Fossil SCM
Fix the SSL-server code so that the "fossil ui --tls" command (and similar) now work on Windows.
Commit
7a3bf55f5489f5348830c5f116d872c26207121fbfd916653463f189bfa754ab
Parent
2ed7465cf74af8a…
3 files changed
+15
-17
+2
-5
+56
-18
+15
-17
| --- src/http_ssl.c | ||
| +++ src/http_ssl.c | ||
| @@ -739,41 +739,37 @@ | ||
| 739 | 739 | } |
| 740 | 740 | if( !SSL_CTX_check_private_key(sslCtx) ){ |
| 741 | 741 | fossil_fatal("PRIVATE KEY \"%s\" does not match CERT \"%s\"", |
| 742 | 742 | zKeyFile, zCertFile); |
| 743 | 743 | } |
| 744 | + SSL_CTX_set_mode(sslCtx, SSL_MODE_AUTO_RETRY); | |
| 744 | 745 | sslIsInit = 2; |
| 745 | 746 | }else{ |
| 746 | 747 | assert( sslIsInit==2 ); |
| 747 | 748 | } |
| 748 | 749 | } |
| 749 | 750 | |
| 750 | 751 | typedef struct SslServerConn { |
| 751 | 752 | SSL *ssl; /* The SSL codec */ |
| 752 | 753 | int atEof; /* True when EOF reached. */ |
| 753 | - int fd0; /* Read channel, or socket */ | |
| 754 | - int fd1; /* Write channel */ | |
| 754 | + int iSocket; /* The socket */ | |
| 755 | 755 | } SslServerConn; |
| 756 | 756 | |
| 757 | 757 | /* |
| 758 | 758 | ** Create a new server-side codec. The arguments are the file |
| 759 | 759 | ** descriptors from which teh codec reads and writes, respectively. |
| 760 | 760 | ** |
| 761 | 761 | ** If the writeFd is negative, then use then the readFd is a socket |
| 762 | 762 | ** over which we both read and write. |
| 763 | 763 | */ |
| 764 | -void *ssl_new_server(int readFd, int writeFd){ | |
| 764 | +void *ssl_new_server(int iSocket){ | |
| 765 | 765 | SslServerConn *pServer = fossil_malloc_zero(sizeof(*pServer)); |
| 766 | + BIO *b = BIO_new_socket(iSocket, 0); | |
| 766 | 767 | pServer->ssl = SSL_new(sslCtx); |
| 767 | - pServer->fd0 = readFd; | |
| 768 | - pServer->fd1 = writeFd; | |
| 769 | - if( writeFd<0 ){ | |
| 770 | - SSL_set_fd(pServer->ssl, readFd); | |
| 771 | - }else{ | |
| 772 | - SSL_set_rfd(pServer->ssl, readFd); | |
| 773 | - SSL_set_wfd(pServer->ssl, writeFd); | |
| 774 | - } | |
| 768 | + pServer->atEof = 0; | |
| 769 | + pServer->iSocket = iSocket; | |
| 770 | + SSL_set_bio(pServer->ssl, b, b); | |
| 775 | 771 | SSL_accept(pServer->ssl); |
| 776 | 772 | return (void*)pServer; |
| 777 | 773 | } |
| 778 | 774 | |
| 779 | 775 | /* |
| @@ -780,12 +776,10 @@ | ||
| 780 | 776 | ** Close a server-side code previously returned from ssl_new_server(). |
| 781 | 777 | */ |
| 782 | 778 | void ssl_close_server(void *pServerArg){ |
| 783 | 779 | SslServerConn *pServer = (SslServerConn*)pServerArg; |
| 784 | 780 | SSL_free(pServer->ssl); |
| 785 | - close(pServer->fd0); | |
| 786 | - if( pServer->fd1>=0 ) close(pServer->fd0); | |
| 787 | 781 | fossil_free(pServer); |
| 788 | 782 | } |
| 789 | 783 | |
| 790 | 784 | /* |
| 791 | 785 | ** Return TRUE if there are no more bytes available to be read from |
| @@ -804,12 +798,12 @@ | ||
| 804 | 798 | int n; |
| 805 | 799 | SslServerConn *pServer = (SslServerConn*)pServerArg; |
| 806 | 800 | if( pServer->atEof ) return 0; |
| 807 | 801 | if( nBuf>0x7fffffff ){ fossil_fatal("SSL read too big"); } |
| 808 | 802 | n = SSL_read(pServer->ssl, zBuf, (int)nBuf); |
| 809 | - if( n<nBuf ) pServer->atEof = 1; | |
| 810 | - return n; | |
| 803 | + if( n==0 ) pServer->atEof = 1; | |
| 804 | + return n<=0 ? 0 : n; | |
| 811 | 805 | } |
| 812 | 806 | |
| 813 | 807 | /* |
| 814 | 808 | ** Read a single line of text from the client. |
| 815 | 809 | */ |
| @@ -836,14 +830,18 @@ | ||
| 836 | 830 | ** be encrypted and sent back to the client. |
