security-and-privacy/uts-server
security-and-privacy/uts-server
1
0
Fork 0
mirror of https://github.com/kakwa/uts-server synced 2025-04-09 16:21:35 +02:00
Code Issues Releases Wiki Activity

Compare commits

base: security-and-privacy:0.1.4
Branches Tags
security-and-privacy:master
security-and-privacy:PKCS11_SUPPORT
security-and-privacy:0.2.1
security-and-privacy:0.2.0
security-and-privacy:0.1.10
security-and-privacy:0.1.9
security-and-privacy:0.1.8
security-and-privacy:0.1.7
security-and-privacy:0.1.5
security-and-privacy:0.1.4
security-and-privacy:0.1.3
security-and-privacy:0.1.2
security-and-privacy:0.1.1
security-and-privacy:0.1.0
security-and-privacy:0.0.3
security-and-privacy:0.0.2
security-and-privacy:0.0.1
...
compare: security-and-privacy:master
Branches Tags
security-and-privacy:master
security-and-privacy:PKCS11_SUPPORT
security-and-privacy:0.2.1
security-and-privacy:0.2.0
security-and-privacy:0.1.10
security-and-privacy:0.1.9
security-and-privacy:0.1.8
security-and-privacy:0.1.7
security-and-privacy:0.1.5
security-and-privacy:0.1.4
security-and-privacy:0.1.3
security-and-privacy:0.1.2
security-and-privacy:0.1.1
security-and-privacy:0.1.0
security-and-privacy:0.0.3
security-and-privacy:0.0.2
security-and-privacy:0.0.1

95 Commits
0.1.4 ... master

Author SHA1 Message Date
kakwa
c7b3f47325 version bump 2021-04-07 15:27:32 +02:00
kakwa
4975f90af6 fixing compilation errors and warnings 2021-04-07 15:23:54 +02:00
Carpentier Pierre-Francois
86d9094cca
Update README.rst 2019-04-12 15:51:57 +02:00
Pierre-Francois Carpentier
2b52ee9177 improve README 2019-04-12 15:24:15 +02:00
Pierre-Francois Carpentier
411efc72d4 changelog 2019-04-12 15:15:10 +02:00
Pierre-Francois Carpentier
82766a0200 improve documentation 
add documentation explaining the requirement for the timestamp signer
certificate
 2019-04-12 15:12:59 +02:00
Pierre-Francois Carpentier
dd19915c91 dl for the signer cert + fix example + css tweaks 
* add a DL button + serve the signer certificate file (the one used to
timestamp)
* fix the verification instruction (add -untrusted tsa_cert.pem)
* few CSS tweaks to improve page layout
 2019-04-12 14:26:21 +02:00
kakwa
bd0a32221c creating a nicer landing page + serve the ca file 
* nicer landing page with a few instructions, and download link for the
ca, and even some fancy CSS
* add a download link for the CA file
 2019-04-12 10:48:55 +02:00
kakwa
68ffb0f7e8 disable more testing when bundleling 
hopefully, this should fix OpenBSD and FreeBSD CI
 2019-04-11 01:10:45 +02:00
kakwa
cab605597b sleep unit tests (hopefully 2019-04-11 01:02:46 +02:00
kakwa
8fefcbaf6b set signal handler also when running in foreground 2019-04-11 00:08:52 +02:00
kakwa
0e0b11310d add new configuration file parameters in test conf 2019-04-10 23:27:36 +02:00
kakwa
1b97399694 better handling for logging to stdout 
* disable stdout buffering when logging to stdout
* add 'log_to_syslog' parameter in configuration file to enable/disable
logging to syslog
* add 'log_to_stdout' parameter in configuration file to enable/disable
logging to stdout

slight clean-up and reformatting also (thanks to clang-format new
version)
 2019-04-10 22:47:38 +02:00
kakwa
4d174251ff Merge branch 'master' of https://github.com/kakwa/uts-server 2019-03-14 11:53:04 +01:00
kakwa
d034fc727a update civetweb version when bundling 2019-03-14 11:52:24 +01:00
Carpentier Pierre-Francois
3e15083a31 Update uts-server.conf 2019-03-12 19:01:28 +01:00
Carpentier Pierre-Francois
20b747565f Update uts-server.conf 2019-03-12 19:01:14 +01:00
Carpentier Pierre-Francois
2a9aa85ec6 Set theme jekyll-theme-hacker 2017-12-06 21:08:54 +01:00
kakwa
5c180efee4 updating changelog 2017-11-04 14:28:41 +01:00
kakwa
03f9bfed56 only link dl on Linux 2017-11-04 14:22:25 +01:00
kakwa
3de83303e1 use openssl dynamic loading for civetweb 2017-11-04 14:10:41 +01:00
kakwa
fbdc2d2e39 Merge branch 'master' of https://github.com/kakwa/uts-server 2017-11-04 13:13:37 +01:00
kakwa
70f54cfd11 fix civetweb bundling + version bump + changelog 2017-11-04 13:11:33 +01:00
jenkins@kakwa.fr
2b9eabb9d3 version bump+changelog 2017-07-24 17:56:42 -04:00
jenkins@kakwa.fr
665007b61f fix version of C standard to use 2017-07-24 17:53:14 -04:00
kakwa
550f44d8c2 add some default value to be compatible with libressl in test CA 2017-06-21 20:06:13 +02:00
kakwa
7f2d2cf4c1 huge cleanup of the openssl conf + tsa gen script 
The OpenSSL configuration used for generating the test CA and test
Time-Stamp authority was lazily copied from OpenSSL. There were a lot
of useless items in it. Now the configuration is cleaner and only
contains what is necessary for the TSA creation.
 2017-06-20 19:58:47 +02:00
kakwa
666584fba4 fix double free at shutdown 2017-06-15 20:20:09 +02:00
Carpentier Pierre-Francois
477332d7ca Update ChangeLog.rst 2017-05-26 23:34:15 +02:00
Carpentier Pierre-Francois
a1de464105 Update .travis.yml 2017-05-19 21:34:58 +02:00
Carpentier Pierre-Francois
a6ac76941e Update README.rst 2017-05-19 21:21:08 +02:00
Carpentier Pierre-Francois
d2c4b5bc80 Update README.rst 2017-05-19 20:53:34 +02:00
Carpentier Pierre-Francois
8c0d6721cf Update README.rst 2017-05-19 20:51:25 +02:00
Carpentier Pierre-Francois
84c3412264 Update README.rst 2017-05-19 20:34:01 +02:00
Carpentier Pierre-Francois
b098d5d8ee Update README.rst 2017-05-19 19:17:22 +02:00
kakwa
cdbbcabfd7 cleaning duplicate #include of headers 2017-05-07 15:39:44 +02:00
kakwa
af91ae9493 fix some issues with test script 2017-04-27 23:21:42 +02:00
kakwa
f7f162a5da few hacks to allow parallele execution 2017-04-27 23:12:35 +02:00
Carpentier Pierre-Francois
3b6e424f23 Updated Jenkinsfile 2017-04-27 22:51:44 +02:00
kakwa
e8cfca23b5 fix test script for OpenBSD 2017-04-27 22:40:21 +02:00
kakwa
d3819f4144 Merge branch 'jenkins_test' of https://github.com/kakwa/uts-server into jenkins_test 2017-04-27 22:30:26 +02:00
kakwa
f6230c9c0f Mooooorrreeee ENV variables... 2017-04-27 22:28:31 +02:00
kakwa
e362ea206a fix test for OpenBSD 
no timeout command on OpenBSD
 2017-04-27 22:28:04 +02:00
Carpentier Pierre-Francois
1f6094f0c7 Updated Jenkinsfile 2017-04-27 22:13:33 +02:00
kakwa
42efdc2cd3 Merge branch 'jenkins_test' of https://github.com/kakwa/uts-server into jenkins_test 2017-04-27 22:09:33 +02:00
kakwa
ec380e320a adding test steps 2017-04-27 22:05:56 +02:00
Carpentier Pierre-Francois
1486bc389c Adding some environment variables 2017-04-27 21:59:03 +02:00
kakwa
c67509fd5b parallele build (make -j4) 2017-04-27 21:56:22 +02:00
kakwa
6decd631c9 passing the civetweb git url as an env variable 2017-04-27 21:47:36 +02:00
kakwa
6a1aa82a76 variabilsize CIVETWEB REPO URL 2017-04-27 21:30:57 +02:00
kakwa
7d0fb6ee54 changing compiler for centos-7 2017-04-27 20:58:05 +02:00
kakwa
5d75dcafac fixing build step for OpenBSD 2017-04-27 20:23:29 +02:00
kakwa
36d23b0e2c adding a mandatory cleaning step 2017-04-27 20:19:49 +02:00
kakwa
b6c6ea6d6d yet another try 2017-04-27 20:00:54 +02:00
kakwa
be19fc53d4 trying another thing 2017-04-27 19:59:13 +02:00
kakwa
6b4f425417 trying another thing 2017-04-27 19:53:31 +02:00
kakwa
862081e5d3 trying to set variables 2017-04-27 19:48:37 +02:00
kakwa
313ae1a009 Revert "setting compiler for OpenBSD in jenkins file" 
This reverts commit 29fa326a0adf2d053b0eba3dc4df3cd8ffb85535.
 2017-04-25 10:17:46 +02:00
kakwa
00af2cbe29 setting compiler for OpenBSD in jenkins file 2017-04-25 10:11:30 +02:00
kakwa
8a99458af2 trying to specify nodes 2017-04-25 09:58:11 +02:00
Carpentier Pierre-Francois
b06dd768d8 Updated Jenkinsfile 2017-04-25 09:44:28 +02:00
Carpentier Pierre-Francois
5d56a8bad0 Updated Jenkinsfile 2017-04-25 01:24:15 +02:00
Carpentier Pierre-Francois
659152f2f2 Updated Jenkinsfile 2017-04-25 01:12:04 +02:00
Carpentier Pierre-Francois
6cddc0e2a3 Added Jenkinsfile 2017-04-23 18:10:40 +02:00
kakwa
73a8a851a9 Merge branch 'master' of https://github.com/kakwa/uts-server 2017-04-22 02:43:08 +02:00
kakwa
9e07a2220b typo in documentation 2017-04-22 02:42:26 +02:00
kakwa
2a512a8d6a reformat code 2017-04-22 02:33:05 +02:00
Carpentier Pierre-Francois
fc6e1de3bf Merge pull request #9 from kakwa/OPENBSD 
Add support for LibreSSL/OpenBSD
 2017-04-22 02:29:11 +02:00
kakwa
121da448a2 add documentation of compiling on various OSes 2017-04-22 02:23:57 +02:00
kakwa
b4fce3ffa6 fix include 2017-04-22 02:23:43 +02:00
kakwa
9bb617d3fd better handling of C Language version (11 FYI) 2017-04-22 02:22:55 +02:00
kakwa
84e015ec26 add handling of NULL strings in logs 
replace NULL char * by const char * "<undef>" in log messages
as printf("%s", NULL) behavior is not formalized.
 2017-04-22 01:42:58 +02:00
kakwa
d3b0a2a99c add changelog entry and version bump 2017-04-21 09:10:39 +02:00
kakwa
0ec6b0966a slight reordering of messages in cmake (cosmetic) 2017-04-21 09:01:17 +02:00
kakwa
61b9f2819a remove cmake warning + better comment 2017-04-21 08:59:20 +02:00
kakwa
f01f72f913 adding small cmake module to detect LibreSSL and using it in CMakeLists.txt 2017-04-21 08:52:25 +02:00
kakwa
730aa230b8 fix cmake... hopefully 2017-04-21 02:34:07 +02:00
kakwa
50a4288c63 linking libpthread is necessary everywhere if bundling civetweb 2017-04-21 02:25:03 +02:00
kakwa
25a150124c adding handling of OpenBSD 2017-04-21 02:07:28 +02:00
kakwa
65357fe736 add special matching for LibreSSL 
Thank you LibreSSL for setting OPENSSL_VERSION_NUMBER to 0x20000000L...
It breaks traditional OpenSSL API matching by OPENSSL_VERSION_NUMBER...
 2017-04-21 01:59:18 +02:00
Carpentier Pierre-Francois
dca9231b9f Remove duplicate option in external project 2017-01-31 14:26:46 +01:00
kakwa
88fd08baec fix changelog 2017-01-31 01:28:21 +01:00
kakwa
a2cc1dadb3 version bump 2017-01-31 01:27:43 +01:00
kakwa
f362f06b56 fix option and documentation + changelog 2017-01-31 01:26:51 +01:00
kakwa
e6de3133c7 more cleaning for static compilation 2017-01-31 01:21:13 +01:00
kakwa
c74187c9f9 explicitly mention BUNDLE_CIVETWEB has a developpment/testing option 2017-01-30 19:21:58 +01:00
kakwa
724fd697fa add custom args for civetweb external project 2017-01-30 08:29:17 +01:00
kakwa
6c9df43b5c revert change in stress.py test script 2017-01-29 19:58:14 +01:00
kakwa
5b8d4b301a fix link dl option 2017-01-29 18:58:01 +01:00
kakwa
a7955e12fc fixing description of option LINK_GCC_S 2017-01-29 18:44:11 +01:00
kakwa
948a81f8be version bump 2017-01-29 17:46:54 +01:00
kakwa
9c9604f495 add some dynamic optional linkage for FreeBSD on gcc_s 2017-01-29 17:44:45 +01:00
kakwa
2caed98049 adding a switch to link against glibc/dl for static compilation 2017-01-29 17:33:31 +01:00
kakwa
01ec7b5a74 adding code in cmake for static compilation 2017-01-29 16:31:03 +01:00
kakwa
79be3ce7a5 adding changelog 2017-01-28 03:30:42 +01:00
27 changed files with 935 additions and 275 deletions
Show Stats Expand all files Collapse all files

