Embedded webserver gains small footprint SSL support
Oct 30, 2003 — by LinuxDevices Staff — from the LinuxDevices Archive — 5 viewsThe world's most popular embedded webserver has gained something developers have long wished for: support for a first-rate SSL library designed specifically for embedded use. This means that devices needing to serve secure, encrypted web pages can now do so without the addition of significant system resources.
Professional services company Art & Logic, which develops and maintains the GoAhead WebServer (under contract from GoAhead), has released version 2.1.7, adding support for Mocana Corp.'s commercial Embedded SSL Server (ESS). Mocana claims its ESS is “the only device-side SSL server on the market designed with an extremely low memory footprint.”
Previously, the GoAhead WebServer supported SSL connections through the OpenSSL library, which, not being designed for embedded use, has a much larger footprint.
Art & Logic Lead Engineer Tom Bajoras notes, “We [established] a news group for the GoAhead WebServer, and time and time again, people posted looking for a small embedded SSL library. We checked out Mocana, and verified its claims, and added a few things to make it work with GoAhead WebServer.”
Mocana claims its ESS needs just 50k of ROM, and that stack and heap usage have been optimized as well. A “zero threading” architecture lightens CPU usage and reduces switching time, according to Mocana, because the server is only active when called upon. “Fully reentrant code” prevents crashes due to deadlocks and race conditions, the company claims.
CEO Adrian Turner notes that Mocana also offers an SSH server. “A lot of customers want both a secure web interface and a CLI [command line interface]. The combined footprint for both is 100k, due to shared libraries.”
Mocana SSL server architecture
Mocana's ESS runs as an abstraction layer, SSL layer, and a library layer on top of an embedded webserver (in this case, GoAhead). It supports SSLv3, Triple-DES, and MD5, and Mocana says it can add support for other cryptographic algorithms on request. It is endian neutral, and will work with any TCP/IP stack on any CPU architecture, according to Mocana, and it does not require a real-time operating system (RTOS).
Mocana supplies ESS with an automated test suite and an automated system for certificate creation. The company claims SSL Server is easy to install and use, hiding all the complexities of cryptology. “Customers like it because it works out the box,” claims Turner.
Mocana offers both binary and source licensing for its SSL and SSH products, in a royalty free model.
Bajoras claims that the GoAhead WebServer is the most popular embedded webserver in the world, appearing in myriad devices such as Motorola cable modems, the Turtle Beach Audio-Tron, and in many applications where the identity of the webserver software must be hidden due to security concerns.
At a minimum, the GoAhead WebServer requires only some kind of socket library and a standard C runtime library such as uClib, according to Bajoras. WebServer does not even require a filesystem — pages can be compiled with the source code — though edits are cumbersome in such deployments. A very basic WebServer can fit in under 100k of Flash, according to Bajoras.
In the course of its services work with GoAhead WebServer, Art & Logic has amassed what it calls the Device Management Framework (DMF). This library of WebServer add-ons handles common functions like authentication, session management, and third-party content modifications. Bajoras says Art & Logic provides this code at no additional cost when hired by companies to develop embedded web applications.
An online demo of Art & Logic's DMF is available here, and can be accessed with username adminUser
and password changeThisPassword
.
The GoAhead WebServer is freely available under an open source license that provides source code to developers in exchange for their modifications and improvements.
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.