| 837 | 831 | */ |
| 838 | 832 | size_t ssl_write_server(void *pServerArg, char *zBuf, size_t nBuf){ |
| 839 | 833 | int n; |
| 840 | 834 | SslServerConn *pServer = (SslServerConn*)pServerArg; |
| 841 | - if( pServer->atEof ) return 0; | |
| 835 | + if( nBuf<=0 ) return 0; | |
| 842 | 836 | if( nBuf>0x7fffffff ){ fossil_fatal("SSL write too big"); } |
| 843 | 837 | n = SSL_write(pServer->ssl, zBuf, (int)nBuf); |
| 844 | - return n; | |
| 838 | + if( n<=0 ){ | |
| 839 | + return -SSL_get_error(pServer->ssl, n); | |
| 840 | + }else{ | |
| 841 | + return n; | |
| 842 | + } | |
| 845 | 843 | } |
| 846 | 844 | |
| 847 | 845 | #endif /* FOSSIL_ENABLE_SSL */ |
| 848 | 846 | |
| 849 | 847 | /* |
| 850 | 848 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -739,41 +739,37 @@ | |
| 739 | } |
| 740 | if( !SSL_CTX_check_private_key(sslCtx) ){ |
| 741 | fossil_fatal("PRIVATE KEY \"%s\" does not match CERT \"%s\"", |
| 742 | zKeyFile, zCertFile); |
| 743 | } |
| 744 | sslIsInit = 2; |
| 745 | }else{ |
| 746 | assert( sslIsInit==2 ); |
| 747 | } |
| 748 | } |
| 749 | |
| 750 | typedef struct SslServerConn { |
| 751 | SSL *ssl; /* The SSL codec */ |
| 752 | int atEof; /* True when EOF reached. */ |
| 753 | int fd0; /* Read channel, or socket */ |
| 754 | int fd1; /* Write channel */ |
| 755 | } SslServerConn; |
| 756 | |
| 757 | /* |
| 758 | ** Create a new server-side codec. The arguments are the file |
| 759 | ** descriptors from which teh codec reads and writes, respectively. |
| 760 | ** |
| 761 | ** If the writeFd is negative, then use then the readFd is a socket |
| 762 | ** over which we both read and write. |
| 763 | */ |
| 764 | void *ssl_new_server(int readFd, int writeFd){ |
| 765 | SslServerConn *pServer = fossil_malloc_zero(sizeof(*pServer)); |
| 766 | pServer->ssl = SSL_new(sslCtx); |
| 767 | pServer->fd0 = readFd; |
| 768 | pServer->fd1 = writeFd; |
| 769 | if( writeFd<0 ){ |
| 770 | SSL_set_fd(pServer->ssl, readFd); |
| 771 | }else{ |
| 772 | SSL_set_rfd(pServer->ssl, readFd); |
| 773 | SSL_set_wfd(pServer->ssl, writeFd); |
| 774 | } |
| 775 | SSL_accept(pServer->ssl); |
| 776 | return (void*)pServer; |
| 777 | } |
| 778 | |
| 779 | /* |
| @@ -780,12 +776,10 @@ | |
| 780 | ** Close a server-side code previously returned from ssl_new_server(). |
| 781 | */ |
| 782 | void ssl_close_server(void *pServerArg){ |
| 783 | SslServerConn *pServer = (SslServerConn*)pServerArg; |
| 784 | SSL_free(pServer->ssl); |
| 785 | close(pServer->fd0); |
| 786 | if( pServer->fd1>=0 ) close(pServer->fd0); |
| 787 | fossil_free(pServer); |
| 788 | } |
| 789 | |
| 790 | /* |
| 791 | ** Return TRUE if there are no more bytes available to be read from |
| @@ -804,12 +798,12 @@ | |
| 804 | int n; |
| 805 | SslServerConn *pServer = (SslServerConn*)pServerArg; |
| 806 | if( pServer->atEof ) return 0; |
| 807 | if( nBuf>0x7fffffff ){ fossil_fatal("SSL read too big"); } |
| 808 | n = SSL_read(pServer->ssl, zBuf, (int)nBuf); |
| 809 | if( n<nBuf ) pServer->atEof = 1; |
| 810 | return n; |
| 811 | } |
| 812 | |
| 813 | /* |
| 814 | ** Read a single line of text from the client. |
| 815 | */ |
| @@ -836,14 +830,18 @@ | |
| 836 | ** be encrypted and sent back to the client. |
| 837 | */ |
| 838 | size_t ssl_write_server(void *pServerArg, char *zBuf, size_t nBuf){ |
| 839 | int n; |
| 840 | SslServerConn *pServer = (SslServerConn*)pServerArg; |
| 841 | if( pServer->atEof ) return 0; |
| 842 | if( nBuf>0x7fffffff ){ fossil_fatal("SSL write too big"); } |