9
.travis.yml
View File

@ -1,9 +1,6 @@
matrix:
include:
- os: linux
dist: trusty
- os: linux
dist: precise
os: linux
dist: trusty
sudo: false

107
CMakeLists.txt
View File

@ -2,13 +2,67 @@ cmake_minimum_required (VERSION 2.6)
project (uts-server)
include(ExternalProject)
if (CMAKE_VERSION VERSION_LESS "3.1")
if (CMAKE_C_COMPILER_ID STREQUAL "GNU")
set (CMAKE_C_FLAGS "--std=gnu99 ${CMAKE_C_FLAGS}")
endif ()
else ()
set (CMAKE_C_STANDARD 99)
endif ()
set(VERSION 0.1.4)
set(VERSION 0.2.1)
option(DEBUG "compile with debug symbol" OFF)
option(BUNDLE_CIVETWEB "bundle civetweb with uts-server" OFF)
option(DEBUG "compile with debug symbol" OFF)
option(BUNDLE_CIVETWEB "bundle civetweb with uts-server" OFF)
option(STATIC "static linked binary" OFF)
option(LINK_DL "link dl" OFF)
option(LINK_GCC_S "link gcc_s" OFF)
option(CIVETWEB_CUST_ARGS "Custom args for civetweb (if civetweb is bundled)" "")
option(LINK_PTHREAD "link pthread" OFF)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c99 -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=700")
IF("$ENV{CIVETWEB_GITURL}" STREQUAL "")
set(CIVETWEB_GITURL "https://github.com/civetweb/civetweb")
ELSE()
set(CIVETWEB_GITURL "$ENV{CIVETWEB_GITURL}")
ENDIF()
IF("$ENV{CIVETWEB_GITTAG}" STREQUAL "")
set(CIVETWEB_GITTAG "v1.11")
ELSE()
set(CIVETWEB_GITTAG "$ENV{CIVETWEB_GITTAG}")
ENDIF()
IF(STATIC)
set(CMAKE_FIND_LIBRARY_SUFFIXES ".a")
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -static")
set(OPENSSL_USE_STATIC_LIBS ON)
set(ARGP_USE_STATIC_LIBS ON)
set(CIVETWEB_USE_STATIC_LIBS ON)
ENDIF(STATIC)
IF(BUNDLE_CIVETWEB)
IF(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
set(DL_LIBRARIES 'dl')
ENDIF(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
ENDIF(BUNDLE_CIVETWEB)
IF(LINK_DL)
set(DL_LIBRARIES 'dl')
ENDIF(LINK_DL)
IF(LINK_GCC_S)
set(GCC_S_LIBRARIES 'gcc_s')
ENDIF(LINK_GCC_S)
IF(LINK_PTHREAD)
set(PTHREAD_LIBRARIES 'pthread')
ENDIF(LINK_PTHREAD)
set (CMAKE_C_STANDARD 11)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=700")
if(DEBUG)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O0 -g")
@ -26,29 +80,46 @@ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DUTS_VERSION='\"${VERSION}\"'")
set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_CURRENT_SOURCE_DIR}/cmake/")
find_package(OpenSSL REQUIRED)
find_package(LibreSSL)
MESSAGE(STATUS "OpenSSL include dir: ${OPENSSL_INCLUDE_DIR}")
MESSAGE(STATUS "OpenSSL libraries: ${OPENSSL_LIBRARIES}")
MESSAGE(STATUS "OpenSSL version: ${OPENSSL_VERSION}")
MESSAGE(STATUS "LibreSSL Detected: ${IS_LIBRESSL}")
MESSAGE(STATUS "OS Detected: ${CMAKE_SYSTEM_NAME}")
if(${OPENSSL_VERSION} VERSION_GREATER 1.0.99)
set(OPENSSL_API_1_1 ON)
else()
set(OPENSSL_API_1_1 OFF)
if(NOT(DEFINED OPENSSL_API_1_1))
if(${OPENSSL_VERSION} VERSION_GREATER 1.0.99 AND NOT(IS_LIBRESSL))
set(OPENSSL_API_1_1 ON)
else()
set(OPENSSL_API_1_1 OFF)
endif()
endif()
IF(${CMAKE_SYSTEM_NAME} MATCHES "FreeBSD")
set(SED_FREEBSD "*.c.bak")
find_package(argp REQUIRED)
add_definitions(-DBSD)
ENDIF(${CMAKE_SYSTEM_NAME} MATCHES "FreeBSD")
IF(${CMAKE_SYSTEM_NAME} MATCHES "OpenBSD")
find_package(argp REQUIRED)
add_definitions(-DBSD)
ENDIF(${CMAKE_SYSTEM_NAME} MATCHES "OpenBSD")
if(BUNDLE_CIVETWEB)
MESSAGE(STATUS "Building Civetweb From: ${CIVETWEB_GITURL}")
ExternalProject_Add( civetweb
GIT_REPOSITORY https://github.com/kakwa/civetweb
GIT_REPOSITORY ${CIVETWEB_GITURL}
GIT_TAG ${CIVETWEB_GITTAG}
PATCH_COMMAND sed -i ${SED_FREEBSD} s/__DATE__/"110973"/ src/main.c src/civetweb.c
INSTALL_DIR /usr/local
CMAKE_ARGS .. -DCMAKE_INSTALL_PREFIX=/usr
-DCIVETWEB_DISABLE_CGI=ON
-DCMAKE_C_COMPILER=${CMAKE_C_COMPILER}
-DCMAKE_CXX_COMPILER=${CMAKE_CXX_COMPILER}
-DCIVETWEB_ENABLE_CXX=OFF
-DBUILD_SHARED_LIBS=OFF
-DCIVETWEB_DISABLE_CGI=ON
@ -56,13 +127,21 @@ if(BUNDLE_CIVETWEB)
-DCIVETWEB_ENABLE_IPV6=ON
-DCIVETWEB_DISABLE_CACHING=ON
-DBUILD_TESTING=OFF
-DCIVETWEB_BUILD_TESTING=OFF
-DCIVETWEB_SSL_OPENSSL_API_1_1=${OPENSSL_API_1_1}
-DCIVETWEB_ENABLE_SSL_DYNAMIC_LOADING=OFF
-DOPENSSL_USE_STATIC_LIBS=${OPENSSL_USE_STATIC_LIBS}
-DCIVETWEB_ENABLE_SSL_DYNAMIC_LOADING=ON
-DCIVETWEB_ALLOW_WARNINGS=ON
${CIVETWEB_CUST_ARGS}
INSTALL_COMMAND make install DESTDIR=${CMAKE_CURRENT_SOURCE_DIR}/vendor/
)
set(LIBCIVETWEB_INCLUDE_DIR "${CMAKE_CURRENT_SOURCE_DIR}/vendor/usr/include")
set(LIBCIVETWEB_LIBRARIES "${CMAKE_CURRENT_SOURCE_DIR}/vendor/usr/lib/libcivetweb.a")
set (CMAKE_C_LINK_EXECUTABLE "${CMAKE_CXX_LINK_EXECUTABLE} -lpthread -lrt")
IF(${CMAKE_SYSTEM_NAME} MATCHES "OpenBSD")
set (CMAKE_C_LINK_EXECUTABLE "${CMAKE_CXX_LINK_EXECUTABLE} -lpthread")
ELSE(${CMAKE_SYSTEM_NAME} MATCHES "OpenBSD")
set (CMAKE_C_LINK_EXECUTABLE "${CMAKE_CXX_LINK_EXECUTABLE} -lpthread -lrt")
ENDIF(${CMAKE_SYSTEM_NAME} MATCHES "OpenBSD")
else(BUNDLE_CIVETWEB)
find_package(libcivetweb REQUIRED)
endif(BUNDLE_CIVETWEB)
@ -87,13 +166,15 @@ target_link_libraries(uts-server
${OPENSSL_LIBRARIES}
${LIBCIVETWEB_LIBRARIES}
${ARGP_LIBRARIES}
${DL_LIBRARIES}
${GCC_S_LIBRARIES}
${PTHREAD_LIBRARIES}
)
INSTALL(TARGETS uts-server
RUNTIME DESTINATION bin
)
if(BUNDLE_CIVETWEB)
add_dependencies(uts-server civetweb)
endif(BUNDLE_CIVETWEB)

