hunchentoot使用ssl定义易于处理? [英] hunchentoot define-easy-handler with ssl?

问题描述

我一直都在使用define-easy-handler.我现在有一个刚铸造的ssl证书和相关的pem文件，但无法弄清楚d-e-h的ssl等效项是什么.

I use define-easy-handler all the time. I now have a freshly minted ssl certificate and associated pem files, but can't figure out what the ssl equivalent of d-e-h is.

例如，我有:

  (hunchentoot:define-easy-handler 
   (login :uri "/login") 
   () 
   (login-html)) 

这只是一个简单的形式，其形式如下:

which is just a simple form whose formaction goes here:

(hunchentoot:define-easy-handler 
   (dologin :uri "/dologin") 
   (email password) 
   (dologin-html email password)) 

我从freecert获得了必需的.pem文件，所以我认为我拥有以下文件: SSL-CERTIFICATE-FILE 和: SSL-PRIVATEKEY-FILE .我已经对上面的各种args进行了尝试，但是似乎无法正常工作.有人可以给我举个例子吗?

I got the required .pem files from freecert, so I think that I have the files that go to :SSL-CERTIFICATE-FILE and :SSL-PRIVATEKEY-FILE. I've tried various args to the above to make this work, but can't seem to get it to work. Can someone give me an example of how to do this?

在此先感谢您的帮助！

Thanks in advance for you help!

推荐答案

您可以保留方便的处理程序并更改所需的接受器的类型.

You can keep your easy-handlers and change the type of acceptor you need.

(defpackage :web (:use :cl :hunchentoot))
(in-package :web)

;; This url can be accessed by all acceptors
(define-easy-handler (no-ssl :uri "/normal") ()
  (setf (content-type*) "text/plain")
  "NORMAL PAGE")

;; This url can be accessed only by an acceptor named SSL
(define-easy-handler (ssl :uri "/secure" :acceptor-names '(ssl)) ()
  (setf (content-type*) "text/plain")
  "SECURED PAGE")

用于测试，如果您还没有自签名证书，则可以执行以下操作:

For tests, if you don't already have a self-signed certificate , you can do:

$ cd /tmp
$ openssl req -new -x509 -nodes -out server.crt -keyout server.key

然后，我们定义两种受体:

Then, we define two kinds of acceptors:

(defvar *no-ssl-acceptor*
  (make-instance 'easy-acceptor :port 8080))

(defvar *ssl-acceptor*
  (make-instance 'easy-ssl-acceptor
                 :name 'ssl
                 :port 7777
                 :ssl-privatekey-file  #P"/tmp/server.key"
                 :ssl-certificate-file #P"/tmp/server.crt"))

启动它们:

(start *ssl-acceptor*)
(start *no-ssl-acceptor*)

您的浏览器在您第一次尝试访问HTTPS页面时会抱怨(忽略安全异常).

Your browser should complain the first time you try to access HTTPS pages (ignore the security exception).

• http://localhost:8080/normal
• http://localhost:8080/secure (应该以404失败)
• https://localhost:7777/normal
• https://localhost:7777/secure

• http://localhost:8080/normal
• http://localhost:8080/secure (should fail with 404)
• https://localhost:7777/normal
• https://localhost:7777/secure

还请注意，:acceptor-names参数是 optional (感谢@Simeon Ikudabo)，在上面的示例中明确添加了该参数.您只需定义一个SSL接受器，然后通过安全链接即可提供所有页面.

Note also that the :acceptor-names argument is optional (thanks @Simeon Ikudabo), here above it was added explictly for the examples. You can just define an SSL acceptor and let all your pages be served over a secure link.

这篇关于hunchentoot使用ssl定义易于处理?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！