recover regions main http server ssl suport. Using a PKCS12 cert file, and not certs store for now. Option http_listener_cn, cert CN need to the same as external IP. Self sign certs do seem to work, but the viewers option NoVerifySLLCert needs to be set true. CA check is not done but they do check the IP

author: UbitUmarov 2016-10-06 21:35:11 +0100
committer: UbitUmarov 2016-10-06 21:35:11 +0100
commit: b51739e23ecc071a107755c7613ff274f65c3a64 (patch)
tree: f86af87ea451271a06acc62e769e97ea33cd9bd9 /OpenSim/Framework
parent: Merge branch 'master' into httptests (diff)
download: opensim-SC-b51739e23ecc071a107755c7613ff274f65c3a64.zip
opensim-SC-b51739e23ecc071a107755c7613ff274f65c3a64.tar.gz
opensim-SC-b51739e23ecc071a107755c7613ff274f65c3a64.tar.bz2
opensim-SC-b51739e23ecc071a107755c7613ff274f65c3a64.tar.xz
2 files changed, 13 insertions, 1 deletions
diff --git a/OpenSim/Framework/NetworkServersInfo.cs b/OpenSim/Framework/NetworkServersInfo.cs
index dfe9695..d79eb0d 100644
--- a/OpenSim/Framework/NetworkServersInfo.cs
+++ b/OpenSim/Framework/NetworkServersInfo.cs
@@ -37,6 +37,8 @@ namespace OpenSim.Framework
        public bool isSandbox;
        public bool HttpUsesSSL = false;
        public string HttpSSLCN = "";
+        public string HttpSSLCertPath = "";
+        public string HttpSSLCNCertPass = "";
        public uint httpSSLPort = 9001;
        // "Out of band" managemnt https
@@ -62,6 +64,8 @@ namespace OpenSim.Framework
                (uint)config.Configs["Network"].GetInt("http_listener_sslport", ((int)ConfigSettings.DefaultRegionHttpPort+1));
            HttpUsesSSL = config.Configs["Network"].GetBoolean("http_listener_ssl", false);
            HttpSSLCN = config.Configs["Network"].GetString("http_listener_cn", "localhost");
+            HttpSSLCertPath = config.Configs["Network"].GetString("http_listener_cert_path", HttpSSLCertPath);
+            HttpSSLCNCertPass = config.Configs["Network"].GetString("http_listener_cert_pass", HttpSSLCNCertPass);
            // "Out of band management https"
            ssl_listener = config.Configs["Network"].GetBoolean("https_listener",false);
diff --git a/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs b/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs
index c078a73..29a8d3f 100644
--- a/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs
+++ b/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs
@@ -153,11 +153,19 @@ namespace OpenSim.Framework.Servers.HttpServer
            m_ssl = ssl;
        }
-        public BaseHttpServer(uint port, bool ssl, uint sslport, string CN) : this (port, ssl)
+        public BaseHttpServer(uint port, bool ssl, uint sslport, string CN, string CPath, string CPass) : this (port, ssl)
        {
            if (m_ssl)
            {
+                if(string.IsNullOrEmpty(CPass))
+                    throw new Exception("invalid main http server cert path");
                m_sslport = sslport;
+                m_cert = new X509Certificate2(CPath, CPass);
+                m_SSLCommonName = m_cert.GetNameInfo(X509NameType.SimpleName,false);
+                if(CN != m_SSLCommonName)
+                    throw new Exception("main http server CN does not match cert CN");
            }
        }
author	UbitUmarov	2016-10-06 21:35:11 +0100
committer	UbitUmarov	2016-10-06 21:35:11 +0100
commit	b51739e23ecc071a107755c7613ff274f65c3a64 (patch)
tree	f86af87ea451271a06acc62e769e97ea33cd9bd9 /OpenSim/Framework
parent	Merge branch 'master' into httptests (diff)
download	opensim-SC-b51739e23ecc071a107755c7613ff274f65c3a64.zip opensim-SC-b51739e23ecc071a107755c7613ff274f65c3a64.tar.gz opensim-SC-b51739e23ecc071a107755c7613ff274f65c3a64.tar.bz2 opensim-SC-b51739e23ecc071a107755c7613ff274f65c3a64.tar.xz