Menu
▾
▴
[AOLSERVER-COMMITS] nsopenssl ChangeLog,1.87,1.88 Makefile,1.39,1.40 README,1.3,1.4 nsd.tcl,1.10,1.11 nsopenssl.c,1.61,1.62 nsopenssl.h,1.53,1.54 ssl.c,1.44,1.45 tclcmds.c,1.38,1.39 init.c,1.55,NONE
Update of /cvsroot/aolserver/nsopenssl
In directory sc8-pr-cvs1:/tmp/cvs-serv25553
Modified Files:
ChangeLog Makefile README nsd.tcl nsopenssl.c nsopenssl.h
ssl.c tclcmds.c
Removed Files:
init.c
Log Message:
nsopenssl 3.0beta9
Index: ChangeLog
===================================================================
RCS file: /cvsroot/aolserver/nsopenssl/ChangeLog,v
retrieving revision 1.87
retrieving revision 1.88
diff -C2 -d -r1.87 -r1.88
*** ChangeLog 30 Sep 2003 14:29:46 -0000 1.87
--- ChangeLog 24 Dec 2003 15:55:12 -0000 1.88
***************
*** 1,2 ****
--- 1,51 ----
+ 2003-12-24 Scott Goodwin <sc...@sc...>
+
+ * all: Lots of cleanup, initializing function variables.
+
+ * sslcontext.c, nsopenssl.c, nsopenssl.h: Added names to mutexes. Added
+ MODULE_SHORT to nsopenssl.h as the mutex name length is limited.
+
+ 2003-12-13 Scott Goodwin <sc...@sc...>
+
+ * ssl.c: Changed NsOpenSSLConnSend to use BIO_write instead of
+ SSL_write. It's crucial that we call BIO_flush after every write or this
+ won't work.
+
+ 2003-11-24 Scott Goodwin <sc...@sc...>
+
+ * ssl.c, nsopenssl.c, tclcmds.c: Fixed problem with SSL conn reference
+ counting; conns are now free'd properly when NsOpenSSLDestroy is called
+ and the conn's reference count is 0. Tagged v3_0_beta_2.
+
+ 2003-11-22 Scott Goodwin <sc...@sc...>
+
+ * all: Stopped passing *module to all functions; nsopenssl must now be
+ called nsopenssl in the config file and nothing else. Merged sslconn.c
+ and sslsock.c into ssl.c. Lots of other cleanups.
+
+ 2003-11-09 Scott Goodwin <sc...@sc...>
+
+ * tclcmds.c: 'ns_openssl info' now returns a string instead of a list.
+
+ 2003-10-25 Scott Goodwin <sc...@sc...>
+
+ * All: Cleaned up SSL context handling, reintegrated
+ Ns_OpenSSLSockConnect, adding SSL context passing ability.
+
+ 2003-10-23 Scott Goodwin <sc...@sc...>
+
+ * https.tcl, Makefile: Added back to the code, modified Makefile to
+ install it.
+
+ 2003-10-19 Scott Goodwin <sc...@sc...>
+
+ * All: Lots of fixes, added mutexs around SSL contexts structures, fixed
+ session cache id generation to be specific to each virtual server.
+
+ 2003-10-11 Scott Goodwin <sc...@sc...>
+
+ * All: Refactored entire codebase by abstracting public functions into
+ libnsopenssl.so/dylib and an nsopenssl.so module.
+
2003-09-30 Scott Goodwin <sc...@sc...>
Index: Makefile
===================================================================
RCS file: /cvsroot/aolserver/nsopenssl/Makefile,v
retrieving revision 1.39
retrieving revision 1.40
diff -C2 -d -r1.39 -r1.40
*** Makefile 6 Oct 2003 02:24:32 -0000 1.39
--- Makefile 24 Dec 2003 15:55:12 -0000 1.40
***************
*** 10,20 ****
# under the License.
#
- # The Original Code is AOLserver Code and related documentation
- # distributed by AOL.
- #
- # The Initial Developer of the Original Code is America Online,
- # Inc. Portions created by AOL are Copyright (C) 1999 America Online,
- # Inc. All Rights Reserved.
- #
# Alternatively, the contents of this file may be used under the terms
# of the GNU General Public License (the "GPL"), in which case the
--- 10,13 ----
***************
*** 29,40 ****
# Copyright (C) 2001-2003 Scott S. Goodwin
#
- # Derived from http.tcl, originally written by AOL
- #
# $Header$
#
- # nsopenssl --
- #
- # SSLv2, SSLv3, TLSv1 module using OpenSSL.
