2012-09-21 08:38:56 +02:00
|
|
|
# sample/include.am for libevent
|
2012-02-10 17:29:53 -05:00
|
|
|
# Copyright 2000-2007 Niels Provos
|
|
|
|
# Copyright 2007-2012 Niels Provos and Nick Mathewson
|
|
|
|
#
|
|
|
|
# See LICENSE for copying information.
|
|
|
|
|
2012-08-28 15:58:18 -04:00
|
|
|
SAMPLES = \
|
|
|
|
sample/dns-example \
|
|
|
|
sample/event-read-fifo \
|
|
|
|
sample/hello-world \
|
|
|
|
sample/http-server \
|
2015-08-18 12:18:31 +03:00
|
|
|
sample/http-connect \
|
2012-08-28 15:58:18 -04:00
|
|
|
sample/signal-test \
|
2019-03-26 13:33:57 -04:00
|
|
|
sample/time-test \
|
|
|
|
sample/watch-timing
|
2002-04-09 17:42:15 +00:00
|
|
|
|
2009-07-28 04:03:57 +00:00
|
|
|
if OPENSSL
|
2012-08-28 15:58:18 -04:00
|
|
|
SAMPLES += sample/le-proxy
|
|
|
|
sample_le_proxy_SOURCES = sample/le-proxy.c
|
2017-08-21 01:08:15 -07:00
|
|
|
sample_le_proxy_LDADD = libevent.la libevent_openssl.la $(OPENSSL_LIBS) $(OPENSSL_LIBADD)
|
|
|
|
sample_le_proxy_CPPFLAGS = $(AM_CPPFLAGS) $(OPENSSL_INCS)
|
2013-02-19 12:22:31 -05:00
|
|
|
|
2019-03-05 21:34:31 +03:00
|
|
|
SAMPLES += sample/becat
|
|
|
|
sample_becat_SOURCES = sample/becat.c
|
|
|
|
sample_becat_LDADD = libevent.la libevent_openssl.la $(OPENSSL_LIBS) $(OPENSSL_LIBADD)
|
|
|
|
sample_becat_CPPFLAGS = $(AM_CPPFLAGS) $(OPENSSL_INCS)
|
|
|
|
|
2013-02-19 12:22:31 -05:00
|
|
|
SAMPLES += sample/https-client
|
use iSECPartners code to validate hostname in certificate
The problem is that if you go to a website whose certificate does not
match its hostname, it should fail. Try this in a web browser for
https://www.kegel.com/ for example. Your web browser will say the
certificate is for *.pair.com, not for www.kegel.com, and won't let
you visit it without clicking through a bunch of scary warnings.
However, prior to this commit, https-client was happy to fetch
https://www.kegel.com/ without complaining. That is bad. Now, with
this commit, it will properly complain, which is good:
pelletier@chives:~/src/libevent/sample$ ./https-client https://www.kegel.com/
Got 'MatchNotFound' for hostname 'www.kegel.com' and certificate:
/C=US/postalCode=15203/ST=Pennsylvania/L=Pittsburgh/street=Suite 210/street=2403 Sidney Street/O=pair Networks, Inc./OU=Provided by pair Networks, Inc./OU=PairWildcardSSL $250,000/CN=*.pair.com
some request failed - no idea which one though!
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
ppelletier@chives:~/src/libevent/sample$
It will still succeed for sites with an exactly-matching certificate,
such as https://github.com/ and that is also good!
However, the problem is that the iSECPartners code doesn't handle
wildcards, which means we reject https://ip.appspot.com/ even though
it is perfectly legitimate, because we don't understand the wildcard:
ppelletier@chives:~/src/libevent/sample$ ./https-client https://ip.appspot.com/
Got 'MatchNotFound' for hostname 'ip.appspot.com' and certificate:
/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.appspot.com
some request failed - no idea which one though!
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
ppelletier@chives:~/src/libevent/sample$
So, we need to fix this. In other words, "to be continued..."
2013-02-27 17:16:27 -08:00
|
|
|
sample_https_client_SOURCES = \
|
|
|
|
sample/https-client.c \
|
2013-02-27 21:12:53 -08:00
|
|
|
sample/hostcheck.c \
|
use iSECPartners code to validate hostname in certificate
The problem is that if you go to a website whose certificate does not
match its hostname, it should fail. Try this in a web browser for
https://www.kegel.com/ for example. Your web browser will say the
certificate is for *.pair.com, not for www.kegel.com, and won't let
you visit it without clicking through a bunch of scary warnings.
