diff options
author | Teravus Ovares | 2008-09-14 18:39:17 +0000 |
---|---|---|
committer | Teravus Ovares | 2008-09-14 18:39:17 +0000 |
commit | dbbbec48dfbc51f30953d8a46f4fc8f192bd277c (patch) | |
tree | 218f93b95724e8bdc9a9c6e986268f2101c1eb6e /OpenSim | |
parent | Added some further clipping to color- and alpha-values. (diff) | |
download | opensim-SC-dbbbec48dfbc51f30953d8a46f4fc8f192bd277c.zip opensim-SC-dbbbec48dfbc51f30953d8a46f4fc8f192bd277c.tar.gz opensim-SC-dbbbec48dfbc51f30953d8a46f4fc8f192bd277c.tar.bz2 opensim-SC-dbbbec48dfbc51f30953d8a46f4fc8f192bd277c.tar.xz |
* This update makes configuring SSL a little easier on Windows XP. It also makes it possible to run a HTTPS server on the region. It also has a junk Certification authority for test purposes.
* There are still a lot of things that are hard coded to use http. They need to be fixed.
* Also includes directions
* A standard junk PEM file to append to app_settings/CA.pem in the client so SSL will work
Diffstat (limited to 'OpenSim')
4 files changed, 193 insertions, 7 deletions
diff --git a/OpenSim/Framework/NetworkServersInfo.cs b/OpenSim/Framework/NetworkServersInfo.cs index 43ec11e..9f3014d 100644 --- a/OpenSim/Framework/NetworkServersInfo.cs +++ b/OpenSim/Framework/NetworkServersInfo.cs | |||
@@ -49,6 +49,9 @@ namespace OpenSim.Framework | |||
49 | public string UserRecvKey = String.Empty; | 49 | public string UserRecvKey = String.Empty; |
50 | public string UserSendKey = String.Empty; | 50 | public string UserSendKey = String.Empty; |
51 | public string UserURL = String.Empty; | 51 | public string UserURL = String.Empty; |
52 | public bool HttpUsesSSL = false; | ||
53 | public string HttpSSLCN = ""; | ||
54 | public uint httpSSLPort = 9001; | ||
52 | 55 | ||
53 | 56 | ||
54 | public NetworkServersInfo() | 57 | public NetworkServersInfo() |
@@ -78,6 +81,10 @@ namespace OpenSim.Framework | |||
78 | 81 | ||
79 | HttpListenerPort = | 82 | HttpListenerPort = |
80 | (uint) config.Configs["Network"].GetInt("http_listener_port", (int) DefaultHttpListenerPort); | 83 | (uint) config.Configs["Network"].GetInt("http_listener_port", (int) DefaultHttpListenerPort); |
84 | httpSSLPort = | ||
85 | (uint)config.Configs["Network"].GetInt("http_listener_sslport", ((int)DefaultHttpListenerPort+1)); | ||
86 | HttpUsesSSL = config.Configs["Network"].GetBoolean("http_listener_ssl", false); | ||
87 | HttpSSLCN = config.Configs["Network"].GetString("http_listener_cn", ""); | ||
81 | RemotingListenerPort = | 88 | RemotingListenerPort = |
82 | (uint) config.Configs["Network"].GetInt("remoting_listener_port", (int) RemotingListenerPort); | 89 | (uint) config.Configs["Network"].GetInt("remoting_listener_port", (int) RemotingListenerPort); |
83 | GridURL = | 90 | GridURL = |
diff --git a/OpenSim/Framework/Servers/BaseHttpServer.cs b/OpenSim/Framework/Servers/BaseHttpServer.cs index 181eb92..6cf6744 100644 --- a/OpenSim/Framework/Servers/BaseHttpServer.cs +++ b/OpenSim/Framework/Servers/BaseHttpServer.cs | |||
@@ -26,12 +26,14 @@ | |||
26 | */ | 26 | */ |
27 | 27 | ||
28 | using System; | 28 | using System; |
29 | using System.Diagnostics; | ||
29 | using System.Collections; | 30 | using System.Collections; |
30 | using System.Collections.Generic; | 31 | using System.Collections.Generic; |
31 | using System.IO; | 32 | using System.IO; |
32 | using System.Net; | 33 | using System.Net; |
33 | using System.Net.Sockets; | 34 | using System.Net.Sockets; |
34 | using System.Reflection; | 35 | using System.Reflection; |
36 | using System.Security.Cryptography.X509Certificates; | ||
