recover regions main http server ssl suport. Using a PKCS12 cert file, and not certs store for now. Option http_listener_cn, cert CN need to the same as external IP. Self sign certs do seem to work, but the viewers option NoVerifySLLCert needs to be set true. CA check is not done but they do check the IP

author: UbitUmarov 2016-10-06 21:35:11 +0100
committer: UbitUmarov 2016-10-06 21:35:11 +0100
commit: b51739e23ecc071a107755c7613ff274f65c3a64 (patch)
tree: f86af87ea451271a06acc62e769e97ea33cd9bd9 /OpenSim
parent: Merge branch 'master' into httptests (diff)
download: opensim-SC-b51739e23ecc071a107755c7613ff274f65c3a64.zip
opensim-SC-b51739e23ecc071a107755c7613ff274f65c3a64.tar.gz
opensim-SC-b51739e23ecc071a107755c7613ff274f65c3a64.tar.bz2
opensim-SC-b51739e23ecc071a107755c7613ff274f65c3a64.tar.xz
6 files changed, 48 insertions, 10 deletions
diff --git a/OpenSim/Framework/NetworkServersInfo.cs b/OpenSim/Framework/NetworkServersInfo.cs
index dfe9695..d79eb0d 100644
--- a/OpenSim/Framework/NetworkServersInfo.cs
+++ b/OpenSim/Framework/NetworkServersInfo.cs
@@ -37,6 +37,8 @@ namespace OpenSim.Framework
        public bool isSandbox;
        public bool HttpUsesSSL = false;
        public string HttpSSLCN = "";
+        public string HttpSSLCertPath = "";
+        public string HttpSSLCNCertPass = "";
        public uint httpSSLPort = 9001;
        // "Out of band" managemnt https
@@ -62,6 +64,8 @@ namespace OpenSim.Framework
                (uint)config.Configs["Network"].GetInt("http_listener_sslport", ((int)ConfigSettings.DefaultRegionHttpPort+1));
            HttpUsesSSL = config.Configs["Network"].GetBoolean("http_listener_ssl", false);
            HttpSSLCN = config.Configs["Network"].GetString("http_listener_cn", "localhost");
+            HttpSSLCertPath = config.Configs["Network"].GetString("http_listener_cert_path", HttpSSLCertPath);
+            HttpSSLCNCertPass = config.Configs["Network"].GetString("http_listener_cert_pass", HttpSSLCNCertPass);
            // "Out of band management https"
            ssl_listener = config.Configs["Network"].GetBoolean("https_listener",false);
diff --git a/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs b/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs
index c078a73..29a8d3f 100644
--- a/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs
+++ b/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs
@@ -153,11 +153,19 @@ namespace OpenSim.Framework.Servers.HttpServer
            m_ssl = ssl;
        }
-        public BaseHttpServer(uint port, bool ssl, uint sslport, string CN) : this (port, ssl)
+        public BaseHttpServer(uint port, bool ssl, uint sslport, string CN, string CPath, string CPass) : this (port, ssl)
        {
            if (m_ssl)
            {
+                if(string.IsNullOrEmpty(CPass))
+                    throw new Exception("invalid main http server cert path");
                m_sslport = sslport;
+                m_cert = new X509Certificate2(CPath, CPass);
+                m_SSLCommonName = m_cert.GetNameInfo(X509NameType.SimpleName,false);
+                if(CN != m_SSLCommonName)
+                    throw new Exception("main http server CN does not match cert CN");
            }
        }
diff --git a/OpenSim/Region/Application/OpenSimBase.cs b/OpenSim/Region/Application/OpenSimBase.cs
index 52ded3d..62abf8e 100644
--- a/OpenSim/Region/Application/OpenSimBase.cs
+++ b/OpenSim/Region/Application/OpenSimBase.cs
@@ -351,7 +351,18 @@ namespace OpenSim
            if (startupConfig == null || startupConfig.GetBoolean("JobEngineEnabled", true))
                WorkManager.JobEngine.Start();
-            m_httpServerPort = m_networkServersInfo.HttpListenerPort;
+           
+            if(m_networkServersInfo.HttpUsesSSL)
+            {
+                m_httpServerSSL = true;
+                m_httpServerPort = m_networkServersInfo.httpSSLPort;
+            }
+            else
+            {
+                m_httpServerSSL = false;
+                m_httpServerPort = m_networkServersInfo.HttpListenerPort;
+            }
            SceneManager.OnRestartSim += HandleRestartRegion;
            // Only enable the watchdogs when all regions are ready.  Otherwise we get false positives when cpu is
@@ -404,7 +415,18 @@ namespace OpenSim
            // set initial ServerURI
            regionInfo.HttpPort = m_httpServerPort;
-            regionInfo.ServerURI = "http://" + regionInfo.ExternalHostName + ":" + regionInfo.HttpPort.ToString() + "/";
+            if(m_httpServerSSL)
+            {
+                if(m_networkServersInfo.HttpSSLCN != regionInfo.ExternalHostName)
+                    throw new Exception("main http cert CN doesn't match region External IP");
+                regionInfo.ServerURI = "https://" + regionInfo.ExternalHostName +
+                         ":" + regionInfo.HttpPort.ToString() + "/";
+            }
+            else
+                regionInfo.ServerURI = "http://" + regionInfo.ExternalHostName +
+                         ":" + regionInfo.HttpPort.ToString() + "/";
            