- #
# XXX AOLserver 3.x defines this, but AOLserver 4.x uses the install binary
--- 22,27 ----
***************
*** 54,76 ****
VER_ = $(subst .,_,$(VER))
- #
- # Module Pretty-name
- #
MODNAME = nsopenssl
! #
! # Module name
! #
! MOD = nsopenssl.so
! #
! # Objects to build
! #
! OBJS = nsopenssl.o init.o ssl.o tclcmds.o
! #
! # Header files in THIS directory (included with your module)
! #
! HDRS = nsopenssl.h
# XXX take out the -g for production
--- 41,56 ----
VER_ = $(subst .,_,$(VER))
MODNAME = nsopenssl
! LIB = nsopenssl
! LIBOBJS = sslcontext.o ssl.o tclcmds.o
! LIBLIBS = -L$(OPENSSL)/lib -lssl -lcrypto
! MOD = nsopenssl.so
! OBJS = nsopenssl.o
! HDRS = nsopenssl.h
! MODLIBS = -L$(OPENSSL)/lib -lssl -lcrypto
! TCLMOD = https.tcl
# XXX take out the -g for production
***************
*** 78,92 ****
#
- # If in TEST
- #
- ifdef TEST
- OBJS += test.o
- CFLAGS += -DTEST
- endif
-
- #
# Extra libraries required by your module (-L and -l go here)
#
- MODLIBS = -L$(OPENSSL)/lib -lssl -lcrypto
# Add static compilation ability, per grax3272
--- 58,63 ----
***************
*** 169,172 ****
--- 140,145 ----
$(RM) $(INSTBIN)/$(MOD)
$(CP) $(MOD) $(INSTBIN)
+ $(MKDIR) $(INSTTCL)
+ $(CP) $(TCLMOD) $(INSTTCL)
## NOTES #################################################################################
Index: README
===================================================================
RCS file: /cvsroot/aolserver/nsopenssl/README,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** README 18 Feb 2003 04:33:01 -0000 1.3
--- README 24 Dec 2003 15:55:12 -0000 1.4
***************
*** 116,119 ****
--- 116,184 ----
---------------------
+ For nsopenssl 3.x, AOLserver 4.x:
+
+ ns_section "ns/server/${vs1_servername}/module/nsopenssl/sslcontexts"
+ ns_param vs1_users_ctx "SSL context used for regular user access"
+ ns_param vs1_admins_ctx "SSL context used for administrator access"
+ #ns_param vs1_client_ctx "SSL context used for outgoing script socket connections"
+
+ ns_section "ns/server/${vs1_servername}/module/nsopenssl/defaults"
+ ns_param server vs1_users_ctx
+ #ns_param client vs1_client_ctx
+
+ ns_section "ns/server/${vs1_servername}/module/nsopenssl/sslcontext/vs1_users_ctx"
+ ns_param Role server
+ #ns_param ModuleDir /path/to/dir
+ ns_param CertFile server/server.crt
+ ns_param KeyFile server/server.key
+ ns_param CADir ca-client/dir
+ ns_param CAFile ca-client/ca-client.crt
+ ns_param Protocols "SSLv3, TLSv1"
+ ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
+ ns_param PeerVerify false
+ ns_param PeerVerifyDepth 3
+ ns_param Trace true
+
+ ns_section "ns/server/${vs1_servername}/module/nsopenssl/sslcontext/vs1_admins_ctx"
+ ns_param Role server
+ #ns_param ModuleDir /path/to/dir
+ ns_param CertFile server/server.crt
+ ns_param KeyFile server/server.key
+ ns_param CADir ca-client/dir
+ ns_param CAFile ca-client/ca-client.crt
+ #ns_param Protocols "All"
+ ns_param Protocols "SSLv3, TLSv1"
+ ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
+ ns_param PeerVerify false
+ ns_param PeerVerifyDepth 3
+ ns_param Trace true
+
+ # SSL drivers. Each driver defines a port and a named SSL context to associate
+ # with it.
+
+ ns_section "ns/server/${vs1_servername}/module/nsopenssl/ssldrivers"
+ ns_param vs1_users_drv "Driver for vs1 regular user access"
+ ns_param vs1_admins_drv "Driver for vs1 administrator access"
+
+ ns_section "ns/server/${vs1_servername}/module/nsopenssl/ssldriver/vs1_users_drv"
+ ns_param sslcontext vs1_users_ctx
+ ns_param port 7001
+ ns_param hostname $hostname
+ ns_param address $address
+
+ ns_section "ns/server/${vs1_servername}/module/nsopenssl/ssldriver/vs1_admins_drv"
+ ns_param sslcontext vs1_admins_ctx
+ ns_param port 7002
+ ns_param hostname $hostname
+ ns_param address $address
+
+ #
+ # Modules to load
+ #
+ ns_section "ns/server/${vs1_servername}/modules"
+ ns_param nssock ${bindir}/nssock${ext}
+ ns_param nslog ${bindir}/nslog${ext}
+ ns_param nscgi ${bindir}/nscgi${ext}
+ ns_param nsopenssl ${bindir}/nsopenssl${ext}
For versions prior to 2.x:
***************
*** 138,143 ****
! For 2.x and above:
!
ns_section "ns/server/${servername}/module/nsopenssl"
--- 203,207 ----
! For nsopenssl 2.x, AOLserver 3.x:
ns_section "ns/server/${servername}/module/nsopenssl"
Index: nsd.tcl
===================================================================
RCS file: /cvsroot/aolserver/nsopenssl/nsd.tcl,v
retrieving revision 1.10
retrieving revision 1.11
diff -C2 -d -r1.10 -r1.11
*** nsd.tcl 2 Mar 2003 05:19:48 -0000 1.10
--- nsd.tcl 24 Dec 2003 15:55:12 -0000 1.11
***************
*** 31,108 ****
#
! # SSL contexts. Each SSL context is intended to be a complete definition
! # of an SSL instance. An SSL context may be used by multiple drivers,
! # sockservers and sockclients.