| 843 | n = SSL_write(pServer->ssl, zBuf, (int)nBuf); |
| 844 | return n; |
| 845 | } |
| 846 | |
| 847 | #endif /* FOSSIL_ENABLE_SSL */ |
| 848 | |
| 849 | /* |
| 850 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -739,41 +739,37 @@ | |
| 739 | } |
| 740 | if( !SSL_CTX_check_private_key(sslCtx) ){ |
| 741 | fossil_fatal("PRIVATE KEY \"%s\" does not match CERT \"%s\"", |
| 742 | zKeyFile, zCertFile); |
| 743 | } |
| 744 | SSL_CTX_set_mode(sslCtx, SSL_MODE_AUTO_RETRY); |
| 745 | sslIsInit = 2; |
| 746 | }else{ |
| 747 | assert( sslIsInit==2 ); |
| 748 | } |
| 749 | } |
| 750 | |
| 751 | typedef struct SslServerConn { |
| 752 | SSL *ssl; /* The SSL codec */ |
| 753 | int atEof; /* True when EOF reached. */ |
| 754 | int iSocket; /* The socket */ |
| 755 | } SslServerConn; |
| 756 | |
| 757 | /* |
| 758 | ** Create a new server-side codec. The arguments are the file |
| 759 | ** descriptors from which teh codec reads and writes, respectively. |
| 760 | ** |
| 761 | ** If the writeFd is negative, then use then the readFd is a socket |
| 762 | ** over which we both read and write. |
| 763 | */ |
| 764 | void *ssl_new_server(int iSocket){ |
| 765 | SslServerConn *pServer = fossil_malloc_zero(sizeof(*pServer)); |
| 766 | BIO *b = BIO_new_socket(iSocket, 0); |
| 767 | pServer->ssl = SSL_new(sslCtx); |
| 768 | pServer->atEof = 0; |
| 769 | pServer->iSocket = iSocket; |
| 770 | SSL_set_bio(pServer->ssl, b, b); |
| 771 | SSL_accept(pServer->ssl); |
| 772 | return (void*)pServer; |
| 773 | } |
| 774 | |
| 775 | /* |
| @@ -780,12 +776,10 @@ | |
| 776 | ** Close a server-side code previously returned from ssl_new_server(). |
| 777 | */ |
| 778 | void ssl_close_server(void *pServerArg){ |
| 779 | SslServerConn *pServer = (SslServerConn*)pServerArg; |
| 780 | SSL_free(pServer->ssl); |
| 781 | fossil_free(pServer); |
| 782 | } |
| 783 | |
| 784 | /* |
| 785 | ** Return TRUE if there are no more bytes available to be read from |
| @@ -804,12 +798,12 @@ | |
| 798 | int n; |
| 799 | SslServerConn *pServer = (SslServerConn*)pServerArg; |
| 800 | if( pServer->atEof ) return 0; |
| 801 | if( nBuf>0x7fffffff ){ fossil_fatal("SSL read too big"); } |
| 802 | n = SSL_read(pServer->ssl, zBuf, (int)nBuf); |
| 803 | if( n==0 ) pServer->atEof = 1; |
| 804 | return n<=0 ? 0 : n; |
| 805 | } |
| 806 | |
| 807 | /* |
| 808 | ** Read a single line of text from the client. |
| 809 | */ |
| @@ -836,14 +830,18 @@ | |
| 830 | ** be encrypted and sent back to the client. |
| 831 | */ |
| 832 | size_t ssl_write_server(void *pServerArg, char *zBuf, size_t nBuf){ |
| 833 | int n; |
| 834 | SslServerConn *pServer = (SslServerConn*)pServerArg; |
| 835 | if( nBuf<=0 ) return 0; |
| 836 | if( nBuf>0x7fffffff ){ fossil_fatal("SSL write too big"); } |
| 837 | n = SSL_write(pServer->ssl, zBuf, (int)nBuf); |
| 838 | if( n<=0 ){ |
| 839 | return -SSL_get_error(pServer->ssl, n); |
| 840 | }else{ |
| 841 | return n; |
| 842 | } |
| 843 | } |
| 844 | |
| 845 | #endif /* FOSSIL_ENABLE_SSL */ |
| 846 | |
| 847 | /* |
| 848 |
+2
-5
| --- src/main.c | ||
| +++ src/main.c | ||
| @@ -2786,11 +2786,11 @@ | ||
| 2786 | 2786 | }else if( g.fSshClient & CGI_SSH_CLIENT ){ |
| 2787 | 2787 | ssh_request_loop(zIpAddr, glob_create(zFileGlob)); |
| 2788 | 2788 | }else{ |
| 2789 | 2789 | #if FOSSIL_ENABLE_SSL |
| 2790 | 2790 | if( g.httpUseSSL ){ |
| 2791 | - g.httpSSLConn = ssl_new_server(0,-1); | |
| 2791 | + g.httpSSLConn = ssl_new_server(0); | |
| 2792 | 2792 | } |
| 2793 | 2793 | #endif |
| 2794 | 2794 | cgi_handle_http_request(zIpAddr); |
