Skip to content

[http] add testing of ssl support in civetweb #22525

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
linev merged 2 commits into from
Jun 9, 2026
+121 −2
Merged

[http] add testing of ssl support in civetweb #22525

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c8b3ac1
[http] fix ssl_certificate handling
linev Jun 8, 2026
748eafa
[http] add testing of ssl support in civetweb
linev Jun 8, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions net/http/src/TCivetweb.cxx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -602,7 +602,7 @@ Int_t TCivetweb::ChangeNumActiveThrerads(int cnt)
///
/// thrds=N - there N is number of threads used by the civetweb (default is 10)
/// top=name - configure top name, visible in the web browser
/// ssl_certificate=filename - SSL certificate, see docs/OpenSSL.md from civetweb
/// ssl_cert=filename - SSL certificate, see docs/OpenSSL.md from civetweb
/// auth_file=filename - authentication file name, created with htdigets utility
/// auth_domain=domain - authentication domain
/// websocket_timeout=tm - set web sockets timeout in seconds (default 300)
Expand Down Expand Up @@ -684,7 +684,9 @@ Bool_t TCivetweb::Create(const char *args)
if (adomain)
auth_domain = adomain;

const char *sslc = url.GetValueFromOptions("ssl_cert");
const char *sslc = url.GetValueFromOptions("ssl_certificate");
if (!sslc)
sslc = url.GetValueFromOptions("ssl_cert");
if (sslc)
ssl_cert = sslc;

Expand Down
7 changes: 7 additions & 0 deletions net/http/test/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,13 @@ execute_process(
OUTPUT_STRIP_TRAILING_WHITESPACE
)

if(ssl)
find_program(OPENSSL_EXECUTABLE openssl)
if(OPENSSL_EXECUTABLE)
ROOT_ADD_GTEST(testHttpsServer test_ssl_server.cxx LIBRARIES RHTTP RHTTPSniff Hist)
endif()
endif()

# only newer curl support websockets - so test version
# curl introduce support from 8.11 but it works reliably only with 8.18
if(CURL_CLI_OUTPUT MATCHES "curl ([0-9]+\\.[0-9]+\\.[0-9]+)")
Expand Down
110 changes: 110 additions & 0 deletions net/http/test/test_ssl_server.cxx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
#include "gtest/gtest.h"

#include <string>
#include <fstream>
#include <iostream>

#include "THttpServer.h"
#include "TROOT.h"

#include "TSystem.h"
#include "TNamed.h"
#include "TRandom.h"

#include "ROOT/TestSupport.hxx"

#include "./test_suite.cxx"

void cleanup_files()
{
gSystem->Unlink("server.pem");
gSystem->Unlink("server.crt");
gSystem->Unlink("server.key");
gSystem->Unlink("server.key.orig");
}

// main http server
TEST(THttpServer, ssl)
{
cleanup_files();

int res = gSystem->Exec("openssl genrsa -des3 -passout pass:aaaa -out server.key 2048");
EXPECT_EQ(res, 0) << "Generate new RSA key";
if (res) {
cleanup_files();
return;
}

res = gSystem->Exec("openssl req -new -passin pass:aaaa -key server.key -subj \"/C=GE/ST=Hesse/L=Darmstadt/O=GSI/CN=localhost\" -out server.csr");
EXPECT_EQ(res, 0) << "Generate new server key";
if (res) {
cleanup_files();
return;
}

gSystem->CopyFile("server.key", "server.key.orig");

res = gSystem->Exec("openssl rsa -in server.key.orig -passin pass:aaaa -out server.key");
EXPECT_EQ(res, 0) << "Convert key into RSA";
if (res) {
cleanup_files();
return;
}

res = gSystem->Exec("openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt");
EXPECT_EQ(res, 0) << "Generate server certificate";
if (res) {
cleanup_files();
return;
}

res = gSystem->Exec("cat server.crt server.key > server.pem");
EXPECT_EQ(res, 0) << "Generate server certificate";
if (res) {
cleanup_files();
return;
}

if (gSystem->AccessPathName("server.pem")) {
std::cerr << "Fail to access server.pem file";
cleanup_files();
return;
}

if (gSystem->AccessPathName("server.crt")) {
std::cerr << "Fail to access server.crt file";
cleanup_files();
return;
}

THttpServer serv("");

gRandom->SetSeed(0);

Int_t httpport = 0;

for(int ntry = 0; ntry < 100; ++ntry) {
Int_t port = (Int_t) (25000 + gRandom->Rndm() * 1000);
// only two threads, bind to loopback address only
TString arg = TString::Format("https:%d?loopback&ssl_cert=server.pem&thrds=3", port);
if (serv.CreateEngine(arg)) {
httpport = port;
break;
}
}

EXPECT_NE(httpport, 0);

if (!httpport) {
cleanup_files();
return;
}

server_hash = httpport;
unix_socket = "--cacert server.crt"; // curl argument
server_url = TString::Format("https:/localhost:%d", httpport);

test_suite(serv);

cleanup_files();
}
Loading