These are really good libraries that got my dates and times flowing client-server full circle, with all the UI and math tools I needed.
KISS!
// Date sanitation: limit ancient and future days and ensure start isn't beyond end
date today = second_clock::local_time().date();
date s = startdate;
date e = enddate;
if (e > today)
e = today;
if (e - s > date_duration(cn_max_days_to_look_back))
s = e - date_duration(cn_max_days_to_look_back);
if (s > e)
s = e;
One deep dive with haproxy and I have handed it complete control of all my certificates.
* One bind statement with every single cert file I own, and haproxy is instantly handling every host’s SSL handshaking using SNI
* It is handling dynamic conversion of http requests to https
* It has removed the need for https on any webserver on the secured LAN
* It allows incredibly flexible load balancing via host, port, url, etc etc
* It is easy to set up to use ssl best practices, so every one of your websites instantly gets A+ ratings on ssl labs
Unbelievable, I’m stunned.
Here’s all I needed to get ssl labs A+ ratings:
global
# MDM NO SSLv3! Good ciphers!
ssl-default-bind-options no-sslv3 no-tls-tickets force-tlsv12
ssl-default-bind-ciphers AES128+EECDH:AES128+EDH
frontend ....
# MDM We need to provide an HSTS header to get A+ at ssllabs!
http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
reqadd X-Forwarded-Proto:\ https
Also needed this in wordpress wp-config.php:
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';
When an unauthenticated user accesses a protected resource of my API server, I want to immediately redirect them to the login page. Research has indicated that the server should send the client an HTTP 302 page with the url. Experimentation has shown that you can successfully set cookies. The cookie can be used to hold the url to re-redirect the user back to the original request after authenticating. Nice.
Here’s the header to send from the server:
const string cstr_HTML_302_HEADER1 = "HTTP/1.1 302 Moved Temporarily\r\nLocation: ";
const string cstr_HTML_HEADER2 = "\r\n\r\n";
// ....
string cookie_header = "\r\n";
cookie_header += "Set-Cookie: .... ";
*response << cstr_HTML_302_HEADER1 << "/v1/login.html" << cookie_header << cstr_HTML_HEADER2;
The publicly available version of quick-http on github needs a refresh, hopefully I'll have some time soon to move a large set of new code there that uses Simple Web Server, HTTP 302 redirects, user authentication, etc.
BAH THEY DONE FUCKED UP
The king is dead, long live the king!
Let’s take this to the wiki…
Update: add these awesome ones!
https://pocoproject.org/
https://macchina.io/docs/
http://vinniefalco.github.io/beast/beast/intro/example.html
Goal: find the fastest possible C++ https library that can score an A on the SSLLabs test. Ties broken by ease of use, then by support for websockets.
Initial results (see wiki for latest…):
| LIBRARY | ab
MB/sec |
ab
pages/sec |
SSL LABS SCORE |
EASE | WS? | COMMENTS |
| apache | A | 3 | N | need to write a module, apache remains in charge of message loop (unacceptable) | ||
| libwebsockets | 7 | Y | ||||
| proxygen | 7 | only easy to build on ubuntu so hasn’t been stood up on my gentoo server yet; huge kitchen sink of helpers | ||||
| Simple-Web-Server | B | 10 | Y | websockets in a seperate compatible project; may be able to leverage asio to improve score (capped by RC4); no forward secrecy | ||
| websocketpp | uses asio, specifies a “modern” mode that only allows TSL1.2 | |||||
| mongoose | 3 | messy ton of hand-crafted portability C code scared me off | ||||
| onion | looks like a strong C lib | |||||
| libmicrohttpd | GNU c lib, not sure it supports modern algos, check score… |
