OpenSim
/
OpenSimMirror
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Adding ssl support 

Adding ssl support for "Out of Band" applications such as the remote
	admin module or Robust services
bulletsim
BlueWall 2011-05-01 14:44:09 -04:00
parent 8755a48cde
commit 8ca7938753
7 changed files with 160 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
OpenSim/Framework/MainServer.cs
View File

@ -52,6 +52,11 @@ namespace OpenSim.Framework
return GetHttpServer(port,null);
}
public static void AddHttpServer(BaseHttpServer server)
{
m_Servers.Add(server.Port, server);
}
public static IHttpServer GetHttpServer(uint port, IPAddress ipaddr)
{
if (port == 0)

15
OpenSim/Framework/NetworkServersInfo.cs
View File

@ -49,6 +49,12 @@ namespace OpenSim.Framework
public string HttpSSLCN = "";
public uint httpSSLPort = 9001;
// "Out of band" managemnt https
public bool ssl_listener = false;
public uint https_port = 0;
public string cert_path = String.Empty;
public string cert_pass = String.Empty;
public string MessagingURL = String.Empty;
public NetworkServersInfo()
@ -86,6 +92,15 @@ namespace OpenSim.Framework
secureInventoryServer = config.Configs["Network"].GetBoolean("secure_inventory_server", true);
MessagingURL = config.Configs["Network"].GetString("messaging_server_url", string.Empty);
// "Out of band management https"
ssl_listener = config.Configs["Network"].GetBoolean("https_listener",false);
if( ssl_listener)
{
cert_path = config.Configs["Network"].GetString("cert_path",String.Empty);
cert_pass = config.Configs["Network"].GetString("cert_pass",String.Empty);
https_port = (uint)config.Configs["Network"].GetInt("https_port", 0);
}
}
}
}

14
OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs
View File

@ -32,6 +32,7 @@ using System.Collections.Specialized;
using System.IO;
using System.Net;
using System.Net.Sockets;
using System.Security.Cryptography.X509Certificates;
using System.Reflection;
using System.Globalization;
using System.Text;
@ -72,6 +73,7 @@ namespace OpenSim.Framework.Servers.HttpServer
protected uint m_port;
protected uint m_sslport;
protected bool m_ssl;
private X509Certificate2 m_cert;
protected bool m_firstcaps = true;
protected string m_SSLCommonName = "";
@ -123,6 +125,14 @@ namespace OpenSim.Framework.Servers.HttpServer
}
}
public BaseHttpServer(uint port, bool ssl, string CPath, string CPass) : this (port, ssl)
{
if (m_ssl)
{
m_cert = new X509Certificate2(CPath, CPass);
}
}
/// <summary>
/// Add a stream handler to the http server. If the handler already exists, then nothing happens.
/// </summary>
@ -1683,6 +1693,7 @@ namespace OpenSim.Framework.Servers.HttpServer
try
{
//m_httpListener = new HttpListener();
NotSocketErrors = 0;
if (!m_ssl)
{
@ -1702,6 +1713,9 @@ namespace OpenSim.Framework.Servers.HttpServer
{
//m_httpListener.Prefixes.Add("https://+:" + (m_sslport) + "/");
//m_httpListener.Prefixes.Add("http://+:" + m_port + "/");
m_httpListener2 = CoolHTTPListener.Create(IPAddress.Any, (int)m_port, m_cert);
m_httpListener2.ExceptionThrown += httpServerException;
m_httpListener2.LogWriter = httpserverlog;
}
m_httpListener2.RequestReceived += OnRequest;

16
OpenSim/Region/ClientStack/RegionApplicationBase.cs
View File

@ -96,6 +96,22 @@ namespace OpenSim.Region.ClientStack
MainServer.Instance = m_httpServer;
// "OOB" Server
if (m_networkServersInfo.ssl_listener)
{
BaseHttpServer server = null;
server = new BaseHttpServer(
m_networkServersInfo.https_port, m_networkServersInfo.ssl_listener, m_networkServersInfo.cert_path,
m_networkServersInfo.cert_pass);
// Add the server to m_Servers
if(server != null)
{
m_log.InfoFormat("[REGION SERVER]: Starting HTTPS server on port {0}", server.Port);
MainServer.AddHttpServer(server);
server.Start();
}
}
base.StartupSpecific();
}

