by default. Certificate filename can be configured by calling
comstack function cs_set_ssl_cert before cs_bind is used.
Possible compatibility problems with earlier versions marked with '*'.
Possible compatibility problems with earlier versions marked with '*'.
+SSL comstack now uses yaz.pem certificate file on server side
+by default. Certificate filename can be configured by calling
+comstack function cs_set_ssl_cert before cs_bind is used.
+
+Fix bug regarding multiple calls to ZOOM_connection_connect.
+
Implement cs_set_ssl_ctx which sets SSL_CTX for SSL comstack.
Do not create SSL_CTX in cs_create (ssl_type). Create in tcpip_bind,
Implement cs_set_ssl_ctx which sets SSL_CTX for SSL comstack.
Do not create SSL_CTX in cs_create (ssl_type). Create in tcpip_bind,
* LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
* OF THIS SOFTWARE.
*
* LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
* OF THIS SOFTWARE.
*
- * $Id: backend.h,v 1.24 2004-02-16 17:57:05 adam Exp $
+ * $Id: backend.h,v 1.25 2004-04-30 19:10:35 adam Exp $
struct bend_soap_handler *soap_handlers;
char pid_fname[128]; /* pid fname */
int background; /* auto daemon */
struct bend_soap_handler *soap_handlers;
char pid_fname[128]; /* pid fname */
int background; /* auto daemon */
+ char cert_fname[128]; /* SSL certificate fname */
} statserv_options_block;
YAZ_EXPORT int statserv_main(
} statserv_options_block;
YAZ_EXPORT int statserv_main(
* LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
* OF THIS SOFTWARE.
*
* LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
* OF THIS SOFTWARE.
*
- * $Id: comstack.h,v 1.14 2004-04-29 21:19:23 adam Exp $
+ * $Id: comstack.h,v 1.15 2004-04-30 19:10:35 adam Exp $
YAZ_EXPORT int cs_complete_auto(const unsigned char *buf, int len);
YAZ_EXPORT void *cs_get_ssl(COMSTACK cs);
YAZ_EXPORT int cs_set_ssl_ctx(COMSTACK cs, void *ctx);
YAZ_EXPORT int cs_complete_auto(const unsigned char *buf, int len);
YAZ_EXPORT void *cs_get_ssl(COMSTACK cs);
YAZ_EXPORT int cs_set_ssl_ctx(COMSTACK cs, void *ctx);
+YAZ_EXPORT int cs_set_ssl_certf(COMSTACK cs, const char *fname);
YAZ_EXPORT int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len);
/*
YAZ_EXPORT int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len);
/*
* NT threaded server code by
* Chas Woodfield, Fretwell Downing Informatics.
*
* NT threaded server code by
* Chas Woodfield, Fretwell Downing Informatics.