! ns_section "ns/server/${servername}/module/nsopenssl/contexts"
! ns_param user "SSL context used for regular user access"
! ns_param admin "SSL context used for administrator access"
! ns_section "ns/server/${servername}/module/nsopenssl/context/user"
! ns_param Role server # mandatory
! ns_param ModuleDir /path/to/dir # default
! ns_param CertFile servercertfile.pem # mandatory
! ns_param KeyFile serverkeyfile.pem # mandatory
! ns_param CADir serverca # default
! ns_param CAFile serverca.pem # default
! ns_param Protocols "SSLv2, SSLv3, TLSv1" # default
! ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" # default
! ns_param PeerVerify false # default
! ns_param PeerVerifyDepth 3 # default
! ns_param Trace false # default
! ns_param SessionCache true # default
! ns_param SessionCacheSize 128 # default
! ns_param SessionCacheTimeout 300 # default
! ns_section "ns/server/${servername}/module/nsopenssl/context/admin"
ns_param Role server
! ns_param ModuleDir /path/to/dir
! ns_param CertFile servercertfile.pem
! ns_param KeyFile serverkeyfile.pem
! ns_param CADir serverca
! ns_param CAFile serverca.pem
! ns_param Protocols "SSLv2, SSLv3, TLSv1"
! ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
ns_param PeerVerify false
ns_param PeerVerifyDepth 3
ns_param Trace false
- ns_param SessionCache true
- ns_param SessionCacheSize 128
- ns_param SessionCacheTimeout 300
! ns_section "ns/server/${servername}/module/nsopenssl/context/sockclient"
ns_param Role client
! ns_param ModuleDir /path/to/dir
! ns_param CertFile clientcertfile.pem
! ns_param KeyFile clientkeyfile.pem
! ns_param CADir clientca
! ns_param CAFile clientca.pem
! ns_param Protocols "SSLv2, SSLv3, TLSv1"
! ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
! ns_param PeerVerify true
ns_param PeerVerifyDepth 3
ns_param Trace false
- ns_param SessionCache true
- ns_param SessionCacheSize 128
- ns_param SessionCacheTimeout 300
! # SSL drivers. Each driver defines a port and a named SSL context to associate
! # with it.
! ns_section "ns/server/${servername}/module/nsopenssl/contexts"
! ns_param users "Driver for regular user access"
! ns_param admins "Driver for administrator access"
! ns_section "ns/server/${servername}/module/nsopenssl/driver/users"
! ns_param context user
! ns_param port 443
! ns_param hostname 127.0.0.1
! ns_param address 127.0.0.1
! ns_section "ns/server/${servername}/module/nsopenssl/driver/admins"
! ns_param context admin
! ns_param port 8443
! ns_param hostname 127.0.0.1
! ns_param address 127.0.0.1
--- 31,120 ----
#
! # SSL contexts. Each SSL context is a template that SSL connections are created
! # from. A single SSL context may be used by multiple drivers, sockservers and
! # sockclients.
! ns_section "ns/server/${servername}/module/nsopenssl/sslcontexts"
! ns_param users "SSL context used for regular user access"
! ns_param admins "SSL context used for administrator access"
! ns_param client "SSL context used for outgoing script socket connections"
! # We explicitly tell the server which SSL contexts to use as defaults when an
! # SSL context is not specified for a particular client or server SSL
! # connection. Driver connections do not use defaults; they must be explicitly
! # specificied in the driver section. The Tcl API will use the defaults as there
! # is currently no provision to specify which SSL context to use for a
! # particular connection via an ns_openssl Tcl command.
! ns_section "ns/server/${servername}/module/nsopenssl/defaults"
! ns_param server users
! ns_param client client
!
! ns_section "ns/server/${servername}/module/nsopenssl/sslcontext/users"
ns_param Role server
! #ns_param ModuleDir /path/to/dir
! ns_param CertFile server/server.crt
! ns_param KeyFile server/server.key
! ns_param CADir ca-client/dir
! ns_param CAFile ca-client/ca-client.crt
! ns_param Protocols "SSLv3, TLSv1"
! ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
ns_param PeerVerify false
ns_param PeerVerifyDepth 3
ns_param Trace false
! ns_section "ns/server/${servername}/module/nsopenssl/sslcontext/admins"
! ns_param Role server
! #ns_param ModuleDir /path/to/dir
! ns_param CertFile server/server.crt
! ns_param KeyFile server/server.key
! ns_param CADir ca-client/dir
! ns_param CAFile ca-client/ca-client.crt
! ns_param Protocols "All"
! ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
! ns_param PeerVerify false
! ns_param PeerVerifyDepth 3
! ns_param Trace false
!
