7 files changed, 53 insertions, 16 deletions
diff --git a/OpenSim/Framework/NetworkServersInfo.cs b/OpenSim/Framework/NetworkServersInfo.cs
index dfe9695..d79eb0d 100644
--- a/OpenSim/Framework/NetworkServersInfo.cs
+++ b/OpenSim/Framework/NetworkServersInfo.cs
@@ -37,6 +37,8 @@ namespace OpenSim.Framework
        public bool isSandbox;
        public bool HttpUsesSSL = false;
        public string HttpSSLCN = "";
+        public string HttpSSLCertPath = "";
+        public string HttpSSLCNCertPass = "";
        public uint httpSSLPort = 9001;
        // "Out of band" managemnt https
@@ -62,6 +64,8 @@ namespace OpenSim.Framework
                (uint)config.Configs["Network"].GetInt("http_listener_sslport", ((int)ConfigSettings.DefaultRegionHttpPort+1));
            HttpUsesSSL = config.Configs["Network"].GetBoolean("http_listener_ssl", false);
            HttpSSLCN = config.Configs["Network"].GetString("http_listener_cn", "localhost");
+            HttpSSLCertPath = config.Configs["Network"].GetString("http_listener_cert_path", HttpSSLCertPath);
+            HttpSSLCNCertPass = config.Configs["Network"].GetString("http_listener_cert_pass", HttpSSLCNCertPass);
            // "Out of band management https"
            ssl_listener = config.Configs["Network"].GetBoolean("https_listener",false);
diff --git a/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs b/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs
index c078a73..29a8d3f 100644
--- a/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs
+++ b/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs
@@ -153,11 +153,19 @@ namespace OpenSim.Framework.Servers.HttpServer
            m_ssl = ssl;
        }
-        public BaseHttpServer(uint port, bool ssl, uint sslport, string CN) : this (port, ssl)
+        public BaseHttpServer(uint port, bool ssl, uint sslport, string CN, string CPath, string CPass) : this (port, ssl)
        {
            if (m_ssl)
            {
+                if(string.IsNullOrEmpty(CPass))
+                    throw new Exception("invalid main http server cert path");
                m_sslport = sslport;
+                m_cert = new X509Certificate2(CPath, CPass);
+                m_SSLCommonName = m_cert.GetNameInfo(X509NameType.SimpleName,false);
+                if(CN != m_SSLCommonName)
+                    throw new Exception("main http server CN does not match cert CN");
            }
        }
diff --git a/OpenSim/Region/Application/OpenSimBase.cs b/OpenSim/Region/Application/OpenSimBase.cs
index 52ded3d..62abf8e 100644
--- a/OpenSim/Region/Application/OpenSimBase.cs
+++ b/OpenSim/Region/Application/OpenSimBase.cs
@@ -351,7 +351,18 @@ namespace OpenSim
            if (startupConfig == null || startupConfig.GetBoolean("JobEngineEnabled", true))
                WorkManager.JobEngine.Start();
-            m_httpServerPort = m_networkServersInfo.HttpListenerPort;
+           
+            if(m_networkServersInfo.HttpUsesSSL)
+            {
+                m_httpServerSSL = true;
+                m_httpServerPort = m_networkServersInfo.httpSSLPort;
+            }
+            else
+            {
+                m_httpServerSSL = false;
+                m_httpServerPort = m_networkServersInfo.HttpListenerPort;
+            }
            SceneManager.OnRestartSim += HandleRestartRegion;
            // Only enable the watchdogs when all regions are ready.  Otherwise we get false positives when cpu is
@@ -404,7 +415,18 @@ namespace OpenSim
            // set initial ServerURI
            regionInfo.HttpPort = m_httpServerPort;
-            regionInfo.ServerURI = "http://" + regionInfo.ExternalHostName + ":" + regionInfo.HttpPort.ToString() + "/";
+            if(m_httpServerSSL)
+            {
+                if(m_networkServersInfo.HttpSSLCN != regionInfo.ExternalHostName)
+                    throw new Exception("main http cert CN doesn't match region External IP");
+                regionInfo.ServerURI = "https://" + regionInfo.ExternalHostName +
+                         ":" + regionInfo.HttpPort.ToString() + "/";
+            }
+            else
+                regionInfo.ServerURI = "http://" + regionInfo.ExternalHostName +
+                         ":" + regionInfo.HttpPort.ToString() + "/";
            
            regionInfo.osSecret = m_osSecret;
            
