Menu
▾
▴
[AOLSERVER-COMMITS] nsopenssl ChangeLog,1.88,1.89 TODO,1.36,1.37 nsopenssl.h,1.54,1.55 ssl.c,1.45,1.46 tclcmds.c,1.39,1.40
|
From: <sc...@us...> - 2003-12-27 15:37:58
|
Update of /cvsroot/aolserver/nsopenssl
In directory sc8-pr-cvs1:/tmp/cvs-serv5251
Modified Files:
ChangeLog TODO nsopenssl.h ssl.c tclcmds.c
Log Message:
Added Windows compile fixes from Jamie Rasmussen. Fixed sslcontext NULLs.
Index: ChangeLog
===================================================================
RCS file: /cvsroot/aolserver/nsopenssl/ChangeLog,v
retrieving revision 1.88
retrieving revision 1.89
diff -C2 -d -r1.88 -r1.89
*** ChangeLog 24 Dec 2003 15:55:12 -0000 1.88
--- ChangeLog 27 Dec 2003 15:37:29 -0000 1.89
***************
*** 1,2 ****
--- 1,7 ----
+ 2003-12-27 Scott Goodwin <sc...@sc...>
+
+ * nsopenssl.c, nsopenssl.h: Added changes from Jamie Rasmussen for
+ Windows build.
+
2003-12-24 Scott Goodwin <sc...@sc...>
Index: TODO
===================================================================
RCS file: /cvsroot/aolserver/nsopenssl/TODO,v
retrieving revision 1.36
retrieving revision 1.37
diff -C2 -d -r1.36 -r1.37
*** TODO 30 Sep 2003 14:29:46 -0000 1.36
--- TODO 27 Dec 2003 15:37:29 -0000 1.37
***************
*** 1,40 ****
! nsopenssl
! - Create OpenSSLCmd library (OpenSSLVerifyCert, ...); use for nsopenssl, nshttps, nsencrypt
! - Fix log messages: add MODULE, server; remove useless messages
- Goals:
! - Make nsopenssl handle multiple virtual servers with multiple ports per
! virtual server while only loading nsopenssl.so once for AOLserver 4.x.
- - Give nsopenssl the ability to perform certificate operations so it can be
- used to drive a CA process.
- TODO:
- - use NsOpenSSLServers hash to manage drivers on a per-server basis in OpenSSLDriverInit
- - validate driver init, operation, shutdown and free'ing
- - validate SSL context load, init, locking, use of, shutdown and free'ing operations
- - fix SSL handshake tracing
- - test accessing named SSL contexts for a particular virtual server
- - make sure struct locking is done where needed
- - set up session cache contexts and/or use 'nsopenssl-' prefix in session cache ids
- - extract global C API calls into libnsopenssl.so.
- - review Ns_Log statements for accuracy
- - ignore any ciphers or protocols listed in config that weren't compiled into OpenSSL library
- - fix OpenSSL version reporting
- - convert to TclObj commands
- - add IP address for logged events
- - allow for Tcl API sock servers/clients to have C or Tcl callback set via nsd.tcl
- - update Tcl API to allow for dynamically creating / using new SSL contexts
- - create pool of reusable conn structures
- - create Ns_OpenSSLWrap C API functions
- - update C and Tcl API to allow for generation of CA / Client / Server cert
- - add CRL support
- - add Online Certificate Status Protocol (OCSP) support.
- - create 'dup' function that can dup a named SSL context struct
- - clean up codebase to be completely consistent with AOLserver coding conventions
- - validate PRNG functioning
--- 1,43 ----
! TODO for nsopenssl:
! nsopenssl 3.0 release:
! - Ensure sslcontexts are not NULL before accessing (mostly tclcmds.c)
! - Remove all debug statements
! - Clean up log messages; ditch ones that are not really useful
! - Ensure clean shutdown operations (destroying all conns, then drivers, ...)
! - Validate client disconnect doesn't tie up reader thread
! - Ensure locking around structs is happening properly
! - Review session cache code
! - Clean up compiler warnings
+ nsopenssl 3.1 release:
+ - Add client IP address to log messages
+ - Fix OpenSSL version reporting
+ - Review any commands that can be converted to TclObjs
+ - Automate the testing via wget, openssl command line
+ nsopenssl 4.0 release:
+ - Revamp Tcl API -- major overhaul will require changing of Tcl proc names
+ - Add ability to introspect on Tcl API in/out socket conns; currently can
+ only do this with core driver conns.
+ - Change version number scheme to match AOLserver
+ - Review PRNG code
+ - Ignore any ciphers or protocols listed in config that weren't compiled into OpenSSL library
+ - Add benchmarking/performance testing
! General Wish List:
! - Move https.tcl into C
! - Give nsopenssl the ability to perform certificate operations so it can be
! used to drive a CA process.