57
ChangeLog.rst
View File

@ -1,14 +1,65 @@
Changelogs
==========
dev
---
0.2.1
-----
* [impr] add support for FreeBSD
* [fix ] fix compilation for newer GCC (>10.2) (global variable definition issue
0.2.0
-----
* [fix ] disable buffering when logging to stdout (it was causing issues when running in docker)
* [impr] make the stdout logger an official logger (previously, it was only for debugging)
* [impr] the 'log_to_syslog' and 'log_to_stdout' parameters to enable/disable logging to syslog/stdout
* [impr] serve the CA and the signer certificate
* [impr] better landing page with download links for the previous 2 files and some instructions
0.1.10
------
* [fix ] point to upstream civetweb (forked civetweb now removed)
* [fix ] using dynamic openssl loading for civetweb when bundling
* [impr] add possibility to specify which tag used for civetweb bundling
* [impr] use same compiler for uts-server and civetweb when bundling
0.1.9
-----
* [fix ] add explicit C standard (C99), fixes compilation with olders gcc/cmake
0.1.8
-----
* [impr] add OpenBSD support
* [impr] add LibreSSL support
0.1.7
-----
* [doc ] add warnings to explicitely state the BUNDLE_CIVETWEB option as test/dev only
* [impr] add option for easily linking lib pthread (mainly for static linking)
0.1.6
-----
* [fix ] option declaration for LINK_GCC_S
0.1.5
-----
* [impr] add support for a static build
0.1.4
-----
* [impr] more portable code
0.1.3
-----
* [impr] add support for FreeBSD
0.1.2
-----

67
Jenkinsfile vendored Normal file
View File

@ -0,0 +1,67 @@
pipeline {
agent none
stages {
stage('Compile') {
steps {
parallel(
"OpenBSD 6.1": {
node(label: 'openbsd-6.1') {
sh 'git config --global user.name "jenkins@kakwa.fr"'
sh 'git config --global user.email "jenkins@kakwa.fr"'
git(url: 'https://github.com/kakwa/uts-server', poll: true, changelog: true)
sh 'git clean -fdx'
sh 'export GIT_SSL_NO_VERIFY=true; CIVETWEB_GITURL=https://gogs.kakwa.fr/kakwa/civetweb/; export CC=/usr/local/bin/egcc;export CXX=/usr/local/bin/ec++; cmake . -DBUNDLE_CIVETWEB=ON'
sh 'export GIT_SSL_NO_VERIFY=true; CIVETWEB_GITURL=https://gogs.kakwa.fr/kakwa/civetweb/; export CC=/usr/local/bin/egcc;export CXX=/usr/local/bin/ec++; make -j4'
sh './tests/cfg/pki/create_tsa_certs'
sh './tests/external_test.sh'
}
},
"FreeBSD 11": {
node(label: 'freebsd-11') {
sh 'git config --global user.email "jenkins@kakwa.fr"'
sh 'git config --global user.name "jenkins@kakwa.fr"'
git(url: 'https://github.com/kakwa/uts-server', poll: true, changelog: true)
sh 'export GIT_SSL_NO_VERIFY=true; CIVETWEB_GITURL=https://gogs.kakwa.fr/kakwa/civetweb/;git clean -fdx'
sh 'export GIT_SSL_NO_VERIFY=true; CIVETWEB_GITURL=https://gogs.kakwa.fr/kakwa/civetweb/;cmake . -DBUNDLE_CIVETWEB=ON'
sh 'make -j4'
sh './tests/cfg/pki/create_tsa_certs'
sh './tests/external_test.sh'
}
},
"CentOS 7": {
node(label: 'centos-7') {
sh 'git config --global user.email "jenkins@kakwa.fr"'
sh 'git config --global user.name "jenkins@kakwa.fr"'
git(url: 'https://github.com/kakwa/uts-server', poll: true, changelog: true)
sh 'git clean -fdx'
sh 'export GIT_SSL_NO_VERIFY=true; CIVETWEB_GITURL=https://gogs.kakwa.fr/kakwa/civetweb/; export CXX=/usr/bin/clang++; export CC=/usr/bin/clang; cmake . -DBUNDLE_CIVETWEB=ON'
sh 'export GIT_SSL_NO_VERIFY=true; CIVETWEB_GITURL=https://gogs.kakwa.fr/kakwa/civetweb/; export CXX=/usr/bin/clang++; export CC=/usr/bin/clang; make -j4'
sh './tests/cfg/pki/create_tsa_certs'
sh './tests/external_test.sh'
}
},
"Debian 8": {
node(label: 'debian-8') {
sh 'git config --global user.email "jenkins@kakwa.fr"'
sh 'git config --global user.name "jenkins@kakwa.fr"'
git(url: 'https://github.com/kakwa/uts-server', poll: true, changelog: true)
sh 'git clean -fdx'
sh 'export GIT_SSL_NO_VERIFY=true; CIVETWEB_GITURL=https://gogs.kakwa.fr/kakwa/civetweb/; cmake . -DBUNDLE_CIVETWEB=ON'
sh 'export GIT_SSL_NO_VERIFY=true; CIVETWEB_GITURL=https://gogs.kakwa.fr/kakwa/civetweb/; make -j4'
sh './tests/cfg/pki/create_tsa_certs'
sh './tests/external_test.sh'
}
}
)
}
}
}
}