            regionInfo.osSecret = m_osSecret;
            
diff --git a/OpenSim/Region/Application/RegionApplicationBase.cs b/OpenSim/Region/Application/RegionApplicationBase.cs
index ba92fd6..603f139 100644
--- a/OpenSim/Region/Application/RegionApplicationBase.cs
+++ b/OpenSim/Region/Application/RegionApplicationBase.cs
@@ -50,6 +50,7 @@ namespace OpenSim
        protected Dictionary<EndPoint, uint> m_clientCircuits = new Dictionary<EndPoint, uint>();
        protected NetworkServersInfo m_networkServersInfo;
        protected uint m_httpServerPort;
+        protected bool m_httpServerSSL;
        protected ISimulationDataService m_simulationDataService;
        protected IEstateDataService m_estateDataService;
@@ -70,15 +71,18 @@ namespace OpenSim
            m_httpServer 
                = new BaseHttpServer(
-                    m_httpServerPort, m_networkServersInfo.HttpUsesSSL, m_networkServersInfo.httpSSLPort, 
+                    m_httpServerPort, m_networkServersInfo.HttpUsesSSL,
-                    m_networkServersInfo.HttpSSLCN);
+                        m_networkServersInfo.httpSSLPort, m_networkServersInfo.HttpSSLCN,
-            
+                        m_networkServersInfo.HttpSSLCertPath, m_networkServersInfo.HttpSSLCNCertPass);
+/* why this? we only run one            
            if (m_networkServersInfo.HttpUsesSSL && (m_networkServersInfo.HttpListenerPort == m_networkServersInfo.httpSSLPort))
            {
                m_log.Error("[REGION SERVER]: HTTP Server config failed.   HTTP Server and HTTPS server must be on different ports");
            }
+*/
-            m_log.InfoFormat("[REGION SERVER]: Starting HTTP server on port {0}", m_httpServerPort);
+            m_log.InfoFormat("[REGION SERVER]: Starting HTTP{0} server on port {1}",
+                    m_networkServersInfo.HttpUsesSSL ? "S" : "", m_httpServerPort);
            m_httpServer.Start();
            MainServer.AddHttpServer(m_httpServer);
diff --git a/OpenSim/Region/ClientStack/Linden/Caps/EventQueue/Tests/EventQueueTests.cs b/OpenSim/Region/ClientStack/Linden/Caps/EventQueue/Tests/EventQueueTests.cs
index 5eb4452..507d9b8 100644
--- a/OpenSim/Region/ClientStack/Linden/Caps/EventQueue/Tests/EventQueueTests.cs
+++ b/OpenSim/Region/ClientStack/Linden/Caps/EventQueue/Tests/EventQueueTests.cs
@@ -65,7 +65,7 @@ namespace OpenSim.Region.ClientStack.Linden.Tests
            // variables and the VM is not restarted between tests.
            MainServer.RemoveHttpServer(port);
-            BaseHttpServer server = new BaseHttpServer(port, false, sslPort, "");
+            BaseHttpServer server = new BaseHttpServer(port, false, sslPort, "","","");
            MainServer.AddHttpServer(server);
            MainServer.Instance = server;
diff --git a/OpenSim/Region/ScriptEngine/Shared/Tests/LSL_ApiHttpTests.cs b/OpenSim/Region/ScriptEngine/Shared/Tests/LSL_ApiHttpTests.cs
index 30dc4cd..1453204 100644
--- a/OpenSim/Region/ScriptEngine/Shared/Tests/LSL_ApiHttpTests.cs
+++ b/OpenSim/Region/ScriptEngine/Shared/Tests/LSL_ApiHttpTests.cs
@@ -87,7 +87,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Tests
            uint port = 9999;
            MainServer.RemoveHttpServer(port);
-            BaseHttpServer server = new BaseHttpServer(port, false, 0, "");
+            BaseHttpServer server = new BaseHttpServer(port, false, 0, "", "", "");
            MainServer.AddHttpServer(server);
            MainServer.Instance = server;
author	UbitUmarov	2016-10-06 21:35:11 +0100
committer	UbitUmarov	2016-10-06 21:35:11 +0100
commit	b51739e23ecc071a107755c7613ff274f65c3a64 (patch)
tree	f86af87ea451271a06acc62e769e97ea33cd9bd9 /OpenSim
parent	Merge branch 'master' into httptests (diff)
download	opensim-SC-b51739e23ecc071a107755c7613ff274f65c3a64.zip opensim-SC-b51739e23ecc071a107755c7613ff274f65c3a64.tar.gz opensim-SC-b51739e23ecc071a107755c7613ff274f65c3a64.tar.bz2 opensim-SC-b51739e23ecc071a107755c7613ff274f65c3a64.tar.xz

