Changeset 5152
- Timestamp:
- 05/01/11 17:35:34 (13 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/oscam-config.h
r5074 r5152 11 11 12 12 #ifndef WITH_SSL 13 //#define WITH_SSL13 #define WITH_SSL 14 14 #endif 15 15 -
trunk/oscam-http-helpers.c
r5150 r5152 731 731 }; 732 732 733 / / function needs explicitly unsigned long to prevent compiler warning, uintptr_t is not valid here733 /* function really needs unsigned long to prevent compiler warnings... */ 734 734 unsigned long SSL_id_function(void){ 735 735 return ((unsigned long) pthread_self()); … … 746 746 } 747 747 748 struct CRYPTO_dynlock_value *SSL_dyn_create_function(const char *file, int line){ 749 struct CRYPTO_dynlock_value *value; 750 if(!cs_malloc(&value, sizeof(struct CRYPTO_dynlock_value), -1)) return (NULL); 751 pthread_mutex_init(&value->mutex, NULL); 748 struct CRYPTO_dynlock_value *SSL_dyn_create_function(const char *file, int32_t line){ 749 struct CRYPTO_dynlock_value *l; 750 if(!cs_malloc(&l, sizeof(struct CRYPTO_dynlock_value), -1)) return (NULL); 751 if(pthread_mutex_init(&l->mutex, NULL)) { 752 // Initialization of mutex failed. 753 free(l); 754 return (NULL); 755 } 756 pthread_mutex_init(&l->mutex, NULL); 752 757 // just to remove compiler warnings... 753 if(file || line) return value;754 return value;755 } 756 757 void SSL_dyn_lock_function(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line){758 if(file || line) return l; 759 return l; 760 } 761 762 void SSL_dyn_lock_function(int32_t mode, struct CRYPTO_dynlock_value *l, const char *file, int32_t line){ 758 763 if (mode & CRYPTO_LOCK) { 759 764 pthread_mutex_lock(&l->mutex); … … 765 770 } 766 771 767 void SSL_dyn_destroy_function(struct CRYPTO_dynlock_value *l, const char *file, int line){772 void SSL_dyn_destroy_function(struct CRYPTO_dynlock_value *l, const char *file, int32_t line){ 768 773 pthread_mutex_destroy(&l->mutex); 769 774 free(l); … … 771 776 if(file || line) return; 772 777 } 778 779 /* Init necessary structures for SSL in WebIf*/ 780 SSL_CTX *SSL_Webif_Init() { 781 SSL_library_init(); 782 SSL_load_error_strings(); 783 ERR_load_BIO_strings(); 784 ERR_load_SSL_strings(); 785 786 SSL_METHOD *meth; 787 SSL_CTX *ctx; 788 789 static const char *cs_cert="oscam.pem"; 790 791 // set locking callbacks for SSL 792 int32_t i, num = CRYPTO_num_locks(); 793 lock_cs = (pthread_mutex_t*) OPENSSL_malloc(num * sizeof(pthread_mutex_t)); 794 795 for (i = 0; i < num; ++i) { 796 if(pthread_mutex_init(&lock_cs[i], NULL)){ 797 while(--i > 0){ 798 pthread_mutex_destroy(&lock_cs[i]); 799 --i; 800 } 801 free(lock_cs); 802 return NULL; 803 }; 804 } 805 /* static lock callbacks */ 806 CRYPTO_set_id_callback(SSL_id_function); 807 CRYPTO_set_locking_callback(SSL_locking_function); 808 /* dynamic lock callbacks */ 809 CRYPTO_set_dynlock_create_callback(SSL_dyn_create_function); 810 CRYPTO_set_dynlock_lock_callback(SSL_dyn_lock_function); 811 CRYPTO_set_dynlock_destroy_callback(SSL_dyn_destroy_function); 812 813 meth = SSLv23_server_method(); 814 815 ctx = SSL_CTX_new(meth); 816 817 char path[128]; 818 819 if (cfg.http_cert[0]==0) 820 snprintf(path, sizeof(path), "%s%s", cs_confdir, cs_cert); 821 else 822 cs_strncpy(path, cfg.http_cert, sizeof(path)); 823 824 if (!ctx) { 825 ERR_print_errors_fp(stderr); 826 return NULL; 827 } 828 829 if (SSL_CTX_use_certificate_file(ctx, path, SSL_FILETYPE_PEM) <= 0) { 830 ERR_print_errors_fp(stderr); 831 return NULL; 832 } 833 834 if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) { 835 ERR_print_errors_fp(stderr); 836 return NULL; 837 } 838 839 if (!SSL_CTX_check_private_key(ctx)) { 840 cs_log("SSL: Private key does not match the certificate public key"); 841 return NULL; 842 } 843 cs_log("load ssl certificate file %s", path); 844 return ctx; 845 } 773 846 #endif 774 847 #endif -
trunk/oscam-http.c