22
README.rst
View File

@ -12,6 +12,10 @@ uts-server
:target: http://uts-server.readthedocs.org/en/latest/?badge=latest
:alt: Documentation Status
.. image:: https://jenkins.kakwalab.ovh/buildStatus/icon?job=kakwa/uts-server/master
:target: https://jenkins.kakwalab.ovh/blue/organizations/jenkins/kakwa%2Futs-server/branches/
:alt: Jenkins Status
Micro `RFC 3161 Time-Stamp <https://www.ietf.org/rfc/rfc3161.txt>`_ server written in C.
----
@ -19,10 +23,15 @@ Micro `RFC 3161 Time-Stamp <https://www.ietf.org/rfc/rfc3161.txt>`_ server writt
:Doc: `Uts-Server documentation on ReadTheDoc <http://uts-server.readthedocs.org/en/latest/>`_
:Dev: `Uts-Server source code on GitHub <https://github.com/kakwa/uts-server>`_
:License: MIT
:Author: Pierre-Francois Carpentier - copyright © 2016
:Author: Pierre-Francois Carpentier - copyright © 2019
----
Demo
----
A demo is accessible here: https://uts-server.kakwalab.ovh/
License
-------
@ -41,19 +50,24 @@ Roughly, it works as follow:
Then a client can verify the piece of data with the time-stamp using the Certificate Authority of the time-stamp key pair (X509 certificates).
It gives a cryptographic proof of a piece of data content, like a file, at a given time.
It gives a cryptographic proof of a piece of data content, for example a file, at a given time.
Some use cases:
* time-stamp log files at rotation time.
* time-stamp file at upload to prove it was delivered in due time or not.
Quick Start
-----------
Quick (and dirty) Testing
-------------------------
Here a few steps to quickly try out uts-server, for production setup, please compile civetweb externally and create proper CA and certificates:
.. sourcecode:: bash
# Building with civetweb embedded (will recover civetweb from github).
# Note: the BUNDLE_CIVETWEB option is only here for fast testing purpose
# The recommended way to deploy uts-server in production is to build civetweb
# separatly and to link against it.
$ cmake . -DBUNDLE_CIVETWEB=ON
$ make

1
_config.yml Normal file
View File

@ -0,0 +1 @@
theme: jekyll-theme-hacker

57
cmake/FindLibreSSL.cmake Normal file
View File

@ -0,0 +1,57 @@
#.rst
# FindLibreSSL
# ------------
#
# Detect if OpenSSL is in fact LibreSSL, and recovers LibreSSL version.
#
# Requires running FindOpenSSL previously
#
# Result Variables
# ^^^^^^^^^^^^^^^^
#
# ``LIBRESSL_VERSION``
# This is set to ``$major.$minor.$revision$patch`` (e.g. ``2.3.1f``).
#
# ``IS_LIBRESSL``
# Boolean, set to TRUE if LibreSSL, FALSE otherwise
#
# just copy/pasted from OpenSSL module with a few substitutions
if(OPENSSL_INCLUDE_DIR AND EXISTS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h")
file(STRINGS "${OPENSSL_INCLUDE_DIR}/openssl/opensslv.h" libressl_version_str
REGEX "^#[\t ]*define[\t ]+LIBRESSL_VERSION_NUMBER[\t ]+0x([0-9a-fA-F])+.*")
if(libressl_version_str)
# The version number is encoded as 0xMNNFFPPS: major minor fix patch status
# The status gives if this is a developer or prerelease and is ignored here.
# Major, minor, and fix directly translate into the version numbers shown in
# the string. The patch field translates to the single character suffix that
# indicates the bug fix state, which 00 -> nothing, 01 -> a, 02 -> b and so
# on.
string(REGEX REPLACE "^.*LIBRESSL_VERSION_NUMBER[\t ]+0x([0-9a-fA-F])([0-9a-fA-F][0-9a-fA-F])([0-9a-fA-F][0-9a-fA-F])([0-9a-fA-F][0-9a-fA-F])([0-9a-fA-F]).*$"
"\\1;\\2;\\3;\\4;\\5" LIBRESSL_VERSION_LIST "${libressl_version_str}")
list(GET LIBRESSL_VERSION_LIST 0 LIBRESSL_VERSION_MAJOR)
list(GET LIBRESSL_VERSION_LIST 1 LIBRESSL_VERSION_MINOR)
from_hex("${LIBRESSL_VERSION_MINOR}" LIBRESSL_VERSION_MINOR)
list(GET LIBRESSL_VERSION_LIST 2 LIBRESSL_VERSION_FIX)
from_hex("${LIBRESSL_VERSION_FIX}" LIBRESSL_VERSION_FIX)
list(GET LIBRESSL_VERSION_LIST 3 LIBRESSL_VERSION_PATCH)
if (NOT LIBRESSL_VERSION_PATCH STREQUAL "00")
from_hex("${LIBRESSL_VERSION_PATCH}" _tmp)
# 96 is the ASCII code of 'a' minus 1
math(EXPR LIBRESSL_VERSION_PATCH_ASCII "${_tmp} + 96")
unset(_tmp)
# Once anyone knows how OpenSSL would call the patch versions beyond 'z'
# this should be updated to handle that, too. This has not happened yet
# so it is simply ignored here for now.
string(ASCII "${LIBRESSL_VERSION_PATCH_ASCII}" LIBRESSL_VERSION_PATCH_STRING)
endif ()
set(LIBRESSL_VERSION "${LIBRESSL_VERSION_MAJOR}.${LIBRESSL_VERSION_MINOR}.${LIBRESSL_VERSION_FIX}${LIBRESSL_VERSION_PATCH_STRING}")
set(IS_LIBRESSL TRUE)
else ()
set(IS_LIBRESSL FALSE)
endif ()
endif ()

6
cmake/Findargp.cmake
View File

@ -34,7 +34,11 @@ if (ARGP_IN_LIBC)
elseif (NOT ARGP_IN_LIBC)
unset(ARGP_IN_LIBC CACHE)
find_library(ARGP_LIB "argp")
if(ARGP_USE_STATIC_LIBS)
find_library(ARGP_LIB "libargp.a")
else(ARGP_USE_STATIC_LIBS)
find_library(ARGP_LIB "argp")
endif(ARGP_USE_STATIC_LIBS)
find_path(ARGP_INCLUDE_DIR argp.h PATH_SUFFIXES include)
mark_as_advanced(ARGP_LIB)
if (ARGP_LIB)

8
cmake/Findlibcivetweb.cmake
View File

@ -2,6 +2,10 @@ if (NOT LIBCIVETWEB_LIBRARIES)
find_path(LIBCIVETWEB_INCLUDE_DIR civetweb.h ${_LIBCIVETWEB_PATHS} PATH_SUFFIXES include include/civetweb/)
endif ()
if (NOT LIBCIVETWEB_LIBRARIES)
find_library(LIBCIVETWEB_LIBRARIES NAMES civetweb ${_LIBCIVETWEB_PATHS} PATH_SUFFIXES lib)
if (NOT LIBCIVETWE[DB_LIBRARIES)
if(LIBCIVETWEB_USE_STATIC_LIBS)
find_library(LIBCIVETWEB_LIBRARIES NAMES libcivetweb.a ${_LIBCIVETWEB_PATHS} PATH_SUFFIXES lib)
else(LIBCIVETWEB_USE_STATIC_LIBS)
find_library(LIBCIVETWEB_LIBRARIES NAMES civetweb ${_LIBCIVETWEB_PATHS} PATH_SUFFIXES lib)
endif(LIBCIVETWEB_USE_STATIC_LIBS)
endif ()

6
conf/uts-server.cnf
View File

@ -103,6 +103,12 @@ tcp_nodelay = 0
# Loglevel (debug, info, notice, warn, err, emerg, crit)
log_level = info
# Enable logging to syslog (default: yes)
log_to_syslog = yes
# Enable logging to stdout (default: no)
#log_to_stdout = no
# TSA configuration parameters.
[ tsa ]

25
docs/conf.py
View File

@ -185,6 +185,31 @@ Configuration Parameters
"""
foot = """
.. warning::
The TSA signing certificate must have exactly one extended key usage assigned to it: **timeStamping**.
The extended key usage must also be **critical**, otherwise the certificate is going to be refused.
Here is a sample openssl.cfg configuration for creating such certificate:
.. sourcecode:: ini
[ tsa_cert ]
# TSA server cert is not a CA cert, disabling CA role
basicConstraints=CA:FALSE
# The following key usage flags are mandatory for TSA server certificates.
# This parameters set the main specificities of a TSA certificate
keyUsage = nonRepudiation, digitalSignature
extendedKeyUsage = critical,timeStamping
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
Full Configuration File
=======================

90
docs/install.rst
View File

@ -8,14 +8,15 @@ List of dependencies uts-server relies on to run:
* `OpenSSL <https://github.com/openssl/openssl>`_.
* `civetweb <https://github.com/civetweb/civetweb>`_.
* on none GNU LibC, `argp-standalone <https://www.lysator.liu.se/~nisse/misc/argp-standalone-1.3.tar.gz>`_
Build dependencies
------------------
List of dependencies needed to build civetweb:
List of dependencies needed to build uts-server:
* cmake
* either gcc or clang
* `CMake <https://cmake.org/>`_
* either `gcc <https://gcc.gnu.org/>`_ or `clang <https://clang.llvm.org/>`_
Compilation
===========
@ -28,11 +29,90 @@ uts-server is compiled using cmake:
$ cmake .
$ make
# If civetweb is not present
# this will get the proper tag of civetweb from upstream and compile it
# If civetweb is not present.
# this will get the master branch of civetweb from upstream and compile it.
# Only for developpment/testing purposes
$ cmake . -DBUNDLE_CIVETWEB=ON
$ make
# Compile with debug flags
# Only for developpment/testing purposes
$ cmake . -DDEBUG=ON
$ make
# Compile statically
# (in some cases, it might be necessary to still
# link some libraries like dl or gcc_s or pthread, if necessary,
# add -DLINK_DL=ON and/or -DLINK_GCC_S=ON and/or -DLINK_PTHREAD=ON)
$ cmake . -DSTATIC=ON # -DLINK_DL=ON -DLINK_GCC_S=ON -DLINK_PTHREAD=ON
$ make
.. warning::
The BUNDLE_CIVETWEB exists only for developpment/testing purposes.
Please compile civetweb externally for building a production binary.
Using this option outside of developpment/testing is a bad idea for the
following reasons:
* having an external download in a build process is a bad idea
* recovering the master branch ensures that the build may break randomly
* a build proccess should be reproductible which is not the case with this option
OS specific tips
================
Debian
------
The installation requires installing the following packages:
.. sourcecode:: bash
# build dependencies
$ apt-get install libssl-dev cmake clang
CentOS/RHEL
-----------
The installation requires installing the following packages:
.. sourcecode:: bash
# build dependencies
$ yum insall cmake gcc gcc-c++ openssl-devel
FreeBSD
-------
The installation requires installing the following packages:
.. sourcecode:: bash
# build dependencies
$ pkg add argp-standalone cmake
OpenBSD
-------
The installation requires installing the following packages:
.. sourcecode:: bash
# build dependencies
$ pkg_add gcc g++ argp-standalone cmake
# for the test scripts
$ pkg_add python curl
To build you must egcc and eg++ (not the old 4.2 gcc in the base system)
.. sourcecode:: bash
# set compilers
$ export CC=/usr/local/bin/egcc
$ export CXX=/usr/local/bin/ec++
# then build normally
$ cmake . -DBUNDLE_CIVETWEB=ON && make