! ns_section "ns/server/${servername}/module/nsopenssl/sslcontext/client"
ns_param Role client
! #ns_param ModuleDir /path/to/dir
! ns_param CertFile client/client.crt
! ns_param KeyFile client/client.key
! ns_param CADir ca-server/dir
! ns_param CAFile ca-server/ca-server.crt
! ns_param Protocols "SSLv2, SSLv3, TLSv1"
! ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
! ns_param PeerVerify false
ns_param PeerVerifyDepth 3
ns_param Trace false
! # SSL drivers. Each driver defines a port to listen on and an explitictly named
! # SSL context to associate with it. Note that you can now have multiple driver
! # connections within a single virtual server, which can be tied to different
! # SSL contexts. Isn't that cool?
! ns_section "ns/server/${servername}/module/nsopenssl/ssldrivers"
! ns_param users "Driver for regular user access"
! ns_param admins "Driver for administrator access"
! ns_section "ns/server/${servername}/module/nsopenssl/ssldriver/users"
! ns_param sslcontext users
! ns_param port $httpsport_users
! ns_param hostname $hostname
! ns_param address $address
! ns_section "ns/server/${servername}/module/nsopenssl/ssldriver/admins"
! ns_param sslcontext admins
! ns_param port $httpsport_admins
! ns_param hostname $hostname
! ns_param address $address
!
! #
! # Modules to load
! #
! ns_section "ns/server/${servername}/modules"
! ...
! ns_param nsopenssl ${bindir}/nsopenssl${ext}
***************
*** 110,114 ****
###############################################################################
#
! # DEPRECATED: nsopenssl version 2.x configuration
#
--- 122,126 ----
###############################################################################
#
! # nsopenssl version 2.x configuration
#
Index: nsopenssl.c
===================================================================
RCS file: /cvsroot/aolserver/nsopenssl/nsopenssl.c,v
retrieving revision 1.61
retrieving revision 1.62
diff -C2 -d -r1.61 -r1.62
*** nsopenssl.c 30 Sep 2003 14:29:46 -0000 1.61
--- nsopenssl.c 24 Dec 2003 15:55:12 -0000 1.62
***************
*** 10,20 ****
* under the License.
*
- * The Original Code is AOLserver Code and related documentation
- * distributed by AOL.
- *
- * The Initial Developer of the Original Code is America Online,
- * Inc. Portions created by AOL are Copyright (C) 1999 America Online,
- * Inc. All Rights Reserved.
- *
* Alternatively, the contents of this file may be used under the terms
[...2683 lines suppressed...]
!
! case DriverClose:
! if (sslconn != NULL) {
! (void) NsOpenSSLConnFlush(sslconn);
! NsOpenSSLConnDestroy(sslconn);
! sock->arg = NULL;
! }
! n = 0;
! break;
!
! default:
! Ns_Log(Error, "%s (%s): Unsupported driver command encountered",
! MODULE, ssldriver->server);
! n = -1;
! break;
}
! return n;
}
+
Index: nsopenssl.h
===================================================================
RCS file: /cvsroot/aolserver/nsopenssl/nsopenssl.h,v
retrieving revision 1.53
retrieving revision 1.54
diff -C2 -d -r1.53 -r1.54
*** nsopenssl.h 30 Sep 2003 14:29:46 -0000 1.53
--- nsopenssl.h 24 Dec 2003 15:55:12 -0000 1.54
***************
*** 10,20 ****
* under the License.
*
- * The Original Code is AOLserver Code and related documentation
- * distributed by AOL.
- *
- * The Initial Developer of the Original Code is America Online,
- * Inc. Portions created by AOL are Copyright (C) 1999 America Online,
- * Inc. All Rights Reserved.
- *
* Alternatively, the contents of this file may be used under the terms
* of the GNU General Public License (the "GPL"), in which case the
--- 10,13 ----
***************
*** 28,33 ****
*
* Copyright (C) 2000-2003 Scott S. Goodwin
! * Copyright (C) 2000 Rob Mayoff
! * Copyright (C) 1999 Stefan Arentz
*
* $Header$
--- 21,27 ----
*
* Copyright (C) 2000-2003 Scott S. Goodwin
! *
! * Module originally written by Stefan Arentz. Early contributions made by
! * Freddie Mendoze and Rob Mayoff.
*
* $Header$
***************
*** 36,39 ****
--- 30,34 ----
#include <ns.h>
+ #include <assert.h>
#include <ctype.h>
#include <dirent.h>
***************
*** 69,74 ****
#define MODULE "nsopenssl"
! #define DEFAULT_PORT 443
! #define DEFAULT_PROTOCOL "https"
#define DEFAULT_PROTOCOLS "All"
#define DEFAULT_CIPHER_LIST SSL_DEFAULT_CIPHER_LIST
--- 64,72 ----
#define MODULE "nsopenssl"
! #define MODULE_SHORT "ssl"
!
! #define SERVER_ROLE 1
! #define CLIENT_ROLE 0
!
