Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

merge bozohttpd 20100512

This commit is contained in:
mrg 2010-05-15 06:48:27 +00:00
parent 2e8243bab8
commit 1fe1233e27
4 changed files with 70 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libexec/httpd/CHANGES
View File

@ -1,4 +1,8 @@
$eterna: CHANGES,v 1.70 2010/05/10 02:24:30 mrg Exp $ $eterna: CHANGES,v 1.71 2010/05/13 04:19:04 mrg Exp $
changes since bozohttpd 20100509:
o fix some compile issues
o fix SSL mode. from rtr.
changes since bozohttpd 20090522: changes since bozohttpd 20090522:
o major rework and clean up of internal interfaces. move the main o major rework and clean up of internal interfaces. move the main

6
libexec/httpd/bozohttpd.8
View File

@ -1,6 +1,6 @@
.\" $NetBSD: bozohttpd.8,v 1.18 2010/05/10 14:53:17 mrg Exp $ .\" $NetBSD: bozohttpd.8,v 1.19 2010/05/15 06:48:27 mrg Exp $
.\" .\"
.\" $eterna: bozohttpd.8,v 1.94 2010/05/10 14:49:19 mrg Exp $ .\" $eterna: bozohttpd.8,v 1.95 2010/05/13 04:17:58 mrg Exp $
.\" .\"
.\" Copyright (c) 1997-2010 Matthew R. Green .\" Copyright (c) 1997-2010 Matthew R. Green
.\" All rights reserved. .\" All rights reserved.
@ -459,7 +459,7 @@ The focus has always been simplicity and security, with minimal features
and regular code audits. and regular code audits.
This manual documents This manual documents
.Nm .Nm
version 20100510. version 20100512.
.Sh AUTHORS .Sh AUTHORS
.Nm .Nm
was written by Matthew R. Green was written by Matthew R. Green

6
libexec/httpd/bozohttpd.c
View File

@ -1,6 +1,6 @@
/* $NetBSD: bozohttpd.c,v 1.18 2010/05/10 14:53:17 mrg Exp $ */ /* $NetBSD: bozohttpd.c,v 1.19 2010/05/15 06:48:27 mrg Exp $ */
/* $eterna: bozohttpd.c,v 1.168 2010/05/10 14:49:19 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.169 2010/05/13 04:17:58 mrg Exp $ */
/* /*
* Copyright (c) 1997-2010 Matthew R. Green * Copyright (c) 1997-2010 Matthew R. Green
@ -109,7 +109,7 @@
#define INDEX_HTML "index.html" #define INDEX_HTML "index.html"
#endif #endif
#ifndef SERVER_SOFTWARE #ifndef SERVER_SOFTWARE
#define SERVER_SOFTWARE "bozohttpd/20100510" #define SERVER_SOFTWARE "bozohttpd/20100512"
#endif #endif
#ifndef DIRECT_ACCESS_FILE #ifndef DIRECT_ACCESS_FILE
#define DIRECT_ACCESS_FILE ".bzdirect" #define DIRECT_ACCESS_FILE ".bzdirect"