| 2795 | 2795 | } |
| 2796 | 2796 | process_one_web_page(zNotFound, glob_create(zFileGlob), allowRepoList); |
| @@ -3286,11 +3286,11 @@ | ||
| 3286 | 3286 | } |
| 3287 | 3287 | if( flags & HTTP_SERVER_SCGI ){ |
| 3288 | 3288 | cgi_handle_scgi_request(); |
| 3289 | 3289 | }else if( g.httpUseSSL ){ |
| 3290 | 3290 | #if FOSSIL_ENABLE_SSL |
| 3291 | - g.httpSSLConn = ssl_new_server(0,-1); | |
| 3291 | + g.httpSSLConn = ssl_new_server(0); | |
| 3292 | 3292 | #endif |
| 3293 | 3293 | cgi_handle_http_request(0); |
| 3294 | 3294 | }else{ |
| 3295 | 3295 | cgi_handle_http_request(0); |
| 3296 | 3296 | } |
| @@ -3306,13 +3306,10 @@ | ||
| 3306 | 3306 | } |
| 3307 | 3307 | #endif /* FOSSIL_ENABLE_SSL */ |
| 3308 | 3308 | |
| 3309 | 3309 | #else /* WIN32 */ |
| 3310 | 3310 | /* Win32 implementation */ |
| 3311 | - if( g.httpUseSSL ){ | |
| 3312 | - fossil_fatal("TLS-encrypted server is not (yet) supported on Windows"); | |
| 3313 | - } | |
| 3314 | 3311 | if( allowRepoList ){ |
| 3315 | 3312 | flags |= HTTP_SERVER_REPOLIST; |
| 3316 | 3313 | } |
| 3317 | 3314 | if( win32_http_service(iPort, zAltBase, zNotFound, zFileGlob, flags) ){ |
| 3318 | 3315 | win32_http_server(iPort, mxPort, zBrowserCmd, zStopperFile, |
| 3319 | 3316 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -2786,11 +2786,11 @@ | |
| 2786 | }else if( g.fSshClient & CGI_SSH_CLIENT ){ |
| 2787 | ssh_request_loop(zIpAddr, glob_create(zFileGlob)); |
| 2788 | }else{ |
| 2789 | #if FOSSIL_ENABLE_SSL |
| 2790 | if( g.httpUseSSL ){ |
| 2791 | g.httpSSLConn = ssl_new_server(0,-1); |
| 2792 | } |
| 2793 | #endif |
| 2794 | cgi_handle_http_request(zIpAddr); |
| 2795 | } |
| 2796 | process_one_web_page(zNotFound, glob_create(zFileGlob), allowRepoList); |
| @@ -3286,11 +3286,11 @@ | |
| 3286 | } |
| 3287 | if( flags & HTTP_SERVER_SCGI ){ |
| 3288 | cgi_handle_scgi_request(); |
| 3289 | }else if( g.httpUseSSL ){ |
| 3290 | #if FOSSIL_ENABLE_SSL |
| 3291 | g.httpSSLConn = ssl_new_server(0,-1); |
| 3292 | #endif |
| 3293 | cgi_handle_http_request(0); |
| 3294 | }else{ |
| 3295 | cgi_handle_http_request(0); |
| 3296 | } |
| @@ -3306,13 +3306,10 @@ | |
| 3306 | } |
| 3307 | #endif /* FOSSIL_ENABLE_SSL */ |
| 3308 | |
| 3309 | #else /* WIN32 */ |
| 3310 | /* Win32 implementation */ |
| 3311 | if( g.httpUseSSL ){ |
| 3312 | fossil_fatal("TLS-encrypted server is not (yet) supported on Windows"); |
| 3313 | } |
| 3314 | if( allowRepoList ){ |
| 3315 | flags |= HTTP_SERVER_REPOLIST; |
| 3316 | } |
| 3317 | if( win32_http_service(iPort, zAltBase, zNotFound, zFileGlob, flags) ){ |
| 3318 | win32_http_server(iPort, mxPort, zBrowserCmd, zStopperFile, |
| 3319 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -2786,11 +2786,11 @@ | |
| 2786 | }else if( g.fSshClient & CGI_SSH_CLIENT ){ |
| 2787 | ssh_request_loop(zIpAddr, glob_create(zFileGlob)); |
| 2788 | }else{ |
| 2789 | #if FOSSIL_ENABLE_SSL |
| 2790 | if( g.httpUseSSL ){ |
| 2791 | g.httpSSLConn = ssl_new_server(0); |
| 2792 | } |
| 2793 | #endif |
| 2794 | cgi_handle_http_request(zIpAddr); |
| 2795 | } |
| 2796 | process_one_web_page(zNotFound, glob_create(zFileGlob), allowRepoList); |
| @@ -3286,11 +3286,11 @@ | |
| 3286 | } |
| 3287 | if( flags & HTTP_SERVER_SCGI ){ |
| 3288 | cgi_handle_scgi_request(); |
| 3289 | }else if( g.httpUseSSL ){ |
| 3290 | #if FOSSIL_ENABLE_SSL |
| 3291 | g.httpSSLConn = ssl_new_server(0); |
| 3292 | #endif |
| 3293 | cgi_handle_http_request(0); |
| 3294 | }else{ |
| 3295 | cgi_handle_http_request(0); |
| 3296 | } |
