Update of /cvsroot/aolserver/nsopenssl In directory sc8-pr-cvs1:/tmp/cvs-serv25553 Modified Files: ChangeLog Makefile README nsd.tcl nsopenssl.c nsopenssl.h ssl.c tclcmds.c Removed Files: init.c Log Message: nsopenssl 3.0beta9 Index: ChangeLog =================================================================== RCS file: /cvsroot/aolserver/nsopenssl/ChangeLog,v retrieving revision 1.87 retrieving revision 1.88 diff -C2 -d -r1.87 -r1.88 *** ChangeLog 30 Sep 2003 14:29:46 -0000 1.87 --- ChangeLog 24 Dec 2003 15:55:12 -0000 1.88 *************** *** 1,2 **** --- 1,51 ---- + 2003-12-24 Scott Goodwin <sc...@sc...> + + * all: Lots of cleanup, initializing function variables. + + * sslcontext.c, nsopenssl.c, nsopenssl.h: Added names to mutexes. Added + MODULE_SHORT to nsopenssl.h as the mutex name length is limited. + + 2003-12-13 Scott Goodwin <sc...@sc...> + + * ssl.c: Changed NsOpenSSLConnSend to use BIO_write instead of + SSL_write. It's crucial that we call BIO_flush after every write or this + won't work. + + 2003-11-24 Scott Goodwin <sc...@sc...> + + * ssl.c, nsopenssl.c, tclcmds.c: Fixed problem with SSL conn reference + counting; conns are now free'd properly when NsOpenSSLDestroy is called + and the conn's reference count is 0. Tagged v3_0_beta_2. + + 2003-11-22 Scott Goodwin <sc...@sc...> + + * all: Stopped passing *module to all functions; nsopenssl must now be + called nsopenssl in the config file and nothing else. Merged sslconn.c + and sslsock.c into ssl.c. Lots of other cleanups. + + 2003-11-09 Scott Goodwin <sc...@sc...> + + * tclcmds.c: 'ns_openssl info' now returns a string instead of a list. + + 2003-10-25 Scott Goodwin <sc...@sc...> + + * All: Cleaned up SSL context handling, reintegrated + Ns_OpenSSLSockConnect, adding SSL context passing ability. + + 2003-10-23 Scott Goodwin <sc...@sc...> + + * https.tcl, Makefile: Added back to the code, modified Makefile to + install it. + + 2003-10-19 Scott Goodwin <sc...@sc...> + + * All: Lots of fixes, added mutexs around SSL contexts structures, fixed + session cache id generation to be specific to each virtual server. + + 2003-10-11 Scott Goodwin <sc...@sc...> + + * All: Refactored entire codebase by abstracting public functions into + libnsopenssl.so/dylib and an nsopenssl.so module. + 2003-09-30 Scott Goodwin <sc...@sc...> Index: Makefile =================================================================== RCS file: /cvsroot/aolserver/nsopenssl/Makefile,v retrieving revision 1.39 retrieving revision 1.40 diff -C2 -d -r1.39 -r1.40 *** Makefile 6 Oct 2003 02:24:32 -0000 1.39 --- Makefile 24 Dec 2003 15:55:12 -0000 1.40 *************** *** 10,20 **** # under the License. # - # The Original Code is AOLserver Code and related documentation - # distributed by AOL. - # - # The Initial Developer of the Original Code is America Online, - # Inc. Portions created by AOL are Copyright (C) 1999 America Online, - # Inc. All Rights Reserved. - # # Alternatively, the contents of this file may be used under the terms # of the GNU General Public License (the "GPL"), in which case the --- 10,13 ---- *************** *** 29,40 **** # Copyright (C) 2001-2003 Scott S. Goodwin # - # Derived from http.tcl, originally written by AOL - # # $Header$ # - # nsopenssl -- - # - # SSLv2, SSLv3, TLSv1 module using OpenSSL. - # # XXX AOLserver 3.x defines this, but AOLserver 4.x uses the install binary --- 22,27 ---- *************** *** 54,76 **** VER_ = $(subst .,_,$(VER)) - # - # Module Pretty-name - # MODNAME = nsopenssl ! # ! # Module name ! # ! MOD = nsopenssl.so ! # ! # Objects to build ! # ! OBJS = nsopenssl.o init.o ssl.o tclcmds.o ! # ! # Header files in THIS directory (included with your module) ! # ! HDRS = nsopenssl.h # XXX take out the -g for production --- 41,56 ---- VER_ = $(subst .,_,$(VER)) MODNAME = nsopenssl ! LIB = nsopenssl ! LIBOBJS = sslcontext.o ssl.o tclcmds.o ! LIBLIBS = -L$(OPENSSL)/lib -lssl -lcrypto ! MOD = nsopenssl.so ! OBJS = nsopenssl.o ! HDRS = nsopenssl.h ! MODLIBS = -L$(OPENSSL)/lib -lssl -lcrypto ! TCLMOD = https.tcl # XXX take out the -g for production *************** *** 78,92 **** # - # If in TEST - # - ifdef TEST - OBJS += test.o - CFLAGS += -DTEST - endif - - # # Extra