35 | using System.Text; | 37 | using System.Text; |
36 | using System.Threading; | 38 | using System.Threading; |
37 | using System.Xml; | 39 | using System.Xml; |
@@ -39,6 +41,7 @@ using OpenMetaverse.StructuredData; | |||
39 | using log4net; | 41 | using log4net; |
40 | using Nwc.XmlRpc; | 42 | using Nwc.XmlRpc; |
41 | 43 | ||
44 | |||
42 | namespace OpenSim.Framework.Servers | 45 | namespace OpenSim.Framework.Servers |
43 | { | 46 | { |
44 | public class BaseHttpServer | 47 | public class BaseHttpServer |
@@ -55,9 +58,14 @@ namespace OpenSim.Framework.Servers | |||
55 | protected Dictionary<string, IHttpAgentHandler> m_agentHandlers = new Dictionary<string, IHttpAgentHandler>(); | 58 | protected Dictionary<string, IHttpAgentHandler> m_agentHandlers = new Dictionary<string, IHttpAgentHandler>(); |
56 | 59 | ||
57 | protected uint m_port; | 60 | protected uint m_port; |
61 | protected uint m_sslport; | ||
58 | protected bool m_ssl = false; | 62 | protected bool m_ssl = false; |
59 | protected bool m_firstcaps = true; | 63 | protected bool m_firstcaps = true; |
60 | 64 | ||
65 | public uint SSLPort | ||
66 | { | ||
67 | get { return m_sslport; } | ||
68 | } | ||
61 | public uint Port | 69 | public uint Port |
62 | { | 70 | { |
63 | get { return m_port; } | 71 | get { return m_port; } |
@@ -72,8 +80,124 @@ namespace OpenSim.Framework.Servers | |||
72 | { | 80 | { |
73 | m_ssl = ssl; | 81 | m_ssl = ssl; |
74 | m_port = port; | 82 | m_port = port; |
83 | |||
84 | } | ||
85 | |||
86 | public BaseHttpServer(uint port, bool ssl, uint sslport, string CN) | ||
87 | { | ||
88 | m_ssl = ssl; | ||
89 | m_port = port; | ||
90 | if (m_ssl) | ||
91 | { | ||
92 | bool result = SetupSsl((int)sslport, CN); | ||
93 | m_sslport = sslport; | ||
94 | } | ||
95 | } | ||
96 | |||
97 | |||
98 | |||
99 | public bool SetupSsl(int port, string CN) | ||
100 | { | ||
101 | string searchCN = Environment.MachineName.ToUpper(); | ||
102 | |||
103 | if (CN.Length > 0) | ||
104 | searchCN = CN.ToUpper(); | ||
105 | |||
106 | Type t = Type.GetType("Mono.Runtime"); | ||
107 | if (t != null) | ||
108 | { | ||
109 | // TODO Mono User Friendly HTTPS setup | ||
110 | // if this doesn't exist, then mono people can still manually use httpcfg | ||
111 | } | ||
112 | else | ||
113 | { | ||
114 | // Windows. | ||
115 | // Search through the store for a certificate with a Common name specified in OpenSim.ini. | ||
116 | // We need to find it's hash so we can pass it to httpcfg | ||
117 | X509Store store = new X509Store(StoreLocation.LocalMachine); | ||
118 | //Use the first cert to configure Ssl | ||
119 | store.Open(OpenFlags.ReadOnly); | ||
120 | //Assumption is we have certs. If not then this call will fail :( | ||
121 | try | ||
122 | { | ||
123 | bool found = false; | ||
124 | //X509Certificate2.CreateFromCertFile("testCert.cer"); | ||
125 | |||
126 | foreach (X509Certificate2 cert in store.Certificates) | ||
127 | { | ||
128 | String certHash = cert.GetCertHashString(); | ||
129 | //Only install certs issued for the machine and has the name as the machine name | ||
130 | if (cert.Subject.ToUpper().IndexOf(searchCN) >= 0) | ||
131 | { | ||
132 | string httpcfgparams = String.Format("set ssl -i 0.0.0.0:{1} -c \"MY\" -h {0}", certHash, port); | ||
133 | try | ||
134 | { | ||
135 | found = true; | ||
136 | |||
137 | ExecuteHttpcfgCommand(httpcfgparams); | ||
138 | |||
139 | break; | ||
140 | } | ||
141 | catch (Exception e) | ||
142 | { | ||