diff --git a/OpenSim/Region/Application/RegionApplicationBase.cs b/OpenSim/Region/Application/RegionApplicationBase.cs
index ba92fd6..603f139 100644
--- a/OpenSim/Region/Application/RegionApplicationBase.cs
+++ b/OpenSim/Region/Application/RegionApplicationBase.cs
@@ -50,6 +50,7 @@ namespace OpenSim
        protected Dictionary<EndPoint, uint> m_clientCircuits = new Dictionary<EndPoint, uint>();
        protected NetworkServersInfo m_networkServersInfo;
        protected uint m_httpServerPort;
+        protected bool m_httpServerSSL;
        protected ISimulationDataService m_simulationDataService;
        protected IEstateDataService m_estateDataService;
@@ -70,15 +71,18 @@ namespace OpenSim
            m_httpServer 
                = new BaseHttpServer(
-                    m_httpServerPort, m_networkServersInfo.HttpUsesSSL, m_networkServersInfo.httpSSLPort, 
+                    m_httpServerPort, m_networkServersInfo.HttpUsesSSL,
-                    m_networkServersInfo.HttpSSLCN);
+                        m_networkServersInfo.httpSSLPort, m_networkServersInfo.HttpSSLCN,
-            
+                        m_networkServersInfo.HttpSSLCertPath, m_networkServersInfo.HttpSSLCNCertPass);
+/* why this? we only run one            
            if (m_networkServersInfo.HttpUsesSSL && (m_networkServersInfo.HttpListenerPort == m_networkServersInfo.httpSSLPort))
            {
                m_log.Error("[REGION SERVER]: HTTP Server config failed.   HTTP Server and HTTPS server must be on different ports");
            }
+*/
-            m_log.InfoFormat("[REGION SERVER]: Starting HTTP server on port {0}", m_httpServerPort);
+            m_log.InfoFormat("[REGION SERVER]: Starting HTTP{0} server on port {1}",
+                    m_networkServersInfo.HttpUsesSSL ? "S" : "", m_httpServerPort);
            m_httpServer.Start();
            MainServer.AddHttpServer(m_httpServer);
diff --git a/OpenSim/Region/ClientStack/Linden/Caps/EventQueue/Tests/EventQueueTests.cs b/OpenSim/Region/ClientStack/Linden/Caps/EventQueue/Tests/EventQueueTests.cs
index 5eb4452..507d9b8 100644
--- a/OpenSim/Region/ClientStack/Linden/Caps/EventQueue/Tests/EventQueueTests.cs
+++ b/OpenSim/Region/ClientStack/Linden/Caps/EventQueue/Tests/EventQueueTests.cs
@@ -65,7 +65,7 @@ namespace OpenSim.Region.ClientStack.Linden.Tests
            // variables and the VM is not restarted between tests.
            MainServer.RemoveHttpServer(port);
-            BaseHttpServer server = new BaseHttpServer(port, false, sslPort, "");
+            BaseHttpServer server = new BaseHttpServer(port, false, sslPort, "","","");
            MainServer.AddHttpServer(server);
            MainServer.Instance = server;
diff --git a/OpenSim/Region/ScriptEngine/Shared/Tests/LSL_ApiHttpTests.cs b/OpenSim/Region/ScriptEngine/Shared/Tests/LSL_ApiHttpTests.cs
index 30dc4cd..1453204 100644
--- a/OpenSim/Region/ScriptEngine/Shared/Tests/LSL_ApiHttpTests.cs
+++ b/OpenSim/Region/ScriptEngine/Shared/Tests/LSL_ApiHttpTests.cs
@@ -87,7 +87,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Tests
            uint port = 9999;
            MainServer.RemoveHttpServer(port);
-            BaseHttpServer server = new BaseHttpServer(port, false, 0, "");
+            BaseHttpServer server = new BaseHttpServer(port, false, 0, "", "", "");
            MainServer.AddHttpServer(server);
            MainServer.Instance = server;
diff --git a/bin/OpenSimDefaults.ini b/bin/OpenSimDefaults.ini
index 47257b2..418330e 100644
--- a/bin/OpenSimDefaults.ini
+++ b/bin/OpenSimDefaults.ini
@@ -500,13 +500,12 @@
    http_listener_port = 9000
    console_port = 0
-    ; ssl config: Experimental!  The auto https config only really works definately on windows XP now
+    ; ssl config: Experimental!
-    ; you need a Cert Request/Signed pair installed in the MY store with the CN specified below
+    http_listener_ssl = false ; if set to true main server is replaced a ssl one
-    ; you can use https on other platforms, but you'll need to configure the httpapi yourself for now
-    http_listener_ssl = false ; Also create a SSL server
-    http_listener_cn = "localhost" ; Use the cert with the common name
    http_listener_sslport = 9001 ; Use this port for SSL connections
-    http_listener_ssl_cert = "" ; Currently unused, but will be used for OSHttpServer
+    http_listener_cn = "myexternalip" ; // should be the External ip and match the CN on the cert
+    http_listener_cert_path = "mycert.p12" ; path for the cert file
+        http_listener_cert_pass = "mycertpass" ; the cert passwork
    ; HTTPS for "Out of band" management applications such as the remote 
    ; admin module

