Comments (11)
Hi!
The HTTPS support is still farily new (and yet unreleased). I've been meaning to get back to Merecat to finalize the support so I can start testing letsencrypt. Would be great to get some help looking into this! :-)
I guess you mean CGI upload, right? That code path is in src/libhttpd.c, likely the cgi_child()
function handles this. Not really sure I got around to inspecting that, could be that the forked child doesn't inherit the SSL socket, or that I've just forgot to add the correct wrapper methods. You can add some more syslog(LOG_DEBUG, ...)
calls to help track it down further, use -l debug
, to enable debug messages in the log.
from merecat.
Thank, you for your response. Yes I mean CGI upload. I looked into cgi_child(), but I am unable to find it.
At least I have some observations that could be helpful:
- regular post of form data arrives to CGI without any problem.
- file upload gets mangled but first three bytes are still the same no matter the file content:
\0x17\0x03\0x03 rest look to me like it is still encrypted.
from merecat.
OK, it's on line 3665 in src/libhttpd.c
Do you have an example CGI and config file, if any, I can test with?
from merecat.
Hi,
I meant that I can't find the bug, not the function :). Here is my basic shell CGI example. There are two forms one with file input and second with basic text input. When I set ssl=false both works like expected, when I turn ssl on only text input works like expected.
merecat.conf
ssl = true
port = 8443
certfile = certs/cert.pem
keyfile = private/key.pem
directory = /tmp/www
send.sh
#!/bin/bash
echo 'echo "Content-type: text/html"
echo
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<form method="post" action="/cgi-bin/recieve.sh" enctype="multipart/form-data">
<input type="file" name="file_data" />
<input type="submit" />
</form>
<form method="post" action="/cgi-bin/recieve.sh">
<input type="text" name="test" />
<input type="submit" />
</form>
</body>
</html>'
recieve.sh
#!/bin/bash
if [ "$REQUEST_METHOD" = "POST" ]; then
DATA=$( head -c $CONTENT_LENGTH )
fi
echo 'echo "Content-type: text/html"
echo
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<p>
Data recieved
<br />
'"$DATA"'
<br />
<a href=send.sh>back</a>
</p>
</body>
</html>'
echo "$DATA" > /tmp/data
from merecat.
It was a bit ambiguous what you meant :-)
Thanks for the CGI and .conf, I'll have a look at it tomorrow or during the weekend at the latest!
from merecat.
OK, finally managed to reproduce your problem. Had some trouble setting up a working self-signed cert with the latest firefox/chrome.
I think I've found the problem. When in SSL mode Merecat uses the internal functions httpd_ssl_write() and httpd_ssl_read() which are wrappers around the file descriptor to do the SSL magic. However, the CGI is a forked off process that writes raw data to the file descriptor.
This is bad news since it means there's potentially a lot of work to get HTTPS working with CGI. I'll see what I can do, currently thinking about setting up a pipe() between the CGI child and the parent process, but it's likely gonna take me a while to get around to since i can only work on Merecat on my spare time.
from merecat.
Heh, funnily enough I may have fixed it! :-)
Turns out 1) there already was a pipe() and pre/post-processing of CGI, 2) when in SSL mode we read a LOT (all?) of data pre-processing, so all I had to do was to change a comparison > to >= ... works for my test case.
Love to head back from you if this fixes your problem as well.
from merecat.
Yes it seems to fix my problem too :). Thank you.
from merecat.
Awesome, thanks for getting back! (closing issue)
What remains (for me) before the next release is adding support for HTTPS and HTTP at the same time, with automatic redirect if so configured. Should be fairly straight forward, but unfortunately not prioritized atm. Hope you can make do with the current GIT master.
from merecat.
Thanks for fix. HTTPS and HTTP at the same time would be really nice, but I am ok with current master :).
I have one more question, is it intended to print stderr to web?
from merecat.
OK, great!
You mean from a cgi? Yes, I believe so. You'll have to redirect stderr yourself in the CGI. Either with syslog(), in C/Python, or maybe with logger, in shell scripts.
from merecat.
Related Issues (20)
- python cgi HOT 4
- Setting environment variable for CGI HOT 3
- help me enable PHP HOT 25
- phpmyadmin in merecat? HOT 4
- Support for proxy-pass
- index.php does not run in subfolders HOT 2
- PHP with method GET does not work HOT 2
- http logging doesn't seem complete, even w/ -l debug HOT 3
- HTTP header line endings HOT 2
- Condition check resulted in Merecat web server being skipped
- build time issues with php support HOT 1
- Re-add thttpd-style logging? HOT 1
- make dist; make check fails: fatal: making test-suite.log: failed to create php.trs HOT 4
- Skip doc installation HOT 3
- mbedtls support? HOT 1
- 2 processes start? HOT 1
- Allow cross origin header HOT 4
- Could not run CGI via merecat.conf HOT 1
- Bug in background HOT 1
- access.log HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from merecat.