From b51739e23ecc071a107755c7613ff274f65c3a64 Mon Sep 17 00:00:00 2001
From: UbitUmarov
Date: Thu, 6 Oct 2016 21:35:11 +0100
Subject: recover regions main http server ssl suport. Using a PKCS12 cert
 file, and not certs store for now. Option http_listener_cn, cert CN need to
 the same as external IP. Self sign certs do seem to work, but the viewers
 option NoVerifySLLCert needs to be set true. CA check is not done but they do
 check the IP

---
 OpenSim/Framework/NetworkServersInfo.cs                |  4 ++++
 OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs | 10 +++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

(limited to 'OpenSim/Framework')

diff --git a/OpenSim/Framework/NetworkServersInfo.cs b/OpenSim/Framework/NetworkServersInfo.cs
index dfe9695..d79eb0d 100644
--- a/OpenSim/Framework/NetworkServersInfo.cs
+++ b/OpenSim/Framework/NetworkServersInfo.cs
@@ -37,6 +37,8 @@ namespace OpenSim.Framework
         public bool isSandbox;
         public bool HttpUsesSSL = false;
         public string HttpSSLCN = "";
+        public string HttpSSLCertPath = "";
+        public string HttpSSLCNCertPass = "";
         public uint httpSSLPort = 9001;
 
         // "Out of band" managemnt https
@@ -62,6 +64,8 @@ namespace OpenSim.Framework
                 (uint)config.Configs["Network"].GetInt("http_listener_sslport", ((int)ConfigSettings.DefaultRegionHttpPort+1));
             HttpUsesSSL = config.Configs["Network"].GetBoolean("http_listener_ssl", false);
             HttpSSLCN = config.Configs["Network"].GetString("http_listener_cn", "localhost");
+            HttpSSLCertPath = config.Configs["Network"].GetString("http_listener_cert_path", HttpSSLCertPath);
+            HttpSSLCNCertPass = config.Configs["Network"].GetString("http_listener_cert_pass", HttpSSLCNCertPass);
 
             // "Out of band management https"
             ssl_listener = config.Configs["Network"].GetBoolean("https_listener",false);
diff --git a/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs b/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs
index c078a73..29a8d3f 100644
--- a/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs
+++ b/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs
@@ -153,11 +153,19 @@ namespace OpenSim.Framework.Servers.HttpServer
             m_ssl = ssl;
         }
 
-        public BaseHttpServer(uint port, bool ssl, uint sslport, string CN) : this (port, ssl)
+        public BaseHttpServer(uint port, bool ssl, uint sslport, string CN, string CPath, string CPass) : this (port, ssl)
         {
             if (m_ssl)
             {
+                if(string.IsNullOrEmpty(CPass))
+                    throw new Exception("invalid main http server cert path");
+
                 m_sslport = sslport;
+                m_cert = new X509Certificate2(CPath, CPass);
+                m_SSLCommonName = m_cert.GetNameInfo(X509NameType.SimpleName,false);
+                if(CN != m_SSLCommonName)
+                    throw new Exception("main http server CN does not match cert CN");
+
             }
         }
 
-- 
cgit v1.1