From: <sc...@us...> - 2003-12-27 15:37:58
|
Update of /cvsroot/aolserver/nsopenssl In directory sc8-pr-cvs1:/tmp/cvs-serv5251 Modified Files: ChangeLog TODO nsopenssl.h ssl.c tclcmds.c Log Message: Added Windows compile fixes from Jamie Rasmussen. Fixed sslcontext NULLs. Index: ChangeLog =================================================================== RCS file: /cvsroot/aolserver/nsopenssl/ChangeLog,v retrieving revision 1.88 retrieving revision 1.89 diff -C2 -d -r1.88 -r1.89 *** ChangeLog 24 Dec 2003 15:55:12 -0000 1.88 --- ChangeLog 27 Dec 2003 15:37:29 -0000 1.89 *************** *** 1,2 **** --- 1,7 ---- + 2003-12-27 Scott Goodwin <sc...@sc...> + + * nsopenssl.c, nsopenssl.h: Added changes from Jamie Rasmussen for + Windows build. + 2003-12-24 Scott Goodwin <sc...@sc...> Index: TODO =================================================================== RCS file: /cvsroot/aolserver/nsopenssl/TODO,v retrieving revision 1.36 retrieving revision 1.37 diff -C2 -d -r1.36 -r1.37 *** TODO 30 Sep 2003 14:29:46 -0000 1.36 --- TODO 27 Dec 2003 15:37:29 -0000 1.37 *************** *** 1,40 **** ! nsopenssl ! - Create OpenSSLCmd library (OpenSSLVerifyCert, ...); use for nsopenssl, nshttps, nsencrypt ! - Fix log messages: add MODULE, server; remove useless messages - Goals: ! - Make nsopenssl handle multiple virtual servers with multiple ports per ! virtual server while only loading nsopenssl.so once for AOLserver 4.x. - - Give nsopenssl the ability to perform certificate operations so it can be - used to drive a CA process. - TODO: - - use NsOpenSSLServers hash to manage drivers on a per-server basis in OpenSSLDriverInit - - validate driver init, operation, shutdown and free'ing - - validate SSL context load, init, locking, use of, shutdown and free'ing operations - - fix SSL handshake tracing - - test accessing named SSL contexts for a particular virtual server - - make sure struct locking is done where needed - - set up session cache contexts and/or use 'nsopenssl-' prefix in session cache ids - - extract global C API calls into libnsopenssl.so. - - review Ns_Log statements for accuracy - - ignore any ciphers or protocols listed in config that weren't compiled into OpenSSL library - - fix OpenSSL version reporting - - convert to TclObj commands - - add IP address for logged events - - allow for Tcl API sock servers/clients to have C or Tcl callback set via nsd.tcl - - update Tcl API to allow for dynamically creating / using new SSL contexts - - create pool of reusable conn structures - - create Ns_OpenSSLWrap C API functions - - update C and Tcl API to allow for generation of CA / Client / Server cert - - add CRL support - - add Online Certificate Status Protocol (OCSP) support. - - create 'dup' function that can dup a named SSL context struct - - clean up codebase to be completely consistent with AOLserver coding conventions - - validate PRNG functioning --- 1,43 ---- ! TODO for nsopenssl: ! nsopenssl 3.0 release: ! - Ensure sslcontexts are not NULL before accessing (mostly tclcmds.c) ! - Remove all debug statements ! - Clean up log messages; ditch ones that are not really useful ! - Ensure clean shutdown operations (destroying all conns, then drivers, ...) ! - Validate client disconnect doesn't tie up reader thread ! - Ensure locking around structs is happening properly ! - Review session cache code ! - Clean up compiler warnings + nsopenssl 3.1 release: + - Add client IP address to log messages + - Fix OpenSSL version reporting + - Review any commands that can be converted to TclObjs + - Automate the testing via wget, openssl command line + nsopenssl 4.0 release: + - Revamp Tcl API -- major overhaul will require changing of Tcl proc names + - Add ability to introspect on Tcl API in/out socket conns; currently can + only do this with core driver conns. + - Change version number scheme to match AOLserver + - Review PRNG code + - Ignore any ciphers or protocols listed in config that weren't compiled into OpenSSL library + - Add benchmarking/performance testing ! General Wish List: ! - Move https.tcl into C ! - Give nsopenssl the ability