ada/aws
0
0
Fork 0
mirror of https://github.com/AdaCore/aws.git synced 2026-02-12 12:29:46 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
aws/regtests/common/setup_ssl.ads
Pascal Obry 40c93aac18 Rework SSL API to allow for certificate & host verification. 
First the parameter Certificate_Required has been renamed Check_Certificate
to better describe the actual semantic.

The default is now to verify the certificate and the host. Both
default values in AWS.Default (Check_Certificate & Check_Host) have
been set to true. This means that the call in AWS.Client (Get, Post,
Head, Put, Delete, Upload and SOAP_Post) are safe and will always
check for certificate and host. To disable those checks one need
to create a connection and setup the SSL configuration with options
disabled:

    WS  : Server.HTTP;
    SSL : Net.SSL.Config;

    Net.SSL.Initialize
      (SSL,
       Security_Mode      => Net.SSL.TLS_Server,
       Server_Certificate => "aws-server.crt",
       Server_Key         => "aws-server.key",
       Check_Certificate  => False);

    Server.Set_SSL_Config (WS, SSL);

For the client side it is also possible to disable the host check,
and so not detecting man-in-the-middle kind of attacks, so hightly
discouraged:

    Net.SSL.Initialize
      (SSL,
       Security_Mode      => Net.SSL.TLS_Client,
       Client_Certificate => "cert.pem",
       Check_Certificate  => False,
       Check_Host         => False);

The configuration API has been updated to support those two new parameters.

TN: eng/toolchain/aws#31
2024-06-27 15:15:08 +00:00

30 lines
1.5 KiB
Ada
Raw Permalink Blame History

------------------------------------------------------------------------------
-- Ada Web Server --
-- --
-- Copyright (C) 2024, AdaCore --
-- --
-- This is free software; you can redistribute it and/or modify it --
-- under terms of the GNU General Public License as published by the --
-- Free Software Foundation; either version 3, or (at your option) any --
-- later version. This software is distributed in the hope that it will --
-- be useful, but WITHOUT ANY WARRANTY; without even the implied warranty --
-- of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU --
-- General Public License for more details. --
-- --
-- You should have received a copy of the GNU General Public License --
-- distributed with this software; see file COPYING3. If not, go --
-- to http://www.gnu.org/licenses for a complete copy of the license. --
------------------------------------------------------------------------------
with AWS.Server;
package Setup_SSL is
procedure Full
(WS : in out AWS.Server.HTTP;
Mess : Boolean := True);
procedure Default;
end Setup_SSL;
Reference in New Issue View Git Blame Copy Permalink