diff options
author | BlueWall | 2011-05-01 14:44:09 -0400 |
---|---|---|
committer | BlueWall | 2011-05-05 19:56:54 -0400 |
commit | 8ca793875318efc8db3339b25bf7fa5ddeeac218 (patch) | |
tree | cc860147bdb35f8b9d52325b7b12c9df383f17cd | |
parent | fix command display for debugging 'emergency-monitoring' (diff) | |
download | opensim-SC_OLD-8ca793875318efc8db3339b25bf7fa5ddeeac218.zip opensim-SC_OLD-8ca793875318efc8db3339b25bf7fa5ddeeac218.tar.gz opensim-SC_OLD-8ca793875318efc8db3339b25bf7fa5ddeeac218.tar.bz2 opensim-SC_OLD-8ca793875318efc8db3339b25bf7fa5ddeeac218.tar.xz |
Adding ssl support
Adding ssl support for "Out of Band" applications such as the remote
admin module or Robust services
-rw-r--r-- | OpenSim/Framework/MainServer.cs | 5 | ||||
-rw-r--r-- | OpenSim/Framework/NetworkServersInfo.cs | 15 | ||||
-rw-r--r-- | OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs | 14 | ||||
-rw-r--r-- | OpenSim/Region/ClientStack/RegionApplicationBase.cs | 16 | ||||
-rw-r--r-- | OpenSim/Server/Base/HttpServerBase.cs | 77 | ||||
-rw-r--r-- | bin/OpenSimDefaults.ini | 14 | ||||
-rw-r--r-- | bin/Robust.ini.example | 21 |
7 files changed, 160 insertions, 2 deletions
diff --git a/OpenSim/Framework/MainServer.cs b/OpenSim/Framework/MainServer.cs index 0515b16..a3e0a26 100644 --- a/OpenSim/Framework/MainServer.cs +++ b/OpenSim/Framework/MainServer.cs | |||
@@ -52,6 +52,11 @@ namespace OpenSim.Framework | |||
52 | return GetHttpServer(port,null); | 52 | return GetHttpServer(port,null); |
53 | } | 53 | } |
54 | 54 | ||
55 | public static void AddHttpServer(BaseHttpServer server) | ||
56 | { | ||
57 | m_Servers.Add(server.Port, server); | ||
58 | } | ||
59 | |||
55 | public static IHttpServer GetHttpServer(uint port, IPAddress ipaddr) | 60 | public static IHttpServer GetHttpServer(uint port, IPAddress ipaddr) |
56 | { | 61 | { |
57 | if (port == 0) | 62 | if (port == 0) |
diff --git a/OpenSim/Framework/NetworkServersInfo.cs b/OpenSim/Framework/NetworkServersInfo.cs index b25f8b9..5bb4111 100644 --- a/OpenSim/Framework/NetworkServersInfo.cs +++ b/OpenSim/Framework/NetworkServersInfo.cs | |||
@@ -49,6 +49,12 @@ namespace OpenSim.Framework | |||
49 | public string HttpSSLCN = ""; | 49 | public string HttpSSLCN = ""; |
50 | public uint httpSSLPort = 9001; | 50 | public uint httpSSLPort = 9001; |
51 | 51 | ||
52 | // "Out of band" managemnt https | ||
53 | public bool ssl_listener = false; | ||
54 | public uint https_port = 0; | ||
55 | public string cert_path = String.Empty; | ||
56 | public string cert_pass = String.Empty; | ||
57 | |||
52 | public string MessagingURL = String.Empty; | 58 | public string MessagingURL = String.Empty; |
53 | 59 | ||
54 | public NetworkServersInfo() | 60 | public NetworkServersInfo() |
@@ -86,6 +92,15 @@ namespace OpenSim.Framework | |||
86 | secureInventoryServer = config.Configs["Network"].GetBoolean("secure_inventory_server", true); | 92 | secureInventoryServer = config.Configs["Network"].GetBoolean("secure_inventory_server", true); |
87 | 93 | ||
88 | MessagingURL = config.Configs["Network"].GetString("messaging_server_url", string.Empty); | 94 | MessagingURL = config.Configs["Network"].GetString("messaging_server_url", string.Empty); |
95 | |||
96 | // "Out of band management https" | ||
97 | ssl_listener = config.Configs["Network"].GetBoolean("https_listener",false); | ||
98 | if( ssl_listener) | ||
99 | { | ||
100 | cert_path = config.Configs["Network"].GetString("cert_path",String.Empty); | ||
101 | cert_pass = config.Configs["Network"].GetString("cert_pass",String.Empty); | ||
102 | https_port = (uint)config.Configs["Network"].GetInt("https_port", 0); | ||
103 | } | ||
89 | } | 104 | } |
90 | } | 105 | } |
91 | } | 106 | } |