143 | m_log.WarnFormat("[HTTPS]: Automatic HTTPS setup failed. Do you have httpcfg.exe in your path? If not, you can download it in the windowsXP Service Pack 2 Support Tools, here: http://www.microsoft.com/downloads/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en. When you get it installed type, httpcfg {0}", httpcfgparams); | ||
144 | return false; | ||
145 | } | ||
146 | } | ||
147 | } | ||
148 | |||
149 | if (!found) | ||
150 | { | ||
151 | m_log.WarnFormat("[HTTPS]: We didn't find a certificate that matched the common name {0}. Automatic HTTPS setup failed, you may have certificate errors. To fix this, make sure you generate a certificate request(CSR) using OpenSSL or the IIS snap-in with the common name you specified in opensim.ini. Then get it signed by a certification authority or sign it yourself with OpenSSL and the junkCA. Finally, be sure to import the cert to the 'MY' store(StoreLocation.LocalMachine)", searchCN); | ||
152 | return false; | ||
153 | } | ||
154 | |||
155 | } | ||
156 | catch (Exception e) | ||
157 | { | ||
158 | m_log.WarnFormat("[HTTPS]: We didn't any certificates in your LocalMachine certificate store. Automatic HTTPS setup failed, you may have certificate errors. To fix this, make sure you generate a certificate request(CSR) using OpenSSL or the IIS snap-inwith the common name you specified in opensim.ini. Then get it signed by a certification authority or sign it yourself with OpenSSL and the junkCA. Finally, be sure to import the cert to the 'MY' store(StoreLocation.LocalMachine). The configured common name is {0}", searchCN); | ||
159 | return false; | ||
160 | } | ||
161 | finally | ||
162 | { | ||
163 | if (store != null) | ||
164 | { | ||
165 | store.Close(); | ||
166 | } | ||
167 | } | ||
168 | } | ||
169 | return true; | ||
75 | } | 170 | } |
76 | 171 | ||
172 | private void ExecuteHttpcfgCommand(string p) | ||
173 | { | ||
174 | |||
175 | string file = "httpcfg"; | ||
176 | |||
177 | ProcessStartInfo info = new ProcessStartInfo(file, p); | ||
178 | // Redirect output so we can read it. | ||
179 | info.RedirectStandardOutput = true; | ||
180 | // To redirect, we must not use shell execute. | ||
181 | info.UseShellExecute = false; | ||
182 | |||
183 | // Create and execute the process. | ||
184 | Process httpcfgprocess = Process.Start(info); | ||
185 | httpcfgprocess.Start(); | ||
186 | string result = httpcfgprocess.StandardOutput.ReadToEnd(); | ||
187 | if (result.Contains("HttpSetServiceConfiguration completed with")) | ||
188 | { | ||
189 | //success | ||
190 | |||
191 | } | ||
192 | else | ||
193 | { | ||
194 | //fail | ||
195 | m_log.WarnFormat("[HTTPS]:Error binding certificate with the requested port. Message:{0}", result); | ||
196 | } | ||
197 | |||
198 | } | ||
199 | |||
200 | |||
77 | /// <summary> | 201 | /// <summary> |
78 | /// Add a stream handler to the http server. If the handler already exists, then nothing happens. | 202 | /// Add a stream handler to the http server. If the handler already exists, then nothing happens. |
79 | /// </summary> | 203 | /// </summary> |
@@ -907,7 +1031,8 @@ namespace OpenSim.Framework.Servers | |||
907 | } | 1031 | } |
908 | else | 1032 | else |
909 | { | 1033 | { |
910 | m_httpListener.Prefixes.Add("https://+:" + m_port + "/"); | 1034 | m_httpListener.Prefixes.Add("https://+:" + (m_sslport) + "/"); |
1035 | m_httpListener.Prefixes.Add("http://+:" + m_port + "/"); | ||
911 | } | 1036 | } |
912 | m_httpListener.Start(); | 1037 | m_httpListener.Start(); |
913 | 1038 | ||
@@ -921,7 +1046,7 @@ namespace OpenSim.Framework.Servers | |||
921 | catch (Exception e) | 1046 | catch (Exception e) |