However, prior to this commit, https-client was happy to fetch
https://www.kegel.com/ without complaining. That is bad. Now, with
this commit, it will properly complain, which is good:
pelletier@chives:~/src/libevent/sample$ ./https-client https://www.kegel.com/
Got 'MatchNotFound' for hostname 'www.kegel.com' and certificate:
/C=US/postalCode=15203/ST=Pennsylvania/L=Pittsburgh/street=Suite 210/street=2403 Sidney Street/O=pair Networks, Inc./OU=Provided by pair Networks, Inc./OU=PairWildcardSSL $250,000/CN=*.pair.com
some request failed - no idea which one though!
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
ppelletier@chives:~/src/libevent/sample$
It will still succeed for sites with an exactly-matching certificate,
such as https://github.com/ and that is also good!
However, the problem is that the iSECPartners code doesn't handle
wildcards, which means we reject https://ip.appspot.com/ even though
it is perfectly legitimate, because we don't understand the wildcard:
ppelletier@chives:~/src/libevent/sample$ ./https-client https://ip.appspot.com/
Got 'MatchNotFound' for hostname 'ip.appspot.com' and certificate:
/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.appspot.com
some request failed - no idea which one though!
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
ppelletier@chives:~/src/libevent/sample$
So, we need to fix this. In other words, "to be continued..."
2013-02-27 17:16:27 -08:00
|
|
|
sample/openssl_hostname_validation.c
|
2017-08-21 01:08:15 -07:00
|
|
|
sample_https_client_LDADD = libevent.la libevent_openssl.la $(OPENSSL_LIBS) $(OPENSSL_LIBADD)
|
|
|
|
sample_https_client_CPPFLAGS = $(AM_CPPFLAGS) $(OPENSSL_INCS)
|
2013-02-27 21:12:53 -08:00
|
|
|
noinst_HEADERS += \
|
|
|
|
sample/hostcheck.h \
|
|
|
|
sample/openssl_hostname_validation.h
|
2009-07-28 04:03:57 +00:00
|
|
|
endif
|
|
|
|
|
2014-06-13 17:07:50 -04:00
|
|
|
if BUILD_SAMPLES
|
2012-08-28 15:58:18 -04:00
|
|
|
noinst_PROGRAMS += $(SAMPLES)
|
2014-06-13 17:07:50 -04:00
|
|
|
endif
|
2012-08-28 15:58:18 -04:00
|
|
|
|
|
|
|
$(SAMPLES) : libevent.la
|
|
|
|
|
|
|
|
sample_event_read_fifo_SOURCES = sample/event-read-fifo.c
|
|
|
|
sample_event_read_fifo_LDADD = $(LIBEVENT_GC_SECTIONS) libevent.la
|
|
|
|
sample_time_test_SOURCES = sample/time-test.c
|
|
|
|
sample_time_test_LDADD = $(LIBEVENT_GC_SECTIONS) libevent.la
|
|
|
|
sample_signal_test_SOURCES = sample/signal-test.c
|
|
|
|
sample_signal_test_LDADD = $(LIBEVENT_GC_SECTIONS) libevent.la
|
|
|
|
sample_dns_example_SOURCES = sample/dns-example.c
|
|
|
|
sample_dns_example_LDADD = $(LIBEVENT_GC_SECTIONS) libevent.la
|
|
|
|
sample_hello_world_SOURCES = sample/hello-world.c
|
|
|
|
sample_hello_world_LDADD = $(LIBEVENT_GC_SECTIONS) libevent.la
|
|
|
|
sample_http_server_SOURCES = sample/http-server.c
|
|
|
|
sample_http_server_LDADD = $(LIBEVENT_GC_SECTIONS) libevent.la
|
2015-08-18 12:18:31 +03:00
|
|
|
sample_http_connect_SOURCES = sample/http-connect.c
|
|
|
|
sample_http_connect_LDADD = $(LIBEVENT_GC_SECTIONS) libevent.la
|
2019-03-26 13:33:57 -04:00
|
|
|
sample_watch_timing_SOURCES = sample/watch-timing.c
|
|
|
|
sample_watch_timing_LDADD = $(LIBEVENT_GC_SECTIONS) libevent.la -lm
|