Fossil

Check-in [8dde277768]
Login

Check-in [8dde277768]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:merge latest trunk
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | tls-server-fix
Files: files | file ages | folders
SHA3-256: 8dde27776839648293b3803dced9783180ea3fbd8757d5be1334d6e27a35c0de
User & Date: rdb 2022-01-16 11:29:22.680
Context
2022-01-17
13:47
This branch superceded by [d7008b34579d2f41|check-in d7008b34579d2f41] and therefore closed. Was: move the checking for --https to before verify_options is called ... (Closed-Leaf check-in: 60d1581ff0 user: rdb tags: tls-server-fix)
2022-01-16
11:29
merge latest trunk ... (check-in: 8dde277768 user: rdb tags: tls-server-fix)
03:29
fix c90 forbids mixed declarations and code wanrning ... (check-in: ad66227c8d user: rdb tags: tls-server-fix)
02:03
When reading POST via TLS, fail fatally on a read error. Add SERVER_SOFTWARE to the environment when running in server mode. ... (check-in: ba95498d36 user: stephan tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/http_ssl.c. 
750
751
752
753
754
755
756

757
758
759
760
761
762
763
764
765
766
767
768
769

770
771
772
773
774
775
776

  }
}

typedef struct SslServerConn {
  SSL *ssl;          /* The SSL codec */
  int atEof;         /* True when EOF reached. */
  int iSocket;       /* The socket */

} SslServerConn;

/*
** Create a new server-side codec.  The argument is the socket's file
** descriptor from which the codec reads and writes. The returned
** memory must eventually be passed to ssl_close_server().
*/
void *ssl_new_server(int iSocket){
  SslServerConn *pServer = fossil_malloc_zero(sizeof(*pServer));
  BIO *b = BIO_new_socket(iSocket, 0);
  pServer->ssl = SSL_new(sslCtx);
  pServer->atEof = 0;
  pServer->iSocket = iSocket;

  SSL_set_bio(pServer->ssl, b, b);
  SSL_accept(pServer->ssl);
  return (void*)pServer;
}

/*
** Close a server-side code previously returned from ssl_new_server().








>













>








750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778

  }
}

typedef struct SslServerConn {
  SSL *ssl;          /* The SSL codec */
  int atEof;         /* True when EOF reached. */
  int iSocket;       /* The socket */
  BIO *bio;          /* BIO object. Needed for EOF detection. */
} SslServerConn;

/*
** Create a new server-side codec.  The argument is the socket's file
** descriptor from which the codec reads and writes. The returned
** memory must eventually be passed to ssl_close_server().
*/
void *ssl_new_server(int iSocket){
  SslServerConn *pServer = fossil_malloc_zero(sizeof(*pServer));
  BIO *b = BIO_new_socket(iSocket, 0);
  pServer->ssl = SSL_new(sslCtx);
  pServer->atEof = 0;
  pServer->iSocket = iSocket;
  pServer->bio = b;
  SSL_set_bio(pServer->ssl, b, b);
  SSL_accept(pServer->ssl);
  return (void*)pServer;
}

/*
** Close a server-side code previously returned from ssl_new_server().

791
792
793
794
795
796
797
798

799
800
801

802

803










804
805
806
807
808
809
810
811

}

/*
** Read cleartext bytes that have been received from the client and
** decrypted by the SSL server codec.
*/
size_t ssl_read_server(void *pServerArg, char *zBuf, size_t nBuf){
  int n;

  SslServerConn *pServer = (SslServerConn*)pServerArg;
  if( pServer->atEof ) return 0;
  if( nBuf>0x7fffffff ){ fossil_fatal("SSL read too big"); }

  n = SSL_read(pServer->ssl, zBuf, (int)nBuf);

  if( n==0 ) pServer->atEof = 1;










  return n<=0 ? 0 : n;
}

/*
** Read a single line of text from the client.
*/
char *ssl_gets(void *pServerArg, char *zBuf, int nBuf){
  int n = 0;