*
- * $Id: statserv.c,v 1.6 2004-04-29 21:27:22 adam Exp $
+ * $Id: statserv.c,v 1.7 2004-04-30 19:10:35 adam Exp $
#endif /* WIN32 */
0, /* SOAP handlers */
"", /* PID fname */
#endif /* WIN32 */
0, /* SOAP handlers */
"", /* PID fname */
- 0 /* background daemon */
+ 0, /* background daemon */
+ "" /* SSL certificate filename */
};
static int max_sessions = 0;
};
static int max_sessions = 0;
yaz_log(LOG_FATAL, "Failed to listen on %s", where);
return -1;
}
yaz_log(LOG_FATAL, "Failed to listen on %s", where);
return -1;
}
+ if (*control_block.cert_fname)
+ cs_set_ssl_certf(l, control_block.cert_fname);
+
if (cs_bind(l, ap, CS_SERVER) < 0)
{
yaz_log(LOG_FATAL|LOG_ERRNO, "Failed to bind to %s", where);
if (cs_bind(l, ap, CS_SERVER) < 0)
{
yaz_log(LOG_FATAL|LOG_ERRNO, "Failed to bind to %s", where);
int ret = 0, r;
char *arg;
int ret = 0, r;
char *arg;
- while ((ret = options("1a:iszSTl:v:u:c:w:t:k:d:A:p:D", argv, argc, &arg)) != -2)
+ while ((ret = options("1a:iszSTl:v:u:c:w:t:k:d:A:p:DC:",
+ argv, argc, &arg)) != -2)
case 'c':
strcpy(control_block.configname, arg ? arg : "");
break;
case 'c':
strcpy(control_block.configname, arg ? arg : "");
break;
+ case 'C':
+ strcpy(control_block.cert_fname, arg ? arg : "");
+ break;
case 'd':
strcpy(control_block.daemon_name, arg ? arg : "");
break;
case 'd':
strcpy(control_block.daemon_name, arg ? arg : "");
break;
default:
fprintf(stderr, "Usage: %s [ -a <pdufile> -v <loglevel>"
" -l <logfile> -u <user> -c <config> -t <minutes>"
default:
fprintf(stderr, "Usage: %s [ -a <pdufile> -v <loglevel>"
" -l <logfile> -u <user> -c <config> -t <minutes>"
- " -k <kilobytes> -d <daemon> -p <pidfile>"
+ " -k <kilobytes> -d <daemon> -p <pidfile> -C certfile"
" -ziDST1 -w <directory> <listener-addr>... ]\n", me);
return 1;
}
" -ziDST1 -w <directory> <listener-addr>... ]\n", me);
return 1;
}
* Copyright (c) 1995-2004, Index Data
* See the file LICENSE for details.
*
* Copyright (c) 1995-2004, Index Data
* See the file LICENSE for details.
*
- * $Id: tcpip.c,v 1.5 2004-04-29 21:19:23 adam Exp $
+ * $Id: tcpip.c,v 1.6 2004-04-30 19:10:35 adam Exp $
SSL_CTX *ctx; /* current CTX. */
SSL_CTX *ctx_alloc; /* If =ctx it is owned by CS. If 0 it is not owned */
SSL *ssl;
SSL_CTX *ctx; /* current CTX. */
SSL_CTX *ctx_alloc; /* If =ctx it is owned by CS. If 0 it is not owned */
SSL *ssl;
COMSTACK tcpip_type(int s, int blocking, int protocol, void *vp)
{
COMSTACK p;
COMSTACK tcpip_type(int s, int blocking, int protocol, void *vp)
{
COMSTACK p;
int new_socket;
#ifdef WIN32
unsigned long tru = 1;
int new_socket;
#ifdef WIN32
unsigned long tru = 1;
new_socket = 0;
if (!(p = (struct comstack *)xmalloc(sizeof(struct comstack))))
return 0;
new_socket = 0;
if (!(p = (struct comstack *)xmalloc(sizeof(struct comstack))))
return 0;
- if (!(state = (struct tcpip_state *)(p->cprivate =
+ if (!(sp = (struct tcpip_state *)(p->cprivate =
xmalloc(sizeof(tcpip_state)))))
return 0;
xmalloc(sizeof(tcpip_state)))))
return 0;
p->stackerr = 0;
#if HAVE_OPENSSL_SSL_H
p->stackerr = 0;
#if HAVE_OPENSSL_SSL_H
- state->ctx = state->ctx_alloc = 0;
- state->ssl = 0;