diff --git a/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs b/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs index ba89e21..598e5d1 100644 --- a/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs +++ b/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs | |||
@@ -32,6 +32,7 @@ using System.Collections.Specialized; | |||
32 | using System.IO; | 32 | using System.IO; |
33 | using System.Net; | 33 | using System.Net; |
34 | using System.Net.Sockets; | 34 | using System.Net.Sockets; |
35 | using System.Security.Cryptography.X509Certificates; | ||
35 | using System.Reflection; | 36 | using System.Reflection; |
36 | using System.Globalization; | 37 | using System.Globalization; |
37 | using System.Text; | 38 | using System.Text; |
@@ -72,6 +73,7 @@ namespace OpenSim.Framework.Servers.HttpServer | |||
72 | protected uint m_port; | 73 | protected uint m_port; |
73 | protected uint m_sslport; | 74 | protected uint m_sslport; |
74 | protected bool m_ssl; | 75 | protected bool m_ssl; |
76 | private X509Certificate2 m_cert; | ||
75 | protected bool m_firstcaps = true; | 77 | protected bool m_firstcaps = true; |
76 | protected string m_SSLCommonName = ""; | 78 | protected string m_SSLCommonName = ""; |
77 | 79 | ||
@@ -123,6 +125,14 @@ namespace OpenSim.Framework.Servers.HttpServer | |||
123 | } | 125 | } |
124 | } | 126 | } |
125 | 127 | ||
128 | public BaseHttpServer(uint port, bool ssl, string CPath, string CPass) : this (port, ssl) | ||
129 | { | ||
130 | if (m_ssl) | ||
131 | { | ||
132 | m_cert = new X509Certificate2(CPath, CPass); | ||
133 | } | ||
134 | } | ||
135 | |||
126 | /// <summary> | 136 | /// <summary> |
127 | /// Add a stream handler to the http server. If the handler already exists, then nothing happens. | 137 | /// Add a stream handler to the http server. If the handler already exists, then nothing happens. |
128 | /// </summary> | 138 | /// </summary> |
@@ -1683,6 +1693,7 @@ namespace OpenSim.Framework.Servers.HttpServer | |||
1683 | try | 1693 | try |
1684 | { | 1694 | { |
1685 | //m_httpListener = new HttpListener(); | 1695 | //m_httpListener = new HttpListener(); |
1696 | |||
1686 | NotSocketErrors = 0; | 1697 | NotSocketErrors = 0; |
1687 | if (!m_ssl) | 1698 | if (!m_ssl) |
1688 | { | 1699 | { |
@@ -1702,6 +1713,9 @@ namespace OpenSim.Framework.Servers.HttpServer | |||
1702 | { | 1713 | { |
1703 | //m_httpListener.Prefixes.Add("https://+:" + (m_sslport) + "/"); | 1714 | //m_httpListener.Prefixes.Add("https://+:" + (m_sslport) + "/"); |
1704 | //m_httpListener.Prefixes.Add("http://+:" + m_port + "/"); | 1715 | //m_httpListener.Prefixes.Add("http://+:" + m_port + "/"); |
1716 | m_httpListener2 = CoolHTTPListener.Create(IPAddress.Any, (int)m_port, m_cert); | ||
1717 | m_httpListener2.ExceptionThrown += httpServerException; | ||
1718 | m_httpListener2.LogWriter = httpserverlog; | ||
1705 | } | 1719 | } |
1706 | 1720 | ||
1707 | m_httpListener2.RequestReceived += OnRequest; | 1721 | m_httpListener2.RequestReceived += OnRequest; |
diff --git a/OpenSim/Region/ClientStack/RegionApplicationBase.cs b/OpenSim/Region/ClientStack/RegionApplicationBase.cs index ea1317a..6e3a58e 100644 --- a/OpenSim/Region/ClientStack/RegionApplicationBase.cs +++ b/OpenSim/Region/ClientStack/RegionApplicationBase.cs | |||
@@ -96,6 +96,22 @@ namespace OpenSim.Region.ClientStack | |||
96 | 96 | ||
97 | MainServer.Instance = m_httpServer; | 97 | MainServer.Instance = m_httpServer; |
98 | 98 | ||
99 | // "OOB" Server | ||
100 | if (m_networkServersInfo.ssl_listener) | ||
101 | { | ||
102 | BaseHttpServer server = null; | ||
103 | server = new BaseHttpServer( | ||
104 | m_networkServersInfo.https_port, m_networkServersInfo.ssl_listener, m_networkServersInfo.cert_path, | ||
105 | m_networkServersInfo.cert_pass); | ||
106 | // Add the server to m_Servers | ||
107 | if(server != null) | ||
108 | { | ||
109 | m_log.InfoFormat("[REGION SERVER]: Starting HTTPS server on port {0}", server.Port); | ||
