Mercurial > hg > orthanc
comparison OrthancFramework/Sources/HttpServer/HttpServer.cpp @ 4382:3aacd2bd8bbc varian
review changeset 4381:df313e410f0c
author | Sebastien Jodogne <s.jodogne@gmail.com> |
---|---|
date | Thu, 17 Dec 2020 15:10:04 +0100 |
parents | df313e410f0c |
children | d9473bd5ed43 |
comparison
equal
deleted
inserted
replaced
4381:df313e410f0c | 4382:3aacd2bd8bbc |
---|---|
1501 handler_(NULL), | 1501 handler_(NULL), |
1502 remoteAllowed_(false), | 1502 remoteAllowed_(false), |
1503 authentication_(false), | 1503 authentication_(false), |
1504 sslVerifyPeers_(false), | 1504 sslVerifyPeers_(false), |
1505 ssl_(false), | 1505 ssl_(false), |
1506 sslMinimumVersion_(0), // Default to any of "SSL2+SSL3+TLS1.0+TLS1.1+TLS1.2" | |
1507 sslHasCiphers_(false), | |
1506 port_(8000), | 1508 port_(8000), |
1507 filter_(NULL), | 1509 filter_(NULL), |
1508 keepAlive_(false), | 1510 keepAlive_(false), |
1509 httpCompression_(true), | 1511 httpCompression_(true), |
1510 exceptionFormatter_(NULL), | 1512 exceptionFormatter_(NULL), |
1511 realm_(ORTHANC_REALM), | 1513 realm_(ORTHANC_REALM), |
1512 threadsCount_(50), // Default value in mongoose | 1514 threadsCount_(50), // Default value in mongoose/civetweb |
1513 tcpNoDelay_(true), | 1515 tcpNoDelay_(true), |
1514 requestTimeout_(30) // Default value in mongoose/civetweb (30 seconds) | 1516 requestTimeout_(30) // Default value in mongoose/civetweb (30 seconds) |
1515 { | 1517 { |
1516 #if ORTHANC_ENABLE_MONGOOSE == 1 | 1518 #if ORTHANC_ENABLE_MONGOOSE == 1 |
1517 CLOG(INFO, HTTP) << "This Orthanc server uses Mongoose as its embedded HTTP server"; | 1519 CLOG(INFO, HTTP) << "This Orthanc server uses Mongoose as its embedded HTTP server"; |
1518 #endif | 1520 #endif |
1519 | 1521 |
1572 { | 1574 { |
1573 std::string port = boost::lexical_cast<std::string>(port_); | 1575 std::string port = boost::lexical_cast<std::string>(port_); |
1574 std::string numThreads = boost::lexical_cast<std::string>(threadsCount_); | 1576 std::string numThreads = boost::lexical_cast<std::string>(threadsCount_); |
1575 std::string requestTimeoutMilliseconds = boost::lexical_cast<std::string>(requestTimeout_ * 1000); | 1577 std::string requestTimeoutMilliseconds = boost::lexical_cast<std::string>(requestTimeout_ * 1000); |
1576 std::string keepAliveTimeoutMilliseconds = boost::lexical_cast<std::string>(CIVETWEB_KEEP_ALIVE_TIMEOUT_SECONDS * 1000); | 1578 std::string keepAliveTimeoutMilliseconds = boost::lexical_cast<std::string>(CIVETWEB_KEEP_ALIVE_TIMEOUT_SECONDS * 1000); |
1579 std::string sslMinimumVersion = boost::lexical_cast<std::string>(sslMinimumVersion_); | |
1577 | 1580 |
1578 if (ssl_) | 1581 if (ssl_) |
1579 { | 1582 { |
1580 port += "s"; | 1583 port += "s"; |
1581 } | 1584 } |
1629 { | 1632 { |
1630 // Set the trusted client certificates (for X509 mutual authentication) | 1633 // Set the trusted client certificates (for X509 mutual authentication) |
1631 options.push_back("ssl_ca_file"); | 1634 options.push_back("ssl_ca_file"); |
1632 options.push_back(trustedClientCertificates_.c_str()); | 1635 options.push_back(trustedClientCertificates_.c_str()); |
1633 } | 1636 } |
1637 | |
1634 if (ssl_) | 1638 if (ssl_) |
1635 { | 1639 { |
