Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
This is a ridiculously bad HTTP(S) server. It is not designed for real use it is just a learning tool for me.
C
branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
.gitignore
ASN1_decoder.c
ASN1_decoder.h
DumpHexMem.c
README
RSA_PublicCrypto.c
RSA_PublicCrypto.h
X509_Decoder.c
X509_encoding.h
base64.c
build.log
ca.h
cipher_table.c
cross_platform.c
decode_headers.c
handle_connection.c
handle_tls_connection.c
headers.c
headers.h
headers.txt
http_server.h
makefile
makevc
notes.txt
output.c
server.c
tables.c
tags
tls_MD5Hash.c
tls_encryption.c
tls_messages.c
utilities.c

README

							  Reaally Poor Server

							   By Peter Antoine.

					 Release under the Artistic Licence II.
					   Copyright 2010 (c) Peter Antoine.

						 email: rshs@peterantoine.me.uk



Introduction.
-------------

This is a very poor implementation of a HTTP/HTTPS server.

The only point of this server is for me to code one from scratch. It started life a simple piece of code that
I needed to help test a STB implementation of a HTTP client and keeps getting more functionality. (well it 
actually started life a Gopher Server - but that was VERY long ago).

Now it has grown into a HTTPS server as I do not (did not) know the magics that powered the modern internet and
I am getting involved with STB video delivery and all the nonsense so some knowledge of how this stuff all hangs
together might be a good idea. AS this is a more and more important part the home entertainment systems.

Security.
---------

None. Neut, Neavo!

There is a complaint TLS v1.2 stack as part of this server. If you use it for anything of worth you probably need
sectioning. It has passed some basic testing, using any test scripts/data sets that are available. So it will
generate the correct output for the correct input. What it will do for the more important INCORRECT input is
anyone's guess. I am not a security programmer I have not tested for buffer overruns and any of the other security
problems and common exploits.

I think I am reasonably good at what I do, but this is a mostly free-time project that is just being coded to help
me know more. 

Ahhh..... The above is all lies. :) There is a partially implimented TLS stack. All the messages are handled but 
the above is wishful thinking that I would have written the maths functions to go with it. They are half written
somewhere on one of my harddrives at home but I don't imagine that they will ever be finished. So if you just
want to understand the message flow for TLS read the code, try it and it will fail on the last step as it needs
the message to use the shared key that has not been created. This would need the maths functions to do this.
I did not see the point in using a third-party library, added nothing to the knowledge gain (might as well use
OpenSSL for everything).

If anyone spots any security flaws in the program, please let me know.

Building
--------

Ok. For *nix users do the following:

make

For Windows users do:

nmake -f makevc

Done!


Using it
--------

Don't :)

Though I do find it useful in situations where an unreliable (and unsafe) webserver is required for the short term.
Getting PDFs to be able to read on the IPad is favorite (yes, the IPad is s**t!).

Something went wrong with that request. Please try again.