Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

hunchentoot define-easy-handler with ssl?

Tags:

ssl

common-lisp

hunchentoot

I use define-easy-handler all the time. I now have a freshly minted ssl certificate and associated pem files, but can't figure out what the ssl equivalent of d-e-h is.

For example, I have: 

  (hunchentoot:define-easy-handler 
   (login :uri "/login") 
   () 
   (login-html))

which is just a simple form whose formaction goes here: 

(hunchentoot:define-easy-handler 
   (dologin :uri "/dologin") 
   (email password) 
   (dologin-html email password))

I got the required .pem files from freecert, so I think that I have the files that go to :SSL-CERTIFICATE-FILE and :SSL-PRIVATEKEY-FILE. I've tried various args to the above to make this work, but can't seem to get it to work. Can someone give me an example of how to do this?

Thanks in advance for you help!

like image 675
jackisquizzical Avatar asked Jan 27 '23 23:01

jackisquizzical

2 Answers

You can keep your easy-handlers and change the type of acceptor you need.

(defpackage :web (:use :cl :hunchentoot))
(in-package :web)

;; This url can be accessed by all acceptors
(define-easy-handler (no-ssl :uri "/normal") ()
  (setf (content-type*) "text/plain")
  "NORMAL PAGE")

;; This url can be accessed only by an acceptor named SSL
(define-easy-handler (ssl :uri "/secure" :acceptor-names '(ssl)) ()
  (setf (content-type*) "text/plain")
  "SECURED PAGE")

For tests, if you don't already have a self-signed certificate , you can do:

$ cd /tmp
$ openssl req -new -x509 -nodes -out server.crt -keyout server.key

Then, we define two kinds of acceptors:

(defvar *no-ssl-acceptor*
  (make-instance 'easy-acceptor :port 8080))

(defvar *ssl-acceptor*
  (make-instance 'easy-ssl-acceptor
                 :name 'ssl
                 :port 7777
                 :ssl-privatekey-file  #P"/tmp/server.key"
                 :ssl-certificate-file #P"/tmp/server.crt"))

Start them:

(start *ssl-acceptor*)
(start *no-ssl-acceptor*)

Your browser should complain the first time you try to access HTTPS pages (ignore the security exception).

  • http://localhost:8080/normal
  • http://localhost:8080/secure (should fail with 404)
  • https://localhost:7777/normal
  • https://localhost:7777/secure

Note also that the :acceptor-names argument is optional (thanks @Simeon Ikudabo), here above it was added explictly for the examples. You can just define an SSL acceptor and let all your pages be served over a secure link.

like image 157
coredump Avatar answered Feb 04 '23 15:02

coredump

This is not a function of the handlers but of the acceptor. All you need to do is use an easy-ssl-acceptor instead of an easy-acceptor for starting your server:

(hunchentoot:start (make-instance 'hunchentoot:easy-ssl-acceptor :port 4242))
like image 35
Svante Avatar answered Feb 04 '23 15:02

Svante
Sign in to Comment

Related questions

How can you verify validity of an HTTPS/SSL certificate in .NET?
Access localhost with self signed certificate over https using Ajax
Can't debug on Visual Studio 2017 with local IIS - Unknown Error 0x80004005
Enabling SSL on a subdomain with AWS S3 and ACM
.NET Core HttpClient - "A security error occurred" HttpRequestException
Why I need a SSL certificate?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!