| @@ -3306,13 +3306,10 @@ | |
| 3306 | } |
| 3307 | #endif /* FOSSIL_ENABLE_SSL */ |
| 3308 | |
| 3309 | #else /* WIN32 */ |
| 3310 | /* Win32 implementation */ |
| 3311 | if( allowRepoList ){ |
| 3312 | flags |= HTTP_SERVER_REPOLIST; |
| 3313 | } |
| 3314 | if( win32_http_service(iPort, zAltBase, zNotFound, zFileGlob, flags) ){ |
| 3315 | win32_http_server(iPort, mxPort, zBrowserCmd, zStopperFile, |
| 3316 |
+56
-18
| --- src/winhttp.c | ||
| +++ src/winhttp.c | ||
| @@ -340,47 +340,72 @@ | ||
| 340 | 340 | FILE *in = 0, *out = 0, *aux = 0; |
| 341 | 341 | int amt, got, i; |
| 342 | 342 | int wanted = 0; |
| 343 | 343 | char *z; |
| 344 | 344 | char *zIp; |
| 345 | + void *sslConn = 0; | |
| 345 | 346 | char zCmdFName[MAX_PATH]; |
| 346 | 347 | char zRequestFName[MAX_PATH]; |
| 347 | 348 | char zReplyFName[MAX_PATH]; |
| 348 | 349 | char zCmd[2000]; /* Command-line to process the request */ |
| 349 | - char zHdr[4000]; /* The HTTP request header */ | |
| 350 | + char zBuf[65536]; /* The HTTP request header */ | |
| 351 | + const int szHdr = 4000; /* Reduced header size */ | |
| 350 | 352 | |
| 351 | 353 | sqlite3_snprintf(MAX_PATH, zCmdFName, |
| 352 | 354 | "%s_%06d_cmd.txt", zTempPrefix, p->id); |
| 353 | 355 | sqlite3_snprintf(MAX_PATH, zRequestFName, |
| 354 | 356 | "%s_%06d_in.txt", zTempPrefix, p->id); |
| 355 | 357 | sqlite3_snprintf(MAX_PATH, zReplyFName, |
| 356 | 358 | "%s_%06d_out.txt", zTempPrefix, p->id); |
| 357 | 359 | amt = 0; |
| 358 | - while( amt<sizeof(zHdr) ){ | |
| 359 | - got = recv(p->s, &zHdr[amt], sizeof(zHdr)-1-amt, 0); | |
| 360 | - if( got==SOCKET_ERROR ) goto end_request; | |
| 360 | + if( g.httpUseSSL ){ | |
| 361 | +#ifdef FOSSIL_ENABLE_SSL | |
| 362 | + sslConn = ssl_new_server(p->s); | |
| 363 | +#endif | |
| 364 | + } | |
| 365 | + while( amt<szHdr ){ | |
| 366 | + if( sslConn ){ | |
| 367 | +#ifdef FOSSIL_ENABLE_SSL | |
| 368 | + got = ssl_read_server(sslConn, &zBuf[amt], szHdr-amt); | |
| 369 | +#endif | |
| 370 | + }else{ | |
| 371 | + got = recv(p->s, &zBuf[amt], szHdr-amt, 0); | |
| 372 | + if( got==SOCKET_ERROR ) goto end_request; | |
| 373 | + } | |
| 361 | 374 | if( got==0 ){ |
| 362 | 375 | wanted = 0; |
| 363 | 376 | break; |
| 364 | 377 | } |
| 365 | 378 | amt += got; |
| 366 | - zHdr[amt] = 0; | |
| 367 | - z = strstr(zHdr, "\r\n\r\n"); | |
| 379 | + zBuf[amt] = 0; | |
| 380 | + z = strstr(zBuf, "\r\n\r\n"); | |
| 368 | 381 | if( z ){ |
| 369 | - wanted = find_content_length(zHdr) + (&z[4]-zHdr) - amt; | |
| 382 | + wanted = find_content_length(zBuf) + (&z[4]-zBuf) - amt; | |
| 370 | 383 | break; |
| 384 | + }else{ | |
| 385 | + z = strstr(zBuf, "\n\n"); | |
| 386 | + if( z ){ | |
| 387 | + wanted = find_content_length(zBuf) + (&z[2]-zBuf) - amt; | |
| 388 | + break; | |
| 389 | + } | |
| 371 | 390 | } |
| 372 | 391 | } |
| 373 | - if( amt>=sizeof(zHdr) ) goto end_request; | |
| 392 | + if( amt>=szHdr ) goto end_request; | |
| 374 | 393 | out = fossil_fopen(zRequestFName, "wb"); |
| 375 | 394 | if( out==0 ) goto end_request; |
| 376 | - fwrite(zHdr, 1, amt, out); | |
| 395 | + fwrite(zBuf, 1, amt, out); | |
| 377 | 396 | while( wanted>0 ){ |
| 378 | - got = recv(p->s, zHdr, sizeof(zHdr), 0); | |
| 379 | - if( got==SOCKET_ERROR ) goto end_request; | |
| 380 | - if( got ){ | |
| 381 | - fwrite(zHdr, 1, got, out); | |
| 397 | + if( sslConn ){ | |
| 398 | +#ifdef FOSSIL_ENABLE_SSL | |
| 399 | + got = ssl_read_server(sslConn, zBuf, sizeof(zBuf)); | |
| 400 | +#endif | |
| 401 | + }else{ | |
