aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim
diff options
context:
space:
mode:
authorTeravus Ovares2008-09-14 18:39:17 +0000
committerTeravus Ovares2008-09-14 18:39:17 +0000
commitdbbbec48dfbc51f30953d8a46f4fc8f192bd277c (patch)
tree218f93b95724e8bdc9a9c6e986268f2101c1eb6e /OpenSim
parentAdded some further clipping to color- and alpha-values. (diff)
downloadopensim-SC-dbbbec48dfbc51f30953d8a46f4fc8f192bd277c.zip
opensim-SC-dbbbec48dfbc51f30953d8a46f4fc8f192bd277c.tar.gz
opensim-SC-dbbbec48dfbc51f30953d8a46f4fc8f192bd277c.tar.bz2
opensim-SC-dbbbec48dfbc51f30953d8a46f4fc8f192bd277c.tar.xz
* This update makes configuring SSL a little easier on Windows XP. It also makes it possible to run a HTTPS server on the region. It also has a junk Certification authority for test purposes.
* There are still a lot of things that are hard coded to use http. They need to be fixed. * Also includes directions * A standard junk PEM file to append to app_settings/CA.pem in the client so SSL will work
Diffstat (limited to 'OpenSim')
-rw-r--r--OpenSim/Framework/NetworkServersInfo.cs7
-rw-r--r--OpenSim/Framework/Servers/BaseHttpServer.cs129
-rw-r--r--OpenSim/Region/ClientStack/RegionApplicationBase.cs7
-rw-r--r--OpenSim/Region/Environment/Modules/InterGrid/OpenGridProtocolModule.cs57
4 files changed, 193 insertions, 7 deletions
diff --git a/OpenSim/Framework/NetworkServersInfo.cs b/OpenSim/Framework/NetworkServersInfo.cs
index 43ec11e..9f3014d 100644
--- a/OpenSim/Framework/NetworkServersInfo.cs
+++ b/OpenSim/Framework/NetworkServersInfo.cs
@@ -49,6 +49,9 @@ namespace OpenSim.Framework
49 public string UserRecvKey = String.Empty; 49 public string UserRecvKey = String.Empty;
50 public string UserSendKey = String.Empty; 50 public string UserSendKey = String.Empty;
51 public string UserURL = String.Empty; 51 public string UserURL = String.Empty;
52 public bool HttpUsesSSL = false;
53 public string HttpSSLCN = "";
54 public uint httpSSLPort = 9001;
52 55
53 56
54 public NetworkServersInfo() 57 public NetworkServersInfo()
@@ -78,6 +81,10 @@ namespace OpenSim.Framework
78 81
79 HttpListenerPort = 82 HttpListenerPort =
80 (uint) config.Configs["Network"].GetInt("http_listener_port", (int) DefaultHttpListenerPort); 83 (uint) config.Configs["Network"].GetInt("http_listener_port", (int) DefaultHttpListenerPort);
84 httpSSLPort =
85 (uint)config.Configs["Network"].GetInt("http_listener_sslport", ((int)DefaultHttpListenerPort+1));
86 HttpUsesSSL = config.Configs["Network"].GetBoolean("http_listener_ssl", false);
87 HttpSSLCN = config.Configs["Network"].GetString("http_listener_cn", "");
81 RemotingListenerPort = 88 RemotingListenerPort =
82 (uint) config.Configs["Network"].GetInt("remoting_listener_port", (int) RemotingListenerPort); 89 (uint) config.Configs["Network"].GetInt("remoting_listener_port", (int) RemotingListenerPort);
83 GridURL = 90 GridURL =
diff --git a/OpenSim/Framework/Servers/BaseHttpServer.cs b/OpenSim/Framework/Servers/BaseHttpServer.cs
index 181eb92..6cf6744 100644
--- a/OpenSim/Framework/Servers/BaseHttpServer.cs
+++ b/OpenSim/Framework/Servers/BaseHttpServer.cs
@@ -26,12 +26,14 @@
26 */ 26 */
27 27
28using System; 28using System;
29using System.Diagnostics;
29using System.Collections; 30using System.Collections;
30using System.Collections.Generic; 31using System.Collections.Generic;
31using System.IO; 32using System.IO;
32using System.Net; 33using System.Net;
33using System.Net.Sockets; 34using System.Net.Sockets;
34using System.Reflection; 35using System.Reflection;
36using System.Security.Cryptography.X509Certificates;
35using System.Text; 37using System.Text;
36using System.Threading; 38using System.Threading;
37using System.Xml; 39using System.Xml;
@@ -39,6 +41,7 @@ using OpenMetaverse.StructuredData;
39using log4net; 41using log4net;
40using Nwc.XmlRpc; 42using Nwc.XmlRpc;
41 43
44
42namespace OpenSim.Framework.Servers 45namespace OpenSim.Framework.Servers
43{ 46{
44 public class BaseHttpServer 47 public class BaseHttpServer
@@ -55,9 +58,14 @@ namespace OpenSim.Framework.Servers