diff --git a/OpenSim/Framework/NetworkServersInfo.cs b/OpenSim/Framework/NetworkServersInfo.cs index dfe9695..d79eb0d 100644 --- a/OpenSim/Framework/NetworkServersInfo.cs +++ b/OpenSim/Framework/NetworkServersInfo.cs
@@ -37,6 +37,8 @@ namespace OpenSim.Framework
37	public bool isSandbox;	37	public bool isSandbox;
38	public bool HttpUsesSSL = false;	38	public bool HttpUsesSSL = false;
39	public string HttpSSLCN = "";	39	public string HttpSSLCN = "";
		40	public string HttpSSLCertPath = "";
		41	public string HttpSSLCNCertPass = "";
40	public uint httpSSLPort = 9001;	42	public uint httpSSLPort = 9001;
41		43
42	// "Out of band" managemnt https	44	// "Out of band" managemnt https
@@ -62,6 +64,8 @@ namespace OpenSim.Framework
62	(uint)config.Configs["Network"].GetInt("http_listener_sslport", ((int)ConfigSettings.DefaultRegionHttpPort+1));	64	(uint)config.Configs["Network"].GetInt("http_listener_sslport", ((int)ConfigSettings.DefaultRegionHttpPort+1));
63	HttpUsesSSL = config.Configs["Network"].GetBoolean("http_listener_ssl", false);	65	HttpUsesSSL = config.Configs["Network"].GetBoolean("http_listener_ssl", false);
64	HttpSSLCN = config.Configs["Network"].GetString("http_listener_cn", "localhost");	66	HttpSSLCN = config.Configs["Network"].GetString("http_listener_cn", "localhost");
		67	HttpSSLCertPath = config.Configs["Network"].GetString("http_listener_cert_path", HttpSSLCertPath);
		68	HttpSSLCNCertPass = config.Configs["Network"].GetString("http_listener_cert_pass", HttpSSLCNCertPass);
65		69
66	// "Out of band management https"	70	// "Out of band management https"
67	ssl_listener = config.Configs["Network"].GetBoolean("https_listener",false);	71	ssl_listener = config.Configs["Network"].GetBoolean("https_listener",false);