|
>

<

>
|
>
|
>
>
>
>
>
>
>
>
>
>
|








793
794
795
796
797
798
799
800
801
802

803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825

}

/*
** Read cleartext bytes that have been received from the client and
** decrypted by the SSL server codec.
*/
size_t ssl_read_server(void *pServerArg, char *zBuf, size_t nBuf){
  int n, err = 0;
  size_t rc = 0;
  SslServerConn *pServer = (SslServerConn*)pServerArg;

  if( nBuf>0x7fffffff ){ fossil_fatal("SSL read too big"); }
  while( 0==err && nBuf!=rc && 0==pServer->atEof ){
    n = SSL_read(pServer->ssl, zBuf + rc, (int)(nBuf - rc));
    if( n==0 ){
      pServer->atEof = 1;
      break;
    }
    err = SSL_get_error(pServer->ssl, n);
    if(0==err){
      rc += n;
      pServer->atEof = BIO_eof(pServer->bio);
    }else{
      fossil_fatal("SSL read error.");
    }
  }
  return rc;
}

/*
** Read a single line of text from the client.
*/
char *ssl_gets(void *pServerArg, char *zBuf, int nBuf){
  int n = 0;
Changes to src/main.c. 
3291
3292
3293
3294
3295
3296
3297


3298
3299
3300
3301
3302
3303
3304

  }
  if( g.repositoryOpen ) flags |= HTTP_SERVER_HAD_REPOSITORY;
  if( g.localOpen ) flags |= HTTP_SERVER_HAD_CHECKOUT;
  db_close(1);

  /* Start up an HTTP server
  */


#if !defined(_WIN32)
  /* Unix implementation */
  if( cgi_http_server(iPort, mxPort, zBrowserCmd, zIpAddr, flags) ){
    fossil_fatal("unable to listen on TCP socket %d", iPort);
  }
  /* For the parent process, the cgi_http_server() command above never
  ** returns (except in the case of an error).  Instead, for each incoming








>
>








3291
3292
3293
3294
3295
3296
3297
3298
3299
3300
3301
3302
3303
3304
3305
3306

  }
  if( g.repositoryOpen ) flags |= HTTP_SERVER_HAD_REPOSITORY;
  if( g.localOpen ) flags |= HTTP_SERVER_HAD_CHECKOUT;
  db_close(1);

  /* Start up an HTTP server
  */
  fossil_setenv("SERVER_SOFTWARE", "fossil version " RELEASE_VERSION
                " " MANIFEST_VERSION " " MANIFEST_DATE);
#if !defined(_WIN32)
  /* Unix implementation */
  if( cgi_http_server(iPort, mxPort, zBrowserCmd, zIpAddr, flags) ){
    fossil_fatal("unable to listen on TCP socket %d", iPort);
  }
  /* For the parent process, the cgi_http_server() command above never
  ** returns (except in the case of an error).  Instead, for each incoming
Changes to src/style.c. 
1392
1393
1394
1395
1396
1397
1398

1399
1400
1401
1402
1403
1404
1405

#ifndef _WIN32
    @ RSS = %.2f(fossil_rss()/1000000.0) MB</br />
#endif
    @ cgi_csrf_safe(0) = %d(cgi_csrf_safe(0))<br />
    @ fossil_exe_id() = %h(fossil_exe_id())<br />
    @ <hr />
    P("HTTP_USER_AGENT");

    cgi_print_all(showAll, 0);
    if( showAll && blob_size(&g.httpHeader)>0 ){
      @ <hr />
      @ <pre>
      @ %h(blob_str(&g.httpHeader))
      @ </pre>
    }








>








1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406

#ifndef _WIN32
    @ RSS = %.2f(fossil_rss()/1000000.0) MB</br />
#endif
    @ cgi_csrf_safe(0) = %d(cgi_csrf_safe(0))<br />
    @ fossil_exe_id() = %h(fossil_exe_id())<br />
    @ <hr />
    P("HTTP_USER_AGENT");
    P("SERVER_SOFTWARE");
    cgi_print_all(showAll, 0);
    if( showAll && blob_size(&g.httpHeader)>0 ){
      @ <hr />
      @ <pre>
      @ %h(blob_str(&g.httpHeader))
      @ </pre>
    }