recover regions main http server ssl suport. Using a PKCS12 cert file, and not certs store for now. Option http_listener_cn, cert CN need to the same as external IP. Self sign certs do seem to work, but the viewers option NoVerifySLLCert needs to be set true. CA check is not done but they do check the IP

OpenSim/Framework/NetworkServersInfo.cs

@@ -37,6 +37,8 @@ namespace OpenSim.Framework
         public bool isSandbox;
         public bool HttpUsesSSL = false;
         public string HttpSSLCN = "";
+        public string HttpSSLCertPath = "";
+        public string HttpSSLCNCertPass = "";
         public uint httpSSLPort = 9001;
 
         // "Out of band" managemnt https
@@ -62,6 +64,8 @@ namespace OpenSim.Framework
                 (uint)config.Configs["Network"].GetInt("http_listener_sslport", ((int)ConfigSettings.DefaultRegionHttpPort+1));
             HttpUsesSSL = config.Configs["Network"].GetBoolean("http_listener_ssl", false);
             HttpSSLCN = config.Configs["Network"].GetString("http_listener_cn", "localhost");
+            HttpSSLCertPath = config.Configs["Network"].GetString("http_listener_cert_path", HttpSSLCertPath);
+            HttpSSLCNCertPass = config.Configs["Network"].GetString("http_listener_cert_pass", HttpSSLCNCertPass);
 
             // "Out of band management https"
             ssl_listener = config.Configs["Network"].GetBoolean("https_listener",false);

OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs

@@ -153,11 +153,19 @@ namespace OpenSim.Framework.Servers.HttpServer
             m_ssl = ssl;
         }
 
-        public BaseHttpServer(uint port, bool ssl, uint sslport, string CN) : this (port, ssl)
+        public BaseHttpServer(uint port, bool ssl, uint sslport, string CN, string CPath, string CPass) : this (port, ssl)
         {
             if (m_ssl)
             {
+                if(string.IsNullOrEmpty(CPass))
+                    throw new Exception("invalid main http server cert path");
+
                 m_sslport = sslport;
+                m_cert = new X509Certificate2(CPath, CPass);
+                m_SSLCommonName = m_cert.GetNameInfo(X509NameType.SimpleName,false);
+                if(CN != m_SSLCommonName)
+                    throw new Exception("main http server CN does not match cert CN");
+
             }
         }
 

OpenSim/Region/Application/OpenSimBase.cs

@@ -351,7 +351,18 @@ namespace OpenSim
             if (startupConfig == null || startupConfig.GetBoolean("JobEngineEnabled", true))
                 WorkManager.JobEngine.Start();
 
-            m_httpServerPort = m_networkServersInfo.HttpListenerPort;
+           
+            if(m_networkServersInfo.HttpUsesSSL)
+            {
+                m_httpServerSSL = true;
+                m_httpServerPort = m_networkServersInfo.httpSSLPort;
+            }
+            else
+            {
+                m_httpServerSSL = false;
+                m_httpServerPort = m_networkServersInfo.HttpListenerPort;
+            }
+
             SceneManager.OnRestartSim += HandleRestartRegion;
 
             // Only enable the watchdogs when all regions are ready.  Otherwise we get false positives when cpu is
@@ -404,7 +415,18 @@ namespace OpenSim
 
             // set initial ServerURI
             regionInfo.HttpPort = m_httpServerPort;
-            regionInfo.ServerURI = "http://" + regionInfo.ExternalHostName + ":" + regionInfo.HttpPort.ToString() + "/";
+            if(m_httpServerSSL)
+            {
+                if(m_networkServersInfo.HttpSSLCN != regionInfo.ExternalHostName)
+                    throw new Exception("main http cert CN doesn't match region External IP");
+
+                regionInfo.ServerURI = "https://" + regionInfo.ExternalHostName +
+                         ":" + regionInfo.HttpPort.ToString() + "/";
+            }
+            else
+                regionInfo.ServerURI = "http://" + regionInfo.ExternalHostName +
+                         ":" + regionInfo.HttpPort.ToString() + "/";
+
             
             regionInfo.osSecret = m_osSecret;
             