1636 // Restrict minimum SSL/TLS protocol version | 1640 // Restrict minimum SSL/TLS protocol version |
1637 options.push_back("ssl_protocol_version"); | 1641 options.push_back("ssl_protocol_version"); |
1638 options.push_back(sslMinimumVersion_.c_str()); | 1642 options.push_back(sslMinimumVersion.c_str()); |
1639 | 1643 |
1640 // Set the accepted ciphers list | 1644 // Set the accepted ciphers list |
1641 options.push_back("ssl_cipher_list"); | 1645 if (sslHasCiphers_) |
1642 options.push_back(sslCiphers_.c_str()); | 1646 { |
1647 options.push_back("ssl_cipher_list"); | |
1648 options.push_back(sslCiphers_.c_str()); | |
1649 } | |
1643 | 1650 |
1644 // Set the SSL certificate, if any | 1651 // Set the SSL certificate, if any |
1645 options.push_back("ssl_certificate"); | 1652 options.push_back("ssl_certificate"); |
1646 options.push_back(certificate_.c_str()); | 1653 options.push_back(certificate_.c_str()); |
1647 }; | 1654 }; |
1788 #else | 1795 #else |
1789 sslVerifyPeers_ = enabled; | 1796 sslVerifyPeers_ = enabled; |
1790 #endif | 1797 #endif |
1791 } | 1798 } |
1792 | 1799 |
1793 void HttpServer::SetSslMinimumVersion(std::string version) | 1800 void HttpServer::SetSslMinimumVersion(unsigned int version) |
1794 { | 1801 { |
1795 Stop(); | 1802 Stop(); |
1796 sslMinimumVersion_ = std::move(version); | 1803 sslMinimumVersion_ = version; |
1797 } | 1804 |
1798 | 1805 std::string info; |
1799 void HttpServer::SetSslCiphers(std::string ciphers) | 1806 |
1807 switch (version) | |
1808 { | |
1809 case 0: | |
1810 info = "SSL2+SSL3+TLS1.0+TLS1.1+TLS1.2"; | |
1811 break; | |
1812 | |
1813 case 1: | |
1814 info = "SSL3+TLS1.0+TLS1.1+TLS1.2"; | |
1815 break; | |
1816 | |
1817 case 2: | |
1818 info = "TLS1.0+TLS1.1+TLS1.2"; | |
1819 break; | |
1820 | |
1821 case 3: | |
1822 info = "TLS1.1+TLS1.2"; | |
1823 break; | |
1824 | |
1825 case 4: | |
1826 info = "TLS1.2"; | |
1827 break; | |
1828 | |
1829 default: | |
1830 info = "Unknown value (" + boost::lexical_cast<std::string>(version) + ")"; | |
1831 break; | |
1832 } | |
1833 | |
1834 CLOG(INFO, HTTP) << "Minimal accepted version of SSL/TLS protocol: " << info; | |
1835 } | |
1836 | |
1837 void HttpServer::SetSslCiphers(const std::list<std::string>& ciphers) | |
1800 { | 1838 { |
1801 Stop(); | 1839 Stop(); |
1802 sslCiphers_ = std::move(ciphers); | 1840 |
1841 sslHasCiphers_ = true; | |
1842 sslCiphers_.clear(); | |
1843 | |
1844 for (std::list<std::string>::const_iterator | |
1845 it = ciphers.begin(); it != ciphers.end(); ++it) | |
1846 { | |
1847 if (it->empty()) | |
1848 { | |
1849 throw OrthancException(ErrorCode_ParameterOutOfRange, "Empty name for a cipher"); | |
1850 } | |
1851 | |
1852 if (!sslCiphers_.empty()) | |
1853 { | |
1854 sslCiphers_ += ':'; | |
1855 } | |
1856 | |
1857 sslCiphers_ += (*it); | |
1858 } | |
1859 | |
1860 CLOG(INFO, HTTP) << "List of accepted SSL ciphers: " << sslCiphers_; | |
1861 | |
1862 if (sslCiphers_.empty()) | |
1863 { | |
1864 CLOG(WARNING, HTTP) << "No cipher is accepted for SSL"; | |
1865 } | |
1803 } | 1866 } |
1804 | 1867 |
1805 void HttpServer::SetKeepAliveEnabled(bool enabled) | 1868 void HttpServer::SetKeepAliveEnabled(bool enabled) |
1806 { | 1869 { |
1807 Stop(); | 1870 Stop(); |