103
goodies/index.html Normal file
View File

@ -0,0 +1,103 @@
<html>
<head>
<meta charset="utf-8">
<title>uts-server</title>
<meta name="author" content="Pierre-Francois Carpentier">
<meta name="description" content="uts-server">
<style>
.rcorners {
border-radius: 10px;
border: 2px solid #0080ff;
margin: 20px;
padding: 10px;
box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, 0, 0.19);
margin-left: auto;
margin-right: auto;
width: 40%;
}
body {
margin: 0px;
}
.code {
border-radius: 3px;
border: 2px solid #000000;
margin: 20px;
padding: 10px;
width: 90%;
background: #404040;
color: #e6e6e6;
margin-left: auto;
margin-right: auto;
}
.button {
background-color: #3366ff;
border: none;
color: white;
text-align: center;
text-decoration: none;
display: inline-block;
font-size: 14px;
margin: 4px 2px;
cursor: pointer;
border-radius: 2px;
padding: 10px 24px;
margin: 0 auto;
display: inline;
box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, 0, 0.19);
margin: 0 auto;
}
.desc {
text-decoration: underline;
text-align: center;
font-size: 20px;
margin-top: 20px
}
.center {
text-align: center;
}
.footer {
position: fixed;
bottom: 0px;
padding-top: 5px;
border-top: 1px solid gray;
width: 100%;
background-color: #f5f5f5;
font-size: 14px;
text-align: center;
}
.var {
color: #99ccff;
}
</style>
</head>
<body>
<div class="desc">
uts-server, a simple RFC 3161 timestamp server
</div>
<div class="rcorners">
For timestamping a file with OpenSSL and curl, run the following commands
(setting the $UTS_SERVER_URL, $FILE and $FILE_TIMESTAMP variables):
<div class="code">
openssl ts -query -data "<span class="var">$FILE</span>" -out "ts_req.ts";<br/>
curl "<span class="var">$UTS_SERVER_URL</span>" \<br/>
&nbsp;&nbsp;&nbsp;&nbsp; -H "Content-Type: application/timestamp-query" \<br/>
&nbsp;&nbsp;&nbsp;&nbsp; -f -g --data-binary "@ts_req.ts" -o "<span class="var">$FILE_TIMESTAMP</span>"
</div>
For verifying the timestamp with OpenSSL, download the CA and the signer cert, and run the following command:
<div class="code">
openssl ts -verify -in "<span class="var">$FILE_TIMESTAMP</span>" \<br/>
&nbsp;&nbsp;&nbsp;&nbsp; -data "<span class="var">$FILE</span>" -CAfile ca.pem -untrusted tsa_cert.pem
</div>
<div class="center">
<a href="./ca.pem" download><button class="button">Dowload CA file</button></a>
<a href="./tsa_cert.pem" download><button class="button">Dowload tsa cert file</button></a>
</div>
</div>
<div class="footer">
<div class="container">
<a href="http://uts-server.readthedocs.org" target="_blank">uts-server</a>
• © 2019 • Pierre-François Carpentier • Released under the MIT License
</div>
</div>
</body>
</html>

2
goodies/rhel/uts-server.conf
View File

@ -1 +1 @@
d /run/ldapcherryd 0755 ldapcherry ldapcherry -
d /run/uts-server 0755 uts-server uts-server -

17
inc/context.h
View File

@ -9,9 +9,14 @@
#define HTTP_OPTIONS 1
#define LOGLEVEL_OPTIONS 2
#define TSA_OPTIONS 3
#define PATH_HTTP_OPTIONS 4
#define LOGHANDLER_OPTIONS 3
#define TSA_OPTIONS 4
#define PATH_HTTP_OPTIONS 5
/* name of the configuration file section */
#define MAIN_CONF_SECTION "main"
#define OID_SECTION "oids"
#define TSA_SECTION "tsa"
#define RFC3161_OPTIONS_LEN \
sizeof(rfc3161_options) / sizeof(struct rfc3161_option)
@ -26,6 +31,10 @@ typedef struct {
uint64_t query_counter;
// flag for debugging
bool stdout_dbg;
// flag for logging to stdout
bool stdout_logging;
// flag for logging to stdout
bool syslog_logging;
// log level
int loglevel;
// number of threads
@ -37,6 +46,8 @@ typedef struct {
// just to track for freeing later
CONF *conf;
char *cust_conf[20];
char *ca_file;
char *cert_file;
} rfc3161_context;
// definition of structure to describe
@ -64,6 +75,8 @@ static struct rfc3161_option rfc3161_options[] = {
{"access_control_allow_origin", HTTP_OPTIONS, "*"},
{"tcp_nodelay", HTTP_OPTIONS, "0"},
{"log_level", LOGLEVEL_OPTIONS, "info"},
{"log_to_syslog", LOGHANDLER_OPTIONS, "yes"},
{"log_to_stdout", LOGHANDLER_OPTIONS, "no"},
{"ssl_certificate", PATH_HTTP_OPTIONS, NULL},
{"ssl_ca_path", PATH_HTTP_OPTIONS, NULL},
{"ssl_ca_file", PATH_HTTP_OPTIONS, NULL},

122
inc/http.h
View File

@ -6,3 +6,125 @@ struct tuser_data {
};
int http_server_start(char *conffile, char *conf_wd, bool stdout_dbg);
#define STATIC_PAGE \
"HTTP/1.1 200 OK\r\n" \
"Content-Type: text/html\r\n" \
"Content-Length: 2774\r\n" \
"\r\n" \
"<html>" \
"<head>" \
" <meta charset=\"utf-8\">" \
" <title>uts-server</title>" \
" <meta name=\"author\" content=\"Pierre-Francois Carpentier\">" \
" <meta name=\"description\" content=\"uts-server\">" \
"<style>" \
".rcorners {" \
" border-radius: 10px;" \
" border: 2px solid #0080ff;" \
" margin: 20px;" \
" padding: 10px;" \
" box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, " \
"0, 0.19);" \
" margin-left: auto;" \
" margin-right: auto;" \
" width: 40%;" \
"}" \
"body {" \
" margin: 0px;" \
"}" \
".code {" \
" border-radius: 3px;" \
" border: 2px solid #000000;" \
" margin: 20px;" \
" padding: 10px;" \
" width: 90%;" \
" background: #404040;" \
" color: #e6e6e6;" \
" margin-left: auto;" \
" margin-right: auto;" \
"}" \
".button {" \
" background-color: #3366ff;" \
" border: none;" \
" color: white;" \
" text-align: center;" \
" text-decoration: none;" \
" display: inline-block;" \
" font-size: 14px;" \
" margin: 4px 2px;" \
" cursor: pointer;" \
" border-radius: 2px;" \
" padding: 10px 24px;" \
" margin: 0 auto;" \
" display: inline;" \
" box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, " \
"0, 0.19);" \
" margin: 0 auto;" \
"}" \
".desc {" \
" text-decoration: underline;" \
" text-align: center;" \
" font-size: 20px;" \
" margin-top: 20px" \
"}" \
".center {" \
" text-align: center;" \
"}" \
".footer {" \
" position: fixed;" \
" bottom: 0px;" \
" padding-top: 5px;" \
" border-top: 1px solid gray;" \
" width: 100%;" \
" background-color: #f5f5f5;" \
" font-size: 14px;" \
" text-align: center;" \
"}" \
".var {" \
" color: #99ccff;" \
"}" \
"</style>" \
"</head>" \
"<body>" \
"<div class=\"desc\">" \
" uts-server, a simple RFC 3161 timestamp server" \
"</div>" \
"<div class=\"rcorners\">" \
" For timestamping a file with OpenSSL and curl, run the following " \
"commands" \
" (setting the $UTS_SERVER_URL, $FILE and $FILE_TIMESTAMP variables):" \
" <div class=\"code\">" \
" openssl ts -query -data \"<span class=\"var\">$FILE</span>\" -out " \
"\"ts_req.ts\";<br/>" \
" curl \"<span class=\"var\">$UTS_SERVER_URL</span>\" \\<br/>" \
" &nbsp;&nbsp;&nbsp;&nbsp; -H \"Content-Type: " \
"application/timestamp-query\" \\<br/>" \
" &nbsp;&nbsp;&nbsp;&nbsp; -f -g --data-binary \"@ts_req.ts\" -o " \
"\"<span class=\"var\">$FILE_TIMESTAMP</span>\"" \
" </div>" \
" For verifying the timestamp with OpenSSL, download the CA and the " \
"signer cert, and run the following command:" \
" <div class=\"code\">" \
" openssl ts -verify -in \"<span " \
"class=\"var\">$FILE_TIMESTAMP</span>\" \\<br/>" \
" &nbsp;&nbsp;&nbsp;&nbsp; -data \"<span class=\"var\">$FILE</span>\" " \
"-CAfile ca.pem -untrusted tsa_cert.pem" \
" </div>" \
" <div class=\"center\">" \
" <a href=\"./ca.pem\" download><button class=\"button\">Dowload CA " \
"file</button></a>" \
" <a href=\"./tsa_cert.pem\" download><button " \
"class=\"button\">Dowload tsa cert file</button></a>" \
" </div>" \
"</div>" \
"<div class=\"footer\">" \
" <div class=\"container\">" \
" <a href=\"http://uts-server.readthedocs.org\" " \
"target=\"_blank\">uts-server</a>" \
" • © 2019 • Pierre-François Carpentier • Released under the MIT " \
"License" \
" </div>" \
"</div>" \
"</body>" \
"</html>"