#define DEFAULT_PROTOCOLS "All"
#define DEFAULT_CIPHER_LIST SSL_DEFAULT_CIPHER_LIST
***************
*** 100,121 ****
*/
! typedef struct Ns_OpenSSLContext {
char *server;
! char *module;
! char *moduleDir;
! char *name;
char *desc;
! /* XXX this stuff is already in config path; why duplicate it here? */
! /* XXX any way to get some of it back through OpensSSL ? */
! char *certFile; /* Cert file, PEM format */
! char *keyFile; /* Key file, PEM format */
! char *protocols; /* Protocols to use */
char *cipherSuite; /* OpenSSL-formatted cipher string */
! char *caFile; /* CA file, PEM format, concatenated */
! char *caDir; /* CA dir */
! int peerVerify; /* 0 = peer verify off; 1 = peer verify on */
! int peerVerifyDepth; /* How deep do we allow a verification path to be? */
int sessionCache; /* 0 = off; 1 = on */
! int sessionCacheId;
int sessionCacheSize; /* In bytes */
int sessionCacheTimeout; /* Flush session cache in seconds */
--- 98,119 ----
*/
! typedef struct NsOpenSSLContext {
char *server;
! char *name; /* Name of this SSL context */
char *desc;
! int role; /* 0 = client, 1 = server */
! int initialized; /* 1 = already initialized */
! int refcnt; /* How many active conns I'm tied to */
! char *moduleDir;
! char *certFile; /* PEM formatted certificate file */
! char *keyFile; /* PEM formatted key file */
! char *protocols; /* Allowed SSL protocols */
char *cipherSuite; /* OpenSSL-formatted cipher string */
! char *caFile; /* PEM format CA file(s) concatenated */
! char *caDir; /* CA directory */
! int peerVerify; /* 0 = off; 1 = on */
! int peerVerifyDepth; /* How deep verification path can be */
int sessionCache; /* 0 = off; 1 = on */
! char *sessionCacheId; /* XXX needs to be free'd */
int sessionCacheSize; /* In bytes */
int sessionCacheTimeout; /* Flush session cache in seconds */
***************
*** 123,135 ****
int bufsize;
int timeout;
- int readonly;
- int refcnt;
Ns_Mutex lock;
SSL_CTX *sslctx;
! struct Ns_OpenSSLContext *next;
! #if 0
! struct Server *serverPtr; /* point to virtual server-specific data */
! #endif
! } Ns_OpenSSLContext;
/*
--- 121,129 ----
int bufsize;
int timeout;
Ns_Mutex lock;
SSL_CTX *sslctx;
! struct NsOpenSSLContext *next;
! struct Server *serverPtr; /* virtual server-specific data */
! } NsOpenSSLContext;
/*
***************
*** 138,143 ****
typedef struct NsOpenSSLDriver {
char *server;
- char *module;
char *name; /* Name of this SSL driver */
char *path;
--- 132,137 ----
typedef struct NsOpenSSLDriver {
+ Ns_Mutex lock;
char *server;
char *name; /* Name of this SSL driver */
char *path;
***************
*** 146,154 ****
int port; /* Port the core driver is listening on */
int refcnt; /* Number of conns tied to this driver */
! Ns_Mutex lock;
! struct Ns_Driver *driver; /* Driver that this SSL driver is tied to */
! struct NsOpenSSLDriver *next; /* pointer to next driver */
! struct Ns_OpenSSLContext *sslcontext; /* SSL context assoc with this driver */
! struct Ns_OpenSSLConn *firstFreeConn; /* List of unused conn structs */
} NsOpenSSLDriver;
--- 140,144 ----
int port; /* Port the core driver is listening on */
int refcnt; /* Number of conns tied to this driver */
! struct NsOpenSSLContext *sslcontext; /* SSL context assoc with this driver */
} NsOpenSSLDriver;
***************
*** 157,177 ****
*/
! typedef struct Ns_OpenSSLConn {
char *server;
! char *module;
! int peerport; /* port number of remote side */
char peer[16]; /* peer's name */
! X509 *peercert; /* peer's cert in PEM format */
SSL_CTX *sslctx;
SSL *ssl; /* initialized SSL instance itself */
! BIO *io; /* block i/o */
! SOCKET sock;
SOCKET wsock;
int refcnt; /* don't ns_free() unless this is 0 */
! Ns_Mutex lock;
struct NsOpenSSLDriver *ssldriver; /* the driver this conn belongs to */
! struct Ns_OpenSSLConn *next; /* next conn */
! struct Ns_OpenSSLContext *sslcontext;
! } Ns_OpenSSLConn;
/*
--- 147,166 ----
*/
! typedef struct NsOpenSSLConn {
! Ns_Mutex lock;
char *server;
! int peerport; /* port this connection came in or went out on */
! int peeraddr; /* IP address of remote side */
char peer[16]; /* peer's name */
! struct NsOpenSSLContext *sslcontext;
SSL_CTX *sslctx;
SSL *ssl; /* initialized SSL instance itself */
! BIO *bio; /* block i/o */
! SOCKET socket;
SOCKET wsock;
int refcnt; /* don't ns_free() unless this is 0 */
! int timeout;
struct NsOpenSSLDriver *ssldriver; /* the driver this conn belongs to */
! } NsOpenSSLConn;
/*
***************
*** 180,200 ****
typedef struct Server {
char *server;
Tcl_HashTable sslcontexts;
Tcl_HashTable ssldrivers;
! char *defaultcontext;
! Ns_Mutex *lock;
} Server;
/*
! * Session cache id management. This is OpenSSL-library global, so cache items
! * need to be prefixed by the module name and virtual server name.