55 protected Dictionary<string, IHttpAgentHandler> m_agentHandlers = new Dictionary<string, IHttpAgentHandler>(); 58 protected Dictionary<string, IHttpAgentHandler> m_agentHandlers = new Dictionary<string, IHttpAgentHandler>();
56 59
57 protected uint m_port; 60 protected uint m_port;
61 protected uint m_sslport;
58 protected bool m_ssl = false; 62 protected bool m_ssl = false;
59 protected bool m_firstcaps = true; 63 protected bool m_firstcaps = true;
60 64
65 public uint SSLPort
66 {
67 get { return m_sslport; }
68 }
61 public uint Port 69 public uint Port
62 { 70 {
63 get { return m_port; } 71 get { return m_port; }
@@ -72,8 +80,124 @@ namespace OpenSim.Framework.Servers
72 { 80 {
73 m_ssl = ssl; 81 m_ssl = ssl;
74 m_port = port; 82 m_port = port;
83
84 }
85
86 public BaseHttpServer(uint port, bool ssl, uint sslport, string CN)
87 {
88 m_ssl = ssl;
89 m_port = port;
90 if (m_ssl)
91 {
92 bool result = SetupSsl((int)sslport, CN);
93 m_sslport = sslport;
94 }
95 }
96
97
98
99 public bool SetupSsl(int port, string CN)
100 {
101 string searchCN = Environment.MachineName.ToUpper();
102
103 if (CN.Length > 0)
104 searchCN = CN.ToUpper();
105
106 Type t = Type.GetType("Mono.Runtime");
107 if (t != null)
108 {
109 // TODO Mono User Friendly HTTPS setup
110 // if this doesn't exist, then mono people can still manually use httpcfg
111 }
112 else
113 {
114 // Windows.
115 // Search through the store for a certificate with a Common name specified in OpenSim.ini.
116 // We need to find it's hash so we can pass it to httpcfg
117 X509Store store = new X509Store(StoreLocation.LocalMachine);
118 //Use the first cert to configure Ssl
119 store.Open(OpenFlags.ReadOnly);
120 //Assumption is we have certs. If not then this call will fail :(
121 try
122 {
123 bool found = false;
124 //X509Certificate2.CreateFromCertFile("testCert.cer");
125
126 foreach (X509Certificate2 cert in store.Certificates)
127 {
128 String certHash = cert.GetCertHashString();
129 //Only install certs issued for the machine and has the name as the machine name
130 if (cert.Subject.ToUpper().IndexOf(searchCN) >= 0)
131 {
132 string httpcfgparams = String.Format("set ssl -i 0.0.0.0:{1} -c \"MY\" -h {0}", certHash, port);
133 try
134 {
135 found = true;
136
137 ExecuteHttpcfgCommand(httpcfgparams);
138
139 break;
140 }
141 catch (Exception e)
142 {
143 m_log.WarnFormat("[HTTPS]: Automatic HTTPS setup failed. Do you have httpcfg.exe in your path? If not, you can download it in the windowsXP Service Pack 2 Support Tools, here: http://www.microsoft.com/downloads/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en. When you get it installed type, httpcfg {0}", httpcfgparams);
144 return false;
145 }
146 }
147 }
148
149 if (!found)
150 {
151 m_log.WarnFormat("[HTTPS]: We didn't find a certificate that matched the common name {0}. Automatic HTTPS setup failed, you may have certificate errors. To fix this, make sure you generate a certificate request(CSR) using OpenSSL or the IIS snap-in with the common name you specified in opensim.ini. Then get it signed by a certification authority or sign it yourself with OpenSSL and the junkCA. Finally, be sure to import the cert to the 'MY' store(StoreLocation.LocalMachine)", searchCN);
152 return false;
153 }
154
155 }
156 catch (Exception e)
157 {
158 m_log.WarnFormat("[HTTPS]: We didn't any certificates in your LocalMachine certificate store. Automatic HTTPS setup failed, you may have certificate errors. To fix this, make sure you generate a certificate request(CSR) using OpenSSL or the IIS snap-inwith the common name you specified in opensim.ini. Then get it signed by a certification authority or sign it yourself with OpenSSL and the junkCA. Finally, be sure to import the cert to the 'MY' store(StoreLocation.LocalMachine). The configured common name is {0}", searchCN);
159 return false;
160 }
161 finally
162 {
163 if (store != null)
164 {
165 store.Close();
166 }
167 }
168 }
169 return true;
75 } 170 }
76 171
172 private void ExecuteHttpcfgCommand(string p)
173 {
174
175 string file = "httpcfg";
176
177 ProcessStartInfo info = new ProcessStartInfo(file, p);
178 // Redirect output so we can read it.
