Mercurial > hg > orthanc

comparison OrthancFramework/Sources/HttpServer/HttpServer.cpp @ 4382:3aacd2bd8bbc varian

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
review changeset 4381:df313e410f0c
author Sebastien Jodogne <s.jodogne@gmail.com>
date Thu, 17 Dec 2020 15:10:04 +0100
parents df313e410f0c
children d9473bd5ed43
comparison
equal deleted inserted replaced
4381:df313e410f0c 4382:3aacd2bd8bbc
1501 handler_(NULL), 1501 handler_(NULL),
1502 remoteAllowed_(false), 1502 remoteAllowed_(false),
1503 authentication_(false), 1503 authentication_(false),
1504 sslVerifyPeers_(false), 1504 sslVerifyPeers_(false),
1505 ssl_(false), 1505 ssl_(false),
1506 sslMinimumVersion_(0), // Default to any of "SSL2+SSL3+TLS1.0+TLS1.1+TLS1.2"
1507 sslHasCiphers_(false),
1506 port_(8000), 1508 port_(8000),
1507 filter_(NULL), 1509 filter_(NULL),
1508 keepAlive_(false), 1510 keepAlive_(false),
1509 httpCompression_(true), 1511 httpCompression_(true),
1510 exceptionFormatter_(NULL), 1512 exceptionFormatter_(NULL),
1511 realm_(ORTHANC_REALM), 1513 realm_(ORTHANC_REALM),
1512 threadsCount_(50), // Default value in mongoose 1514 threadsCount_(50), // Default value in mongoose/civetweb
1513 tcpNoDelay_(true), 1515 tcpNoDelay_(true),
1514 requestTimeout_(30) // Default value in mongoose/civetweb (30 seconds) 1516 requestTimeout_(30) // Default value in mongoose/civetweb (30 seconds)
1515 { 1517 {
1516 #if ORTHANC_ENABLE_MONGOOSE == 1 1518 #if ORTHANC_ENABLE_MONGOOSE == 1
1517 CLOG(INFO, HTTP) << "This Orthanc server uses Mongoose as its embedded HTTP server"; 1519 CLOG(INFO, HTTP) << "This Orthanc server uses Mongoose as its embedded HTTP server";
1518 #endif 1520 #endif
1519 1521
1572 { 1574 {
1573 std::string port = boost::lexical_cast<std::string>(port_); 1575 std::string port = boost::lexical_cast<std::string>(port_);
1574 std::string numThreads = boost::lexical_cast<std::string>(threadsCount_); 1576 std::string numThreads = boost::lexical_cast<std::string>(threadsCount_);
1575 std::string requestTimeoutMilliseconds = boost::lexical_cast<std::string>(requestTimeout_ * 1000); 1577 std::string requestTimeoutMilliseconds = boost::lexical_cast<std::string>(requestTimeout_ * 1000);
1576 std::string keepAliveTimeoutMilliseconds = boost::lexical_cast<std::string>(CIVETWEB_KEEP_ALIVE_TIMEOUT_SECONDS * 1000); 1578 std::string keepAliveTimeoutMilliseconds = boost::lexical_cast<std::string>(CIVETWEB_KEEP_ALIVE_TIMEOUT_SECONDS * 1000);
1579 std::string sslMinimumVersion = boost::lexical_cast<std::string>(sslMinimumVersion_);
1577 1580
1578 if (ssl_) 1581 if (ssl_)
1579 { 1582 {
1580 port += "s"; 1583 port += "s";
1581 } 1584 }
1629 { 1632 {
1630 // Set the trusted client certificates (for X509 mutual authentication) 1633 // Set the trusted client certificates (for X509 mutual authentication)
1631 options.push_back("ssl_ca_file"); 1634 options.push_back("ssl_ca_file");
1632 options.push_back(trustedClientCertificates_.c_str()); 1635 options.push_back(trustedClientCertificates_.c_str());