diff --git a/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs b/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs index c078a73..29a8d3f 100644 --- a/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs +++ b/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs
@@ -153,11 +153,19 @@ namespace OpenSim.Framework.Servers.HttpServer
153	m_ssl = ssl;	153	m_ssl = ssl;
154	}	154	}
155		155
156	public BaseHttpServer(uint port, bool ssl, uint sslport, string CN) : this (port, ssl)	156	public BaseHttpServer(uint port, bool ssl, uint sslport, string CN, string CPath, string CPass) : this (port, ssl)
157	{	157	{
158	if (m_ssl)	158	if (m_ssl)
159	{	159	{
		160	if(string.IsNullOrEmpty(CPass))
		161	throw new Exception("invalid main http server cert path");
		162
160	m_sslport = sslport;	163	m_sslport = sslport;
		164	m_cert = new X509Certificate2(CPath, CPass);
		165	m_SSLCommonName = m_cert.GetNameInfo(X509NameType.SimpleName,false);
		166	if(CN != m_SSLCommonName)
		167	throw new Exception("main http server CN does not match cert CN");
		168
161	}	169	}
162	}	170	}
163		171


diff --git a/OpenSim/Region/Application/OpenSimBase.cs b/OpenSim/Region/Application/OpenSimBase.cs index 52ded3d..62abf8e 100644 --- a/OpenSim/Region/Application/OpenSimBase.cs +++ b/OpenSim/Region/Application/OpenSimBase.cs
@@ -351,7 +351,18 @@ namespace OpenSim
351	if (startupConfig == null \|\| startupConfig.GetBoolean("JobEngineEnabled", true))	351	if (startupConfig == null \|\| startupConfig.GetBoolean("JobEngineEnabled", true))
352	WorkManager.JobEngine.Start();	352	WorkManager.JobEngine.Start();
353		353
354	m_httpServerPort = m_networkServersInfo.HttpListenerPort;	354
		355	if(m_networkServersInfo.HttpUsesSSL)
		356	{
		357	m_httpServerSSL = true;
		358	m_httpServerPort = m_networkServersInfo.httpSSLPort;
		359	}
		360	else
		361	{
		362	m_httpServerSSL = false;
		363	m_httpServerPort = m_networkServersInfo.HttpListenerPort;
		364	}
		365
355	SceneManager.OnRestartSim += HandleRestartRegion;	366	SceneManager.OnRestartSim += HandleRestartRegion;
356		367
357	// Only enable the watchdogs when all regions are ready. Otherwise we get false positives when cpu is	368	// Only enable the watchdogs when all regions are ready. Otherwise we get false positives when cpu is
@@ -404,7 +415,18 @@ namespace OpenSim
404		415
405	// set initial ServerURI	416	// set initial ServerURI
406	regionInfo.HttpPort = m_httpServerPort;	417	regionInfo.HttpPort = m_httpServerPort;
407	regionInfo.ServerURI = "http://" + regionInfo.ExternalHostName + ":" + regionInfo.HttpPort.ToString() + "/";	418	if(m_httpServerSSL)
		419	{
		420	if(m_networkServersInfo.HttpSSLCN != regionInfo.ExternalHostName)
		421	throw new Exception("main http cert CN doesn't match region External IP");
		422
		423	regionInfo.ServerURI = "https://" + regionInfo.ExternalHostName +
		424	":" + regionInfo.HttpPort.ToString() + "/";
		425	}
		426	else
		427	regionInfo.ServerURI = "http://" + regionInfo.ExternalHostName +
		428	":" + regionInfo.HttpPort.ToString() + "/";
		429
408		430
409	regionInfo.osSecret = m_osSecret;	431	regionInfo.osSecret = m_osSecret;
410		432