*/
! /* XXX merge into per-virtual server struct above ??? */
! typedef struct NsOpenSSLSessionCacheId {
! Ns_Mutex lock;
! int id;
! } NsOpenSSLSessionCacheId;
/*
--- 169,214 ----
typedef struct Server {
+ Ns_Mutex lock;
char *server;
Tcl_HashTable sslcontexts;
Tcl_HashTable ssldrivers;
! char *defaultclientcontext;
! char *defaultservercontext;
! int nextSessionCacheId;
} Server;
/*
! * sslconn.c
*/
! #if 0
! extern void
! NsOpenSSLErrorDump(NsOpenSSLConn *sslconn, int code);
! #endif
!
! extern NsOpenSSLConn *
! NsOpenSSLConnCreate(SOCKET socket, NsOpenSSLContext *sslcontext);
!
! extern void
! NsOpenSSLConnDestroy(NsOpenSSLConn *sslconn);
!
! extern int
! NsOpenSSLConnFlush(NsOpenSSLConn *sslconn);
!
! extern int
! NsOpenSSLConnRecv(BIO *bio, void *buffer, int toread);
!
! extern int
! NsOpenSSLConnSend(BIO *bio, void *buffer, int towrite);
!
! extern int
! NsOpenSSLConnAccept(NsOpenSSLConn *sslconn);
!
! /* XXX test */
! extern int
! NsOpenSSLConnAccept2(NsOpenSSLConn *sslconn);
!
! extern int
! NsOpenSSLConnConnect(NsOpenSSLConn *sslconn);
/*
***************
*** 202,212 ****
*/
! extern Ns_OpenSSLConn *NsOpenSSLConnCreate(SOCKET sock,
! NsOpenSSLDriver *ssldriver, Ns_OpenSSLContext *sslcontext);
! extern int NsOpenSSLConnDestroy(Ns_OpenSSLConn *sslconn);
! extern int NsOpenSSLFlush(Ns_OpenSSLConn *sslconn);
! extern int NsOpenSSLRecv(Ns_OpenSSLConn *sslconn, void *buffer, int toread);
! extern int NsOpenSSLSend(Ns_OpenSSLConn *sslconn, void *buffer, int towrite);
! extern int NsOpenSSLShutdown(SSL *ssl);
/*
--- 216,235 ----
*/
! extern NsOpenSSLConn *
! Ns_OpenSSLSockConnect(char *server, char *host, int port, int async,
! int timeout, NsOpenSSLContext *sslcontext);
!
! extern NsOpenSSLConn *
! Ns_OpenSSLSockAccept(SOCKET sock, NsOpenSSLContext *sslcontext);
!
! extern SOCKET
! Ns_OpenSSLSockListen(char *addr, int port);
!
! extern int
! Ns_OpenSSLSockListenCallback(char *addr, int port, Ns_SockProc *proc, void *arg);
!
! extern int
! Ns_OpenSSLFetchUrl(char *server, Ns_DString *dsPtr, char *url,
! Ns_Set *headers, NsOpenSSLContext *sslcontext);
/*
***************
*** 214,301 ****
*/
! extern void NsOpenSSLTclInit(char *server);
! extern Tcl_CmdProc NsTclOpenSSLConnCmd;
!