! - Add CRL support
! - Add OCSP support
! - Add C and Tcl API for generation of CA / Client / Server cert
! - Add ability to wrap other module conns with an Ns_OpenSSLWrap C API function
! - Add ability to wrap ns_ldap conns
! - Add SSL session cache capability across multiple servers
! - Allow Tcl API sockcallbacks to be specified in config file (?)
! - Create pool of reusable conn structures
Index: nsopenssl.h
===================================================================
RCS file: /cvsroot/aolserver/nsopenssl/nsopenssl.h,v
retrieving revision 1.54
retrieving revision 1.55
diff -C2 -d -r1.54 -r1.55
*** nsopenssl.h 24 Dec 2003 15:55:12 -0000 1.54
--- nsopenssl.h 27 Dec 2003 15:37:29 -0000 1.55
***************
*** 32,44 ****
#include <assert.h>
#include <ctype.h>
- #include <dirent.h>
#include <fcntl.h>
#include <limits.h>
#include <string.h>
- #include <sys/ioctl.h>
#include <sys/stat.h>
- #include <sys/time.h>
#include <sys/types.h>
#include <unistd.h>
#define SockError(i) Tcl_PosixError((i))
--- 32,48 ----
#include <assert.h>
#include <ctype.h>
#include <fcntl.h>
#include <limits.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
+
+ #ifndef _WIN32
+ #include <dirent.h>
+ #include <sys/ioctl.h>
+ #include <sys/time.h>
#include <unistd.h>
+ #endif
+
#define SockError(i) Tcl_PosixError((i))
Index: ssl.c
===================================================================
RCS file: /cvsroot/aolserver/nsopenssl/ssl.c,v
retrieving revision 1.45
retrieving revision 1.46
diff -C2 -d -r1.45 -r1.46
*** ssl.c 24 Dec 2003 15:55:12 -0000 1.45
--- ssl.c 27 Dec 2003 15:37:29 -0000 1.46
***************
*** 36,39 ****
--- 36,43 ----
__DATE__ " " __TIME__;
+ #ifdef _WIN32
+ #define SHUT_WR SD_SEND
+ #endif
+
#include "nsopenssl.h"
Index: tclcmds.c
===================================================================
RCS file: /cvsroot/aolserver/nsopenssl/tclcmds.c,v
retrieving revision 1.39
retrieving revision 1.40
diff -C2 -d -r1.39 -r1.40
*** tclcmds.c 24 Dec 2003 15:55:13 -0000 1.39
--- tclcmds.c 27 Dec 2003 15:37:29 -0000 1.40
***************
*** 792,798 ****
if (sslcontext == NULL) {
! Tcl_SetResult(interp, "failed to use either named or default client SSL context",
! TCL_STATIC);
! return TCL_ERROR;
}
--- 792,798 ----
if (sslcontext == NULL) {
! Tcl_SetResult(interp, "failed to use either named or default client SSL context",
! TCL_STATIC);
! return TCL_ERROR;
}
***************
*** 832,836 ****
* NsTclOpenSSLGetUrlObjCmd --
*
! * Implements ns_geturl.
*
* Results:
--- 832,836 ----
* NsTclOpenSSLGetUrlObjCmd --
*
! * Implements ns_openssl_geturl.
*
* Results:
***************
*** 871,876 ****
url = Tcl_GetString(objv[1]);
! if (url == '/') {
!
if (Ns_FetchPage(&ds, url, Ns_TclInterpServer(interp)) != NS_OK) {
Tcl_AppendResult(interp, "Could not get contents of URL \"",
--- 871,875 ----
url = Tcl_GetString(objv[1]);
! if (url[1] == '/') {
if (Ns_FetchPage(&ds, url, Ns_TclInterpServer(interp)) != NS_OK) {
Tcl_AppendResult(interp, "Could not get contents of URL \"",
***************
*** 878,884 ****
goto done;
}
-
} else {
-
/* Figure out which SSL context to use in creating the SSL connection */
/* XXX update API to accept last arg of sslcontext */
--- 877,881 ----
***************
*** 890,893 ****
--- 887,897 ----
//}
+ if (sslcontext == NULL) {
+ Tcl_SetResult(interp,
+ "failed to use either named or default client SSL context",
+ TCL_STATIC);
+ goto done;
+ }
+
if (Ns_OpenSSLFetchUrl(thisServer->server, &ds, url, headers, sslcontext) != NS_OK) {
Tcl_AppendResult(interp, "Could not get contents of URL \"",
***************
*** 898,902 ****
goto done;
}
-
}
--- 902,905 ----
***************
*** 1356,1359 ****
--- 1359,1371 ----
lcbPtr->sslcontext = NsOpenSSLContextServerDefaultGet(thisServer->server);
}
+
+ /* XXX check lcbPtr->sslcontext: if NULL, fail with error message !!! */
+ #if 0
+ if (sslcontext == NULL) {
+ Tcl_SetResult(interp, "failed to use either named or default client SSL context",
+ TCL_STATIC);
+ return TCL_ERROR;
+ }
+ #endif
#if 0
|