to perform certificate operations so it can be ! used to drive a CA process. ! - Add CRL support ! - Add OCSP support ! - Add C and Tcl API for generation of CA / Client / Server cert ! - Add ability to wrap other module conns with an Ns_OpenSSLWrap C API function ! - Add ability to wrap ns_ldap conns ! - Add SSL session cache capability across multiple servers ! - Allow Tcl API sockcallbacks to be specified in config file (?) ! - Create pool of reusable conn structures Index: nsopenssl.h =================================================================== RCS file: /cvsroot/aolserver/nsopenssl/nsopenssl.h,v retrieving revision 1.54 retrieving revision 1.55 diff -C2 -d -r1.54 -r1.55 *** nsopenssl.h 24 Dec 2003 15:55:12 -0000 1.54 --- nsopenssl.h 27 Dec 2003 15:37:29 -0000 1.55 *************** *** 32,44 **** #include <assert.h> #include <ctype.h> - #include <dirent.h> #include <fcntl.h> #include <limits.h> #include <string.h> - #include <sys/ioctl.h> #include <sys/stat.h> - #include <sys/time.h> #include <sys/types.h> #include <unistd.h> #define SockError(i) Tcl_PosixError((i)) --- 32,48 ---- #include <assert.h> #include <ctype.h> #include <fcntl.h> #include <limits.h> #include <string.h> #include <sys/stat.h> #include <sys/types.h> + + #ifndef _WIN32 + #include <dirent.h> + #include <sys/ioctl.h> + #include <sys/time.h> #include <unistd.h> + #endif + #define SockError(i) Tcl_PosixError((i)) Index: ssl.c =================================================================== RCS file: /cvsroot/aolserver/nsopenssl/ssl.c,v retrieving revision 1.45 retrieving revision 1.46 diff -C2 -d -r1.45 -r1.46 *** ssl.c 24 Dec 2003 15:55:12 -0000 1.45 --- ssl.c 27 Dec 2003 15:37:29 -0000 1.46 *************** *** 36,39 **** --- 36,43 ---- __DATE__ " " __TIME__; + #ifdef _WIN32 + #define SHUT_WR SD_SEND + #endif + #include "nsopenssl.h" Index: tclcmds.c =================================================================== RCS file: /cvsroot/aolserver/nsopenssl/tclcmds.c,v retrieving revision 1.39 retrieving revision 1.40 diff -C2 -d -r1.39 -r1.40 *** tclcmds.c 24 Dec 2003 15:55:13 -0000 1.39 --- tclcmds.c 27 Dec 2003 15:37:29 -0000 1.40 *************** *** 792,798 **** if (sslcontext == NULL) { ! Tcl_SetResult(interp, "failed to use either named or default client SSL context", ! TCL_STATIC); ! return TCL_ERROR; } --- 792,798 ---- if (sslcontext == NULL) { ! Tcl_SetResult(interp, "failed to use either named or default client SSL context", ! TCL_STATIC); ! return TCL_ERROR; } *************** *** 832,836 **** * NsTclOpenSSLGetUrlObjCmd -- * ! * Implements ns_geturl. * * Results: --- 832,836 ---- * NsTclOpenSSLGetUrlObjCmd -- * ! * Implements ns_openssl_geturl. * * Results: *************** *** 871,876 **** url = Tcl_GetString(objv[1]); ! if (url == '/') { ! if (Ns_FetchPage(&ds, url, Ns_TclInterpServer(interp)) != NS_OK) { Tcl_AppendResult(interp, "Could not get contents of URL \"", --- 871,875 ---- url = Tcl_GetString(objv[1]); ! if (url[1] == '/') { if (Ns_FetchPage(&ds, url, Ns_TclInterpServer(interp)) != NS_OK) { Tcl_AppendResult(interp, "Could not get contents of URL \"", *************** *** 878,884 **** goto done; } - } else { - /* Figure out which SSL context to use in creating the SSL connection */ /* XXX update API to accept last arg of sslcontext */ --- 877,881 ---- *************** *** 890,893 **** --- 887,897 ---- //} + if (sslcontext == NULL) { + Tcl_SetResult(interp, + "failed to use either named or default client SSL context", + TCL_STATIC); + goto done; + } + if (Ns_OpenSSLFetchUrl(thisServer->server, &ds, url, headers, sslcontext) != NS_OK) { Tcl_AppendResult(interp, "Could not get contents of URL \"", *************** *** 898,902 **** goto done; } - } --- 902,905 ---- *************** *** 1356,1359 **** --- 1359,1371 ---- lcbPtr->sslcontext = NsOpenSSLContextServerDefaultGet(thisServer->server); } + + /* XXX check lcbPtr->sslcontext: if NULL, fail with error message !!! */ + #if 0 + if (sslcontext == NULL) { + Tcl_SetResult(interp, "failed to use either named or default client SSL context", + TCL_STATIC); + return TCL_ERROR; + } + #endif #if 0 |