19
inc/rfc3161.h
View File

@ -16,6 +16,20 @@
#if OPENSSL_VERSION_NUMBER < 0x10000000L
#error OpenSSL version too old
#endif
/* LibreSSL is really annoying
* the OPENSSL_VERSION_NUMBER #define in opensslv.h
* is 0x20000000L but the API is that of openssl 1.0.
* That breaks version matching to determine which API
* to use.
* So, special case here for LibreSSL...
* (why didn't you just keep 0x100000L LibreSSL?)
*/
#ifdef LIBRESSL_VERSION_NUMBER
// for now, LibreSSL is 1.0 API only
#define OPENSSL_API_1_0
#else
// for OpenSSL, we must differenciate between 1.0 and 1.1
#if OPENSSL_VERSION_NUMBER < 0x10100000L && \
OPENSSL_VERSION_NUMBER >= 0x10000000L
#define OPENSSL_API_1_0
@ -23,10 +37,7 @@
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
#define OPENSSL_API_1_1
#endif
/* Name of config entry that defines the OID file. */
#define OID_SECTION "oids"
#define TSA_SECTION "tsa"
#endif
// number of char we get to log for the serial
#define SERIAL_ID_SIZE 8

6
inc/utils.h
View File

@ -7,6 +7,7 @@ typedef struct _code {
static void signal_handler_general(int sig_num);
static void signal_handler_up(int sig_num);
void set_sig_handler();
void skeleton_daemon();
int init_pid(char *pidfile_path);
int write_pid(char *pidfile_path);
@ -16,7 +17,4 @@ void log_hex(rfc3161_context *ct, int priority, char *id,
int set_params(rfc3161_context *ct, char *conf_file, char *conf_wd);
static char *rand_string(char *str, size_t size);
void free_uts_context(rfc3161_context *ct);
// some global variable to handle signals
int g_uts_sig_up;
int g_uts_sig;
const char *null_undef(const char *in);

3
src/cmd/uts-server.c
View File

@ -101,6 +101,8 @@ int main(int argc, char **argv) {
if (args.daemonize)
skeleton_daemon();
else
set_sig_handler();
syslog(LOG_NOTICE,
"uts-server daemon starting with conf '%s' from working dir '%s'",
@ -119,7 +121,6 @@ int main(int argc, char **argv) {
}
syslog(LOG_NOTICE, "uts-server daemon terminated.");
free(conf_wd);
free(tmp_wd);
closelog();

140
src/lib/http.c
View File

@ -2,15 +2,16 @@
#include <civetweb.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdlib.h>
#include <string.h>
#include <string.h>
#include <strings.h>
#include <sys/syslog.h>
#include <time.h>
#include <unistd.h>
extern int g_uts_sig_up;
extern int g_uts_sig;
static char *rand_string(char *str, size_t size) {
const char charset[] = "1234567890ABCDEF";
if (size) {
@ -54,20 +55,20 @@ void log_request_debug(const struct mg_request_info *request_info,
for (int i = 0; i < request_info->num_headers; i++) {
uts_logger(context, LOG_DEBUG, "Request[%s], Header[%s]: %s",
request_id, request_info->http_headers[i].name,
request_info->http_headers[i].value);
null_undef(request_info->http_headers[i].value));
}
uts_logger(context, LOG_DEBUG, "Request[%s], request_method: %s",
request_id, request_info->request_method);
request_id, null_undef(request_info->request_method));
uts_logger(context, LOG_DEBUG, "Request[%s], request_uri: %s", request_id,
request_info->request_uri);
null_undef(request_info->request_uri));
uts_logger(context, LOG_DEBUG, "Request[%s], local_uri: %s", request_id,
request_info->local_uri);
null_undef(request_info->local_uri));
uts_logger(context, LOG_DEBUG, "Request[%s], http_version: %s", request_id,
request_info->http_version);
null_undef(request_info->http_version));
uts_logger(context, LOG_DEBUG, "Request[%s], query_string: %s", request_id,
request_info->query_string);
null_undef(request_info->query_string));
uts_logger(context, LOG_DEBUG, "Request[%s], remote_addr: %s", request_id,
request_info->remote_addr);
null_undef(request_info->remote_addr));
uts_logger(context, LOG_DEBUG, "Request[%s], is_ssl: %d", request_id,
request_info->is_ssl);
uts_logger(context, LOG_DEBUG, "Request[%s], content_length: %d",
@ -94,28 +95,14 @@ void log_request(const struct mg_request_info *request_info, char *request_id,
}
}
uts_logger(context, LOG_INFO, "Request[%s], remote_addr[%s] ssl[%d] "
"uri[%s] http_resp_code[%d] duration[%d us] "
"user-agent[%s] content-type[%s]",
request_id, request_info->remote_addr, request_info->is_ssl,
request_info->local_uri, response_code, timer, user_agent,
content_type);
}
// This function will be called by civetweb on every new request.
static int begin_request_handler(struct mg_connection *conn) {
const struct mg_request_info *request_info = mg_get_request_info(conn);
mg_printf(conn,
"HTTP/1.1 200 OK\r\n"
"Content-Type: text/plain\r\n"
"Content-Length: 46\r\n" // Always set Content-Length
"\r\n"
"uts-server, a simple RFC 3161 timestamp server");
// Returning non-zero tells civetweb that our function has replied to
// the client, and civetweb should not send client any more data.
return 1;
uts_logger(context, LOG_INFO,
"Request[%s], remote_addr[%s] ssl[%d] "
"uri[%s] http_resp_code[%d] duration[%d us] "
"user-agent[%s] content-type[%s]",
request_id, null_undef(request_info->remote_addr),
request_info->is_ssl, null_undef(request_info->local_uri),
response_code, timer, null_undef(user_agent),
null_undef(content_type));
}
int rfc3161_handler(struct mg_connection *conn, void *context) {
@ -179,10 +166,11 @@ int rfc3161_handler(struct mg_connection *conn, void *context) {
// respond according to create_response return code
switch (resp_code) {
case 200:
mg_printf(conn, "HTTP/1.1 200 OK\r\n"
"Content-Type: application/timestamp-reply\r\n"
"Content-Length: %d\r\n"
"\r\n",
mg_printf(conn,
"HTTP/1.1 200 OK\r\n"
"Content-Type: application/timestamp-reply\r\n"
"Content-Length: %d\r\n"
"\r\n",
(int)content_length);
mg_write(conn, content, content_length);
log_hex(ct, LOG_DEBUG, "response hexdump content", content,
@ -207,11 +195,7 @@ int rfc3161_handler(struct mg_connection *conn, void *context) {
} else {
// default reply if we don't have a time-stamp request
resp_code = 200;
mg_printf(conn, "HTTP/1.1 200 OK\r\n"
"Content-Type: text/plain\r\n"
"Content-Length: 46\r\n"
"\r\n"
"uts-server, a simple RFC 3161 timestamp server");
mg_printf(conn, STATIC_PAGE);
}
// initialize a serial_id if not created by create_response
if (serial_id == NULL) {
@ -230,6 +214,71 @@ int rfc3161_handler(struct mg_connection *conn, void *context) {
return 1;
}
int ca_serve_handler(struct mg_connection *conn, void *context) {
/* In this handler, we ignore the req_info and send the file "filename". */
const struct mg_request_info *request_info = mg_get_request_info(conn);
clock_t start = clock(), diff;
rfc3161_context *ct = (rfc3161_context *)context;
const char *filename = ct->ca_file;
if (strlen(filename) == 0) {
uts_logger(context, LOG_NOTICE,
"'certs' param in '[ tsa ]' section not filed");
mg_send_http_error(conn, 404, "CA file not available");
diff = clock() - start;
log_request(request_info, "CA_DL ", ct, 404,
(diff * 1000000 / CLOCKS_PER_SEC));
return 1;
}
if (access(filename, F_OK) != -1) {
mg_send_file(conn, filename);
const struct mg_response_info *ri = mg_get_response_info(conn);
diff = clock() - start;
log_request(request_info, "CA_DL ", ct, 200,
(diff * 1000000 / CLOCKS_PER_SEC));
} else {
uts_logger(context, LOG_NOTICE, "CA file '%s' not available", filename);
mg_send_http_error(conn, 404, "CA file not available");
diff = clock() - start;
log_request(request_info, "CA_DL ", ct, 404,
(diff * 1000000 / CLOCKS_PER_SEC));
}
return 1;
}
int cert_serve_handler(struct mg_connection *conn, void *context) {
/* In this handler, we ignore the req_info and send the file "filename". */
const struct mg_request_info *request_info = mg_get_request_info(conn);
clock_t start = clock(), diff;
rfc3161_context *ct = (rfc3161_context *)context;
const char *filename = ct->cert_file;
if (strlen(filename) == 0) {
uts_logger(context, LOG_NOTICE,
"'signer_cert' param in '[ tsa ]' section not filed");
mg_send_http_error(conn, 404, "CA file not available");
diff = clock() - start;
log_request(request_info, "CERT_DL", ct, 404,
(diff * 1000000 / CLOCKS_PER_SEC));
return 1;
}
if (access(filename, F_OK) != -1) {
mg_send_file(conn, filename);
const struct mg_response_info *ri = mg_get_response_info(conn);
diff = clock() - start;
log_request(request_info, "CERT_DL", ct, 200,
(diff * 1000000 / CLOCKS_PER_SEC));
} else {
uts_logger(context, LOG_NOTICE,
"signer certificate file '%s' not available", filename);
mg_send_http_error(conn, 404, "CA file not available");
diff = clock() - start;
log_request(request_info, "CERT_DL", ct, 404,
(diff * 1000000 / CLOCKS_PER_SEC));
}
return 1;
}
int http_server_start(char *conffile, char *conf_wd, bool stdout_dbg) {
struct mg_context *ctx;
struct mg_callbacks callbacks;
@ -242,10 +291,13 @@ int http_server_start(char *conffile, char *conf_wd, bool stdout_dbg) {
if (!set_params(ct, conffile, conf_wd))
return EXIT_FAILURE;
// Disable stdout buffering if logging to stdout
if (ct->stdout_logging || ct->stdout_dbg)
setbuf(stdout, NULL);
// Prepare callbacks structure. We have only one callback, the rest are
// NULL.
memset(&callbacks, 0, sizeof(callbacks));
memset(&user_data, 0, sizeof(user_data));
callbacks.log_message = &log_civetweb;
@ -253,12 +305,14 @@ int http_server_start(char *conffile, char *conf_wd, bool stdout_dbg) {
ctx = mg_start(&callbacks, &user_data, ct->http_options);
if (ctx != NULL) {
mg_set_request_handler(ctx, "/", rfc3161_handler, (void *)ct);
mg_set_request_handler(ctx, "/ca.pem", ca_serve_handler, (void *)ct);
mg_set_request_handler(ctx, "/tsa_cert.pem", cert_serve_handler,
(void *)ct);
// Wait until some signals are received
while (g_uts_sig == 0) {
sleep(1);
}
// getchar();
} else {
uts_logger(ct, LOG_ERR, "Failed to start uts-server: %s",
((user_data.first_message == NULL)

