Changeset 5152 for trunk/oscam-http.c
- Timestamp:
- 05/01/11 17:35:34 (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/oscam-http.c
r5148 r5152 3400 3400 } 3401 3401 3402 #ifdef WITH_SSL3403 SSL_CTX *webif_init_ssl() {3404 SSL_library_init();3405 SSL_load_error_strings();3406 3407 SSL_METHOD *meth;3408 SSL_CTX *ctx;3409 3410 static const char *cs_cert="oscam.pem";3411 3412 // set locking callbacks for SSL3413 int32_t i, num = CRYPTO_num_locks();3414 lock_cs = (pthread_mutex_t*) OPENSSL_malloc(num * sizeof(pthread_mutex_t));3415 3416 for (i = 0; i < num; ++i) {3417 pthread_mutex_init(&lock_cs[i], NULL);3418 }3419 /* static lock callbacks */3420 CRYPTO_set_id_callback(SSL_id_function);3421 CRYPTO_set_locking_callback(SSL_locking_function);3422 /* dynamic lock callbacks */3423 CRYPTO_set_dynlock_create_callback(SSL_dyn_create_function);3424 CRYPTO_set_dynlock_lock_callback(SSL_dyn_lock_function);3425 CRYPTO_set_dynlock_destroy_callback(SSL_dyn_destroy_function);3426 3427 meth = SSLv23_server_method();3428 3429 ctx = SSL_CTX_new(meth);3430 3431 char path[128];3432 3433 if (cfg.http_cert[0]==0)3434 snprintf(path, sizeof(path), "%s%s", cs_confdir, cs_cert);3435 else3436 cs_strncpy(path, cfg.http_cert, sizeof(path));3437 3438 if (!ctx) {3439 ERR_print_errors_fp(stderr);3440 return NULL;3441 }3442 3443 if (SSL_CTX_use_certificate_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {3444 ERR_print_errors_fp(stderr);3445 return NULL;3446 }3447 3448 if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {3449 ERR_print_errors_fp(stderr);3450 return NULL;3451 }3452 3453 if (!SSL_CTX_check_private_key(ctx)) {3454 cs_log("SSL: Private key does not match the certificate public key");3455 return NULL;3456 }3457 cs_log("load ssl certificate file %s", path);3458 return ctx;3459 }3460 #endif3461 3462 3402 #pragma GCC diagnostic ignored "-Wempty-body" 3463 3403 void *serve_process(void *conn){ … … 3468 3408 int32_t s = myconn.socket; 3469 3409 #ifdef WITH_SSL 3470 SSL _CTX *ctx = myconn.ctx;3410 SSL *ssl = myconn.ssl; 3471 3411 #endif 3472 3412 … … 3486 3426 #ifdef WITH_SSL 3487 3427 if (cfg.http_use_ssl) { 3488 SSL *ssl; 3489 ssl = SSL_new(ctx); 3490 if(ssl != NULL){ 3491 if(SSL_set_fd(ssl, s)){ 3492 if (SSL_accept(ssl) != -1) 3493 process_request((FILE *)ssl, remote.sin_addr); 3494 else { 3495 FILE *f; 3496 f = fdopen(s, "r+"); 3497 if(f != NULL) { 3498 send_error(f, 200, "Bad Request", NULL, "This web server is running in SSL mode.", 1); 3499 fflush(f); 3500 fclose(f); 3501 } else cs_log("WebIf: Error opening file descriptor using fdopen() (errno=%d %s)", errno, strerror(errno)); 3502 } 3503 } else cs_log("WebIf: Error calling SSL_set_fd()."); 3504 SSL_shutdown(ssl); 3505 close(s); 3506 SSL_free(ssl); 3507 } else { 3508 close(s); 3509 cs_log("WebIf: Error calling SSL_new()."); 3510 } 3428 if(SSL_set_fd(ssl, s)){ 3429 if (SSL_accept(ssl) != -1) 3430 process_request((FILE *)ssl, remote.sin_addr); 3431 else { 3432 FILE *f; 3433 f = fdopen(s, "r+"); 3434 if(f != NULL) { 3435 send_error(f, 200, "Bad Request", NULL, "This web server is running in SSL mode.", 1); 3436 fflush(f); 3437 fclose(f); 3438 } else cs_log("WebIf: Error opening file descriptor using fdopen() (errno=%d %s)", errno, strerror(errno)); 3439 } 3440 } else cs_log("WebIf: Error calling SSL_set_fd()."); 3441 SSL_shutdown(ssl); 3442 close(s); 3443 SSL_free(ssl); 3511 3444 } else 3512 3445 #endif … … 3594 3527 SSL_CTX *ctx = NULL; 3595 3528 if (cfg.http_use_ssl) 3596 ctx = webif_init_ssl();3529 ctx = SSL_Webif_Init(); 3597 3530 3598 3531 if (ctx==NULL) … … 3616 3549 conn->socket = s; 3617 3550 #ifdef WITH_SSL 3618 conn->ctx = ctx; 3551 SSL *ssl = NULL; 3552 if (cfg.http_use_ssl){ 3553 ssl = SSL_new(ctx); 3554 if(ssl == NULL){ 3555 close(s); 3556 cs_log("WebIf: Error calling SSL_new()."); 3557 continue; 3558 } 3559 } 3560 conn->ssl = ssl; 3619 3561 #endif 3620 3562 if (pthread_create(&workthread, &attr, serve_process, (void *)conn)) {
Note:
See TracChangeset
for help on using the changeset viewer.