libraries required by your module (-L and -l go here) # - MODLIBS = -L$(OPENSSL)/lib -lssl -lcrypto # Add static compilation ability, per grax3272 --- 58,63 ---- *************** *** 169,172 **** --- 140,145 ---- $(RM) $(INSTBIN)/$(MOD) $(CP) $(MOD) $(INSTBIN) + $(MKDIR) $(INSTTCL) + $(CP) $(TCLMOD) $(INSTTCL) ## NOTES ################################################################################# Index: README =================================================================== RCS file: /cvsroot/aolserver/nsopenssl/README,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** README 18 Feb 2003 04:33:01 -0000 1.3 --- README 24 Dec 2003 15:55:12 -0000 1.4 *************** *** 116,119 **** --- 116,184 ---- --------------------- + For nsopenssl 3.x, AOLserver 4.x: + + ns_section "ns/server/${vs1_servername}/module/nsopenssl/sslcontexts" + ns_param vs1_users_ctx "SSL context used for regular user access" + ns_param vs1_admins_ctx "SSL context used for administrator access" + #ns_param vs1_client_ctx "SSL context used for outgoing script socket connections" + + ns_section "ns/server/${vs1_servername}/module/nsopenssl/defaults" + ns_param server vs1_users_ctx + #ns_param client vs1_client_ctx + + ns_section "ns/server/${vs1_servername}/module/nsopenssl/sslcontext/vs1_users_ctx" + ns_param Role server + #ns_param ModuleDir /path/to/dir + ns_param CertFile server/server.crt + ns_param KeyFile server/server.key + ns_param CADir ca-client/dir + ns_param CAFile ca-client/ca-client.crt + ns_param Protocols "SSLv3, TLSv1" + ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" + ns_param PeerVerify false + ns_param PeerVerifyDepth 3 + ns_param Trace true + + ns_section "ns/server/${vs1_servername}/module/nsopenssl/sslcontext/vs1_admins_ctx" + ns_param Role server + #ns_param ModuleDir /path/to/dir + ns_param CertFile server/server.crt + ns_param KeyFile server/server.key + ns_param CADir ca-client/dir + ns_param CAFile ca-client/ca-client.crt + #ns_param Protocols "All" + ns_param Protocols "SSLv3, TLSv1" + ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" + ns_param PeerVerify false + ns_param PeerVerifyDepth 3 + ns_param Trace true + + # SSL drivers. Each driver defines a port and a named SSL context to associate + # with it. + + ns_section "ns/server/${vs1_servername}/module/nsopenssl/ssldrivers" + ns_param vs1_users_drv "Driver for vs1 regular user access" + ns_param vs1_admins_drv "Driver for vs1 administrator access" + + ns_section "ns/server/${vs1_servername}/module/nsopenssl/ssldriver/vs1_users_drv" + ns_param sslcontext vs1_users_ctx + ns_param port 7001 + ns_param hostname $hostname + ns_param address $address + + ns_section "ns/server/${vs1_servername}/module/nsopenssl/ssldriver/vs1_admins_drv" + ns_param sslcontext vs1_admins_ctx + ns_param port 7002 + ns_param hostname $hostname + ns_param address $address + + # + # Modules to load + # + ns_section "ns/server/${vs1_servername}/modules" + ns_param nssock ${bindir}/nssock${ext} + ns_param nslog ${bindir}/nslog${ext} + ns_param nscgi ${bindir}/nscgi${ext} + ns_param nsopenssl ${bindir}/nsopenssl${ext} For versions prior to 2.x: *************** *** 138,143 **** ! For 2.x and above: ! ns_section "ns/server/${servername}/module/nsopenssl" --- 203,207 ---- ! For nsopenssl 2.x, AOLserver 3.x: ns_section "ns/server/${servername}/module/nsopenssl" Index: nsd.tcl =================================================================== RCS file: /cvsroot/aolserver/nsopenssl/nsd.tcl,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** nsd.tcl 2 Mar 2003 05:19:48 -0000 1.10 --- nsd.tcl 24 Dec 2003 15:55:12 -0000 1.11 *************** *** 31,108 **** # ! # SSL contexts. Each SSL context is intended to be a complete definition ! # of an SSL instance. An SSL context may be used by multiple drivers, ! # sockservers and sockclients. ! ns_section "ns/server/${servername}/module/nsopenssl/contexts" ! ns_param user "SSL context used for regular user access" ! ns_param admin "SSL context used for administrator access" ! ns_section "ns/server/${servername}/module/nsopenssl/context/user" ! ns_param Role server # mandatory ! ns_param ModuleDir /path/to/dir # default ! ns_param CertFile servercertfile.pem # mandatory ! ns_param KeyFile serverkeyfile.pem # mandatory ! ns_param CADir serverca # default ! ns_param CAFile serverca.pem # default ! ns_param Protocols "SSLv2, SSLv3, TLSv1" # default ! ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" # default ! ns_param PeerVerify false # default ! ns_param PeerVerifyDepth 3 # default ! ns_param Trace false # default ! ns_param SessionCache true # default ! ns_param SessionCacheSize 128 # default ! ns_param SessionCacheTimeout 300 # default ! ns_section "ns/server/${servername}/module/nsopenssl/context/admin" ns_param Role server ! ns_param ModuleDir /path/to/dir ! ns_param CertFile servercertfile.pem ! ns_param KeyFile serverkeyfile.pem ! ns_param CADir serverca ! ns_param CAFile serverca.pem ! ns_param Protocols "SSLv2, SSLv3, TLSv1" ! ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" ns_param PeerVerify false ns_param PeerVerifyDepth 3 ns_param Trace false - ns_param SessionCache true - ns_param SessionCacheSize 128 - ns_param SessionCacheTimeout 300 ! ns_section "ns/server/${servername}/module/nsopenssl/context/sockclient" ns_param Role client ! ns_param ModuleDir /path/to/dir ! ns_param CertFile clientcertfile.pem ! ns_param KeyFile clientkeyfile.pem ! ns_param CADir clientca ! ns_param CAFile clientca.pem ! ns_param Protocols "SSLv2, SSLv3, TLSv1" ! ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" ! ns_param PeerVerify true ns_param PeerVerifyDepth 3 ns_param Trace false - ns_param SessionCache true - ns_param SessionCacheSize 128 - ns_param SessionCacheTimeout 300 ! # SSL drivers. Each driver defines a port and a named SSL context to associate ! # with it. ! ns_section "ns/server/${servername}/module/nsopenssl/contexts" ! ns_param users "Driver for regular user access" ! ns_param admins "Driver for administrator access" ! ns_section "ns/server/${servername}/module/nsopenssl/driver/users" ! ns_param context user ! ns_param port 443 ! ns_param hostname 127.0.0.1 ! ns_param address 127.0.0.1 ! ns_section "ns/server/${servername}/module/nsopenssl/driver/admins" ! ns_param context admin ! ns_param port 8443 ! ns_param hostname 127.0.0.1 ! ns_param address 127.0.0.1 --- 31,120 ---- # ! # SSL contexts. Each SSL context is a template that SSL connections are created ! # from. A single SSL context may be used by multiple drivers, sockservers and ! # sockclients. ! ns_section "ns/server/${servername}/module/nsopenssl/sslcontexts" ! ns_param users "SSL context used for regular user access" ! ns_param admins "SSL context used for administrator access" ! ns_param client "SSL context used for outgoing script socket connections" ! # We explicitly tell the server which SSL contexts to use as defaults when an ! # SSL context is not specified for a particular client or server SSL ! # connection. Driver connections do not use defaults; they must be explicitly ! # specificied in the driver section. The Tcl API will use the defaults as there ! # is currently no provision to specify which SSL context to use for a ! # particular connection via an ns_openssl Tcl command. ! ns_section "ns/server/${servername}/module/nsopenssl/defaults" ! ns_param server users ! ns_param client client ! ! ns_section "ns/server/${servername}/module/nsopenssl/sslcontext/users" ns_param Role server ! #ns_param ModuleDir /path/to/dir ! ns_param CertFile server/server.crt ! ns_param KeyFile server/server.key ! ns_param CADir ca-client/dir ! ns_param CAFile ca-client/ca-client.crt ! ns_param Protocols "SSLv3, TLSv1" ! ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" ns_param PeerVerify false ns_param PeerVerifyDepth 3 ns_param Trace false ! ns_section "ns/server/${servername}/module/nsopenssl/sslcontext/admins" ! ns_param Role server ! #ns_param ModuleDir /path/to/dir ! ns_param CertFile server/server.crt ! ns_param KeyFile server/server.key ! ns_param CADir ca-client/dir ! ns_param CAFile ca-client/ca-client.crt ! ns_param Protocols "All" ! ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" ! ns_param PeerVerify false ! ns_param PeerVerifyDepth 3 ! ns_param Trace false ! ! ns_section "ns/server/${servername}/module/nsopenssl/sslcontext/client" ns_param Role client ! #ns_param ModuleDir /path/to/dir ! ns_param CertFile client/client.crt ! ns_param KeyFile client/client.key ! ns_param CADir ca-server/dir ! ns_param CAFile ca-server/ca-server.crt ! ns_param Protocols "SSLv2, SSLv3, TLSv1" ! ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" ! ns_param PeerVerify false ns_param PeerVerifyDepth 3 ns_param Trace false ! # SSL drivers. Each driver defines a port to listen on and an explitictly named ! # SSL context to associate with it. Note that you can now have multiple driver ! # connections within a single virtual server, which can be tied to different ! # SSL contexts. Isn't that cool? ! ns_section "ns/server/${servername}/module/nsopenssl/ssldrivers" ! ns_param users "Driver for regular user access" ! ns_param admins "Driver for administrator access" ! ns_section "ns/server/${servername}/module/nsopenssl/ssldriver/users" ! ns_param sslcontext users ! ns_param port $httpsport_users ! ns_param hostname $hostname ! ns_param address $address ! ns_section "ns/server/${servername}/module/nsopenssl/ssldriver/admins" ! ns_param sslcontext admins ! ns_param port $httpsport_admins ! ns_param hostname $hostname ! ns_param address $address ! ! # ! # Modules to load ! # ! ns_section "ns/server/${servername}/modules" ! ... ! ns_param nsopenssl ${bindir}/nsopenssl${ext} *************** *** 110,114 **** ############################################################################### # ! # DEPRECATED: nsopenssl version 2.x configuration # --- 122,126 ---- ############################################################################### # ! # nsopenssl version 2.x configuration # Index: nsopenssl.c =================================================================== RCS file: /cvsroot/aolserver/nsopenssl/nsopenssl.c,v retrieving revision 1.61 retrieving revision 1.62 diff -C2 -d -r1.61 -r1.62 *** nsopenssl.c 30 Sep 2003 14:29:46 -0000 1.61 --- nsopenssl.c 24 Dec 2003 15:55:12 -0000 1.62 *************** *** 10,20 **** * under the License. * - * The Original Code is AOLserver Code and related documentation - * distributed by AOL. - * - * The Initial Developer of the Original Code is America Online, - * Inc. Portions created by AOL are Copyright (C) 1999 America Online, - * Inc. All Rights Reserved. - * * Alternatively, the contents of this file may be used under the terms [...2683 lines suppressed...] ! ! case DriverClose: ! if (sslconn != NULL) { ! (void) NsOpenSSLConnFlush(sslconn); ! NsOpenSSLConnDestroy(sslconn); ! sock->arg = NULL; ! } ! n = 0; ! break; ! ! default: ! Ns_Log(Error, "%s (%s): Unsupported driver command encountered", ! MODULE, ssldriver->server); ! n = -1; ! break; } ! return n; } + Index: nsopenssl.h =================================================================== RCS file: /cvsroot/aolserver/nsopenssl/nsopenssl.h,v retrieving revision 1.53 retrieving revision 1.54 diff -C2 -d -r1.53 -r1.54 *** nsopenssl.h 30 Sep 2003 14:29:46 -0000 1.53 --- nsopenssl.h 24 Dec 2003 15:55:12 -0000 1.54 *************** *** 10,20 **** * under the License. * - * The Original Code is AOLserver Code and related documentation - * distributed by AOL. - * - * The Initial Developer of the Original Code is America Online, - * Inc. Portions created by AOL are Copyright (C) 1999 America Online, - * Inc. All Rights Reserved. - * * Alternatively, the contents of this file may be used under the terms * of the GNU General Public License (the "GPL"), in which case the --- 10,13 ---- *************** *** 28,33 **** * * Copyright (C) 2000-2003 Scott S. Goodwin ! * Copyright (C) 2000 Rob Mayoff ! * Copyright (C) 1999 Stefan Arentz * * $Header$ --- 21,27 ---- * * Copyright (C) 2000-2003 Scott S. Goodwin ! * ! * Module originally written by Stefan Arentz. Early contributions made by ! * Freddie Mendoze and Rob Mayoff. * * $Header$ *************** *** 36,39 **** --- 30,34 ---- #include <ns.h> + #include <assert.h> #include <ctype.h> #include <dirent.h> *************** *** 69,74 **** #define MODULE "nsopenssl" ! #define DEFAULT_PORT 443 ! #define DEFAULT_PROTOCOL "https" #define DEFAULT_PROTOCOLS "All" #define DEFAULT_CIPHER_LIST SSL_DEFAULT_CIPHER_LIST --- 64,72 ---- #define MODULE "nsopenssl" ! #define MODULE_SHORT "ssl" ! ! #define SERVER_ROLE 1 ! #define CLIENT_ROLE 0 ! #define DEFAULT_PROTOCOLS "All" #define DEFAULT_CIPHER_LIST SSL_DEFAULT_CIPHER_LIST *************** *** 100,121 **** */ ! typedef struct Ns_OpenSSLContext { char *server; ! char *module; ! char *moduleDir; ! char *name; char *desc; ! /* XXX this stuff is already in config path; why duplicate it here? */ ! /* XXX any way to get some of it back through OpensSSL ? */ ! char *certFile; /* Cert file, PEM format */ ! char *keyFile; /* Key file, PEM format */ ! char *protocols; /* Protocols to use */ char *cipherSuite; /* OpenSSL-formatted cipher string */ ! char *caFile; /* CA file, PEM format, concatenated */ ! char *caDir; /* CA dir */ ! int peerVerify; /* 0 = peer verify off; 1 = peer verify on */ ! int peerVerifyDepth; /* How deep do we allow a verification path to be? */ int sessionCache; /* 0 = off; 1 = on */ ! int sessionCacheId; int sessionCacheSize; /* In bytes */ int sessionCacheTimeout; /* Flush session cache in seconds */ --- 98,119 ---- */ ! typedef struct NsOpenSSLContext { char *server; ! char *name; /* Name of this SSL context */ char *desc; ! int role; /* 0 = client, 1 = server */ ! int initialized; /* 1 = already initialized */ ! int refcnt; /* How many active conns I'm tied to */ ! char *moduleDir; ! char *certFile; /* PEM formatted certificate file */ ! char *keyFile; /* PEM formatted key file */ ! char *protocols; /* Allowed SSL protocols */ char *cipherSuite; /* OpenSSL-formatted cipher string */ ! char *caFile; /* PEM format CA file(s) concatenated */ ! char *caDir; /* CA directory */ ! int peerVerify; /* 0 = off; 1 = on */ ! int peerVerifyDepth; /* How deep verification path can be */ int sessionCache; /* 0 = off; 1 = on */ ! char *sessionCacheId; /* XXX needs to be free'd */ int sessionCacheSize; /* In bytes */ int sessionCacheTimeout; /* Flush session cache in seconds */ *************** *** 123,135 **** int bufsize; int timeout; - int readonly; - int refcnt; Ns_Mutex lock; SSL_CTX *sslctx; ! struct Ns_OpenSSLContext *next; ! #if 0 ! struct Server *serverPtr; /* point to virtual server-specific data */ ! #endif ! } Ns_OpenSSLContext; /* --- 121,129 ---- int bufsize; int timeout; Ns_Mutex lock; SSL_CTX *sslctx; ! struct NsOpenSSLContext *next; ! struct Server *serverPtr; /* virtual server-specific data */ ! } NsOpenSSLContext; /* *************** *** 138,143 **** typedef struct NsOpenSSLDriver { char *server; - char *module; char *name; /* Name of this SSL driver */ char *path; --- 132,137 ---- typedef struct NsOpenSSLDriver { + Ns_Mutex lock; char *server; char *name; /* Name of this SSL driver */ char *path; *************** *** 146,154 **** int port; /* Port the core driver is listening on */ int refcnt; /* Number of conns tied to this driver */ ! Ns_Mutex lock; ! struct Ns_Driver *driver; /* Driver that this SSL driver is tied to */ ! struct NsOpenSSLDriver *next; /* pointer to next driver */ ! struct Ns_OpenSSLContext *sslcontext; /* SSL context assoc with this driver */ ! struct Ns_OpenSSLConn *firstFreeConn; /* List of unused conn structs */ } NsOpenSSLDriver; --- 140,144 ---- int port; /* Port the core driver is listening on */ int refcnt; /* Number of conns tied to this driver */ ! struct NsOpenSSLContext *sslcontext; /* SSL context assoc with this driver */ } NsOpenSSLDriver; *************** *** 157,177 **** */ ! typedef struct Ns_OpenSSLConn { char *server; ! char *module; ! int peerport; /* port number of remote side */ char peer[16]; /* peer's name */ ! X509 *peercert; /* peer's cert in PEM format */ SSL_CTX *sslctx; SSL *ssl; /* initialized SSL instance itself */ ! BIO *io; /* block i/o */ ! SOCKET sock; SOCKET wsock; int refcnt; /* don't ns_free() unless this is 0 */ ! Ns_Mutex lock; struct NsOpenSSLDriver *ssldriver; /* the driver this conn belongs to */ ! struct Ns_OpenSSLConn *next; /* next conn */ ! struct Ns_OpenSSLContext *sslcontext; ! } Ns_OpenSSLConn; /* --- 147,166 ---- */ ! typedef struct NsOpenSSLConn { ! Ns_Mutex lock; char *server; ! int peerport; /* port this connection came in or went out on */ ! int peeraddr; /* IP address of remote side */ char peer[16]; /* peer's name */ ! struct NsOpenSSLContext *sslcontext; SSL_CTX *sslctx; SSL *ssl; /* initialized SSL instance itself */ ! BIO *bio; /* block i/o */ ! SOCKET socket; SOCKET wsock; int refcnt; /* don't ns_free() unless this is 0 */ ! int timeout; struct NsOpenSSLDriver *ssldriver; /* the driver this conn belongs to */ ! } NsOpenSSLConn; /* *************** *** 180,200 **** typedef struct Server { char *server; Tcl_HashTable sslcontexts; Tcl_HashTable ssldrivers; ! char *defaultcontext; ! Ns_Mutex *lock; } Server; /* ! * Session cache id management. This is OpenSSL-library global, so cache items ! * need to be prefixed by the module name and virtual server name. */ ! /* XXX merge into per-virtual server struct above ??? */ ! typedef struct NsOpenSSLSessionCacheId { ! Ns_Mutex lock; ! int id; ! } NsOpenSSLSessionCacheId; /* --- 169,214 ---- typedef struct Server { + Ns_Mutex lock; char *server; Tcl_HashTable sslcontexts; Tcl_HashTable ssldrivers; ! char *defaultclientcontext; ! char *defaultservercontext; ! int nextSessionCacheId; } Server; /* ! * sslconn.c */ ! #if 0 ! extern void ! NsOpenSSLErrorDump(NsOpenSSLConn *sslconn, int code); ! #endif ! ! extern NsOpenSSLConn * ! NsOpenSSLConnCreate(SOCKET socket, NsOpenSSLContext *sslcontext); ! ! extern void ! NsOpenSSLConnDestroy(NsOpenSSLConn *sslconn); ! ! extern int ! NsOpenSSLConnFlush(NsOpenSSLConn *sslconn); ! ! extern int ! NsOpenSSLConnRecv(BIO *bio, void *buffer, int toread); ! ! extern int ! NsOpenSSLConnSend(BIO *bio, void *buffer, int towrite); ! ! extern int ! NsOpenSSLConnAccept(NsOpenSSLConn *sslconn); ! ! /* XXX test */ ! extern int ! NsOpenSSLConnAccept2(NsOpenSSLConn *sslconn); ! ! extern int ! NsOpenSSLConnConnect(NsOpenSSLConn *sslconn); /* *************** *** 202,212 **** */ ! extern Ns_OpenSSLConn *NsOpenSSLConnCreate(SOCKET sock, ! NsOpenSSLDriver *ssldriver, Ns_OpenSSLContext *sslcontext); ! extern int NsOpenSSLConnDestroy(Ns_OpenSSLConn *sslconn); ! extern int NsOpenSSLFlush(Ns_OpenSSLConn *sslconn); ! extern int NsOpenSSLRecv(Ns_OpenSSLConn *sslconn, void *buffer, int toread); ! extern int NsOpenSSLSend(Ns_OpenSSLConn *sslconn, void *buffer, int towrite); ! extern int NsOpenSSLShutdown(SSL *ssl); /* --- 216,235 ---- */ ! extern NsOpenSSLConn * ! Ns_OpenSSLSockConnect(char *server, char *host, int port, int async, ! int timeout, NsOpenSSLContext *sslcontext); ! ! extern NsOpenSSLConn * ! Ns_OpenSSLSockAccept(SOCKET sock, NsOpenSSLContext *sslcontext); ! ! extern SOCKET ! Ns_OpenSSLSockListen(char *addr, int port); ! ! extern int ! Ns_OpenSSLSockListenCallback(char *addr, int port, Ns_SockProc *proc, void *arg); ! ! extern int ! Ns_OpenSSLFetchUrl(char *server, Ns_DString *dsPtr, char *url, ! Ns_Set *headers, NsOpenSSLContext *sslcontext); /* *************** *** 214,301 **** */ ! extern void NsOpenSSLTclInit(char *server); ! extern Tcl_CmdProc NsTclOpenSSLConnCmd; ! ! extern Tcl_CmdProc NsTclOpenSSLCmd; /* ! * nsopenssl.c (C API) */ ! extern int Ns_OpenSSLIsPeerCertValid (Ns_OpenSSLConn *sslconn); ! extern Ns_OpenSSLContext *Ns_OpenSSLContextCreate (char *server, ! char *module); ! extern int Ns_OpenSSLContextInit(char *server, char *module, ! Ns_OpenSSLContext *sslcontext); ! extern int Ns_OpenSSLContextRelease (char *server, ! char *module, Ns_OpenSSLContext *sslcontext); ! extern int Ns_OpenSSLContextDestroy(char *server, char *module, ! Ns_OpenSSLContext *sslcontext); ! extern int Ns_OpenSSLContextModuleDirSet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext, char *moduleDir); ! extern char *Ns_OpenSSLContextModuleDirGet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext); ! extern int Ns_OpenSSLContextCertFileSet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext, char *certFile); ! extern char *Ns_OpenSSLContextCertFileGet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext); ! extern int Ns_OpenSSLContextKeyFileSet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext, char *keyFile); ! extern char *Ns_OpenSSLContextKeyFileGet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext); ! extern int Ns_OpenSSLContextProtocolsSet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext, char *protocols); ! extern char *Ns_OpenSSLContextProtocolsGet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext); ! extern int Ns_OpenSSLContextCipherSuiteSet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext, char *cipherSuite); ! extern char *Ns_OpenSSLContextCipherSuiteGet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext); ! extern int Ns_OpenSSLContextCAFileSet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext, char *CAFile); ! extern char *Ns_OpenSSLContextCAFileGet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext); ! extern int Ns_OpenSSLContextCADirSet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext, char *CADir); ! extern char *Ns_OpenSSLContextCADirGet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext); ! extern int Ns_OpenSSLContextPeerVerifySet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext, int peerVerify); ! extern int Ns_OpenSSLContextPeerVerifyGet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext); ! extern int Ns_OpenSSLContextPeerVerifyDepthSet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext, int peerVerifyDepth); ! extern int Ns_OpenSSLContextPeerVerifyDepthGet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext); ! extern int NsOpenSSLSessionCacheInit(void); ! extern int Ns_OpenSSLContextSessionCacheSet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext, int sessionCache); ! extern int Ns_OpenSSLContextSessionCacheGet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext); ! extern int Ns_OpenSSLContextSessionCacheSizeSet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext, int sessionCacheSize); ! extern int Ns_OpenSSLContextSessionCacheSizeGet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext); ! extern int Ns_OpenSSLContextSessionCacheTimeoutSet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext, int sessionCacheTimeout); ! extern int Ns_OpenSSLContextSessionCacheTimeoutGet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext); ! extern int Ns_OpenSSLContextTraceSet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext, int trace); ! extern int Ns_OpenSSLContextTraceGet(char *server, char *module, ! Ns_OpenSSLContext *sslcontext); ! extern int NsOpenSSLModuleInit(char *server, char *module); - #ifdef TEST - extern void NSOPENSSLDumpState(void); - extern void NSOPENSSLDumpSSLServers(void); - extern void NSOPENSSLDumpSSLDrivers(void); - extern void NSOPENSSLDumpSSLContexts(void); - #endif --- 237,366 ---- */ ! extern void ! NsOpenSSLTclInit(char *server); /* ! * nsopenssl.c */ ! extern Server * ! NsOpenSSLServerGet(char *server); ! extern void ! NsOpenSSLContextAdd(char *server, NsOpenSSLContext *sslcontext); ! extern void ! Ns_OpenSSLServerSSLContextRemove(char *server, NsOpenSSLContext *sslcontext); ! extern NsOpenSSLContext * ! Ns_OpenSSLServerSSLContextGet(char *server, char *name); ! extern int ! Ns_OpenSSLIsPeerCertValid (NsOpenSSLConn *sslconn); + extern NsOpenSSLContext * + NsOpenSSLContextCreate(char *server, char *name); ! extern int ! NsOpenSSLContextInit(char *server, NsOpenSSLContext *sslcontext); ! extern int ! NsOpenSSLContextRelease (char *server, NsOpenSSLContext *sslcontext); ! ! extern int ! NsOpenSSLContextDestroy(char *server, NsOpenSSLContext *sslcontext); ! ! /* XXX ugly. find a cleaner way to do this */ ! extern NsOpenSSLContext * ! NsOpenSSLContextServerDefaultGet(char *server); ! ! extern NsOpenSSLContext * ! NsOpenSSLContextClientDefaultGet(char *server); ! ! extern int ! NsOpenSSLContextRoleSet(char *server, NsOpenSSLContext *sslcontext, char *role); ! ! extern char * ! NsOpenSSLContextRoleGet(char *server, NsOpenSSLContext *sslcontext); ! ! extern int ! NsOpenSSLContextModuleDirSet(char *server, NsOpenSSLContext *sslcontext, char *moduleDir); ! ! extern char * ! NsOpenSSLContextModuleDirGet(char *server, NsOpenSSLContext *sslcontext); ! ! extern int ! NsOpenSSLContextCertFileSet(char *server, NsOpenSSLContext *sslcontext, char *certFile); ! ! extern char * ! NsOpenSSLContextCertFileGet(char *server, NsOpenSSLContext *sslcontext); ! ! extern int ! NsOpenSSLContextKeyFileSet(char *server, NsOpenSSLContext *sslcontext, char *keyFile); ! ! extern char * ! NsOpenSSLContextKeyFileGet(char *server, NsOpenSSLContext *sslcontext); ! ! extern int ! NsOpenSSLContextProtocolsSet(char *server, NsOpenSSLContext *sslcontext, char *protocols); ! ! extern char * ! NsOpenSSLContextProtocolsGet(char *server, NsOpenSSLContext *sslcontext); ! ! extern int ! NsOpenSSLContextCipherSuiteSet(char *server, NsOpenSSLContext *sslcontext, char *cipherSuite); ! ! extern char * ! NsOpenSSLContextCipherSuiteGet(char *server, NsOpenSSLContext *sslcontext); ! ! extern int ! NsOpenSSLContextCAFileSet(char *server, NsOpenSSLContext *sslcontext, char *CAFile); ! ! extern char * ! NsOpenSSLContextCAFileGet(char *server, NsOpenSSLContext *sslcontext); ! ! extern int ! NsOpenSSLContextCADirSet(char *server, NsOpenSSLContext *sslcontext, char *CADir); ! ! extern char * ! NsOpenSSLContextCADirGet(char *server, NsOpenSSLContext *sslcontext); ! ! extern int ! NsOpenSSLContextPeerVerifySet(char *server, NsOpenSSLContext *sslcontext, int peerVerify); ! ! extern int ! NsOpenSSLContextPeerVerifyGet(char *server, NsOpenSSLContext *sslcontext); ! ! extern int ! NsOpenSSLContextPeerVerifyDepthSet(char *server, NsOpenSSLContext *sslcontext, int peerVerifyDepth); ! ! extern int ! NsOpenSSLContextPeerVerifyDepthGet(char *server, NsOpenSSLContext *sslcontext); ! ! extern int ! NsOpenSSLContextSessionCacheSet(char *server, NsOpenSSLContext *sslcontext, int sessionCache); ! ! extern int ! NsOpenSSLContextSessionCacheGet(char *server, NsOpenSSLContext *sslcontext); ! ! extern int ! NsOpenSSLContextSessionCacheSizeSet(char *server, NsOpenSSLContext *sslcontext, int sessionCacheSize); ! ! extern int ! NsOpenSSLContextSessionCacheSizeGet(char *server, NsOpenSSLContext *sslcontext); ! ! extern int ! NsOpenSSLContextSessionCacheTimeoutSet(char *server, NsOpenSSLContext *sslcontext, int sessionCacheTimeout); ! ! extern int ! NsOpenSSLContextSessionCacheTimeoutGet(char *server, NsOpenSSLContext *sslcontext); ! ! extern int ! NsOpenSSLContextTraceSet(char *server, NsOpenSSLContext *sslcontext, int trace); ! ! extern int ! NsOpenSSLContextTraceGet(char *server, NsOpenSSLContext *sslcontext); ! ! extern int ! NsOpenSSLModuleInit(char *server); Index: ssl.c =================================================================== RCS file: /cvsroot/aolserver/nsopenssl/ssl.c,v retrieving revision 1.44 retrieving revision 1.45 diff -C2 -d -r1.44 -r1.45 *** ssl.c 30 Sep 2003 14:29:46 -0000 1.44 --- ssl.c 24 Dec 2003 15:55:12 -0000 1.45 *************** *** 10,20 **** * under the License. * - * The Original Code is AOLserver Code and related documentation - * distributed by AOL. - * - * The Initial Developer of the Original Code is America Online, - * Inc. Portions created by AOL are Copyright (C) 1999 America Online, - * Inc. All Rights Reserved. - * * Alternatively, the contents of this file may be used under the terms [...1275 lines suppressed...] ! break; ! case SSL_ERROR_WANT_X509_LOOKUP: ! Ns_Log(Debug, "--- SSL_ERROR_WANT_X509_LOOKUP"); ! break; ! case SSL_ERROR_SYSCALL: ! Ns_Log(Debug, "--- SSL_ERROR_SYSCALL"); ! break; ! case SSL_ERROR_SSL: ! Ns_Log(Debug, "--- SSL_ERROR_SSL"); ! break; ! } ! while ((e = ERR_get_error()) != 0) { ! Ns_Log(Debug, "--- ERR = %s", ERR_error_string(e, NULL)); ! Ns_Log(Debug, " - LIB = %d", ERR_GET_LIB(e)); ! Ns_Log(Debug, " - FUNC = %d", ERR_GET_FUNC(e)); ! Ns_Log(Debug, " - REASON = %d", ERR_GET_REASON(e)); } } + #endif Index: tclcmds.c =================================================================== RCS file: /cvsroot/aolserver/nsopenssl/tclcmds.c,v retrieving revision 1.38 retrieving revision 1.39 diff -C2 -d -r1.38 -r1.39 *** tclcmds.c 30 Sep 2003 14:29:46 -0000 1.38 --- tclcmds.c 24 Dec 2003 15:55:13 -0000 1.39 *************** *** 10,20 **** * under the License. * - * The Original Code is AOLserver Code and related documentation - * distributed by AOL. - * - * The Initial Developer of the Original Code is America Online, - * Inc. Portions created by AOL are Copyright (C) 1999 America Online, - * Inc. All Rights Reserved. - * * Alternatively, the contents of this file may be used under the terms [...2543 lines suppressed...] + } + + if (status != TCL_OK) { + Ns_TclLogError(interp); + } else if (!STREQ(interp->result, "1")) { + why = NS_SOCK_EXIT; + } + + Ns_TclDeAllocateInterp(interp); + + } + + if (why == NS_SOCK_EXIT) { + ns_sockclose(sock); + ns_free(cbPtr); + return NS_FALSE; + } + + return NS_TRUE; + } --- init.c DELETED --- |