r5148 r5152 3400 3400 } 3401 3401 3402 #ifdef WITH_SSL3403 SSL_CTX *webif_init_ssl() {3404 SSL_library_init();3405 SSL_load_error_strings();3406 3407 SSL_METHOD *meth;3408 SSL_CTX *ctx;3409 3410 static const char *cs_cert="oscam.pem";3411 3412 // set locking callbacks for SSL3413 int32_t i, num = CRYPTO_num_locks();3414 lock_cs = (pthread_mutex_t*) OPENSSL_malloc(num * sizeof(pthread_mutex_t));3415 3416 for (i = 0; i < num; ++i) {3417 pthread_mutex_init(&lock_cs[i], NULL);3418 }3419 /* static lock callbacks */3420 CRYPTO_set_id_callback(SSL_id_function);3421 CRYPTO_set_locking_callback(SSL_locking_function);3422 /* dynamic lock callbacks */3423 CRYPTO_set_dynlock_create_callback(SSL_dyn_create_function);3424 CRYPTO_set_dynlock_lock_callback(SSL_dyn_lock_function);3425 CRYPTO_set_dynlock_destroy_callback(SSL_dyn_destroy_function);3426 3427 meth = SSLv23_server_method();3428 3429 ctx = SSL_CTX_new(meth);3430 3431 char path[128];3432 3433 if (cfg.http_cert[0]==0)3434 snprintf(path, sizeof(path), "%s%s", cs_confdir, cs_cert);3435 else3436 cs_strncpy(path, cfg.http_cert, sizeof(path));3437 3438 if (!ctx) {3439 ERR_print_errors_fp(stderr);3440 return NULL;3441 }3442 3443 if (SSL_CTX_use_certificate_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {3444 ERR_print_errors_fp(stderr);3445 return NULL;3446 }3447 3448 if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {3449 ERR_print_errors_fp(stderr);3450 return NULL;3451 }3452 3453 if (!SSL_CTX_check_private_key(ctx)) {3454 cs_log("SSL: Private key does not match the certificate public key");3455 return NULL;3456 }3457 cs_log("load ssl certificate file %s", path);3458 return ctx;3459 }3460 #endif3461 3462 3402 #pragma GCC diagnostic ignored "-Wempty-body" 3463 3403 void *serve_process(void *conn){ … … 3468 3408 int32_t s = myconn.socket; 3469 3409 #ifdef WITH_SSL 3470 SSL _CTX *ctx = myconn.ctx;3410 SSL *ssl = myconn.ssl; 3471 3411 #endif 3472 3412 … … 3486 3426 #ifdef WITH_SSL 3487 3427 if (cfg.http_use_ssl) { 3488 SSL *ssl; 3489 ssl = SSL_new(ctx); 3490 if(ssl != NULL){ 3491 if(SSL_set_fd(ssl, s)){ 3492 if (SSL_accept(ssl) != -1) 3493 process_request((FILE *)ssl, remote.sin_addr); 3494 else { 3495 FILE *f; 3496 f = fdopen(s, "r+"); 3497 if(f != NULL) { 3498 send_error(f, 200, "Bad Request", NULL, "This web server is running in SSL mode.", 1); 3499 fflush(f); 3500 fclose(f); 3501 } else cs_log("WebIf: Error opening file descriptor using fdopen() (errno=%d %s)", errno, strerror(errno)); 3502 } 3503 } else cs_log("WebIf: Error calling SSL_set_fd()."); 3504 SSL_shutdown(ssl); 3505 close(s); 3506 SSL_free(ssl); 3507 } else { 3508 close(s); 3509 cs_log("WebIf: Error calling SSL_new()."); 3510 } 3428 if(SSL_set_fd(ssl, s)){ 3429 if (SSL_accept(ssl) != -1) 3430 process_request((FILE *)ssl, remote.sin_addr); 3431 else { 3432 FILE *f; 3433 f = fdopen(s, "r+"); 3434 if(f != NULL) { 3435 send_error(f, 200, "Bad Request", NULL, "This web server is running in SSL mode.", 1); 3436 fflush(f); 3437 fclose(f); 3438 } else cs_log("WebIf: Error opening file descriptor using fdopen() (errno=%d %s)", errno, strerror(errno)); 3439 } 3440 } else cs_log("WebIf: Error calling SSL_set_fd()."); 3441 SSL_shutdown(ssl); 3442 close(s); 3443 SSL_free(ssl); 3511 3444 } else 3512 3445 #endif … … 3594 3527 SSL_CTX *ctx = NULL; 3595 3528 if (cfg.http_use_ssl) 3596 ctx = webif_init_ssl();3529 ctx = SSL_Webif_Init(); 3597 3530 3598 3531 if (ctx==NULL) … … 3616 3549 conn->socket = s; 3617 3550 #ifdef WITH_SSL 3618 conn->ctx = ctx; 3551 SSL *ssl = NULL; 3552 if (cfg.http_use_ssl){ 3553 ssl = SSL_new(ctx); 3554 if(ssl == NULL){ 3555 close(s); 3556 cs_log("WebIf: Error calling SSL_new()."); 3557 continue; 3558 } 3559 } 3560 conn->ssl = ssl; 3619 3561 #endif 3620 3562 if (pthread_create(&workthread, &attr, serve_process, (void *)conn)) { -
trunk/oscam-http.h
r5146 r5152 3 3 struct sockaddr_in remote; 4 4 #ifdef WITH_SSL 5 SSL _CTX *ctx;5 SSL *ssl; 6 6 #endif 7 7 };
Note:
See TracChangeset
for help on using the changeset viewer.