recover regions main http server ssl suport. Using a PKCS12 cert file, and not certs store for now. Option http_listener_cn, cert CN need to the same as external IP. Self sign certs do seem to work, but the viewers option NoVerifySLLCert needs to be set true. CA check is not done but they do check the IP
parent
db1e75b0ac
commit
b51739e23e
|
@ -37,6 +37,8 @@ namespace OpenSim.Framework
|
|||
public bool isSandbox;
|
||||
public bool HttpUsesSSL = false;
|
||||
public string HttpSSLCN = "";
|
||||
public string HttpSSLCertPath = "";
|
||||
public string HttpSSLCNCertPass = "";
|
||||
public uint httpSSLPort = 9001;
|
||||
|
||||
// "Out of band" managemnt https
|
||||
|
@ -62,6 +64,8 @@ namespace OpenSim.Framework
|
|||
(uint)config.Configs["Network"].GetInt("http_listener_sslport", ((int)ConfigSettings.DefaultRegionHttpPort+1));
|
||||
HttpUsesSSL = config.Configs["Network"].GetBoolean("http_listener_ssl", false);
|
||||
HttpSSLCN = config.Configs["Network"].GetString("http_listener_cn", "localhost");
|
||||
HttpSSLCertPath = config.Configs["Network"].GetString("http_listener_cert_path", HttpSSLCertPath);
|
||||
HttpSSLCNCertPass = config.Configs["Network"].GetString("http_listener_cert_pass", HttpSSLCNCertPass);
|
||||
|
||||
// "Out of band management https"
|
||||
ssl_listener = config.Configs["Network"].GetBoolean("https_listener",false);
|
||||
|
|
|
@ -153,11 +153,19 @@ namespace OpenSim.Framework.Servers.HttpServer
|
|||
m_ssl = ssl;
|
||||
}
|
||||
|
||||
public BaseHttpServer(uint port, bool ssl, uint sslport, string CN) : this (port, ssl)
|
||||
public BaseHttpServer(uint port, bool ssl, uint sslport, string CN, string CPath, string CPass) : this (port, ssl)
|
||||
{
|
||||
if (m_ssl)
|
||||
{
|
||||
if(string.IsNullOrEmpty(CPass))
|
||||
throw new Exception("invalid main http server cert path");
|
||||
|
||||
m_sslport = sslport;
|
||||
m_cert = new X509Certificate2(CPath, CPass);
|
||||
m_SSLCommonName = m_cert.GetNameInfo(X509NameType.SimpleName,false);
|
||||
if(CN != m_SSLCommonName)
|
||||
throw new Exception("main http server CN does not match cert CN");
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -351,7 +351,18 @@ namespace OpenSim
|
|||
if (startupConfig == null || startupConfig.GetBoolean("JobEngineEnabled", true))
|
||||
WorkManager.JobEngine.Start();
|
||||
|
||||
m_httpServerPort = m_networkServersInfo.HttpListenerPort;
|
||||
|
||||
if(m_networkServersInfo.HttpUsesSSL)
|
||||
{
|
||||
m_httpServerSSL = true;
|
||||
m_httpServerPort = m_networkServersInfo.httpSSLPort;
|
||||
}
|
||||
else
|
||||
{
|
||||
m_httpServerSSL = false;
|
||||
m_httpServerPort = m_networkServersInfo.HttpListenerPort;
|
||||
}
|
||||
|
||||
SceneManager.OnRestartSim += HandleRestartRegion;
|
||||
|
||||
// Only enable the watchdogs when all regions are ready. Otherwise we get false positives when cpu is
|
||||
|
@ -404,7 +415,18 @@ namespace OpenSim
|
|||
|
||||
// set initial ServerURI
|
||||
regionInfo.HttpPort = m_httpServerPort;
|
||||
regionInfo.ServerURI = "http://" + regionInfo.ExternalHostName + ":" + regionInfo.HttpPort.ToString() + "/";
|
||||
if(m_httpServerSSL)
|
||||
{
|
||||
if(m_networkServersInfo.HttpSSLCN != regionInfo.ExternalHostName)
|
||||
throw new Exception("main http cert CN doesn't match region External IP");
|
||||
|
||||
regionInfo.ServerURI = "https://" + regionInfo.ExternalHostName +
|
||||
":" + regionInfo.HttpPort.ToString() + "/";
|
||||
}
|
||||
else
|
||||
regionInfo.ServerURI = "http://" + regionInfo.ExternalHostName +
|
||||
":" + regionInfo.HttpPort.ToString() + "/";
|
||||
|
||||
|