110 | MainServer.AddHttpServer(server); | ||
111 | server.Start(); | ||
112 | } | ||
113 | } | ||
114 | |||
99 | base.StartupSpecific(); | 115 | base.StartupSpecific(); |
100 | } | 116 | } |
101 | 117 | ||
diff --git a/OpenSim/Server/Base/HttpServerBase.cs b/OpenSim/Server/Base/HttpServerBase.cs index 9e4593e..bb5ce96 100644 --- a/OpenSim/Server/Base/HttpServerBase.cs +++ b/OpenSim/Server/Base/HttpServerBase.cs | |||
@@ -97,16 +97,76 @@ namespace OpenSim.Server.Base | |||
97 | 97 | ||
98 | if (port == 0) | 98 | if (port == 0) |
99 | { | 99 | { |
100 | System.Console.WriteLine("Port number not specified or 0, server can't start"); | 100 | |
101 | Thread.CurrentThread.Abort(); | 101 | Thread.CurrentThread.Abort(); |
102 | } | 102 | } |
103 | // | ||
104 | bool ssl_main = networkConfig.GetBoolean("https_main",false); | ||
105 | bool ssl_listener = networkConfig.GetBoolean("https_listener",false); | ||
103 | 106 | ||
104 | m_consolePort = (uint)networkConfig.GetInt("ConsolePort", 0); | 107 | m_consolePort = (uint)networkConfig.GetInt("ConsolePort", 0); |
105 | m_Port = port; | 108 | m_Port = port; |
109 | // | ||
110 | // This is where to make the servers: | ||
111 | // | ||
112 | // | ||
113 | // Make the base server according to the port, etc. | ||
114 | // ADD: Possibility to make main server ssl | ||
115 | // Then, check for https settings and ADD a server to | ||
116 | // m_Servers | ||
117 | // | ||
118 | if ( !ssl_main ) | ||
119 | { | ||
120 | m_HttpServer = new BaseHttpServer(port); | ||
106 | 121 | ||
107 | m_HttpServer = new BaseHttpServer(port); | 122 | } |
123 | else | ||
124 | { | ||
125 | string cert_path = networkConfig.GetString("cert_path",String.Empty); | ||
126 | if ( cert_path == String.Empty ) | ||
127 | { | ||
128 | System.Console.WriteLine("Path to X509 certificate is missing, server can't start."); | ||
129 | Thread.CurrentThread.Abort(); | ||
130 | } | ||
131 | string cert_pass = networkConfig.GetString("cert_pass",String.Empty); | ||
132 | if ( cert_pass == String.Empty ) | ||
133 | { | ||
134 | System.Console.WriteLine("Password for X509 certificate is missing, server can't start."); | ||
135 | Thread.CurrentThread.Abort(); | ||
136 | } | ||
137 | m_HttpServer = new BaseHttpServer(port, ssl_main, cert_path, cert_pass); | ||
138 | } | ||
108 | 139 | ||
109 | MainServer.Instance = m_HttpServer; | 140 | MainServer.Instance = m_HttpServer; |
141 | |||
142 | // If https_listener = true, then add an ssl listener on the https_port... | ||
143 | if ( ssl_listener == true ) { | ||
144 | |||
145 | uint https_port = (uint)networkConfig.GetInt("https_port", 0); | ||
146 | |||
147 | string cert_path = networkConfig.GetString("cert_path",String.Empty); | ||
148 | if ( cert_path == String.Empty ) | ||
149 | { | ||
150 | System.Console.WriteLine("Path to X509 certificate is missing, server can't start."); | ||
151 | Thread.CurrentThread.Abort(); | ||
152 | } | ||
153 | string cert_pass = networkConfig.GetString("cert_pass",String.Empty); | ||
154 | if ( cert_pass == String.Empty ) | ||
155 | { | ||
156 | System.Console.WriteLine("Password for X509 certificate is missing, server can't start."); | ||
157 | Thread.CurrentThread.Abort(); | ||
158 | } | ||
159 | // Add our https_server | ||
160 | BaseHttpServer server = null; | ||
161 | server = new BaseHttpServer(https_port, ssl_listener, cert_path, cert_pass); | ||
162 | if (server != null) | ||
163 | { | ||
164 | m_Log.InfoFormat("[SERVER]: Starting HTTPS server on port {0}", https_port); | ||
165 | m_Servers.Add(https_port,server); | ||
166 | } | ||
167 | else | ||
168 | System.Console.WriteLine(String.Format("Failed to start HTTPS server on port {0}",https_port)); | ||
169 | } | ||
110 | } | 170 | } |
111 | 171 | ||
112 | protected override void Initialise() | 172 | protected override void Initialise() |