1633 } 1636 }
1637
1634 if (ssl_) 1638 if (ssl_)
1635 { 1639 {
1636 // Restrict minimum SSL/TLS protocol version 1640 // Restrict minimum SSL/TLS protocol version
1637 options.push_back("ssl_protocol_version"); 1641 options.push_back("ssl_protocol_version");
1638 options.push_back(sslMinimumVersion_.c_str()); 1642 options.push_back(sslMinimumVersion.c_str());
1639 1643
1640 // Set the accepted ciphers list 1644 // Set the accepted ciphers list
1641 options.push_back("ssl_cipher_list"); 1645 if (sslHasCiphers_)
1642 options.push_back(sslCiphers_.c_str()); 1646 {
1647 options.push_back("ssl_cipher_list");
1648 options.push_back(sslCiphers_.c_str());
1649 }
1643 1650
1644 // Set the SSL certificate, if any 1651 // Set the SSL certificate, if any
1645 options.push_back("ssl_certificate"); 1652 options.push_back("ssl_certificate");
1646 options.push_back(certificate_.c_str()); 1653 options.push_back(certificate_.c_str());
1647 }; 1654 };
1788 #else 1795 #else
1789 sslVerifyPeers_ = enabled; 1796 sslVerifyPeers_ = enabled;
1790 #endif 1797 #endif
1791 } 1798 }
1792 1799
1793 void HttpServer::SetSslMinimumVersion(std::string version) 1800 void HttpServer::SetSslMinimumVersion(unsigned int version)
1794 { 1801 {
1795 Stop(); 1802 Stop();
1796 sslMinimumVersion_ = std::move(version); 1803 sslMinimumVersion_ = version;
1797 } 1804
1798 1805 std::string info;
1799 void HttpServer::SetSslCiphers(std::string ciphers) 1806
1807 switch (version)
1808 {
1809 case 0:
1810 info = "SSL2+SSL3+TLS1.0+TLS1.1+TLS1.2";
1811 break;
1812
1813 case 1:
1814 info = "SSL3+TLS1.0+TLS1.1+TLS1.2";
1815 break;
1816
1817 case 2:
1818 info = "TLS1.0+TLS1.1+TLS1.2";
1819 break;
1820
1821 case 3:
1822 info = "TLS1.1+TLS1.2";
1823 break;
1824
1825 case 4:
1826 info = "TLS1.2";
1827 break;
1828
1829 default:
1830 info = "Unknown value (" + boost::lexical_cast<std::string>(version) + ")";
1831 break;
1832 }
1833
1834 CLOG(INFO, HTTP) << "Minimal accepted version of SSL/TLS protocol: " << info;
1835 }
1836
1837 void HttpServer::SetSslCiphers(const std::list<std::string>& ciphers)
1800 { 1838 {
1801 Stop(); 1839 Stop();
1802 sslCiphers_ = std::move(ciphers); 1840
1841 sslHasCiphers_ = true;
1842 sslCiphers_.clear();
1843
1844 for (std::list<std::string>::const_iterator
1845 it = ciphers.begin(); it != ciphers.end(); ++it)
1846 {
1847 if (it->empty())
1848 {
1849 throw OrthancException(ErrorCode_ParameterOutOfRange, "Empty name for a cipher");
1850 }
1851
1852 if (!sslCiphers_.empty())
1853 {
1854 sslCiphers_ += ':';
1855 }
1856
1857 sslCiphers_ += (*it);
1858 }
1859
1860 CLOG(INFO, HTTP) << "List of accepted SSL ciphers: " << sslCiphers_;
1861
1862 if (sslCiphers_.empty())
1863 {
1864 CLOG(WARNING, HTTP) << "No cipher is accepted for SSL";
1865 }
1803 } 1866 }
1804 1867
1805 void HttpServer::SetKeepAliveEnabled(bool enabled) 1868 void HttpServer::SetKeepAliveEnabled(bool enabled)
1806 { 1869 {
1807 Stop(); 1870 Stop();