179 info.RedirectStandardOutput = true;
180 // To redirect, we must not use shell execute.
181 info.UseShellExecute = false;
182
183 // Create and execute the process.
184 Process httpcfgprocess = Process.Start(info);
185 httpcfgprocess.Start();
186 string result = httpcfgprocess.StandardOutput.ReadToEnd();
187 if (result.Contains("HttpSetServiceConfiguration completed with"))
188 {
189 //success
190
191 }
192 else
193 {
194 //fail
195 m_log.WarnFormat("[HTTPS]:Error binding certificate with the requested port. Message:{0}", result);
196 }
197
198 }
199
200
77 /// <summary> 201 /// <summary>
78 /// Add a stream handler to the http server. If the handler already exists, then nothing happens. 202 /// Add a stream handler to the http server. If the handler already exists, then nothing happens.
79 /// </summary> 203 /// </summary>
@@ -907,7 +1031,8 @@ namespace OpenSim.Framework.Servers
907 } 1031 }
908 else 1032 else
909 { 1033 {
910 m_httpListener.Prefixes.Add("https://+:" + m_port + "/"); 1034 m_httpListener.Prefixes.Add("https://+:" + (m_sslport) + "/");
1035 m_httpListener.Prefixes.Add("http://+:" + m_port + "/");
911 } 1036 }
912 m_httpListener.Start(); 1037 m_httpListener.Start();
913 1038
@@ -921,7 +1046,7 @@ namespace OpenSim.Framework.Servers
921 catch (Exception e) 1046 catch (Exception e)
922 { 1047 {
923 m_log.Warn("[HTTPD]: Error - " + e.Message); 1048 m_log.Warn("[HTTPD]: Error - " + e.Message);
924 m_log.Warn("Tip: Do you have permission to listen on port " + m_port + "?"); 1049 m_log.Warn("Tip: Do you have permission to listen on port " + m_port + "," + m_sslport + "?");
925 } 1050 }
926 } 1051 }
927 1052
diff --git a/OpenSim/Region/ClientStack/RegionApplicationBase.cs b/OpenSim/Region/ClientStack/RegionApplicationBase.cs
index 8bb35c1..469c084 100644
--- a/OpenSim/Region/ClientStack/RegionApplicationBase.cs
+++ b/OpenSim/Region/ClientStack/RegionApplicationBase.cs
@@ -81,7 +81,12 @@ namespace OpenSim.Region.ClientStack
81 81
82 Initialize(); 82 Initialize();
83 83
84 m_httpServer = new BaseHttpServer(m_httpServerPort); 84 m_httpServer = new BaseHttpServer(m_httpServerPort,m_networkServersInfo.HttpUsesSSL,m_networkServersInfo.httpSSLPort, m_networkServersInfo.HttpSSLCN);
85 if (m_networkServersInfo.HttpUsesSSL && (m_networkServersInfo.HttpListenerPort == m_networkServersInfo.httpSSLPort))
86 {
87 m_log.Error("[HTTP]: HTTP Server config failed. HTTP Server and HTTPS server must be on different ports");
88 }
89
85 90
86 m_log.Info("[REGION]: Starting HTTP server"); 91 m_log.Info("[REGION]: Starting HTTP server");
87 92
diff --git a/OpenSim/Region/Environment/Modules/InterGrid/OpenGridProtocolModule.cs b/OpenSim/Region/Environment/Modules/InterGrid/OpenGridProtocolModule.cs
index 6e37b95..68f35e8 100644
--- a/OpenSim/Region/Environment/Modules/InterGrid/OpenGridProtocolModule.cs
+++ b/OpenSim/Region/Environment/Modules/InterGrid/OpenGridProtocolModule.cs
@@ -86,6 +86,9 @@ namespace OpenSim.Region.Environment.Modules.InterGrid
86 private Dictionary<UUID, OGPState> m_OGPState = new Dictionary<UUID, OGPState>(); 86 private Dictionary<UUID, OGPState> m_OGPState = new Dictionary<UUID, OGPState>();
87 private string LastNameSuffix = "_EXTERNAL"; 87 private string LastNameSuffix = "_EXTERNAL";
88 private string FirstNamePrefix = ""; 88 private string FirstNamePrefix = "";
89 private string httpsCN = "";
90 private bool httpSSL = false;
91 private uint httpsslport = 0;
89 92
90 #region IRegionModule Members 93 #region IRegionModule Members
91 94
@@ -93,6 +96,7 @@ namespace OpenSim.Region.Environment.Modules.InterGrid
93 { 96 {
94 bool enabled = false; 97 bool enabled = false;
95 IConfig cfg = null; 98 IConfig cfg = null;
99 IConfig httpcfg = null;
96 try 100 try
97 { 101 {
98 cfg = config.Configs["OpenGridProtocol"]; 102 cfg = config.Configs["OpenGridProtocol"];
