to true. This means that the call in AWS.Client (Get, Post,
Head, Put, Delete, Upload and SOAP_Post) are safe and will always
check for certificate and host. To disable those checks one need
to create a connection and setup the SSL configuration with options
disabled:
WS : Server.HTTP;
SSL : Net.SSL.Config;
Net.SSL.Initialize
(SSL,
Security_Mode => Net.SSL.TLS_Server,
Server_Certificate => "aws-server.crt",
Server_Key => "aws-server.key",
Check_Certificate => False);
Server.Set_SSL_Config (WS, SSL);
For the client side it is also possible to disable the host check,
and so not detecting man-in-the-middle kind of attacks, so hightly
discouraged:
Net.SSL.Initialize
(SSL,
Security_Mode => Net.SSL.TLS_Client,
Client_Certificate => "cert.pem",
Check_Certificate => False,
Check_Host => False);
The configuration API has been updated to support those two new parameters.
TN: eng/toolchain/aws#31
2024-05-31 20:34:02 +02:00
|
|
|
-- Certificate for server is self-signed, we disable the
|
|
|
|
|
-- check for this simple demo.
|
|
|
|
|
|
2015-02-11 20:05:40 +01:00
|
|
|
Net.SSL.Initialize
|
|
|
|
|
(SSL,
|
Rework SSL API to allow for certificate & host verification.
First the parameter Certificate_Required has been renamed Check_Certificate
to better describe the actual semantic.
The default is now to verify the certificate and the host. Both
default values in AWS.Default (Check_Certificate & Check_Host) have
been set to true. This means that the call in AWS.Client (Get, Post,
Head, Put, Delete, Upload and SOAP_Post) are safe and will always
check for certificate and host. To disable those checks one need
to create a connection and setup the SSL configuration with options
disabled:
WS : Server.HTTP;
SSL : Net.SSL.Config;
Net.SSL.Initialize
(SSL,
Security_Mode => Net.SSL.TLS_Server,
Server_Certificate => "aws-server.crt",
Server_Key => "aws-server.key",
Check_Certificate => False);
Server.Set_SSL_Config (WS, SSL);
For the client side it is also possible to disable the host check,
and so not detecting man-in-the-middle kind of attacks, so hightly
discouraged:
Net.SSL.Initialize
(SSL,
Security_Mode => Net.SSL.TLS_Client,
Client_Certificate => "cert.pem",
Check_Certificate => False,
Check_Host => False);
The configuration API has been updated to support those two new parameters.
TN: eng/toolchain/aws#31
2024-05-31 20:34:02 +02:00
|
|
|
Server_Certificate => "aws-server.crt",
|
|
|
|
|
Server_Key => "aws-server.key",
|
|
|
|
|
Security_Mode => Net.SSL.TLSv1_2,
|
2024-06-21 17:32:27 +02:00
|
|
|
Check_Certificate => False);
|
2015-02-11 20:05:40 +01:00
|
|
|
|
|
|
|
|
Server.Set_SSL_Config (WS, SSL);
|
|
|
|
|
|
|
|
|
|
Server.Start
|
|
|
|
|
(WS, "HTTPS",
|
|
|
|
|
Max_Connection => 5,
|
|
|
|
|
Security => True,
|
|
|
|
|
Port => 4433,
|
|
|
|
|
Callback => HTTPS_CB.HW_CB'Access);
|
|
|
|
|
|
|
|
|
|
Server.Wait (Server.Q_Key_Pressed);
|
|
|
|
|
|
|
|
|
|
Server.Shutdown (WS);
|
|
|
|
|
end HTTPS;
|