| 402 | + got = recv(p->s, zBuf, sizeof(zBuf), 0); | |
| 403 | + if( got==SOCKET_ERROR ) goto end_request; | |
| 404 | + } | |
| 405 | + if( got>0 ){ | |
| 406 | + fwrite(zBuf, 1, got, out); | |
| 382 | 407 | }else{ |
| 383 | 408 | break; |
| 384 | 409 | } |
| 385 | 410 | wanted -= got; |
| 386 | 411 | } |
| @@ -405,28 +430,40 @@ | ||
| 405 | 430 | aux = fossil_fopen(zCmdFName, "wb"); |
| 406 | 431 | if( aux==0 ) goto end_request; |
| 407 | 432 | fwrite(zCmd, 1, strlen(zCmd), aux); |
| 408 | 433 | |
| 409 | 434 | sqlite3_snprintf(sizeof(zCmd), zCmd, |
| 410 | - "\"%s\" http -args \"%s\" --nossl%s", | |
| 411 | - g.nameOfExe, zCmdFName, p->zOptions | |
| 435 | + "\"%s\" http -args \"%s\"%s%s", | |
| 436 | + g.nameOfExe, zCmdFName, | |
| 437 | + g.httpUseSSL ? "" : " --nossl", p->zOptions | |
| 412 | 438 | ); |
| 413 | 439 | in = fossil_fopen(zReplyFName, "w+b"); |
| 414 | 440 | fflush(out); |
| 415 | 441 | fflush(aux); |
| 416 | 442 | fossil_system(zCmd); |
| 417 | 443 | if( in ){ |
| 418 | - while( (got = fread(zHdr, 1, sizeof(zHdr), in))>0 ){ | |
| 419 | - send(p->s, zHdr, got, 0); | |
| 444 | + while( (got = fread(zBuf, 1, sizeof(zBuf), in))>0 ){ | |
| 445 | + if( sslConn ){ | |
| 446 | +#ifdef FOSSIL_ENABLE_SSL | |
| 447 | + ssl_write_server(sslConn, zBuf, got); | |
| 448 | +#endif | |
| 449 | + }else{ | |
| 450 | + send(p->s, zBuf, got, 0); | |
| 451 | + } | |
| 420 | 452 | } |
| 421 | 453 | } |
| 422 | 454 | |
| 423 | 455 | end_request: |
| 424 | 456 | if( out ) fclose(out); |
| 425 | 457 | if( aux ) fclose(aux); |
| 426 | 458 | if( in ) fclose(in); |
| 427 | 459 | /* Initiate shutdown prior to closing the socket */ |
| 460 | + if( sslConn!=0 ){ | |
| 461 | +#ifdef FOSSIL_ENABLE_SSL | |
| 462 | + ssl_close_server(sslConn); | |
| 463 | +#endif | |
| 464 | + } | |
| 428 | 465 | if( shutdown(p->s,1)==0 ) shutdown(p->s,0); |
| 429 | 466 | closesocket(p->s); |
| 430 | 467 | /* Make multiple attempts to delete the temporary files. Sometimes AV |
| 431 | 468 | ** software keeps the files open for a few seconds, preventing the file |
| 432 | 469 | ** from being deleted on the first try. */ |
| @@ -619,11 +656,12 @@ | ||
| 619 | 656 | } |
| 620 | 657 | zTempPrefix = mprintf("%sfossil_server_P%d", |
| 621 | 658 | fossil_unicode_to_utf8(zTmpPath), iPort); |
| 622 | 659 | fossil_print("Temporary files: %s*\n", zTempPrefix); |
| 623 | 660 | fossil_print("Listening for %s requests on TCP port %d\n", |
| 624 | - (flags&HTTP_SERVER_SCGI)!=0?"SCGI":"HTTP", iPort); | |
| 661 | + (flags&HTTP_SERVER_SCGI)!=0 ? "SCGI" : | |
| 662 | + g.httpUseSSL ? "TLS-encrypted HTTPS" : "HTTP", iPort); | |
| 625 | 663 | if( zBrowser ){ |
| 626 | 664 | zBrowser = mprintf(zBrowser /*works-like:"%d"*/, iPort); |
| 627 | 665 | fossil_print("Launch webbrowser: %s\n", zBrowser); |
| 628 | 666 | fossil_system(zBrowser); |
| 629 | 667 | } |
| 630 | 668 |
| --- src/winhttp.c | |
| +++ src/winhttp.c | |
| @@ -340,47 +340,72 @@ | |
| 340 | FILE *in = 0, *out = 0, *aux = 0; |
| 341 | int amt, got, i; |
| 342 | int wanted = 0; |
| 343 | char *z; |
| 344 | char *zIp; |
| 345 | char zCmdFName[MAX_PATH]; |
| 346 | char zRequestFName[MAX_PATH]; |
| 347 | char zReplyFName[MAX_PATH]; |
| 348 | char zCmd[2000]; /* Command-line to process the request */ |
| 349 | char zHdr[4000]; /* The HTTP request header */ |
| 350 | |
| 351 | sqlite3_snprintf(MAX_PATH, zCmdFName, |
| 352 | "%s_%06d_cmd.txt", zTempPrefix, p->id); |
| 353 | sqlite3_snprintf(MAX_PATH, zRequestFName, |
| 354 | "%s_%06d_in.txt", zTempPrefix, p->id); |