diff --git a/OpenSim/Framework/NetworkServersInfo.cs b/OpenSim/Framework/NetworkServersInfo.cs index dfe9695..d79eb0d 100644 --- a/OpenSim/Framework/NetworkServersInfo.cs +++ b/OpenSim/Framework/NetworkServersInfo.cs
@@ -37,6 +37,8 @@ namespace OpenSim.Framework
37	public bool isSandbox;	37	public bool isSandbox;
38	public bool HttpUsesSSL = false;	38	public bool HttpUsesSSL = false;
39	public string HttpSSLCN = "";	39	public string HttpSSLCN = "";
		40	public string HttpSSLCertPath = "";
		41	public string HttpSSLCNCertPass = "";
40	public uint httpSSLPort = 9001;	42	public uint httpSSLPort = 9001;
41		43
42	// "Out of band" managemnt https	44	// "Out of band" managemnt https
@@ -62,6 +64,8 @@ namespace OpenSim.Framework
62	(uint)config.Configs["Network"].GetInt("http_listener_sslport", ((int)ConfigSettings.DefaultRegionHttpPort+1));	64	(uint)config.Configs["Network"].GetInt("http_listener_sslport", ((int)ConfigSettings.DefaultRegionHttpPort+1));
63	HttpUsesSSL = config.Configs["Network"].GetBoolean("http_listener_ssl", false);	65	HttpUsesSSL = config.Configs["Network"].GetBoolean("http_listener_ssl", false);
64	HttpSSLCN = config.Configs["Network"].GetString("http_listener_cn", "localhost");	66	HttpSSLCN = config.Configs["Network"].GetString("http_listener_cn", "localhost");
		67	HttpSSLCertPath = config.Configs["Network"].GetString("http_listener_cert_path", HttpSSLCertPath);
		68	HttpSSLCNCertPass = config.Configs["Network"].GetString("http_listener_cert_pass", HttpSSLCNCertPass);
65		69
66	// "Out of band management https"	70	// "Out of band management https"
67	ssl_listener = config.Configs["Network"].GetBoolean("https_listener",false);	71	ssl_listener = config.Configs["Network"].GetBoolean("https_listener",false);


diff --git a/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs b/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs index c078a73..29a8d3f 100644 --- a/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs +++ b/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs
@@ -153,11 +153,19 @@ namespace OpenSim.Framework.Servers.HttpServer
153	m_ssl = ssl;	153	m_ssl = ssl;
154	}	154	}
155		155
156	public BaseHttpServer(uint port, bool ssl, uint sslport, string CN) : this (port, ssl)	156	public BaseHttpServer(uint port, bool ssl, uint sslport, string CN, string CPath, string CPass) : this (port, ssl)
157	{	157	{
158	if (m_ssl)	158	if (m_ssl)
159	{	159	{
		160	if(string.IsNullOrEmpty(CPass))
		161	throw new Exception("invalid main http server cert path");
		162
160	m_sslport = sslport;	163	m_sslport = sslport;
		164	m_cert = new X509Certificate2(CPath, CPass);
		165	m_SSLCommonName = m_cert.GetNameInfo(X509NameType.SimpleName,false);
		166	if(CN != m_SSLCommonName)
		167	throw new Exception("main http server CN does not match cert CN");
		168
161	}	169	}
162	}	170	}
163		171