10
src/lib/rfc3161.c
View File

@ -15,10 +15,7 @@
#include <openssl/ts.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdlib.h>
#include <string.h>
#include <string.h>
#include <sys/syslog.h>
#include <syslog.h>
@ -272,7 +269,7 @@ end:
BN_free(serial_bn);
} else {
serial_hex = calloc(SERIAL_ID_SIZE, sizeof(char));
strncpy(serial_hex, " NO ID ", SERIAL_ID_SIZE + 2);
strncpy(serial_hex, " NO ID ", SERIAL_ID_SIZE + 4);
}
#endif
#ifdef OPENSSL_API_1_0
@ -322,8 +319,9 @@ end:
ret = 200;
break;
case TS_STATUS_GRANTED_WITH_MODS:
uts_logger(ct, LOG_NOTICE, "timestamp request granted with "
"modification",
uts_logger(ct, LOG_NOTICE,
"timestamp request granted with "
"modification",
*serial_id);
ret = 200;
break;

71
src/lib/utils.c
View File

@ -8,12 +8,14 @@
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <syslog.h>
#include <syslog.h>
#include <unistd.h>
// some global variable to handle signals
int g_uts_sig_up;
int g_uts_sig;
static void signal_handler_general(int sig_num) {
g_uts_sig = sig_num;
}
@ -69,6 +71,17 @@ int write_pid(char *pidfile_path) {
return 1;
}
void set_sig_handler() {
g_uts_sig_up = 0;
g_uts_sig = 0;
/* Catch, ignore and handle signals */
// TODO: Implement a working signal handler */
signal(SIGTERM, signal_handler_general);
signal(SIGINT, signal_handler_general);
signal(SIGHUP, signal_handler_up);
signal(SIGCHLD, SIG_IGN);
}
void skeleton_daemon() {
pid_t pid;
@ -87,14 +100,7 @@ void skeleton_daemon() {
if (setsid() < 0)
exit(EXIT_FAILURE);
g_uts_sig_up = 0;
g_uts_sig = 0;
/* Catch, ignore and handle signals */
// TODO: Implement a working signal handler */
signal(SIGTERM, signal_handler_general);
signal(SIGINT, signal_handler_general);
signal(SIGHUP, signal_handler_up);
signal(SIGCHLD, SIG_IGN);
set_sig_handler();
/* Fork off for the second time*/
pid = fork();
@ -163,7 +169,7 @@ void uts_logger(rfc3161_context *ct, int priority, char *fmt, ...) {
fclose(stream);
// if in debugging mode, also log to stdout
if (ct->stdout_dbg) {
if (ct->stdout_logging || ct->stdout_dbg) {
switch (priority) {
case LOG_EMERG:
printf("LOG_EMER : %s\n", out);
@ -198,10 +204,17 @@ void uts_logger(rfc3161_context *ct, int priority, char *fmt, ...) {
;
}
}
syslog(priority, "%s", out);
if (ct->syslog_logging)
syslog(priority, "%s", out);
free(out);
}
const char *null_undef(const char *in) {
if (in == NULL)
return "<undef>";
return in;
}
// OpenSSL file openner (use for opening the configuration file
static BIO *bio_open_default(rfc3161_context *ct, const char *filename,
int format) {
@ -281,7 +294,7 @@ int set_params(rfc3161_context *ct, char *conf_file, char *conf_wd) {
if (value == NULL) {
uts_logger(ct, LOG_NOTICE,
"configuration param['%s'] not set, using default: '%s'",
name, default_value);
name, null_undef(default_value));
value = default_value;
}
switch (type) {
@ -296,6 +309,21 @@ int set_params(rfc3161_context *ct, char *conf_file, char *conf_wd) {
}
break;
;
case LOGHANDLER_OPTIONS:
if (strcmp(name, "log_to_syslog") == 0) {
if (strcmp(value, "yes"))
ct->syslog_logging = 0;
else
ct->syslog_logging = 1;
}
if (strcmp(name, "log_to_stdout") == 0) {
if (strcmp(value, "yes"))
ct->stdout_logging = 0;
else
ct->stdout_logging = 1;
}
break;
;
}
}
// parse the options to get the civetweb options and a few other things
@ -307,14 +335,14 @@ int set_params(rfc3161_context *ct, char *conf_file, char *conf_wd) {
if (value == NULL) {
uts_logger(ct, LOG_NOTICE,
"configuration param['%s'] not set, using default: '%s'",
name, default_value);
name, null_undef(default_value));
value = default_value;
}
uts_logger(ct, LOG_DEBUG, "configuration param['%s'] = '%s'", name,
value);
null_undef(value));
switch (type) {
// if it's an http (civetweb) option, put it in the http_options buffer
// like civetweb is expected it.
// if it's an http (civetweb) option, put it in the http_options
// buffer like civetweb is expected it.
case HTTP_OPTIONS:
if (value != NULL) {
ct->http_options[http_counter] = name;
@ -363,6 +391,13 @@ int set_params(rfc3161_context *ct, char *conf_file, char *conf_wd) {
break;
}
}
ct->ca_file = calloc(PATH_MAX, sizeof(char));
realpath(NCONF_get_string(ct->conf, TSA_SECTION, "certs"), ct->ca_file);
ct->cert_file = calloc(PATH_MAX, sizeof(char));
realpath(NCONF_get_string(ct->conf, TSA_SECTION, "signer_cert"),
ct->cert_file);
// like any good daemon, return to '/' once the configuration is loaded
chdir("/");
return ret;
@ -381,6 +416,8 @@ void free_uts_context(rfc3161_context *ct) {
free(ct->cust_conf[i]);
}
free(ct->ts_ctx_pool);
free(ct->ca_file);
free(ct->cert_file);
NCONF_free(ct->conf);
free(ct);
}

