return ctx;
}
-ws_ctx_t *ws_socket_ssl(int socket, char * certfile) {
+ws_ctx_t *ws_socket_ssl(int socket, char * certfile, char * keyfile) {
int ret;
char msg[1024];
+ char * use_keyfile;
ws_ctx_t *ctx;
ctx = ws_socket(socket);
+ if (keyfile && (keyfile[0] != '\0')) {
+ // Separate key file
+ use_keyfile = keyfile;
+ } else {
+ // Combined key and cert file
+ use_keyfile = certfile;
+ }
+
// Initialize the library
if (! ssl_initialized) {
SSL_library_init();
fatal("Failed to configure SSL context");
}
- if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, certfile,
- SSL_FILETYPE_PEM) <= 0) {
- sprintf(msg, "Unable to load private key file %s\n", certfile);
+ if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, use_keyfile,
+ SSL_FILETYPE_PEM) <= 0) {
+ sprintf(msg, "Unable to load private key file %s\n", use_keyfile);
fatal(msg);
}
(bcmp(handshake, "\x80", 1) == 0)) {
// SSL
if (! settings.cert) { return NULL; }
- ws_ctx = ws_socket_ssl(sock, settings.cert);
+ ws_ctx = ws_socket_ssl(sock, settings.cert, settings.key);
if (! ws_ctx) { return NULL; }
scheme = "wss";
handler_msg("using SSL socket\n");
int listen_port;
void (*handler)(ws_ctx_t*);
int handler_id;
+ char *cert;
+ char *key;
int ssl_only;
int daemon;
- char *cert;
} settings_t;
typedef struct {
'handler' : None,
'handler_id' : 1,
'cert' : None,
+ 'key' : None,
'ssl_only' : False,
'daemon' : True,
'record' : None, }
retsock = ssl.wrap_socket(
sock,
server_side=True,
- certfile=settings['cert'])
+ certfile=settings['cert'],
+ keyfile=settings['key'])
scheme = "wss"
handler_msg("using SSL/TLS")
elif settings['ssl_only']:
char USAGE[] = "Usage: [options] " \
"[source_addr:]source_port target_addr:target_port\n\n" \
- " --cert CERT load CERT as SSL certificate\n" \
- " --foreground|-f run in the foreground\n" \
- " --ssl-only disallow non-SSL connections";
+ " --verbose|-v verbose messages and per frame traffic\n" \
+ " --foreground|-f stay in foreground, do not daemonize\n" \
+ " --cert CERT SSL certificate file\n" \
+ " --key KEY SSL key file (if separate from cert)\n" \
+ " --ssl-only disallow non-encrypted connections";
#define usage(fmt, args...) \
fprintf(stderr, "%s\n\n", USAGE); \
{"foreground", no_argument, &foreground, 'f'},
/* ---- */
{"cert", required_argument, 0, 'c'},
+ {"key", required_argument, 0, 'k'},
{0, 0, 0, 0}
};
settings.cert = realpath("self.pem", NULL);
+ settings.key = "";
while (1) {
- c = getopt_long (argc, argv, "vfc:",
+ c = getopt_long (argc, argv, "vfc:k:",
long_options, &option_index);
/* Detect the end */
usage("No cert file at %s\n", optarg);
}
break;
+ case 'k':
+ settings.key = realpath(optarg, NULL);
+ if (! settings.key) {
+ usage("No key file at %s\n", optarg);
+ }
+ break;
default:
usage("");
}
}
if (ssl_only) {
- printf("cert: %s\n", settings.cert);
if (!settings.cert || !access(settings.cert, R_OK)) {
usage("SSL only and cert file not found\n");
}
}
//printf(" verbose: %d\n", settings.verbose);
- //printf(" ssl_only: %d\n", settings.ssl_only);
- //printf(" daemon: %d\n", settings.daemon);
- //printf(" cert: %s\n", settings.cert);
+ //printf(" ssl_only: %d\n", settings.ssl_only);
+ //printf(" daemon: %d\n", settings.daemon);
+ //printf(" cert: %s\n", settings.cert);
+ //printf(" key: %s\n", settings.key);
settings.handler = proxy_handler;
start_server();
parser.add_option("--foreground", "-f",
dest="daemon", default=True, action="store_false",
help="stay in foreground, do not daemonize")
+ parser.add_option("--cert", default="self.pem",
+ help="SSL certificate file")
+ parser.add_option("--key", default=None,
+ help="SSL key file (if separate from cert)")
parser.add_option("--ssl-only", action="store_true",
help="disallow non-encrypted connections")
- parser.add_option("--cert", default="self.pem",
- help="SSL certificate")
(options, args) = parser.parse_args()
if len(args) > 2: parser.error("Too many arguments")
settings['listen_port'] = port
settings['handler'] = proxy_handler
settings['cert'] = os.path.abspath(options.cert)
+ if settings['key']:
+ settings['key'] = os.path.abspath(options.key)
settings['ssl_only'] = options.ssl_only
settings['daemon'] = options.daemon
if options.record: