Added new property allowing to specify the server security cipher alg…

…orithm.
risoflora · Dec 20, 2021 · 6e89ec3 · 6e89ec3
1 parent 5857348
commit 6e89ec3
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 5 deletions.
diff --git a/Source/BrookHTTPServer.pas b/Source/BrookHTTPServer.pas
@@ -70,6 +70,7 @@   TBrookHTTPServerSecurity = class(TPersistent)
     FCertificate: string;
     FTrust: string;
     FDHParams: string;
+    FPriorities: string;
     function IsActiveStored: Boolean;
   public
     { Copies properties from another security source.
@@ -95,6 +96,8 @@   TBrookHTTPServerSecurity = class(TPersistent)
     { Content of the Diffie-Hellman parameters (dh.pem) to be used by the HTTPS
       server for key exchange. }
     property DHParams: string read FDHParams write FDHParams;
+    { Content of the cipher algorithm. Default: @code(NORMAL). }
+    property Priorities: string read FPriorities write FPriorities;
   end;
 
   { Event signature used by HTTP server to handle the clients authentication. }
@@ -338,6 +341,7 @@ procedure TBrookHTTPServerSecurity.Assign(ASource: TPersistent);
     FCertificate := VSource.Certificate;
     FTrust := VSource.Trust;
     FDHParams := VSource.DHParams;
+    FPriorities := VSource.Priorities;
   end
   else
     inherited Assign(ASource);
@@ -364,6 +368,7 @@ procedure TBrookHTTPServerSecurity.Clear;
   FCertificate := '';
   FTrust := '';
   FDHParams := '';
+  FPriorities := '';
 end;
 
 { TBrookHTTPServer }
@@ -1032,14 +1037,15 @@ procedure TBrookHTTPServer.DoOpen;
   if FSecurity.Active then
   begin
     FSecurity.Validate;
-    if not Assigned(sg_httpsrv_tls_listen2) then
+    if not Assigned(sg_httpsrv_tls_listen3) then
       raise ENotSupportedException.Create(SBrookTLSNotAvailable);
-    FActive := sg_httpsrv_tls_listen2(FHandle,
+    FActive := sg_httpsrv_tls_listen3(FHandle,
       M.ToCNullableString(FSecurity.PrivateKey),
       M.ToCNullableString(FSecurity.PrivatePassword),
       M.ToCNullableString(FSecurity.Certificate),
       M.ToCNullableString(FSecurity.Trust),
-      M.ToCNullableString(FSecurity.DHParams), FPort, FThreaded);
+      M.ToCNullableString(FSecurity.DHParams),
+      M.ToCNullableString(FSecurity.Priorities), FPort, FThreaded);
   end
   else
     FActive := sg_httpsrv_listen(FHandle, FPort, FThreaded);

diff --git a/Source/libsagui.pas b/Source/libsagui.pas
@@ -60,9 +60,9 @@ interface
 const
   SG_VERSION_MAJOR = 3;
 
-  SG_VERSION_MINOR = 3;
+  SG_VERSION_MINOR = 4;
 
-  SG_VERSION_PATCH = 1;
+  SG_VERSION_PATCH = 0;
 
   SG_VERSION_HEX = (SG_VERSION_MAJOR shl 16) or (SG_VERSION_MINOR shl 8) or //FI:O803
     SG_VERSION_PATCH;
@@ -445,6 +445,11 @@ function sg_httpres_zrender(res: Psg_httpres;
 
   sg_httpsrv_free: procedure(srv: Psg_httpsrv); cdecl;
 
+  sg_httpsrv_tls_listen3: function(srv: Psg_httpsrv; const key: Pcchar;
+    const pwd: Pcchar; const cert: Pcchar; const trust: Pcchar;
+    const dhparams: Pcchar; const priorities: Pcchar; port: cuint16_t;
+    threaded: cbool): cbool; cdecl;
+
   sg_httpsrv_tls_listen2: function(srv: Psg_httpsrv; const key: Pcchar;
     const pwd: Pcchar; const cert: Pcchar; const trust: Pcchar;
     const dhparams: Pcchar; port: cuint16_t; threaded: cbool): cbool; cdecl;
@@ -1101,6 +1106,7 @@ class function SgLib.InternalLoad(const AName: TFileName): TLibHandle;
     sg_httpsrv_new2 := GetProcAddress(GHandle, 'sg_httpsrv_new2');
     sg_httpsrv_new := GetProcAddress(GHandle, 'sg_httpsrv_new');
     sg_httpsrv_free := GetProcAddress(GHandle, 'sg_httpsrv_free');
+    sg_httpsrv_tls_listen3 := GetProcAddress(GHandle, 'sg_httpsrv_tls_listen3');
     sg_httpsrv_tls_listen2 := GetProcAddress(GHandle, 'sg_httpsrv_tls_listen2');
     sg_httpsrv_tls_listen := GetProcAddress(GHandle, 'sg_httpsrv_tls_listen');
     sg_httpsrv_listen := GetProcAddress(GHandle, 'sg_httpsrv_listen');
@@ -1302,6 +1308,7 @@ class function SgLib.Unload: TLibHandle;
     sg_httpsrv_new2 := nil;
     sg_httpsrv_new := nil;
     sg_httpsrv_free := nil;
+    sg_httpsrv_tls_listen3 := nil;
     sg_httpsrv_tls_listen2 := nil;
     sg_httpsrv_tls_listen := nil;
     sg_httpsrv_listen := nil;

diff --git a/Test/Test_libsagui.dpr b/Test/Test_libsagui.dpr
@@ -392,6 +392,7 @@ begin
   Assert(not Assigned(sg_httpsrv_new));
   Assert(not Assigned(sg_httpsrv_free));
 {$IFDEF TLS_SUPPORT}
+  Assert(not Assigned(sg_httpsrv_tls_listen3));
   Assert(not Assigned(sg_httpsrv_tls_listen2));
   Assert(not Assigned(sg_httpsrv_tls_listen));
 {$ENDIF}
@@ -565,6 +566,7 @@ begin
   Assert(Assigned(sg_httpsrv_new));
   Assert(Assigned(sg_httpsrv_free));
 {$IFDEF TLS_SUPPORT}
+  Assert(Assigned(sg_httpsrv_tls_listen3));
   Assert(Assigned(sg_httpsrv_tls_listen2));
   Assert(Assigned(sg_httpsrv_tls_listen));
 {$ENDIF}