Mercurial > hg > orthanc
comparison OrthancFramework/Sources/HttpServer/HttpServer.cpp @ 4383:e49cf50b54c8
integration varian->mainline
author | Sebastien Jodogne <s.jodogne@gmail.com> |
---|---|
date | Thu, 17 Dec 2020 15:10:57 +0100 |
parents | 3aacd2bd8bbc |
children | d9473bd5ed43 |
comparison
equal
deleted
inserted
replaced
4380:91e5cbacb94d | 4383:e49cf50b54c8 |
---|---|
1501 handler_(NULL), | 1501 handler_(NULL), |
1502 remoteAllowed_(false), | 1502 remoteAllowed_(false), |
1503 authentication_(false), | 1503 authentication_(false), |
1504 sslVerifyPeers_(false), | 1504 sslVerifyPeers_(false), |
1505 ssl_(false), | 1505 ssl_(false), |
1506 sslMinimumVersion_(0), // Default to any of "SSL2+SSL3+TLS1.0+TLS1.1+TLS1.2" | |
1507 sslHasCiphers_(false), | |
1506 port_(8000), | 1508 port_(8000), |
1507 filter_(NULL), | 1509 filter_(NULL), |
1508 keepAlive_(false), | 1510 keepAlive_(false), |
1509 httpCompression_(true), | 1511 httpCompression_(true), |
1510 exceptionFormatter_(NULL), | 1512 exceptionFormatter_(NULL), |
1511 realm_(ORTHANC_REALM), | 1513 realm_(ORTHANC_REALM), |
1512 threadsCount_(50), // Default value in mongoose | 1514 threadsCount_(50), // Default value in mongoose/civetweb |
1513 tcpNoDelay_(true), | 1515 tcpNoDelay_(true), |
1514 requestTimeout_(30) // Default value in mongoose/civetweb (30 seconds) | 1516 requestTimeout_(30) // Default value in mongoose/civetweb (30 seconds) |
1515 { | 1517 { |
1516 #if ORTHANC_ENABLE_MONGOOSE == 1 | 1518 #if ORTHANC_ENABLE_MONGOOSE == 1 |
1517 CLOG(INFO, HTTP) << "This Orthanc server uses Mongoose as its embedded HTTP server"; | 1519 CLOG(INFO, HTTP) << "This Orthanc server uses Mongoose as its embedded HTTP server"; |
1518 #endif | 1520 #endif |
1519 | 1521 |
1572 { | 1574 { |
1573 std::string port = boost::lexical_cast<std::string>(port_); | 1575 std::string port = boost::lexical_cast<std::string>(port_); |
1574 std::string numThreads = boost::lexical_cast<std::string>(threadsCount_); | 1576 std::string numThreads = boost::lexical_cast<std::string>(threadsCount_); |
1575 std::string requestTimeoutMilliseconds = boost::lexical_cast<std::string>(requestTimeout_ * 1000); | 1577 std::string requestTimeoutMilliseconds = boost::lexical_cast<std::string>(requestTimeout_ * 1000); |
1576 std::string keepAliveTimeoutMilliseconds = boost::lexical_cast<std::string>(CIVETWEB_KEEP_ALIVE_TIMEOUT_SECONDS * 1000); | 1578 std::string keepAliveTimeoutMilliseconds = boost::lexical_cast<std::string>(CIVETWEB_KEEP_ALIVE_TIMEOUT_SECONDS * 1000); |
1579 std::string sslMinimumVersion = boost::lexical_cast<std::string>(sslMinimumVersion_); | |
1577 | 1580 |
1578 if (ssl_) | 1581 if (ssl_) |
1579 { | 1582 { |
1580 port += "s"; | 1583 port += "s"; |
1581 } | 1584 } |
1629 { | 1632 { |
1630 // Set the trusted client certificates (for X509 mutual authentication) | 1633 // Set the trusted client certificates (for X509 mutual authentication) |
1631 options.push_back("ssl_ca_file"); | 1634 options.push_back("ssl_ca_file"); |
1632 options.push_back(trustedClientCertificates_.c_str()); | 1635 options.push_back(trustedClientCertificates_.c_str()); |