175
tests/cfg/pki/CAtsa.cnf
View File

@ -1,86 +1,20 @@
#
# This config is used by the Time Stamp Authority tests.
#
RANDFILE = ./.rnd
# Extra OBJECT IDENTIFIER info:
oid_section = new_oids
TSDNSECT = ts_cert_dn
INDEX = 1
[ new_oids ]
# Policies used by the TSA tests.
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
#----------------------------------------------------------------------
[ ca ]
default_ca = CA_default # The default ca section
[ CA_default ]
dir = ./demoCA
certs = $dir/certs # Where the issued certs are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
default_days = 365 # how long to certify for
default_md = sha1 # which md to use.
preserve = no # keep passed DN ordering
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = supplied
stateOrProvinceName = supplied
organizationName = supplied
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
#
# Properties needed for a Time-Stamp Authority (TSA) certificates
#
#----------------------------------------------------------------------
[ req ]
default_bits = 4096
default_md = sha1
distinguished_name = $ENV::TSDNSECT
encrypt_rsa_key = no
prompt = no
# attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
string_mask = nombstr
[ ts_ca_dn ]
countryName = FR
stateOrProvinceName = Paris
localityName = Paris
organizationName = UTS-SERVER test
commonName = ca1
[ ts_cert_dn ]
countryName = FR
stateOrProvinceName = Paris
localityName = Paris
organizationName = UTS-SERVER test
commonName = tsa$ENV::INDEX
DN_SECTION=dn_ca
CN=DEFAULT
# Extensions required to a TSA certificate
[ tsa_cert ]
# TSA server cert is not a CA cert.
# TSA server cert is not a CA cert, disabling CA role
basicConstraints=CA:FALSE
# The following key usage flags are needed for TSA server certificates.
# The following key usage flags are mandatory for TSA server certificates.
# This parameters set the main specificities of a TSA certificate
keyUsage = nonRepudiation, digitalSignature
extendedKeyUsage = critical,timeStamping
@ -88,76 +22,43 @@ extendedKeyUsage = critical,timeStamping
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
[ non_tsa_cert ]
# This is not a CA cert and not a TSA cert, either (timeStamping usage missing)
basicConstraints=CA:FALSE
#----------------------------------------------------------------------
#
# Other Properties for the CA and non-tsa certificates
#
#----------------------------------------------------------------------
# The following key usage flags are needed for TSA server certificates.
keyUsage = nonRepudiation, digitalSignature
# timeStamping is not supported by this certificate
# extendedKeyUsage = critical,timeStamping
# OpenSSL parameters for certificate requests generation
[ req ]
default_bits = 4096
default_md = sha512
distinguished_name = $ENV::DN_SECTION
encrypt_rsa_key = no
prompt = no
# The extentions to add to the self signed cert
x509_extensions = v3_ca
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature
[ v3_ca ]
# Common properties of the CA
[ dn_ca ]
countryName = FR
stateOrProvinceName = Paris
localityName = Paris
organizationName = UTS-SERVER CA
# Extensions for a typical CA
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = critical,CA:true
keyUsage = cRLSign, keyCertSign
#----------------------------------------------------------------------
[ tsa ]
default_tsa = tsa_config1 # the default TSA section
[ tsa_config1 ]
# These are used by the TSA reply generation only.
dir = . # TSA root directory
serial = $dir/tsa_serial # The current serial number (mandatory)
signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate
# (optional)
certs = $dir/tsaca.pem # Certificate chain to include in reply
# (optional)
signer_key = $dir/tsa_key1.pem # The TSA private key (optional)
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
digests = md5, sha1 # Acceptable message digests (mandatory)
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
ordering = yes # Is ordering defined for timestamps?
# (optional, default: no)
tsa_name = yes # Must the TSA name be included in the reply?
# (optional, default: no)
ess_cert_id_chain = yes # Must the ESS cert id chain be included?
# (optional, default: no)
[ tsa_config2 ]
# This configuration uses a certificate which doesn't have timeStamping usage.
# These are used by the TSA reply generation only.
dir = . # TSA root directory
serial = $dir/tsa_serial # The current serial number (mandatory)
signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate
# (optional)
certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply
# (optional)
signer_key = $dir/tsa_key2.pem # The TSA private key (optional)
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
digests = md5, sha1 # Acceptable message digests (mandatory)
# Common properties of all the certificates (CN, OU, etc...)
[ dn_cert ]
countryName = FR
stateOrProvinceName = Paris
localityName = Paris
organizationName = UTS-SERVER test
# CN is passed through environment variable "CN"
commonName = $ENV::CN

32
tests/cfg/pki/create_tsa_certs
View File

@ -6,34 +6,33 @@ export OPENSSL_CONF="./CAtsa.cnf"
cd `dirname $0`
error () {
echo "TSA test failed!" >&2
exit 1
}
create_ca () {
echo "Creating a new CA for the TSA tests..."
TSDNSECT=ts_ca_dn
export TSDNSECT
CN="UTS-SERVER CA"
DN_SECTION="dn_ca"
export CN
export DN_SECTION
openssl req -new -x509 -nodes \
-out tsaca.pem -keyout tsacakey.pem
test $? != 0 && error
}
create_tsa_cert () {
INDEX=$1
export INDEX
EXT=$2
TSDNSECT=ts_cert_dn
export TSDNSECT
EXT=$3
INDEX=$2
CN=$1; export CN
DN_SECTION="dn_cert";export DN_SECTION
openssl req -new \
-out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem
test $? != 0 && error
echo Using extension $EXT
echo Using extension $EXT
openssl x509 -req \
-in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
-CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
@ -43,10 +42,9 @@ echo Using extension $EXT
create_cert () {
INDEX=$1
INDEX=$2
export INDEX
TSDNSECT=ts_cert_dn
export TSDNSECT
DN_SECTION="dn_cert";export DN_SECTION
openssl req -new \
-out tsa_req${INDEX}.pem -keyout ssl_key${INDEX}.pem
@ -63,12 +61,12 @@ echo "Creating CA for TSA tests..."
create_ca
echo "Creating tsa_cert1.pem TSA server cert..."
create_tsa_cert 1 tsa_cert
create_tsa_cert "TSA CERT 1" 1 tsa_cert
echo "Creating tsa_cert2.pem TSA server cert..."
create_tsa_cert 2 tsa_cert
create_tsa_cert "TSA CERT 2" 2 tsa_cert
echo "Creating ssl_keycerts1.pem for ssl"
create_cert 1
create_cert "uts-server.example.org" 1
exit 0

6
tests/cfg/uts-server-ssl.cnf
View File

@ -78,6 +78,12 @@ tcp_nodelay = 0
# debug, info, notice, warn, err, emerg, crit
log_level = info
# Enable logging to syslog (default: yes)
log_to_syslog = no
# Enable logging to stdout (default: no)
#log_to_stdout = yes
####################################################################
[ tsa ]

6
tests/cfg/uts-server.cnf
View File

@ -78,6 +78,12 @@ tcp_nodelay = 0
# debug, info, notice, warn, err, emerg, crit
log_level = info
# Enable logging to syslog (default: yes)
log_to_syslog = no
# Enable logging to stdout (default: no)
#log_to_stdout = yes
####################################################################
[ tsa ]

43
tests/external_test.sh
View File

@ -1,21 +1,46 @@
#!/bin/sh
timeout 120 ./uts-server -c tests/cfg/uts-server.cnf -D -p ./uts-server.pid &
PORT=`awk -v min=10000 -v max=20000 'BEGIN{srand(); print int(min+rand()*(max-min+1))}'`
if which timeout >/dev/null 2>&1
then
TO="timeout 120"
else
TO=""
fi
export TMPDIR='./tests/cfg/'
CFG=`mktemp`
clean_exit(){
rm -- "$CFG"
kill `cat ./uts-server.pid` >/dev/null 2>&1
rm -- "./uts-server.pid"
exit $1
}
sed "s/2020/$PORT/" tests/cfg/uts-server.cnf >$CFG
$TO ./uts-server -c $CFG -D -p ./uts-server.pid &
sleep 1
./goodies/timestamp-file.sh -i README.rst -u http://localhost:2020 -r -O "-cert" || exit 1
./goodies/timestamp-file.sh -i README.rst -u http://localhost:2020 -r -O "-cert" || exit 1
./goodies/timestamp-file.sh -i README.rst -u http://localhost:2020 -r -O "-cert" || exit 1
./goodies/timestamp-file.sh -i README.rst -u http://localhost:$PORT -r -O "-cert" || clean_exit 1
./goodies/timestamp-file.sh -i README.rst -u http://localhost:$PORT -r -O "-cert" || clean_exit 1
./goodies/timestamp-file.sh -i README.rst -u http://localhost:$PORT -r -O "-cert" || clean_exit 1
kill `cat ./uts-server.pid`
timeout 120 ./uts-server -c tests/cfg/uts-server-ssl.cnf -D -p ./uts-server.pid &
sed "s/2020/$PORT/" tests/cfg/uts-server-ssl.cnf >$CFG
sleep 1
./goodies/timestamp-file.sh -i README.rst -u https://localhost:2020 -r -O "-cert" -C '-k' || exit 1
./goodies/timestamp-file.sh -i README.rst -u https://localhost:2020 -r -O "-cert" -C '-k' || exit 1
./goodies/timestamp-file.sh -i README.rst -u https://localhost:2020 -r -O "-cert" -C '-k' || exit 1
$TO ./uts-server -c $CFG -D -p ./uts-server.pid &
sleep 1
./goodies/timestamp-file.sh -i README.rst -u https://localhost:$PORT -r -O "-cert" -C '-k' || clean_exit 1
./goodies/timestamp-file.sh -i README.rst -u https://localhost:$PORT -r -O "-cert" -C '-k' || clean_exit 1
./goodies/timestamp-file.sh -i README.rst -u https://localhost:$PORT -r -O "-cert" -C '-k' || clean_exit 1
kill `cat ./uts-server.pid`
clean_exit 0