77
OpenSim/Server/Base/HttpServerBase.cs
View File

@ -97,16 +97,76 @@ namespace OpenSim.Server.Base
if (port == 0)
{
System.Console.WriteLine("Port number not specified or 0, server can't start");
Thread.CurrentThread.Abort();
}
//
bool ssl_main = networkConfig.GetBoolean("https_main",false);
bool ssl_listener = networkConfig.GetBoolean("https_listener",false);
m_consolePort = (uint)networkConfig.GetInt("ConsolePort", 0);
m_Port = port;
//
// This is where to make the servers:
//
//
// Make the base server according to the port, etc.
// ADD: Possibility to make main server ssl
// Then, check for https settings and ADD a server to
// m_Servers
//
if ( !ssl_main )
{
m_HttpServer = new BaseHttpServer(port);
m_HttpServer = new BaseHttpServer(port);
}
else
{
string cert_path = networkConfig.GetString("cert_path",String.Empty);
if ( cert_path == String.Empty )
{
System.Console.WriteLine("Path to X509 certificate is missing, server can't start.");
Thread.CurrentThread.Abort();
}
string cert_pass = networkConfig.GetString("cert_pass",String.Empty);
if ( cert_pass == String.Empty )
{
System.Console.WriteLine("Password for X509 certificate is missing, server can't start.");
Thread.CurrentThread.Abort();
}
m_HttpServer = new BaseHttpServer(port, ssl_main, cert_path, cert_pass);
}
MainServer.Instance = m_HttpServer;
// If https_listener = true, then add an ssl listener on the https_port...
if ( ssl_listener == true ) {
uint https_port = (uint)networkConfig.GetInt("https_port", 0);
string cert_path = networkConfig.GetString("cert_path",String.Empty);
if ( cert_path == String.Empty )
{
System.Console.WriteLine("Path to X509 certificate is missing, server can't start.");
Thread.CurrentThread.Abort();
}
string cert_pass = networkConfig.GetString("cert_pass",String.Empty);
if ( cert_pass == String.Empty )
{
System.Console.WriteLine("Password for X509 certificate is missing, server can't start.");
Thread.CurrentThread.Abort();
}
// Add our https_server
BaseHttpServer server = null;
server = new BaseHttpServer(https_port, ssl_listener, cert_path, cert_pass);
if (server != null)
{
m_Log.InfoFormat("[SERVER]: Starting HTTPS server on port {0}", https_port);
m_Servers.Add(https_port,server);
}
else
System.Console.WriteLine(String.Format("Failed to start HTTPS server on port {0}",https_port));
}
}
protected override void Initialise()
@ -114,6 +174,19 @@ namespace OpenSim.Server.Base
m_Log.InfoFormat("[SERVER]: Starting HTTP server on port {0}", m_HttpServer.Port);
m_HttpServer.Start();
if (m_Servers.Count > 0)
{
foreach (BaseHttpServer s in m_Servers.Values)
{
if (!s.UseSSL)
m_Log.InfoFormat("[SERVER]: Starting HTTP server on port {0}", s.Port);
else
m_Log.InfoFormat("[SERVER]: Starting HTTPS server on port {0}", s.Port);
s.Start();
}
}
if (MainConsole.Instance is RemoteConsole)
{
if (m_consolePort == 0)

14
bin/OpenSimDefaults.ini
View File

@ -291,6 +291,20 @@
http_listener_sslport = 9001 ; Use this port for SSL connections
http_listener_ssl_cert = "" ; Currently unused, but will be used for OSHttpServer
; HTTPS for "Out of band" management applications such as the remote
; admin module
;
; Create https_listener = "True" will create a listener on the port
; specified. Provide the path to your server certificate along with it's
; password
; https_listener = False
; Set our listener to this port
; https_port = 0
; Path to X509 certificate
; cert_path = "path/to/cert.p12"
; Password for cert
; cert_pass = "password"
; Hostname to use in llRequestURL/llRequestSecureURL
; if not defined - default machine name is being used
; (on Windows this mean NETBIOS name - useably only inside local network)

21
bin/Robust.ini.example
View File

@ -21,6 +21,27 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003
[Network]
port = 8003
; HTTPS for "Out of band" management applications such as the remote admin
; module. May specify https_main = True to make the main http server
; use https or "False" to make the main server HTTP
; https_main = False
;
; Create https_listener = "True" will create a listener on the port
; specified. Provide the path to your server certificate along with it's
; password
; https_listener = False
;
; Set our listener to this port
; https_port = 0
;
; Path to X509 certificate
; cert_path = "path/to/cert.p12"
;
; Password for cert
; cert_pass = "password"
; * The following are for the remote console
; * They have no effect for the local or basic console types
; * Leave commented to diable logins to the console