| 355 | sqlite3_snprintf(MAX_PATH, zReplyFName, |
| 356 | "%s_%06d_out.txt", zTempPrefix, p->id); |
| 357 | amt = 0; |
| 358 | while( amt<sizeof(zHdr) ){ |
| 359 | got = recv(p->s, &zHdr[amt], sizeof(zHdr)-1-amt, 0); |
| 360 | if( got==SOCKET_ERROR ) goto end_request; |
| 361 | if( got==0 ){ |
| 362 | wanted = 0; |
| 363 | break; |
| 364 | } |
| 365 | amt += got; |
| 366 | zHdr[amt] = 0; |
| 367 | z = strstr(zHdr, "\r\n\r\n"); |
| 368 | if( z ){ |
| 369 | wanted = find_content_length(zHdr) + (&z[4]-zHdr) - amt; |
| 370 | break; |
| 371 | } |
| 372 | } |
| 373 | if( amt>=sizeof(zHdr) ) goto end_request; |
| 374 | out = fossil_fopen(zRequestFName, "wb"); |
| 375 | if( out==0 ) goto end_request; |
| 376 | fwrite(zHdr, 1, amt, out); |
| 377 | while( wanted>0 ){ |
| 378 | got = recv(p->s, zHdr, sizeof(zHdr), 0); |
| 379 | if( got==SOCKET_ERROR ) goto end_request; |
| 380 | if( got ){ |
| 381 | fwrite(zHdr, 1, got, out); |
| 382 | }else{ |
| 383 | break; |
| 384 | } |
| 385 | wanted -= got; |
| 386 | } |
| @@ -405,28 +430,40 @@ | |
| 405 | aux = fossil_fopen(zCmdFName, "wb"); |
| 406 | if( aux==0 ) goto end_request; |
| 407 | fwrite(zCmd, 1, strlen(zCmd), aux); |
| 408 | |
| 409 | sqlite3_snprintf(sizeof(zCmd), zCmd, |
| 410 | "\"%s\" http -args \"%s\" --nossl%s", |
| 411 | g.nameOfExe, zCmdFName, p->zOptions |
| 412 | ); |
| 413 | in = fossil_fopen(zReplyFName, "w+b"); |
| 414 | fflush(out); |
| 415 | fflush(aux); |
| 416 | fossil_system(zCmd); |
| 417 | if( in ){ |
| 418 | while( (got = fread(zHdr, 1, sizeof(zHdr), in))>0 ){ |
| 419 | send(p->s, zHdr, got, 0); |
| 420 | } |
| 421 | } |
| 422 | |
| 423 | end_request: |
| 424 | if( out ) fclose(out); |
| 425 | if( aux ) fclose(aux); |
| 426 | if( in ) fclose(in); |
| 427 | /* Initiate shutdown prior to closing the socket */ |
| 428 | if( shutdown(p->s,1)==0 ) shutdown(p->s,0); |
| 429 | closesocket(p->s); |
| 430 | /* Make multiple attempts to delete the temporary files. Sometimes AV |
| 431 | ** software keeps the files open for a few seconds, preventing the file |
| 432 | ** from being deleted on the first try. */ |
| @@ -619,11 +656,12 @@ | |
| 619 | } |
| 620 | zTempPrefix = mprintf("%sfossil_server_P%d", |
| 621 | fossil_unicode_to_utf8(zTmpPath), iPort); |
| 622 | fossil_print("Temporary files: %s*\n", zTempPrefix); |
| 623 | fossil_print("Listening for %s requests on TCP port %d\n", |
| 624 | (flags&HTTP_SERVER_SCGI)!=0?"SCGI":"HTTP", iPort); |
| 625 | if( zBrowser ){ |
| 626 | zBrowser = mprintf(zBrowser /*works-like:"%d"*/, iPort); |
| 627 | fossil_print("Launch webbrowser: %s\n", zBrowser); |
| 628 | fossil_system(zBrowser); |
| 629 | } |
| 630 |
| --- src/winhttp.c | |
| +++ src/winhttp.c | |
| @@ -340,47 +340,72 @@ | |
| 340 | FILE *in = 0, *out = 0, *aux = 0; |
| 341 | int amt, got, i; |
| 342 | int wanted = 0; |
| 343 | char *z; |
| 344 | char *zIp; |
| 345 | void *sslConn = 0; |
| 346 | char zCmdFName[MAX_PATH]; |
| 347 | char zRequestFName[MAX_PATH]; |
| 348 | char zReplyFName[MAX_PATH]; |
| 349 | char zCmd[2000]; /* Command-line to process the request */ |
| 350 | char zBuf[65536]; /* The HTTP request header */ |
| 351 | const int szHdr = 4000; /* Reduced header size */ |
| 352 | |
| 353 | sqlite3_snprintf(MAX_PATH, zCmdFName, |
| 354 | "%s_%06d_cmd.txt", zTempPrefix, p->id); |
| 355 | sqlite3_snprintf(MAX_PATH, zRequestFName, |
| 356 | "%s_%06d_in.txt", zTempPrefix, p->id); |
| 357 | sqlite3_snprintf(MAX_PATH, zReplyFName, |
| 358 | "%s_%06d_out.txt", zTempPrefix, p->id); |
| 359 | amt = 0; |