! extern Tcl_CmdProc NsTclOpenSSLCmd;
/*
! * nsopenssl.c (C API)
*/
! extern int Ns_OpenSSLIsPeerCertValid (Ns_OpenSSLConn *sslconn);
! extern Ns_OpenSSLContext *Ns_OpenSSLContextCreate (char *server,
! char *module);
! extern int Ns_OpenSSLContextInit(char *server, char *module,
! Ns_OpenSSLContext *sslcontext);
! extern int Ns_OpenSSLContextRelease (char *server,
! char *module, Ns_OpenSSLContext *sslcontext);
! extern int Ns_OpenSSLContextDestroy(char *server, char *module,
! Ns_OpenSSLContext *sslcontext);
! extern int Ns_OpenSSLContextModuleDirSet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext, char *moduleDir);
! extern char *Ns_OpenSSLContextModuleDirGet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext);
! extern int Ns_OpenSSLContextCertFileSet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext, char *certFile);
! extern char *Ns_OpenSSLContextCertFileGet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext);
! extern int Ns_OpenSSLContextKeyFileSet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext, char *keyFile);
! extern char *Ns_OpenSSLContextKeyFileGet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext);
! extern int Ns_OpenSSLContextProtocolsSet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext, char *protocols);
! extern char *Ns_OpenSSLContextProtocolsGet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext);
! extern int Ns_OpenSSLContextCipherSuiteSet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext, char *cipherSuite);
! extern char *Ns_OpenSSLContextCipherSuiteGet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext);
! extern int Ns_OpenSSLContextCAFileSet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext, char *CAFile);
! extern char *Ns_OpenSSLContextCAFileGet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext);
! extern int Ns_OpenSSLContextCADirSet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext, char *CADir);
! extern char *Ns_OpenSSLContextCADirGet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext);
! extern int Ns_OpenSSLContextPeerVerifySet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext, int peerVerify);
! extern int Ns_OpenSSLContextPeerVerifyGet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext);
! extern int Ns_OpenSSLContextPeerVerifyDepthSet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext, int peerVerifyDepth);
! extern int Ns_OpenSSLContextPeerVerifyDepthGet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext);
! extern int NsOpenSSLSessionCacheInit(void);
! extern int Ns_OpenSSLContextSessionCacheSet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext, int sessionCache);
! extern int Ns_OpenSSLContextSessionCacheGet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext);
! extern int Ns_OpenSSLContextSessionCacheSizeSet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext, int sessionCacheSize);
! extern int Ns_OpenSSLContextSessionCacheSizeGet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext);
! extern int Ns_OpenSSLContextSessionCacheTimeoutSet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext, int sessionCacheTimeout);
! extern int Ns_OpenSSLContextSessionCacheTimeoutGet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext);
! extern int Ns_OpenSSLContextTraceSet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext, int trace);
! extern int Ns_OpenSSLContextTraceGet(char *server, char *module,
! Ns_OpenSSLContext *sslcontext);
! extern int NsOpenSSLModuleInit(char *server, char *module);
- #ifdef TEST
- extern void NSOPENSSLDumpState(void);
- extern void NSOPENSSLDumpSSLServers(void);
- extern void NSOPENSSLDumpSSLDrivers(void);
- extern void NSOPENSSLDumpSSLContexts(void);
- #endif
--- 237,366 ----
*/
! extern void
! NsOpenSSLTclInit(char *server);
/*
! * nsopenssl.c
*/
! extern Server *
! NsOpenSSLServerGet(char *server);
! extern void
! NsOpenSSLContextAdd(char *server, NsOpenSSLContext *sslcontext);
! extern void
! Ns_OpenSSLServerSSLContextRemove(char *server, NsOpenSSLContext *sslcontext);
! extern NsOpenSSLContext *
! Ns_OpenSSLServerSSLContextGet(char *server, char *name);
! extern int
! Ns_OpenSSLIsPeerCertValid (NsOpenSSLConn *sslconn);
+ extern NsOpenSSLContext *
+ NsOpenSSLContextCreate(char *server, char *name);
! extern int
! NsOpenSSLContextInit(char *server, NsOpenSSLContext *sslcontext);
! extern int
! NsOpenSSLContextRelease (char *server, NsOpenSSLContext *sslcontext);
!
! extern int
! NsOpenSSLContextDestroy(char *server, NsOpenSSLContext *sslcontext);
!
! /* XXX ugly. find a cleaner way to do this */
! extern NsOpenSSLContext *
! NsOpenSSLContextServerDefaultGet(char *server);
!
! extern NsOpenSSLContext *
! NsOpenSSLContextClientDefaultGet(char *server);
!
! extern int
! NsOpenSSLContextRoleSet(char *server, NsOpenSSLContext *sslcontext, char *role);
!
! extern char *
! NsOpenSSLContextRoleGet(char *server, NsOpenSSLContext *sslcontext);
!
! extern int
! NsOpenSSLContextModuleDirSet(char *server, NsOpenSSLContext *sslcontext, char *moduleDir);
!
! extern char *
! NsOpenSSLContextModuleDirGet(char *server, NsOpenSSLContext *sslcontext);
!
! extern int
! NsOpenSSLContextCertFileSet(char *server, NsOpenSSLContext *sslcontext, char *certFile);
!
! extern char *
! NsOpenSSLContextCertFileGet(char *server, NsOpenSSLContext *sslcontext);
!
! extern int
! NsOpenSSLContextKeyFileSet(char *server, NsOpenSSLContext *sslcontext, char *keyFile);
!
! extern char *
! NsOpenSSLContextKeyFileGet(char *server, NsOpenSSLContext *sslcontext);
!
! extern int
! NsOpenSSLContextProtocolsSet(char *server, NsOpenSSLContext *sslcontext, char *protocols);
!
! extern char *
! NsOpenSSLContextProtocolsGet(char *server, NsOpenSSLContext *sslcontext);
!
! extern int
! NsOpenSSLContextCipherSuiteSet(char *server, NsOpenSSLContext *sslcontext, char *cipherSuite);
!
! extern char *
! NsOpenSSLContextCipherSuiteGet(char *server, NsOpenSSLContext *sslcontext);
!
! extern int
! NsOpenSSLContextCAFileSet(char *server, NsOpenSSLContext *sslcontext, char *CAFile);
!