@@ -114,6 +174,19 @@ namespace OpenSim.Server.Base | |||
114 | m_Log.InfoFormat("[SERVER]: Starting HTTP server on port {0}", m_HttpServer.Port); | 174 | m_Log.InfoFormat("[SERVER]: Starting HTTP server on port {0}", m_HttpServer.Port); |
115 | m_HttpServer.Start(); | 175 | m_HttpServer.Start(); |
116 | 176 | ||
177 | if (m_Servers.Count > 0) | ||
178 | { | ||
179 | foreach (BaseHttpServer s in m_Servers.Values) | ||
180 | { | ||
181 | if (!s.UseSSL) | ||
182 | m_Log.InfoFormat("[SERVER]: Starting HTTP server on port {0}", s.Port); | ||
183 | else | ||
184 | m_Log.InfoFormat("[SERVER]: Starting HTTPS server on port {0}", s.Port); | ||
185 | |||
186 | s.Start(); | ||
187 | } | ||
188 | } | ||
189 | |||
117 | if (MainConsole.Instance is RemoteConsole) | 190 | if (MainConsole.Instance is RemoteConsole) |
118 | { | 191 | { |
119 | if (m_consolePort == 0) | 192 | if (m_consolePort == 0) |
diff --git a/bin/OpenSimDefaults.ini b/bin/OpenSimDefaults.ini index 6d2d54d..2e192f1 100644 --- a/bin/OpenSimDefaults.ini +++ b/bin/OpenSimDefaults.ini | |||
@@ -291,6 +291,20 @@ | |||
291 | http_listener_sslport = 9001 ; Use this port for SSL connections | 291 | http_listener_sslport = 9001 ; Use this port for SSL connections |
292 | http_listener_ssl_cert = "" ; Currently unused, but will be used for OSHttpServer | 292 | http_listener_ssl_cert = "" ; Currently unused, but will be used for OSHttpServer |
293 | 293 | ||
294 | ; HTTPS for "Out of band" management applications such as the remote | ||
295 | ; admin module | ||
296 | ; | ||
297 | ; Create https_listener = "True" will create a listener on the port | ||
298 | ; specified. Provide the path to your server certificate along with it's | ||
299 | ; password | ||
300 | ; https_listener = False | ||
301 | ; Set our listener to this port | ||
302 | ; https_port = 0 | ||
303 | ; Path to X509 certificate | ||
304 | ; cert_path = "path/to/cert.p12" | ||
305 | ; Password for cert | ||
306 | ; cert_pass = "password" | ||
307 | |||
294 | ; Hostname to use in llRequestURL/llRequestSecureURL | 308 | ; Hostname to use in llRequestURL/llRequestSecureURL |
295 | ; if not defined - default machine name is being used | 309 | ; if not defined - default machine name is being used |
296 | ; (on Windows this mean NETBIOS name - useably only inside local network) | 310 | ; (on Windows this mean NETBIOS name - useably only inside local network) |
diff --git a/bin/Robust.ini.example b/bin/Robust.ini.example index 047e9ee..cc018f8 100644 --- a/bin/Robust.ini.example +++ b/bin/Robust.ini.example | |||
@@ -21,6 +21,27 @@ ServiceConnectors = "8003/OpenSim.Server.Handlers.dll:AssetServiceConnector,8003 | |||
21 | [Network] | 21 | [Network] |
22 | port = 8003 | 22 | port = 8003 |
23 | 23 | ||
24 | |||
25 | ; HTTPS for "Out of band" management applications such as the remote admin | ||
26 | ; module. May specify https_main = True to make the main http server | ||
27 | ; use https or "False" to make the main server HTTP | ||
28 | ; https_main = False | ||
29 | ; | ||
30 | ; Create https_listener = "True" will create a listener on the port | ||
31 | ; specified. Provide the path to your server certificate along with it's | ||
32 | ; password | ||
33 | ; https_listener = False | ||
34 | ; | ||
35 | ; Set our listener to this port | ||
36 | ; https_port = 0 | ||
37 | ; | ||
38 | ; Path to X509 certificate | ||
39 | ; cert_path = "path/to/cert.p12" | ||
40 | ; | ||
41 | ; Password for cert | ||
42 | ; cert_pass = "password" | ||
43 | |||
44 | |||
24 | ; * The following are for the remote console | 45 | ; * The following are for the remote console |
25 | ; * They have no effect for the local or basic console types | 46 | ; * They have no effect for the local or basic console types |
26 | ; * Leave commented to diable logins to the console | 47 | ; * Leave commented to diable logins to the console |