| 360 | if( g.httpUseSSL ){ |
| 361 | #ifdef FOSSIL_ENABLE_SSL |
| 362 | sslConn = ssl_new_server(p->s); |
| 363 | #endif |
| 364 | } |
| 365 | while( amt<szHdr ){ |
| 366 | if( sslConn ){ |
| 367 | #ifdef FOSSIL_ENABLE_SSL |
| 368 | got = ssl_read_server(sslConn, &zBuf[amt], szHdr-amt); |
| 369 | #endif |
| 370 | }else{ |
| 371 | got = recv(p->s, &zBuf[amt], szHdr-amt, 0); |
| 372 | if( got==SOCKET_ERROR ) goto end_request; |
| 373 | } |
| 374 | if( got==0 ){ |
| 375 | wanted = 0; |
| 376 | break; |
| 377 | } |
| 378 | amt += got; |
| 379 | zBuf[amt] = 0; |
| 380 | z = strstr(zBuf, "\r\n\r\n"); |
| 381 | if( z ){ |
| 382 | wanted = find_content_length(zBuf) + (&z[4]-zBuf) - amt; |
| 383 | break; |
| 384 | }else{ |
| 385 | z = strstr(zBuf, "\n\n"); |
| 386 | if( z ){ |
| 387 | wanted = find_content_length(zBuf) + (&z[2]-zBuf) - amt; |
| 388 | break; |
| 389 | } |
| 390 | } |
| 391 | } |
| 392 | if( amt>=szHdr ) goto end_request; |
| 393 | out = fossil_fopen(zRequestFName, "wb"); |
| 394 | if( out==0 ) goto end_request; |
| 395 | fwrite(zBuf, 1, amt, out); |
| 396 | while( wanted>0 ){ |
| 397 | if( sslConn ){ |
| 398 | #ifdef FOSSIL_ENABLE_SSL |
| 399 | got = ssl_read_server(sslConn, zBuf, sizeof(zBuf)); |
| 400 | #endif |
| 401 | }else{ |
| 402 | got = recv(p->s, zBuf, sizeof(zBuf), 0); |
| 403 | if( got==SOCKET_ERROR ) goto end_request; |
| 404 | } |
| 405 | if( got>0 ){ |
| 406 | fwrite(zBuf, 1, got, out); |
| 407 | }else{ |
| 408 | break; |
| 409 | } |
| 410 | wanted -= got; |
| 411 | } |
| @@ -405,28 +430,40 @@ | |
| 430 | aux = fossil_fopen(zCmdFName, "wb"); |
| 431 | if( aux==0 ) goto end_request; |
| 432 | fwrite(zCmd, 1, strlen(zCmd), aux); |
| 433 | |
| 434 | sqlite3_snprintf(sizeof(zCmd), zCmd, |
| 435 | "\"%s\" http -args \"%s\"%s%s", |
| 436 | g.nameOfExe, zCmdFName, |
| 437 | g.httpUseSSL ? "" : " --nossl", p->zOptions |
| 438 | ); |
| 439 | in = fossil_fopen(zReplyFName, "w+b"); |
| 440 | fflush(out); |
| 441 | fflush(aux); |
| 442 | fossil_system(zCmd); |
| 443 | if( in ){ |
| 444 | while( (got = fread(zBuf, 1, sizeof(zBuf), in))>0 ){ |
| 445 | if( sslConn ){ |
| 446 | #ifdef FOSSIL_ENABLE_SSL |
| 447 | ssl_write_server(sslConn, zBuf, got); |
| 448 | #endif |
| 449 | }else{ |
| 450 | send(p->s, zBuf, got, 0); |
| 451 | } |
| 452 | } |
| 453 | } |
| 454 | |
| 455 | end_request: |
| 456 | if( out ) fclose(out); |
| 457 | if( aux ) fclose(aux); |
| 458 | if( in ) fclose(in); |
| 459 | /* Initiate shutdown prior to closing the socket */ |
| 460 | if( sslConn!=0 ){ |
| 461 | #ifdef FOSSIL_ENABLE_SSL |
| 462 | ssl_close_server(sslConn); |
| 463 | #endif |
| 464 | } |
| 465 | if( shutdown(p->s,1)==0 ) shutdown(p->s,0); |
| 466 | closesocket(p->s); |
| 467 | /* Make multiple attempts to delete the temporary files. Sometimes AV |
| 468 | ** software keeps the files open for a few seconds, preventing the file |
| 469 | ** from being deleted on the first try. */ |
| @@ -619,11 +656,12 @@ | |
| 656 | } |
| 657 | zTempPrefix = mprintf("%sfossil_server_P%d", |
| 658 | fossil_unicode_to_utf8(zTmpPath), iPort); |
| 659 | fossil_print("Temporary files: %s*\n", zTempPrefix); |
| 660 | fossil_print("Listening for %s requests on TCP port %d\n", |
| 661 | (flags&HTTP_SERVER_SCGI)!=0 ? "SCGI" : |
| 662 | g.httpUseSSL ? "TLS-encrypted HTTPS" : "HTTP", iPort); |
| 663 | if( zBrowser ){ |
| 664 | zBrowser = mprintf(zBrowser /*works-like:"%d"*/, iPort); |
| 665 | fossil_print("Launch webbrowser: %s\n", zBrowser); |
| 666 | fossil_system(zBrowser); |
| 667 | } |
| 668 |