922 | { | 1047 | { |
923 | m_log.Warn("[HTTPD]: Error - " + e.Message); | 1048 | m_log.Warn("[HTTPD]: Error - " + e.Message); |
924 | m_log.Warn("Tip: Do you have permission to listen on port " + m_port + "?"); | 1049 | m_log.Warn("Tip: Do you have permission to listen on port " + m_port + "," + m_sslport + "?"); |
925 | } | 1050 | } |
926 | } | 1051 | } |
927 | 1052 | ||
diff --git a/OpenSim/Region/ClientStack/RegionApplicationBase.cs b/OpenSim/Region/ClientStack/RegionApplicationBase.cs index 8bb35c1..469c084 100644 --- a/OpenSim/Region/ClientStack/RegionApplicationBase.cs +++ b/OpenSim/Region/ClientStack/RegionApplicationBase.cs | |||
@@ -81,7 +81,12 @@ namespace OpenSim.Region.ClientStack | |||
81 | 81 | ||
82 | Initialize(); | 82 | Initialize(); |
83 | 83 | ||
84 | m_httpServer = new BaseHttpServer(m_httpServerPort); | 84 | m_httpServer = new BaseHttpServer(m_httpServerPort,m_networkServersInfo.HttpUsesSSL,m_networkServersInfo.httpSSLPort, m_networkServersInfo.HttpSSLCN); |
85 | if (m_networkServersInfo.HttpUsesSSL && (m_networkServersInfo.HttpListenerPort == m_networkServersInfo.httpSSLPort)) | ||
86 | { | ||
87 | m_log.Error("[HTTP]: HTTP Server config failed. HTTP Server and HTTPS server must be on different ports"); | ||
88 | } | ||
89 | |||
85 | 90 | ||
86 | m_log.Info("[REGION]: Starting HTTP server"); | 91 | m_log.Info("[REGION]: Starting HTTP server"); |
87 | 92 | ||
diff --git a/OpenSim/Region/Environment/Modules/InterGrid/OpenGridProtocolModule.cs b/OpenSim/Region/Environment/Modules/InterGrid/OpenGridProtocolModule.cs index 6e37b95..68f35e8 100644 --- a/OpenSim/Region/Environment/Modules/InterGrid/OpenGridProtocolModule.cs +++ b/OpenSim/Region/Environment/Modules/InterGrid/OpenGridProtocolModule.cs | |||
@@ -86,6 +86,9 @@ namespace OpenSim.Region.Environment.Modules.InterGrid | |||
86 | private Dictionary<UUID, OGPState> m_OGPState = new Dictionary<UUID, OGPState>(); | 86 | private Dictionary<UUID, OGPState> m_OGPState = new Dictionary<UUID, OGPState>(); |
87 | private string LastNameSuffix = "_EXTERNAL"; | 87 | private string LastNameSuffix = "_EXTERNAL"; |
88 | private string FirstNamePrefix = ""; | 88 | private string FirstNamePrefix = ""; |
89 | private string httpsCN = ""; | ||
90 | private bool httpSSL = false; | ||
91 | private uint httpsslport = 0; | ||
89 | 92 | ||
90 | #region IRegionModule Members | 93 | #region IRegionModule Members |
91 | 94 | ||
@@ -93,6 +96,7 @@ namespace OpenSim.Region.Environment.Modules.InterGrid | |||
93 | { | 96 | { |
94 | bool enabled = false; | 97 | bool enabled = false; |
95 | IConfig cfg = null; | 98 | IConfig cfg = null; |
99 | IConfig httpcfg = null; | ||
96 | try | 100 | try |
97 | { | 101 | { |
98 | cfg = config.Configs["OpenGridProtocol"]; | 102 | cfg = config.Configs["OpenGridProtocol"]; |
@@ -100,6 +104,16 @@ namespace OpenSim.Region.Environment.Modules.InterGrid | |||
100 | { | 104 | { |
101 | enabled = false; | 105 | enabled = false; |
102 | } | 106 | } |
107 | |||
108 | try | ||
109 | { | ||
110 | httpcfg = config.Configs["Network"]; | ||
111 | } | ||
112 | catch (NullReferenceException) | ||
113 | { | ||
114 | |||
115 | } | ||
116 | |||
103 | if (cfg != null) | 117 | if (cfg != null) |
104 | { | 118 | { |
105 | enabled = cfg.GetBoolean("ogp_enabled", false); | 119 | enabled = cfg.GetBoolean("ogp_enabled", false); |
@@ -139,6 +153,20 @@ namespace OpenSim.Region.Environment.Modules.InterGrid | |||
139 | } | 153 | } |
140 | } | 154 | } |
141 | } | 155 | } |
156 | lock (m_scene) | ||
157 | { | ||
