Monkey supports Secure Socket Layers (SSL) through the mbedTLS Library library wrapped up by our mbedTLS plugin.
As said, the mbedTLS plugin requires to have access to the mbedTLS Library, we strongly suggest to use version >= 1.3.x. If that version is not available on your Linux distribution you may consider to compile it from sources. Besides that, the only extra requirement is an updated GCC compiler and the automake tool.
If a new mbedTLS Library will be build, it will be required to have the cmake tool installed on the system too.
If mbedTLS Library is installed and known by the system we only need to tell Monkey to build this plugin:
$ git clone https://github.com/monkey/monkey.git
$ cd monkey
$ git checkout v1.5-fixes
$ ./configure --enable-plugins=mbedtls
$ make
In case you want to build your own mbedTLS Library and keep it on a different path, please refer to the following steps:
$ wget https://polarssl.org/download/latest-stable
$ tar xvzf mbedtls-1.*
By default only the static library version is built, but we need the shared library. To start configuring and building do:
$ cd mbedtls-1.*
$ cmake -DUSE_SHARED_MBEDTLS_LIBRARY=on .
$ make
$ make install
$ cd -
After the library has been built we need to reconfigure Monkey. To help Monkey find the new mbedTLS Library we provide the include and library paths to the Monkey configure script.
$ cd monkey-1.5.6
$ ./configure --enable-plugins=mbedtls \
--mbedtls-library=/usr/local/lib \
--mbedtls-headers=/usr/local/include
$ make
To enable the mbedTLS plugin, please follow the steps mentioned on Plugins section. The plugin name is monkey-mbedtls.so, so make sure the plugin entry is Load and the absolute path is correct.
Now the plugin is enabled, but we need to instruct Monkey to use a different plugin as the transport layer. On the file conf/monkey.conf, locate the SERVER section and look at the TransportLayer key, we need to replace the old transport layer called liana by mbedtls:
[SERVER]
TransportLayer mbedtls
You may also want to edit the SSL plugin settings to use your own certificate file. The configuration file is located at conf/plugins/mbedtls/mbedtls.conf. The default options are given below.
[SSL]
CertificateFile srv_cert.pem
CertificateChainFile srv_cert_chain.pem
RSAKeyFile rsa_key.pem
DHParameterFile dhparam.pem
The minimum requirement to make HTTPS works is to set CertificateFile and RSAKeyFile. Setting CertificateChainFile is recommended to speed up the handshake process, but the DHParameterFile is only necessary if your using a version of the polarssl library older than 1.2.5.
The mandatory certificate and RSA key can be generated with the following command using the OpenSSL tool:
$ openssl genrsa -out rsa_key.pem 1024
$ openssl req -new -x509 -key rsa_key.pem -out srv_cert.pem -days 1095
To generate a file with Diffie-Hellman parameters you can run:
$ openssl dhparam -out dhparam.pem 2048
Monkey is now able to serve content over SSL. Add your files to the DocumentRoot and start the Monkey!.
$ bin/monkey