diff --git a/OpenSim/Region/Application/RegionApplicationBase.cs b/OpenSim/Region/Application/RegionApplicationBase.cs index ba92fd6..603f139 100644 --- a/OpenSim/Region/Application/RegionApplicationBase.cs +++ b/OpenSim/Region/Application/RegionApplicationBase.cs
@@ -50,6 +50,7 @@ namespace OpenSim
50	protected Dictionary<EndPoint, uint> m_clientCircuits = new Dictionary<EndPoint, uint>();	50	protected Dictionary<EndPoint, uint> m_clientCircuits = new Dictionary<EndPoint, uint>();
51	protected NetworkServersInfo m_networkServersInfo;	51	protected NetworkServersInfo m_networkServersInfo;
52	protected uint m_httpServerPort;	52	protected uint m_httpServerPort;
		53	protected bool m_httpServerSSL;
53	protected ISimulationDataService m_simulationDataService;	54	protected ISimulationDataService m_simulationDataService;
54	protected IEstateDataService m_estateDataService;	55	protected IEstateDataService m_estateDataService;
55		56
@@ -70,15 +71,18 @@ namespace OpenSim
70		71
71	m_httpServer	72	m_httpServer
72	= new BaseHttpServer(	73	= new BaseHttpServer(
73	m_httpServerPort, m_networkServersInfo.HttpUsesSSL, m_networkServersInfo.httpSSLPort,	74	m_httpServerPort, m_networkServersInfo.HttpUsesSSL,
74	m_networkServersInfo.HttpSSLCN);	75	m_networkServersInfo.httpSSLPort, m_networkServersInfo.HttpSSLCN,
75		76	m_networkServersInfo.HttpSSLCertPath, m_networkServersInfo.HttpSSLCNCertPass);
		77
		78	/* why this? we only run one
76	if (m_networkServersInfo.HttpUsesSSL && (m_networkServersInfo.HttpListenerPort == m_networkServersInfo.httpSSLPort))	79	if (m_networkServersInfo.HttpUsesSSL && (m_networkServersInfo.HttpListenerPort == m_networkServersInfo.httpSSLPort))
77	{	80	{
78	m_log.Error("[REGION SERVER]: HTTP Server config failed. HTTP Server and HTTPS server must be on different ports");	81	m_log.Error("[REGION SERVER]: HTTP Server config failed. HTTP Server and HTTPS server must be on different ports");
79	}	82	}
80		83	*/
81	m_log.InfoFormat("[REGION SERVER]: Starting HTTP server on port {0}", m_httpServerPort);	84	m_log.InfoFormat("[REGION SERVER]: Starting HTTP{0} server on port {1}",
		85	m_networkServersInfo.HttpUsesSSL ? "S" : "", m_httpServerPort);
82	m_httpServer.Start();	86	m_httpServer.Start();
83		87
84	MainServer.AddHttpServer(m_httpServer);	88	MainServer.AddHttpServer(m_httpServer);


diff --git a/OpenSim/Region/ClientStack/Linden/Caps/EventQueue/Tests/EventQueueTests.cs b/OpenSim/Region/ClientStack/Linden/Caps/EventQueue/Tests/EventQueueTests.cs index 5eb4452..507d9b8 100644 --- a/OpenSim/Region/ClientStack/Linden/Caps/EventQueue/Tests/EventQueueTests.cs +++ b/OpenSim/Region/ClientStack/Linden/Caps/EventQueue/Tests/EventQueueTests.cs
@@ -65,7 +65,7 @@ namespace OpenSim.Region.ClientStack.Linden.Tests
65	// variables and the VM is not restarted between tests.	65	// variables and the VM is not restarted between tests.
66	MainServer.RemoveHttpServer(port);	66	MainServer.RemoveHttpServer(port);
67		67
68	BaseHttpServer server = new BaseHttpServer(port, false, sslPort, "");	68	BaseHttpServer server = new BaseHttpServer(port, false, sslPort, "","","");
69	MainServer.AddHttpServer(server);	69	MainServer.AddHttpServer(server);
70	MainServer.Instance = server;	70	MainServer.Instance = server;
71		71


diff --git a/OpenSim/Region/ScriptEngine/Shared/Tests/LSL_ApiHttpTests.cs b/OpenSim/Region/ScriptEngine/Shared/Tests/LSL_ApiHttpTests.cs index 30dc4cd..1453204 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Tests/LSL_ApiHttpTests.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Tests/LSL_ApiHttpTests.cs
@@ -87,7 +87,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Tests
87	uint port = 9999;	87	uint port = 9999;
88	MainServer.RemoveHttpServer(port);	88	MainServer.RemoveHttpServer(port);
89		89
90	BaseHttpServer server = new BaseHttpServer(port, false, 0, "");	90	BaseHttpServer server = new BaseHttpServer(port, false, 0, "", "", "");
91	MainServer.AddHttpServer(server);	91	MainServer.AddHttpServer(server);
92	MainServer.Instance = server;	92	MainServer.Instance = server;
93		93