Hi,
Out of the info on the wiki I created a simple Webserver with a server-certificate.
To get this code working you need to create the necessary certificate.
For this I used xca from
https://hohnstaedt.de but you can use OpenSSL to do the same.
program webserver;
{$mode objfpc}{$H+}
uses
{$ifdef UNIX}
cthreads, cmem,
{$endif}
fphttpapp,
httpdefs,
httproute,
opensslsockets;
var
fUseSSL: boolean;
const
fCertificatePassword: string = 'hello';
fCertificateHostName: string = 'localhost';
fCertificateFileName: string = 'Server.crt';
fCertificatePrivateKey: string = 'Server.key';
procedure route1(aReq: TRequest; aResp: TResponse);
begin
aResp.Content := '<html><body><h1>Route 1 The Default</h1></body></html>';
end;
procedure route2(aReq: TRequest; aResp: TResponse);
begin
aResp.Content := '<html><body><h1>Route 2</h1></body></html>';
end;
begin
HTTPRouter.RegisterRoute('/', @route1);
HTTPRouter.RegisterRoute('/2', @route2);
Application.Port := 1999;
fUseSSL :=true;
Application.UseSSL := fUseSSL;
if fUseSSL then
begin
Application.CertificateData.KeyPassword := fCertificatePassword;
Application.CertificateData.HostName := fCertificateHostName;
Application.CertificateData.Certificate.FileName := fCertificateFileName;
Application.CertificateData.PrivateKey.FileName := fCertificatePrivateKey;
end;
Application.Threaded := True;
Application.Initialize;
Application.Run;
end.
My questions are:
- How can I modify this example to enforce the use of a client certificate?
- How can I verify a client certificate in the server?In the TLS handshake a client certificate is optional but the server can ensure that it is mandatory.
Any help, pointers, sample code is appreciated.
Recent