diff --git a/OpenSim/Region/Application/OpenSimBase.cs b/OpenSim/Region/Application/OpenSimBase.cs index 52ded3d..62abf8e 100644 --- a/OpenSim/Region/Application/OpenSimBase.cs +++ b/OpenSim/Region/Application/OpenSimBase.cs
@@ -351,7 +351,18 @@ namespace OpenSim
351	if (startupConfig == null \|\| startupConfig.GetBoolean("JobEngineEnabled", true))	351	if (startupConfig == null \|\| startupConfig.GetBoolean("JobEngineEnabled", true))
352	WorkManager.JobEngine.Start();	352	WorkManager.JobEngine.Start();
353		353
354	m_httpServerPort = m_networkServersInfo.HttpListenerPort;	354
		355	if(m_networkServersInfo.HttpUsesSSL)
		356	{
		357	m_httpServerSSL = true;
		358	m_httpServerPort = m_networkServersInfo.httpSSLPort;
		359	}
		360	else
		361	{
		362	m_httpServerSSL = false;
		363	m_httpServerPort = m_networkServersInfo.HttpListenerPort;
		364	}
		365
355	SceneManager.OnRestartSim += HandleRestartRegion;	366	SceneManager.OnRestartSim += HandleRestartRegion;
356		367
357	// Only enable the watchdogs when all regions are ready. Otherwise we get false positives when cpu is	368	// Only enable the watchdogs when all regions are ready. Otherwise we get false positives when cpu is
@@ -404,7 +415,18 @@ namespace OpenSim
404		415
405	// set initial ServerURI	416	// set initial ServerURI
406	regionInfo.HttpPort = m_httpServerPort;	417	regionInfo.HttpPort = m_httpServerPort;
407	regionInfo.ServerURI = "http://" + regionInfo.ExternalHostName + ":" + regionInfo.HttpPort.ToString() + "/";	418	if(m_httpServerSSL)
		419	{
		420	if(m_networkServersInfo.HttpSSLCN != regionInfo.ExternalHostName)
		421	throw new Exception("main http cert CN doesn't match region External IP");
		422
		423	regionInfo.ServerURI = "https://" + regionInfo.ExternalHostName +
		424	":" + regionInfo.HttpPort.ToString() + "/";
		425	}
		426	else
		427	regionInfo.ServerURI = "http://" + regionInfo.ExternalHostName +
		428	":" + regionInfo.HttpPort.ToString() + "/";
		429
408		430
409	regionInfo.osSecret = m_osSecret;	431	regionInfo.osSecret = m_osSecret;
410		432


diff --git a/OpenSim/Region/Application/RegionApplicationBase.cs b/OpenSim/Region/Application/RegionApplicationBase.cs index ba92fd6..603f139 100644 --- a/OpenSim/Region/Application/RegionApplicationBase.cs +++ b/OpenSim/Region/Application/RegionApplicationBase.cs
@@ -50,6 +50,7 @@ namespace OpenSim
50	protected Dictionary<EndPoint, uint> m_clientCircuits = new Dictionary<EndPoint, uint>();	50	protected Dictionary<EndPoint, uint> m_clientCircuits = new Dictionary<EndPoint, uint>();
51	protected NetworkServersInfo m_networkServersInfo;	51	protected NetworkServersInfo m_networkServersInfo;
52	protected uint m_httpServerPort;	52	protected uint m_httpServerPort;
		53	protected bool m_httpServerSSL;
53	protected ISimulationDataService m_simulationDataService;	54	protected ISimulationDataService m_simulationDataService;
54	protected IEstateDataService m_estateDataService;	55	protected IEstateDataService m_estateDataService;
55		56
@@ -70,15 +71,18 @@ namespace OpenSim
70		71
71	m_httpServer	72	m_httpServer
72	= new BaseHttpServer(	73	= new BaseHttpServer(
73	m_httpServerPort, m_networkServersInfo.HttpUsesSSL, m_networkServersInfo.httpSSLPort,	74	m_httpServerPort, m_networkServersInfo.HttpUsesSSL,
74	m_networkServersInfo.HttpSSLCN);	75	m_networkServersInfo.httpSSLPort, m_networkServersInfo.HttpSSLCN,
75		76	m_networkServersInfo.HttpSSLCertPath, m_networkServersInfo.HttpSSLCNCertPass);
		77
		78	/* why this? we only run one
76	if (m_networkServersInfo.HttpUsesSSL && (m_networkServersInfo.HttpListenerPort == m_networkServersInfo.httpSSLPort))	79	if (m_networkServersInfo.HttpUsesSSL && (m_networkServersInfo.HttpListenerPort == m_networkServersInfo.httpSSLPort))
77	{	80	{
78	m_log.Error("[REGION SERVER]: HTTP Server config failed. HTTP Server and HTTPS server must be on different ports");	81	m_log.Error("[REGION SERVER]: HTTP Server config failed. HTTP Server and HTTPS server must be on different ports");
79	}	82	}
80		83	*/
81	m_log.InfoFormat("[REGION SERVER]: Starting HTTP server on port {0}", m_httpServerPort);	84	m_log.InfoFormat("[REGION SERVER]: Starting HTTP{0} server on port {1}",
		85	m_networkServersInfo.HttpUsesSSL ? "S" : "", m_httpServerPort);
82	m_httpServer.Start();	86	m_httpServer.Start();
83		87
84	MainServer.AddHttpServer(m_httpServer);	88	MainServer.AddHttpServer(m_httpServer);