OpenSim/Region/Application/RegionApplicationBase.cs

@@ -50,6 +50,7 @@ namespace OpenSim
         protected Dictionary<EndPoint, uint> m_clientCircuits = new Dictionary<EndPoint, uint>();
         protected NetworkServersInfo m_networkServersInfo;
         protected uint m_httpServerPort;
+        protected bool m_httpServerSSL;
         protected ISimulationDataService m_simulationDataService;
         protected IEstateDataService m_estateDataService;
 
@@ -70,15 +71,18 @@ namespace OpenSim
 
             m_httpServer 
                 = new BaseHttpServer(
-                    m_httpServerPort, m_networkServersInfo.HttpUsesSSL, m_networkServersInfo.httpSSLPort, 
+                    m_httpServerPort, m_networkServersInfo.HttpUsesSSL,
-                    m_networkServersInfo.HttpSSLCN);
+                        m_networkServersInfo.httpSSLPort, m_networkServersInfo.HttpSSLCN,
+                        m_networkServersInfo.HttpSSLCertPath, m_networkServersInfo.HttpSSLCNCertPass);
 
+/* why this? we only run one            
             if (m_networkServersInfo.HttpUsesSSL && (m_networkServersInfo.HttpListenerPort == m_networkServersInfo.httpSSLPort))
             {
                 m_log.Error("[REGION SERVER]: HTTP Server config failed.   HTTP Server and HTTPS server must be on different ports");
             }
-
+*/
-            m_log.InfoFormat("[REGION SERVER]: Starting HTTP server on port {0}", m_httpServerPort);
+            m_log.InfoFormat("[REGION SERVER]: Starting HTTP{0} server on port {1}",
+                    m_networkServersInfo.HttpUsesSSL ? "S" : "", m_httpServerPort);
             m_httpServer.Start();
 
             MainServer.AddHttpServer(m_httpServer);

OpenSim/Region/ClientStack/Linden/Caps/EventQueue/Tests/EventQueueTests.cs

@@ -65,7 +65,7 @@ namespace OpenSim.Region.ClientStack.Linden.Tests
             // variables and the VM is not restarted between tests.
             MainServer.RemoveHttpServer(port);
 
-            BaseHttpServer server = new BaseHttpServer(port, false, sslPort, "");
+            BaseHttpServer server = new BaseHttpServer(port, false, sslPort, "","","");
             MainServer.AddHttpServer(server);
             MainServer.Instance = server;
 

OpenSim/Region/ScriptEngine/Shared/Tests/LSL_ApiHttpTests.cs

@@ -87,7 +87,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Tests
             uint port = 9999;
             MainServer.RemoveHttpServer(port);
 
-            BaseHttpServer server = new BaseHttpServer(port, false, 0, "");
+            BaseHttpServer server = new BaseHttpServer(port, false, 0, "", "", "");
             MainServer.AddHttpServer(server);
             MainServer.Instance = server;
 

bin/OpenSimDefaults.ini

@@ -500,13 +500,12 @@
     http_listener_port = 9000
     console_port = 0
 
-    ; ssl config: Experimental!  The auto https config only really works definately on windows XP now
+    ; ssl config: Experimental!
-    ; you need a Cert Request/Signed pair installed in the MY store with the CN specified below
+    http_listener_ssl = false ; if set to true main server is replaced a ssl one
-    ; you can use https on other platforms, but you'll need to configure the httpapi yourself for now
-    http_listener_ssl = false ; Also create a SSL server
-    http_listener_cn = "localhost" ; Use the cert with the common name
     http_listener_sslport = 9001 ; Use this port for SSL connections
-    http_listener_ssl_cert = "" ; Currently unused, but will be used for OSHttpServer
+    http_listener_cn = "myexternalip" ; // should be the External ip and match the CN on the cert
+    http_listener_cert_path = "mycert.p12" ; path for the cert file
+	http_listener_cert_pass = "mycertpass" ; the cert passwork
 
     ; HTTPS for "Out of band" management applications such as the remote 
     ; admin module