158 | if (m_scene.Count == 1) | ||
159 | { | ||
160 | if (httpcfg != null) | ||
161 | { | ||
162 | httpSSL = httpcfg.GetBoolean("http_listener_ssl", false); | ||
163 | httpsCN = httpcfg.GetString("http_listener_cn", scene.RegionInfo.ExternalHostName); | ||
164 | if (httpsCN.Length == 0) | ||
165 | httpsCN = scene.RegionInfo.ExternalHostName; | ||
166 | httpsslport = (uint)httpcfg.GetInt("http_listener_sslport",((int)scene.RegionInfo.HttpPort + 1)); | ||
167 | } | ||
168 | } | ||
169 | } | ||
142 | // Of interest to this module potentially | 170 | // Of interest to this module potentially |
143 | //scene.EventManager.OnNewClient += OnNewClient; | 171 | //scene.EventManager.OnNewClient += OnNewClient; |
144 | //scene.EventManager.OnGridInstantMessageToFriendsModule += OnGridInstantMessage; | 172 | //scene.EventManager.OnGridInstantMessageToFriendsModule += OnGridInstantMessage; |
@@ -371,14 +399,35 @@ namespace OpenSim.Region.Environment.Modules.InterGrid | |||
371 | // Get a reference to the user's cap so we can pull out the Caps Object Path | 399 | // Get a reference to the user's cap so we can pull out the Caps Object Path |
372 | OpenSim.Framework.Communications.Capabilities.Caps userCap = homeScene.GetCapsHandlerForUser(agentData.AgentID); | 400 | OpenSim.Framework.Communications.Capabilities.Caps userCap = homeScene.GetCapsHandlerForUser(agentData.AgentID); |
373 | 401 | ||
402 | string rezHttpProtocol = "http://"; | ||
403 | string regionCapsHttpProtocol = "http://"; | ||
404 | string httpaddr = reg.ExternalHostName; | ||
405 | string urlport = reg.HttpPort.ToString(); | ||
406 | |||
407 | |||
408 | if (httpSSL) | ||
409 | { | ||
410 | rezHttpProtocol = "https://"; | ||
411 | |||
412 | urlport = httpsslport.ToString(); | ||
413 | |||
414 | if (httpsCN.Length > 0) | ||
415 | httpaddr = httpsCN; | ||
416 | } | ||
417 | |||
418 | |||
419 | // Be warned that the two following lines assume http not | ||
420 | // https since region caps are not implemented in https currently | ||
421 | |||
374 | // DEPRECIATED | 422 | // DEPRECIATED |
375 | responseMap["seed_capability"] = LLSD.FromString("http://" + reg.ExternalHostName + ":" + reg.HttpPort + "/CAPS/" + userCap.CapsObjectPath + "0000/"); | 423 | responseMap["seed_capability"] = LLSD.FromString(regionCapsHttpProtocol + httpaddr + ":" + reg.HttpPort + "/CAPS/" + userCap.CapsObjectPath + "0000/"); |
376 | 424 | ||
377 | // REPLACEMENT | 425 | // REPLACEMENT |
378 | responseMap["region_seed_capability"] = LLSD.FromString("http://" + reg.ExternalHostName + ":" + reg.HttpPort + "/CAPS/" + userCap.CapsObjectPath + "0000/"); | 426 | responseMap["region_seed_capability"] = LLSD.FromString(regionCapsHttpProtocol + httpaddr + ":" + reg.HttpPort + "/CAPS/" + userCap.CapsObjectPath + "0000/"); |
427 | |||
379 | 428 | ||
380 | responseMap["rez_avatar/rez"] = LLSD.FromString("http://" + reg.ExternalHostName + ":" + reg.HttpPort + rezAvatarPath); | 429 | responseMap["rez_avatar/rez"] = LLSD.FromString(rezHttpProtocol + httpaddr + ":" + urlport + rezAvatarPath); |
381 | responseMap["rez_avatar/derez"] = LLSD.FromString("http://" + reg.ExternalHostName + ":" + reg.HttpPort + derezAvatarPath); | 430 | responseMap["rez_avatar/derez"] = LLSD.FromString(rezHttpProtocol + httpaddr + ":" + urlport + derezAvatarPath); |
382 | 431 | ||
383 | // Add the user to the list of CAPS that are outstanding. | 432 | // Add the user to the list of CAPS that are outstanding. |
384 | // well allow the caps hosts in this dictionary | 433 | // well allow the caps hosts in this dictionary |