This is great, out of the box SSL support in this library would be a great addition ..
Internally we were able to meet this requirement (at VMware) by writing a xmlrpc module for Apache and then running apache with SSL support..
From: Shoaib Mir [mailto:shoaibmir@...]
Sent: Sunday, December 14, 2008 3:07 PM
To: xmlrpc-c development discussion
Subject: Re: [xmlrpc-c-devel] SSL Abyss XML-RPC server
Bryan, thanks for a really detailed email on this as it is really helpful.
As I start looking at adding the SSL support, I will keep you guys updated with my findings and any questions I come across during the process.
On Sun, Dec 14, 2008 at 2:46 PM, Bryan Henderson <bryanh@...>> wrote:
I'd like to report on the status of adding SSL capability for servers.
Over the years, many people have been interested in using Xmlrpc-c to create
an XML-RPC server that uses SSL encrypted communication, i.e. an "https" URL.
Several people have worked on adding code to Xmlrpc-c for that, but these
efforts haven't yielded much product -- in the Xmlrpc-c distribution, anyway.
What _has_ been done is I put an object-oriented socket layer in the Abyss
HTTP server that makes an easy place to plug in SSL function. And a year ago,
Brian Hechinger (wonko@...>) supplied the beginnings of an object
class for SSL based on Openssl (in the source tree now).
We have a pretty clear direction for the functional design at the various
levels of function Xmlrpc-c offers:
- Abyss under the covers level: Use existing xmlrpc_server_abyss(), but its
struct xmlrpc_server_abyss_parms argument has fields added to indicate you
want SSL and the various parameters of the SSL connection, such as what
certificates to use.
And in the C++ world: Use the existing xmlrpc_c::serverAbyss class,
but with additional constructor options to say you want SSL and the
- Explicit Abyss level: New ServerInitSsl() does the same thing as
ServerInit() except it initializes the Abyss HTTP server to do SSL
- Explicit connection control level: ChanSwitchOpensslCreate() creates a
channel switch for Openssl-based SSL connections, which you can the use
with existing facilities to create an Abyss HTTP server and then add
handlers to make that server an XML-RPC server.
Or you can manage your own TCP connections and call Openssl yourself
to generate each Openssl connection (SSL *) and pass that to
ChannelOpensslCreateSsl() to generate an Abyss channel and pass that
to an Abyss server.
As for implementation, I believe this is what is required:
Ccomplete the file (which already exists in template form)
lib/abyss/src/socket_openssl.c and its header file
include/xmlprc-c/abyss_opensslsock.h to do the proper interfacing with the
Then add the calls from higher level code to the functions in
- Add ServerInitSsl() to abyss/src/server.c to replace ServerInit() for
an SSL server.
- Extend xmlrpc_server_abyss_parms structure to include SSL parameters.
- Extend createServerBare() in src/xmlrpc_server_abyss.c to recognize
the SSL case and call ChanSwitchOpensslCreate() or
ChanSwitchOpensslCreateFd() and ServerCreateSwitch().
- Extend serverAbyss::constrOpt in src/cpp/server_abyss.cpp to include SSL
- Extend createServer() in src/cpp/server_abyss.cpp to recognize the SSL
case and call ChanSwitchOpensslCreate() or ChanSwitchOpensslCreateFd() and
There also has to be something in the build system to find the Openssl
library and give the user a choice over whether to use it.
In 2006, Rob Braun (bbraun@...>) got an SSL Abyss server working via a
new Openssl-based version of ServerRunConn() (i.e. user code sets up an Abyss
server, adds Xmlrpc-c XML-RPC handlers, and accepts its own TCP connection
from a client and passes that connection to that server). He sent me the
code, but it was based on an older and quite different code base, so I wasn't
able to use it in the distribution.
A few days ago, Shoaib Mir (shoaibmir@...>) told me he will be looking at
adding SSL server capability next week.
Bryan Henderson San Jose, California
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you. Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
xmlrpc-c-devel mailing list