||||
regionInfo.osSecret = m_osSecret;
|
||||
|
||||
|
|
|
@ -50,6 +50,7 @@ namespace OpenSim
|
|||
protected Dictionary<EndPoint, uint> m_clientCircuits = new Dictionary<EndPoint, uint>();
|
||||
protected NetworkServersInfo m_networkServersInfo;
|
||||
protected uint m_httpServerPort;
|
||||
protected bool m_httpServerSSL;
|
||||
protected ISimulationDataService m_simulationDataService;
|
||||
protected IEstateDataService m_estateDataService;
|
||||
|
||||
|
@ -70,15 +71,18 @@ namespace OpenSim
|
|||
|
||||
m_httpServer
|
||||
= new BaseHttpServer(
|
||||
m_httpServerPort, m_networkServersInfo.HttpUsesSSL, m_networkServersInfo.httpSSLPort,
|
||||
m_networkServersInfo.HttpSSLCN);
|
||||
m_httpServerPort, m_networkServersInfo.HttpUsesSSL,
|
||||
m_networkServersInfo.httpSSLPort, m_networkServersInfo.HttpSSLCN,
|
||||
m_networkServersInfo.HttpSSLCertPath, m_networkServersInfo.HttpSSLCNCertPass);
|
||||
|
||||
/* why this? we only run one
|
||||
if (m_networkServersInfo.HttpUsesSSL && (m_networkServersInfo.HttpListenerPort == m_networkServersInfo.httpSSLPort))
|
||||
{
|
||||
m_log.Error("[REGION SERVER]: HTTP Server config failed. HTTP Server and HTTPS server must be on different ports");
|
||||
}
|
||||
|
||||
m_log.InfoFormat("[REGION SERVER]: Starting HTTP server on port {0}", m_httpServerPort);
|
||||
*/
|
||||
m_log.InfoFormat("[REGION SERVER]: Starting HTTP{0} server on port {1}",
|
||||
m_networkServersInfo.HttpUsesSSL ? "S" : "", m_httpServerPort);
|
||||
m_httpServer.Start();
|
||||
|
||||
MainServer.AddHttpServer(m_httpServer);
|
||||
|
|
|
@ -65,7 +65,7 @@ namespace OpenSim.Region.ClientStack.Linden.Tests
|
|||
// variables and the VM is not restarted between tests.
|
||||
MainServer.RemoveHttpServer(port);
|
||||
|
||||
BaseHttpServer server = new BaseHttpServer(port, false, sslPort, "");
|
||||
BaseHttpServer server = new BaseHttpServer(port, false, sslPort, "","","");
|
||||
MainServer.AddHttpServer(server);
|
||||
MainServer.Instance = server;
|
||||
|
||||
|
|
|
@ -87,7 +87,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Tests
|
|||
uint port = 9999;
|
||||
MainServer.RemoveHttpServer(port);
|
||||
|
||||
BaseHttpServer server = new BaseHttpServer(port, false, 0, "");
|
||||
BaseHttpServer server = new BaseHttpServer(port, false, 0, "", "", "");
|
||||
MainServer.AddHttpServer(server);
|
||||
MainServer.Instance = server;
|
||||
|
||||
|
|
|
@ -500,13 +500,12 @@
|
|||
http_listener_port = 9000
|
||||
console_port = 0
|
||||
|
||||
; ssl config: Experimental! The auto https config only really works definately on windows XP now
|
||||
; you need a Cert Request/Signed pair installed in the MY store with the CN specified below
|
||||
; you can use https on other platforms, but you'll need to configure the httpapi yourself for now
|
||||
http_listener_ssl = false ; Also create a SSL server
|
||||
http_listener_cn = "localhost" ; Use the cert with the common name
|
||||
; ssl config: Experimental!
|
||||
http_listener_ssl = false ; if set to true main server is replaced a ssl one
|
||||
http_listener_sslport = 9001 ; Use this port for SSL connections
|
||||
http_listener_ssl_cert = "" ; Currently unused, but will be used for OSHttpServer
|
||||
http_listener_cn = "myexternalip" ; // should be the External ip and match the CN on the cert
|
||||
http_listener_cert_path = "mycert.p12" ; path for the cert file
|
||||
http_listener_cert_pass = "mycertpass" ; the cert passwork
|
||||
|
||||
; HTTPS for "Out of band" management applications such as the remote
|
||||
; admin module
|
||||
|
|
Loading…
Reference in New Issue