Azreyo/Carbon
1
1
Fork 0
Code Actions Packages Projects Releases Wiki Activity

Improve HTTPS connection handling and enhance error logging

Browse Source 
- Added a delay for non-blocking accept errors in HTTPS server.
- Refactored HTTPS redirection to dynamically allocate response buffer.
- Improved SSL handshake error logging.
- Adjusted shutdown logic to ensure proper socket closure based on HTTPS configuration.
- Fixed memory handling for rate limit IP storage.
This commit is contained in:
Azreyo
2025-10-02 20:17:14 +02:00
parent 6be17d9de5
commit a34ae2a43e
1 changed files with 54 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
server.c
View File

@@ -328,9 +328,13 @@ void *start_https_server(void *arg) {
while (config.running && server_running) { while (config.running && server_running) {
int client_socket = accept(https_socket, NULL, NULL); int client_socket = accept(https_socket, NULL, NULL);
if (client_socket < 0) { if (client_socket < 0) {
perror("Error accepting HTTPS connection"); if (errno == EAGAIN || errno == EWOULDBLOCK) {
usleep(10000);
continue; continue;
} }
perror("Error accepting HTTPS connection");
break;
}
pthread_mutex_lock(&thread_count_mutex); pthread_mutex_lock(&thread_count_mutex);
if (num_client_threads < MAX_CLIENTS) { if (num_client_threads < MAX_CLIENTS) {
@@ -383,14 +387,24 @@ void *handle_http_client(void *arg) {
} }
if (config.use_https) { // Check if HTTPS is enabled if (config.use_https) { // Check if HTTPS is enabled
char redirect_response[512]; size_t needed = snprintf(NULL, 0,
snprintf(redirect_response, sizeof(redirect_response),
"HTTP/1.1 301 Moved Permanently\r\n" "HTTP/1.1 301 Moved Permanently\r\n"
"Location: https://%.255s%.255s\r\n\r\n", config.server_name, url); "Location: https://%s%s\r\n\r\n",
config.server_name, url) + 1;
char *redirect_response = malloc(needed);
if (redirect_response) {
snprintf(redirect_response, needed,
"HTTP/1.1 301 Moved Permanently\r\n"
"Location: https://%s%s\r\n\r\n",
config.server_name, url);
send(client_socket, redirect_response, strlen(redirect_response), 0); send(client_socket, redirect_response, strlen(redirect_response), 0);
log_event("Redirecting to HTTPS"); // Log the redirection free(redirect_response);
}
log_event("Redirecting to HTTPS");
close(client_socket); close(client_socket);
return NULL; return NULL;
} }
char *sanitized_url = sanitize_url(url); char *sanitized_url = sanitize_url(url);
@@ -507,6 +521,18 @@ void *handle_https_client(void *arg) {
pthread_exit(NULL); pthread_exit(NULL);
} }
if (SSL_accept(ssl) <= 0) {
int ssl_error = SSL_get_error(ssl, -1);
char error_msg[256];
snprintf(error_msg, sizeof(error_msg),
"SSL handshake failed. SSL error code: %d", ssl_error);
log_event(error_msg);
ERR_print_errors_fp(stderr);
SSL_free(ssl);
close(client_socket);
pthread_exit(NULL);
}
log_event("SSL handshake successful!"); log_event("SSL handshake successful!");
char buffer[MAX_REQUEST_SIZE]; char buffer[MAX_REQUEST_SIZE];
@@ -635,6 +661,7 @@ cleanup:
void shutdown_server() { void shutdown_server() {
log_event("Initiating server shutdown..."); log_event("Initiating server shutdown...");
// Set shutdown flags atomically // Set shutdown flags atomically
__atomic_store_n(&server_running, 0, __ATOMIC_SEQ_CST); __atomic_store_n(&server_running, 0, __ATOMIC_SEQ_CST);
__atomic_store_n(&config.running, 0, __ATOMIC_SEQ_CST); __atomic_store_n(&config.running, 0, __ATOMIC_SEQ_CST);
@@ -723,26 +750,24 @@ int parse_request_line(char *request_buffer, char *method, char *url, char *prot
void signal_handler(int sig) { void signal_handler(int sig) {
if (sig == SIGINT || sig == SIGTERM) { if (sig == SIGINT || sig == SIGTERM) {
printf("\nReceived signal %d, initiating shutdown...\n", sig);
// Set shutdown flags first
server_running = 0; server_running = 0;
config.running = 0; config.running = 0;
if(config.use_https && config.running == 0 && server_running == 0){
// Force close listening sockets to unblock accept()
if (http_socket != -1) {
shutdown(http_socket, SHUT_RDWR);
close(http_socket);
http_socket = -1;
}
if (https_socket != -1) { if (https_socket != -1) {
shutdown(https_socket, SHUT_RDWR); shutdown(https_socket, SHUT_RDWR);
close(https_socket); close(https_socket);
https_socket = -1; https_socket = -1;
exit(EXIT_SUCCESS); }
} else {
if (http_socket != -1) {
shutdown(http_socket, SHUT_RDWR);
close(http_socket);
http_socket = -1;
exit(EXIT_SUCCESS); }
} }
// Close epoll fd to unblock epoll_wait printf("\nReceived signal %d, initiating shutdown...\n", sig);
if (epoll_fd != -1) { if (epoll_fd != -1) {
close(epoll_fd); close(epoll_fd);
epoll_fd = -1; epoll_fd = -1;
@@ -1031,7 +1056,12 @@ int check_rate_limit(const char *ip) {
// Add new entry // Add new entry
rate_limits = realloc(rate_limits, (rate_limit_count + 1) * sizeof(RateLimit)); rate_limits = realloc(rate_limits, (rate_limit_count + 1) * sizeof(RateLimit));
strncpy(rate_limits[rate_limit_count].ip, ip, INET_ADDRSTRLEN); size_t ip_len = strlen(ip);
if (ip_len >= INET_ADDRSTRLEN) {
ip_len = INET_ADDRSTRLEN - 1;
}
memcpy(rate_limits[rate_limit_count].ip, ip, ip_len);
rate_limits[rate_limit_count].ip[ip_len] = '\0';
rate_limits[rate_limit_count].window_start = now; rate_limits[rate_limit_count].window_start = now;
rate_limits[rate_limit_count].request_count = 1; rate_limits[rate_limit_count].request_count = 1;
rate_limit_count++; rate_limit_count++;