Fossil

Check-in [977fa519d3]
Login

Check-in [977fa519d3]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Now actually works.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | ssl-server
Files: files | file ages | folders
SHA3-256: 977fa519d365f7700c9714a1bec92c5e9bd9f674926b282116c37b9b78a3d183
User & Date: drh 2021-12-26 21:27:27.904
Context
2021-12-26
21:50
Fix the build on Windows and on builds that omit OpenSSL. Improved error messages. ... (check-in: 637516c447 user: drh tags: ssl-server)
21:27
Now actually works. ... (check-in: 977fa519d3 user: drh tags: ssl-server)
20:53
Add the (undocumented) --debug-nofork option to "fossil ui" and "fossil server", for use in debugging. ... (check-in: ed4a96d8ec user: drh tags: ssl-server)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/http_ssl.c. 
636
637
638
639
640
641
642

643
644
645
646
647
648
649

  pServer->fd1 = writeFd;
  if( writeFd<0 ){
    SSL_set_fd(pServer->ssl, readFd);
  }else{
    SSL_set_rfd(pServer->ssl, readFd);
    SSL_set_wfd(pServer->ssl, writeFd);
  }

  return (void*)pServer;
}

/*
** Close a server-side code previously returned from ssl_new_server().
*/
void ssl_close_server(void *pServerArg){








>








636
637
638
639
640
641
642
643
644
645
646
647
648
649
650

  pServer->fd1 = writeFd;
  if( writeFd<0 ){
    SSL_set_fd(pServer->ssl, readFd);
  }else{
    SSL_set_rfd(pServer->ssl, readFd);
    SSL_set_wfd(pServer->ssl, writeFd);
  }
  SSL_accept(pServer->ssl);
  return (void*)pServer;
}

/*
** Close a server-side code previously returned from ssl_new_server().
*/
void ssl_close_server(void *pServerArg){

682
683
684
685
686
687
688

689
690
691
692
693
694
695

696
697
698
699
700
701
702

*/
char *ssl_gets(void *pServerArg, char *zBuf, int nBuf){
  int n = 0;
  int i;
  SslServerConn *pServer = (SslServerConn*)pServerArg;
  
  if( pServer->atEof ) return 0;

  n = SSL_peek(pServer->ssl, zBuf, nBuf-1);
  if( n==0 ){
    pServer->atEof = 1;
    return 0;
  }
  for(i=0; i<n && zBuf[i]!='\n'; i++){}
  SSL_read(pServer->ssl, zBuf, i);

  zBuf[i+1] = 0;
  return zBuf;
}


/*
** Write cleartext bytes into the SSL server codec so that they can








>
|
|
<
|
|
|
<
>








683
684
685
686
687
688
689
690
691
692

693
694
695

696
697
698
699
700
701
702
703

*/
char *ssl_gets(void *pServerArg, char *zBuf, int nBuf){
  int n = 0;
  int i;
  SslServerConn *pServer = (SslServerConn*)pServerArg;
  
  if( pServer->atEof ) return 0;
  for(i=0; i<nBuf-1; i++){
    n = SSL_read(pServer->ssl, &zBuf[i], 1);
    if( n<=0 ){

      return 0;
    }
    if( zBuf[i]=='\n' ) break;

  }
  zBuf[i+1] = 0;
  return zBuf;
}


/*
** Write cleartext bytes into the SSL server codec so that they can
Changes to src/main.c. 
3042
3043
3044
3045
3046
3047
3048

3049
3050
3051
3052
3053
3054
3055

  **
  ** This sets the HTTP_SERVER_NOFORK flag, which causes only the
  ** very first incoming TCP/IP connection to be processed.  Used for
  ** debugging, since debugging across a fork() can be tricky
  */
  if( find_option("debug-nofork",0,0)!=0 ){
    flags |= HTTP_SERVER_NOFORK;

  }
  /* We should be done with options.. */
  verify_all_options();

  if( g.argc!=2 && g.argc!=3 ) usage("?REPOSITORY?");
  if( isUiCmd && 3==g.argc && file_isdir(g.argv[2], ExtFILE)>0 ){
    /* If REPOSITORY arg is the root of a checkout,








>








3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056

  **
  ** This sets the HTTP_SERVER_NOFORK flag, which causes only the
  ** very first incoming TCP/IP connection to be processed.  Used for
  ** debugging, since debugging across a fork() can be tricky
  */
  if( find_option("debug-nofork",0,0)!=0 ){
    flags |= HTTP_SERVER_NOFORK;
    zTimeout = "100000000";
  }
  /* We should be done with options.. */
  verify_all_options();

  if( g.argc!=2 && g.argc!=3 ) usage("?REPOSITORY?");
  if( isUiCmd && 3==g.argc && file_isdir(g.argv[2], ExtFILE)>0 ){
    /* If REPOSITORY arg is the root of a checkout,

3212
3213
3214
3215
3216
3217
3218
3219
3220
3221
3222
3223
3224
3225
3226

    }else{
      g.zRepositoryName = enter_chroot_jail(g.zRepositoryName, noJail);
    }
  }
  if( flags & HTTP_SERVER_SCGI ){
    cgi_handle_scgi_request();
  }else if( g.httpUseSSL ){
    g.httpSSLConn = ssl_new_server(fileno(stdin),fileno(stdout));
    cgi_handle_http_request(0);
  }else{
    cgi_handle_http_request(0);
  }
  process_one_web_page(zNotFound, glob_create(zFileGlob), allowRepoList);
  if( g.fAnyTrace ){
    fprintf(stderr, "/***** Webpage finished in subprocess %d *****/\n",








|








3213
3214
3215
3216
3217
3218
3219
3220
3221
3222
3223
3224
3225
3226
3227

    }else{
      g.zRepositoryName = enter_chroot_jail(g.zRepositoryName, noJail);
    }
  }
  if( flags & HTTP_SERVER_SCGI ){
    cgi_handle_scgi_request();
  }else if( g.httpUseSSL ){
    g.httpSSLConn = ssl_new_server(0,-1);
    cgi_handle_http_request(0);
  }else{
    cgi_handle_http_request(0);
  }
  process_one_web_page(zNotFound, glob_create(zFileGlob), allowRepoList);
  if( g.fAnyTrace ){
    fprintf(stderr, "/***** Webpage finished in subprocess %d *****/\n",