+ sp->ctx = sp->ctx_alloc = 0;
+ sp->ssl = 0;
+ strcpy(sp->cert_fname, "yaz.pem");
- state->altbuf = 0;
- state->altsize = state->altlen = 0;
- state->towrite = state->written = -1;
+ sp->altbuf = 0;
+ sp->altsize = sp->altlen = 0;
+ sp->towrite = sp->written = -1;
if (protocol == PROTO_WAIS)
if (protocol == PROTO_WAIS)
- state->complete = completeWAIS;
+ sp->complete = completeWAIS;
- state->complete = cs_complete_auto;
+ sp->complete = cs_complete_auto;
p->timeout = COMSTACK_DEFAULT_TIMEOUT;
TRC(fprintf(stderr, "Created new TCPIP comstack\n"));
p->timeout = COMSTACK_DEFAULT_TIMEOUT;
TRC(fprintf(stderr, "Created new TCPIP comstack\n"));
COMSTACK ssl_type(int s, int blocking, int protocol, void *vp)
{
COMSTACK ssl_type(int s, int blocking, int protocol, void *vp)
{
COMSTACK p;
p = tcpip_type (s, blocking, protocol, 0);
COMSTACK p;
p = tcpip_type (s, blocking, protocol, 0);
p->f_get = ssl_get;
p->f_put = ssl_put;
p->type = ssl_type;
p->f_get = ssl_get;
p->f_put = ssl_put;
p->type = ssl_type;
- state = (tcpip_state *) p->cprivate;
+ sp = (tcpip_state *) p->cprivate;
- state->ctx = vp; /* may be NULL */
+ sp->ctx = vp; /* may be NULL */
/* note: we don't handle already opened socket in SSL mode - yet */
return p;
/* note: we don't handle already opened socket in SSL mode - yet */
return p;
if (sp->ctx_alloc)
{
int res;
if (sp->ctx_alloc)
{
int res;
- res = SSL_CTX_use_certificate_file (sp->ctx, CERTF,
+ res = SSL_CTX_use_certificate_file (sp->ctx, sp->cert_fname,
SSL_FILETYPE_PEM);
if (res <= 0)
{
ERR_print_errors_fp(stderr);
exit (2);
}
SSL_FILETYPE_PEM);
if (res <= 0)
{
ERR_print_errors_fp(stderr);
exit (2);
}
- res = SSL_CTX_use_PrivateKey_file (sp->ctx, KEYF,
+ res = SSL_CTX_use_PrivateKey_file (sp->ctx, sp->cert_fname,
SSL_FILETYPE_PEM);
if (res <= 0)
{
SSL_FILETYPE_PEM);
if (res <= 0)
{
#if HAVE_OPENSSL_SSL_H
int cs_set_ssl_ctx(COMSTACK cs, void *ctx)
{
#if HAVE_OPENSSL_SSL_H
int cs_set_ssl_ctx(COMSTACK cs, void *ctx)
{
- struct tcpip_state *state;
+ struct tcpip_state *sp;
if (!cs || cs->type != ssl_type)
return 0;
if (!cs || cs->type != ssl_type)
return 0;
- state = (struct tcpip_state *) cs->cprivate;
- if (state->ctx_alloc)
+ sp = (struct tcpip_state *) cs->cprivate;
+ if (sp->ctx_alloc)
return 1;
}
void *cs_get_ssl(COMSTACK cs)
{
return 1;
}
void *cs_get_ssl(COMSTACK cs)
{
- struct tcpip_state *state;
+ struct tcpip_state *sp;
if (!cs || cs->type != ssl_type)
return 0;
if (!cs || cs->type != ssl_type)
return 0;
- state = (struct tcpip_state *) cs->cprivate;
- return state->ssl;
+ sp = (struct tcpip_state *) cs->cprivate;
+ return sp->ssl;
+}
+
+int cs_set_ssl_certf(COMSTACK cs, const char *fname)
+{
+ struct tcpip_state *sp;
+ if (!cs || cs->type != ssl_type)
+ return 0;
+ sp = (struct tcpip_state *) cs->cprivate;
+ strncpy(sp->cert_fname, fname, sizeof(sp->cert_fname)-1);
+ sp->cert_fname[sizeof(sp->cert_fname)-1] = '\0';
+ return 1;
}
int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len)
}
int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len)
+int cs_set_ssl_certf(COMSTACK cs, const char *fname)
+{
+ return 0;
+}