1633 } | 1636 } |
1634 | 1637 |
1635 if (ssl_) | 1638 if (ssl_) |
1636 { | 1639 { |
1640 // Restrict minimum SSL/TLS protocol version | |
1641 options.push_back("ssl_protocol_version"); | |
1642 options.push_back(sslMinimumVersion.c_str()); | |
1643 | |
1644 // Set the accepted ciphers list | |
1645 if (sslHasCiphers_) | |
1646 { | |
1647 options.push_back("ssl_cipher_list"); | |
1648 options.push_back(sslCiphers_.c_str()); | |
1649 } | |
1650 | |
1637 // Set the SSL certificate, if any | 1651 // Set the SSL certificate, if any |
1638 options.push_back("ssl_certificate"); | 1652 options.push_back("ssl_certificate"); |
1639 options.push_back(certificate_.c_str()); | 1653 options.push_back(certificate_.c_str()); |
1640 }; | 1654 }; |
1641 | 1655 |
1781 #else | 1795 #else |
1782 sslVerifyPeers_ = enabled; | 1796 sslVerifyPeers_ = enabled; |
1783 #endif | 1797 #endif |
1784 } | 1798 } |
1785 | 1799 |
1800 void HttpServer::SetSslMinimumVersion(unsigned int version) | |
1801 { | |
1802 Stop(); | |
1803 sslMinimumVersion_ = version; | |
1804 | |
1805 std::string info; | |
1806 | |
1807 switch (version) | |
1808 { | |
1809 case 0: | |
1810 info = "SSL2+SSL3+TLS1.0+TLS1.1+TLS1.2"; | |
1811 break; | |
1812 | |
1813 case 1: | |
1814 info = "SSL3+TLS1.0+TLS1.1+TLS1.2"; | |
1815 break; | |
1816 | |
1817 case 2: | |
1818 info = "TLS1.0+TLS1.1+TLS1.2"; | |
1819 break; | |
1820 | |
1821 case 3: | |
1822 info = "TLS1.1+TLS1.2"; | |
1823 break; | |
1824 | |
1825 case 4: | |
1826 info = "TLS1.2"; | |
1827 break; | |
1828 | |
1829 default: | |
1830 info = "Unknown value (" + boost::lexical_cast<std::string>(version) + ")"; | |
1831 break; | |
1832 } | |
1833 | |
1834 CLOG(INFO, HTTP) << "Minimal accepted version of SSL/TLS protocol: " << info; | |
1835 } | |
1836 | |
1837 void HttpServer::SetSslCiphers(const std::list<std::string>& ciphers) | |
1838 { | |
1839 Stop(); | |
1840 | |
1841 sslHasCiphers_ = true; | |
1842 sslCiphers_.clear(); | |
1843 | |
1844 for (std::list<std::string>::const_iterator | |
1845 it = ciphers.begin(); it != ciphers.end(); ++it) | |
1846 { | |
1847 if (it->empty()) | |
1848 { | |
1849 throw OrthancException(ErrorCode_ParameterOutOfRange, "Empty name for a cipher"); | |
1850 } | |
1851 | |
1852 if (!sslCiphers_.empty()) | |
1853 { | |
1854 sslCiphers_ += ':'; | |
1855 } | |
1856 | |
1857 sslCiphers_ += (*it); | |
1858 } | |
1859 | |
1860 CLOG(INFO, HTTP) << "List of accepted SSL ciphers: " << sslCiphers_; | |
1861 | |
1862 if (sslCiphers_.empty()) | |
1863 { | |
1864 CLOG(WARNING, HTTP) << "No cipher is accepted for SSL"; | |
1865 } | |
1866 } | |
1867 | |
1786 void HttpServer::SetKeepAliveEnabled(bool enabled) | 1868 void HttpServer::SetKeepAliveEnabled(bool enabled) |
1787 { | 1869 { |
1788 Stop(); | 1870 Stop(); |
1789 keepAlive_ = enabled; | 1871 keepAlive_ = enabled; |
1790 CLOG(INFO, HTTP) << "HTTP keep alive is " << (enabled ? "enabled" : "disabled"); | 1872 CLOG(INFO, HTTP) << "HTTP keep alive is " << (enabled ? "enabled" : "disabled"); |