72
libexec/httpd/ssl-bozo.c
View File

@ -1,6 +1,6 @@
/* $NetBSD: ssl-bozo.c,v 1.7 2010/05/10 03:37:45 mrg Exp $ */ /* $NetBSD: ssl-bozo.c,v 1.8 2010/05/15 06:48:27 mrg Exp $ */
/* $eterna: ssl-bozo.c,v 1.11 2010/05/10 02:51:28 mrg Exp $ */ /* $eterna: ssl-bozo.c,v 1.13 2010/05/12 12:24:58 rtr Exp $ */
/* /*
* Copyright (c) 1997-2010 Matthew R. Green * Copyright (c) 1997-2010 Matthew R. Green
@ -34,6 +34,7 @@
#include <stdarg.h> #include <stdarg.h>
#include <stdio.h> #include <stdio.h>
#include <syslog.h>
#include <unistd.h> #include <unistd.h>
#include "bozohttpd.h" #include "bozohttpd.h"
@ -56,20 +57,56 @@ typedef struct sslinfo_t {
char *privatekey_file; char *privatekey_file;
} sslinfo_t; } sslinfo_t;
/*
* bozo_ssl_err
*
* bozo_ssl_err works just like bozo_err except in addition to printing
* the error provided by the caller at the point of error it pops and
* prints all errors from the SSL error queue.
*/
static void
bozo_ssl_err(bozohttpd_t *httpd, int code, const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
if (httpd->logstderr || isatty(STDERR_FILENO)) {
vfprintf(stderr, fmt, ap);
fputs("\n", stderr);
} else
vsyslog(LOG_ERR, fmt, ap);
va_end(ap);
unsigned int sslcode = ERR_get_error();
do {
const char *sslfmt = "SSL Error: %s:%s:%s";
if (httpd->logstderr || isatty(STDERR_FILENO)) {
fprintf(stderr, sslfmt,
ERR_lib_error_string(sslcode),
ERR_func_error_string(sslcode),
ERR_reason_error_string(sslcode));
} else {
syslog(LOG_ERR, sslfmt,
ERR_lib_error_string(sslcode),
ERR_func_error_string(sslcode),
ERR_reason_error_string(sslcode));
}
} while (0 != (sslcode = ERR_get_error()));
exit(code);
}
static int static int
bozo_ssl_printf(bozohttpd_t *httpd, const char * fmt, ...) bozo_ssl_printf(bozohttpd_t *httpd, const char * fmt, va_list ap)
{ {
sslinfo_t *sslinfo; sslinfo_t *sslinfo;
va_list ap;
char *buf; char *buf;
int nbytes; int nbytes;
sslinfo = httpd->sslinfo; sslinfo = httpd->sslinfo;
/* XXX we need more elegant/proper handling of SSL_write return */ /* XXX we need more elegant/proper handling of SSL_write return */
va_start(ap, fmt);
if ((nbytes = vasprintf(&buf, fmt, ap)) != -1) if ((nbytes = vasprintf(&buf, fmt, ap)) != -1)
SSL_write(sslinfo->bozossl, buf, nbytes); SSL_write(sslinfo->bozossl, buf, nbytes);
va_end(ap);
free(buf); free(buf);
@ -135,17 +172,26 @@ bozo_ssl_init(bozohttpd_t *httpd)
sslinfo->ssl_context = SSL_CTX_new(sslinfo->ssl_method); sslinfo->ssl_context = SSL_CTX_new(sslinfo->ssl_method);
/* XXX we need to learn how to check the SSL stack for more info */ /* XXX we need to learn how to check the SSL stack for more info */
if (sslinfo->ssl_context == NULL) if (NULL == sslinfo->ssl_context)
bozo_err(httpd, 1, "SSL context initialization failed."); bozo_ssl_err(httpd, EXIT_FAILURE,
"SSL context creation failed");
SSL_CTX_use_certificate_file(sslinfo->ssl_context, if (1 != SSL_CTX_use_certificate_file(sslinfo->ssl_context,
sslinfo->certificate_file, SSL_FILETYPE_PEM); sslinfo->certificate_file, SSL_FILETYPE_PEM))
SSL_CTX_use_PrivateKey_file(sslinfo->ssl_context, bozo_ssl_err(httpd, EXIT_FAILURE,
sslinfo->privatekey_file, SSL_FILETYPE_PEM); "Unable to use certificate file '%s'",
sslinfo->certificate_file);
if (1 != SSL_CTX_use_PrivateKey_file(sslinfo->ssl_context,
sslinfo->privatekey_file, SSL_FILETYPE_PEM))
bozo_ssl_err(httpd, EXIT_FAILURE,
"Unable to use private key file '%s'",
sslinfo->privatekey_file);
/* check consistency of key vs certificate */ /* check consistency of key vs certificate */
if (!SSL_CTX_check_private_key(sslinfo->ssl_context)) if (!SSL_CTX_check_private_key(sslinfo->ssl_context))
bozo_err(httpd, 1, "check private key failed"); bozo_ssl_err(httpd, EXIT_FAILURE,
"Check private key failed");
} }
void void