! extern char *
! NsOpenSSLContextCAFileGet(char *server, NsOpenSSLContext *sslcontext);
!
! extern int
! NsOpenSSLContextCADirSet(char *server, NsOpenSSLContext *sslcontext, char *CADir);
!
! extern char *
! NsOpenSSLContextCADirGet(char *server, NsOpenSSLContext *sslcontext);
!
! extern int
! NsOpenSSLContextPeerVerifySet(char *server, NsOpenSSLContext *sslcontext, int peerVerify);
!
! extern int
! NsOpenSSLContextPeerVerifyGet(char *server, NsOpenSSLContext *sslcontext);
!
! extern int
! NsOpenSSLContextPeerVerifyDepthSet(char *server, NsOpenSSLContext *sslcontext, int peerVerifyDepth);
!
! extern int
! NsOpenSSLContextPeerVerifyDepthGet(char *server, NsOpenSSLContext *sslcontext);
!
! extern int
! NsOpenSSLContextSessionCacheSet(char *server, NsOpenSSLContext *sslcontext, int sessionCache);
!
! extern int
! NsOpenSSLContextSessionCacheGet(char *server, NsOpenSSLContext *sslcontext);
!
! extern int
! NsOpenSSLContextSessionCacheSizeSet(char *server, NsOpenSSLContext *sslcontext, int sessionCacheSize);
!
! extern int
! NsOpenSSLContextSessionCacheSizeGet(char *server, NsOpenSSLContext *sslcontext);
!
! extern int
! NsOpenSSLContextSessionCacheTimeoutSet(char *server, NsOpenSSLContext *sslcontext, int sessionCacheTimeout);
!
! extern int
! NsOpenSSLContextSessionCacheTimeoutGet(char *server, NsOpenSSLContext *sslcontext);
!
! extern int
! NsOpenSSLContextTraceSet(char *server, NsOpenSSLContext *sslcontext, int trace);
!
! extern int
! NsOpenSSLContextTraceGet(char *server, NsOpenSSLContext *sslcontext);
!
! extern int
! NsOpenSSLModuleInit(char *server);
Index: ssl.c
===================================================================
RCS file: /cvsroot/aolserver/nsopenssl/ssl.c,v
retrieving revision 1.44
retrieving revision 1.45
diff -C2 -d -r1.44 -r1.45
*** ssl.c 30 Sep 2003 14:29:46 -0000 1.44
--- ssl.c 24 Dec 2003 15:55:12 -0000 1.45
***************
*** 10,20 ****
* under the License.
*
- * The Original Code is AOLserver Code and related documentation
- * distributed by AOL.
- *
- * The Initial Developer of the Original Code is America Online,
- * Inc. Portions created by AOL are Copyright (C) 1999 America Online,
- * Inc. All Rights Reserved.
- *
* Alternatively, the contents of this file may be used under the terms
[...1275 lines suppressed...]
! break;
! case SSL_ERROR_WANT_X509_LOOKUP:
! Ns_Log(Debug, "--- SSL_ERROR_WANT_X509_LOOKUP");
! break;
! case SSL_ERROR_SYSCALL:
! Ns_Log(Debug, "--- SSL_ERROR_SYSCALL");
! break;
! case SSL_ERROR_SSL:
! Ns_Log(Debug, "--- SSL_ERROR_SSL");
! break;
! }
! while ((e = ERR_get_error()) != 0) {
! Ns_Log(Debug, "--- ERR = %s", ERR_error_string(e, NULL));
! Ns_Log(Debug, " - LIB = %d", ERR_GET_LIB(e));
! Ns_Log(Debug, " - FUNC = %d", ERR_GET_FUNC(e));
! Ns_Log(Debug, " - REASON = %d", ERR_GET_REASON(e));
}
}
+ #endif
Index: tclcmds.c
===================================================================
RCS file: /cvsroot/aolserver/nsopenssl/tclcmds.c,v
retrieving revision 1.38
retrieving revision 1.39
diff -C2 -d -r1.38 -r1.39
*** tclcmds.c 30 Sep 2003 14:29:46 -0000 1.38
--- tclcmds.c 24 Dec 2003 15:55:13 -0000 1.39
***************
*** 10,20 ****
* under the License.
*
- * The Original Code is AOLserver Code and related documentation
- * distributed by AOL.
- *
- * The Initial Developer of the Original Code is America Online,
- * Inc. Portions created by AOL are Copyright (C) 1999 America Online,
- * Inc. All Rights Reserved.
- *
* Alternatively, the contents of this file may be used under the terms
[...2543 lines suppressed...]
+ }
+
+ if (status != TCL_OK) {
+ Ns_TclLogError(interp);
+ } else if (!STREQ(interp->result, "1")) {
+ why = NS_SOCK_EXIT;
+ }
+
+ Ns_TclDeAllocateInterp(interp);
+
+ }
+
+ if (why == NS_SOCK_EXIT) {
+ ns_sockclose(sock);
+ ns_free(cbPtr);
+ return NS_FALSE;
+ }
+
+ return NS_TRUE;
+ }
--- init.c DELETED ---
|