diff --git a/OpenSim/Region/ClientStack/Linden/Caps/EventQueue/Tests/EventQueueTests.cs b/OpenSim/Region/ClientStack/Linden/Caps/EventQueue/Tests/EventQueueTests.cs index 5eb4452..507d9b8 100644 --- a/OpenSim/Region/ClientStack/Linden/Caps/EventQueue/Tests/EventQueueTests.cs +++ b/OpenSim/Region/ClientStack/Linden/Caps/EventQueue/Tests/EventQueueTests.cs
@@ -65,7 +65,7 @@ namespace OpenSim.Region.ClientStack.Linden.Tests
65	// variables and the VM is not restarted between tests.	65	// variables and the VM is not restarted between tests.
66	MainServer.RemoveHttpServer(port);	66	MainServer.RemoveHttpServer(port);
67		67
68	BaseHttpServer server = new BaseHttpServer(port, false, sslPort, "");	68	BaseHttpServer server = new BaseHttpServer(port, false, sslPort, "","","");
69	MainServer.AddHttpServer(server);	69	MainServer.AddHttpServer(server);
70	MainServer.Instance = server;	70	MainServer.Instance = server;
71		71


diff --git a/OpenSim/Region/ScriptEngine/Shared/Tests/LSL_ApiHttpTests.cs b/OpenSim/Region/ScriptEngine/Shared/Tests/LSL_ApiHttpTests.cs index 30dc4cd..1453204 100644 --- a/OpenSim/Region/ScriptEngine/Shared/Tests/LSL_ApiHttpTests.cs +++ b/OpenSim/Region/ScriptEngine/Shared/Tests/LSL_ApiHttpTests.cs
@@ -87,7 +87,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Tests
87	uint port = 9999;	87	uint port = 9999;
88	MainServer.RemoveHttpServer(port);	88	MainServer.RemoveHttpServer(port);
89		89
90	BaseHttpServer server = new BaseHttpServer(port, false, 0, "");	90	BaseHttpServer server = new BaseHttpServer(port, false, 0, "", "", "");
91	MainServer.AddHttpServer(server);	91	MainServer.AddHttpServer(server);
92	MainServer.Instance = server;	92	MainServer.Instance = server;
93		93


diff --git a/bin/OpenSimDefaults.ini b/bin/OpenSimDefaults.ini index 47257b2..418330e 100644 --- a/bin/OpenSimDefaults.ini +++ b/bin/OpenSimDefaults.ini
@@ -500,13 +500,12 @@
500	http_listener_port = 9000	500	http_listener_port = 9000
501	console_port = 0	501	console_port = 0
502		502
503	; ssl config: Experimental! The auto https config only really works definately on windows XP now	503	; ssl config: Experimental!
504	; you need a Cert Request/Signed pair installed in the MY store with the CN specified below	504	http_listener_ssl = false ; if set to true main server is replaced a ssl one
505	; you can use https on other platforms, but you'll need to configure the httpapi yourself for now
506	http_listener_ssl = false ; Also create a SSL server
507	http_listener_cn = "localhost" ; Use the cert with the common name
508	http_listener_sslport = 9001 ; Use this port for SSL connections	505	http_listener_sslport = 9001 ; Use this port for SSL connections
509	http_listener_ssl_cert = "" ; Currently unused, but will be used for OSHttpServer	506	http_listener_cn = "myexternalip" ; // should be the External ip and match the CN on the cert
		507	http_listener_cert_path = "mycert.p12" ; path for the cert file
		508	http_listener_cert_pass = "mycertpass" ; the cert passwork
510		509
511	; HTTPS for "Out of band" management applications such as the remote	510	; HTTPS for "Out of band" management applications such as the remote
512	; admin module	511	; admin module