@@ -100,6 +104,16 @@ namespace OpenSim.Region.Environment.Modules.InterGrid
100 { 104 {
101 enabled = false; 105 enabled = false;
102 } 106 }
107
108 try
109 {
110 httpcfg = config.Configs["Network"];
111 }
112 catch (NullReferenceException)
113 {
114
115 }
116
103 if (cfg != null) 117 if (cfg != null)
104 { 118 {
105 enabled = cfg.GetBoolean("ogp_enabled", false); 119 enabled = cfg.GetBoolean("ogp_enabled", false);
@@ -139,6 +153,20 @@ namespace OpenSim.Region.Environment.Modules.InterGrid
139 } 153 }
140 } 154 }
141 } 155 }
156 lock (m_scene)
157 {
158 if (m_scene.Count == 1)
159 {
160 if (httpcfg != null)
161 {
162 httpSSL = httpcfg.GetBoolean("http_listener_ssl", false);
163 httpsCN = httpcfg.GetString("http_listener_cn", scene.RegionInfo.ExternalHostName);
164 if (httpsCN.Length == 0)
165 httpsCN = scene.RegionInfo.ExternalHostName;
166 httpsslport = (uint)httpcfg.GetInt("http_listener_sslport",((int)scene.RegionInfo.HttpPort + 1));
167 }
168 }
169 }
142 // Of interest to this module potentially 170 // Of interest to this module potentially
143 //scene.EventManager.OnNewClient += OnNewClient; 171 //scene.EventManager.OnNewClient += OnNewClient;
144 //scene.EventManager.OnGridInstantMessageToFriendsModule += OnGridInstantMessage; 172 //scene.EventManager.OnGridInstantMessageToFriendsModule += OnGridInstantMessage;
@@ -371,14 +399,35 @@ namespace OpenSim.Region.Environment.Modules.InterGrid
371 // Get a reference to the user's cap so we can pull out the Caps Object Path 399 // Get a reference to the user's cap so we can pull out the Caps Object Path
372 OpenSim.Framework.Communications.Capabilities.Caps userCap = homeScene.GetCapsHandlerForUser(agentData.AgentID); 400 OpenSim.Framework.Communications.Capabilities.Caps userCap = homeScene.GetCapsHandlerForUser(agentData.AgentID);
373 401
402 string rezHttpProtocol = "http://";
403 string regionCapsHttpProtocol = "http://";
404 string httpaddr = reg.ExternalHostName;
405 string urlport = reg.HttpPort.ToString();
406
407
408 if (httpSSL)
409 {
410 rezHttpProtocol = "https://";
411
412 urlport = httpsslport.ToString();
413
414 if (httpsCN.Length > 0)
415 httpaddr = httpsCN;
416 }
417
418
419 // Be warned that the two following lines assume http not
420 // https since region caps are not implemented in https currently
421
374 // DEPRECIATED 422 // DEPRECIATED
375 responseMap["seed_capability"] = LLSD.FromString("http://" + reg.ExternalHostName + ":" + reg.HttpPort + "/CAPS/" + userCap.CapsObjectPath + "0000/"); 423 responseMap["seed_capability"] = LLSD.FromString(regionCapsHttpProtocol + httpaddr + ":" + reg.HttpPort + "/CAPS/" + userCap.CapsObjectPath + "0000/");
376 424
377 // REPLACEMENT 425 // REPLACEMENT
378 responseMap["region_seed_capability"] = LLSD.FromString("http://" + reg.ExternalHostName + ":" + reg.HttpPort + "/CAPS/" + userCap.CapsObjectPath + "0000/"); 426 responseMap["region_seed_capability"] = LLSD.FromString(regionCapsHttpProtocol + httpaddr + ":" + reg.HttpPort + "/CAPS/" + userCap.CapsObjectPath + "0000/");
427
379 428
380 responseMap["rez_avatar/rez"] = LLSD.FromString("http://" + reg.ExternalHostName + ":" + reg.HttpPort + rezAvatarPath); 429 responseMap["rez_avatar/rez"] = LLSD.FromString(rezHttpProtocol + httpaddr + ":" + urlport + rezAvatarPath);
381 responseMap["rez_avatar/derez"] = LLSD.FromString("http://" + reg.ExternalHostName + ":" + reg.HttpPort + derezAvatarPath); 430 responseMap["rez_avatar/derez"] = LLSD.FromString(rezHttpProtocol + httpaddr + ":" + urlport + derezAvatarPath);
382 431
383 // Add the user to the list of CAPS that are outstanding. 432 // Add the user to the list of CAPS that are outstanding.
384 // well allow the caps hosts in this dictionary 433 // well allow the caps hosts in this dictionary