Fossil SCM
Add support for --tls on the "fossil http" command.
Commit
8429f8a3df60ba1227373afee23cba40593d94b716d5912c1f4ab4e2ade97de9
Parent
b265013b66091f1…
1 file changed
+72
-50
+72
-50
| --- src/main.c | ||
| +++ src/main.c | ||
| @@ -2556,10 +2556,29 @@ | ||
| 2556 | 2556 | } |
| 2557 | 2557 | } |
| 2558 | 2558 | #endif |
| 2559 | 2559 | @ %d(GETPID()) |
| 2560 | 2560 | } |
| 2561 | + | |
| 2562 | +/* | |
| 2563 | +** Check for options to "fossil server" or "fossil ui" that imply that | |
| 2564 | +** SSL should be used, and initialize the SSL decoder. | |
| 2565 | +*/ | |
| 2566 | +static void decode_ssl_options(void){ | |
| 2567 | +#if FOSSIL_ENABLE_SSL | |
| 2568 | + const char *zCertFile = 0; | |
| 2569 | + zCertFile = find_option("tls-cert-file",0,1); | |
| 2570 | + if( zCertFile ){ | |
| 2571 | + g.httpUseSSL = 1; | |
| 2572 | + ssl_init_server(zCertFile, zCertFile); | |
| 2573 | + } | |
| 2574 | + if( find_option("tls",0,0)!=0 || find_option("ssl",0,0)!=0 ){ | |
| 2575 | + g.httpUseSSL = 1; | |
| 2576 | + ssl_init_server(0,0); | |
| 2577 | + } | |
| 2578 | +#endif | |
| 2579 | +} | |
| 2561 | 2580 | |
| 2562 | 2581 | /* |
| 2563 | 2582 | ** COMMAND: http* |
| 2564 | 2583 | ** |
| 2565 | 2584 | ** Usage: %fossil http ?REPOSITORY? ?OPTIONS? |
| @@ -2590,20 +2609,20 @@ | ||
| 2590 | 2609 | ** If the --localauth option is given, then automatic login is performed |
| 2591 | 2610 | ** for requests coming from localhost, if the "localauth" setting is not |
| 2592 | 2611 | ** enabled. |
| 2593 | 2612 | ** |
| 2594 | 2613 | ** Options: |
| 2595 | -** --baseurl URL base URL (useful with reverse proxies) | |
| 2596 | -** --chroot DIR Use directory for chroot instead of repository path. | |
| 2597 | -** --ckout-alias N Treat URIs of the form /doc/N/... as if they were | |
| 2598 | -** /doc/ckout/... | |
| 2599 | -** --extroot DIR document root for the /ext extension mechanism | |
| 2600 | -** --files GLOB comma-separate glob patterns for static file to serve | |
| 2601 | -** --host NAME specify hostname of the server | |
| 2602 | -** --https signal a request coming in via https | |
| 2603 | -** --in FILE Take input from FILE instead of standard input | |
| 2604 | -** --ipaddr ADDR Assume the request comes from the given IP address | |
| 2614 | +** --baseurl URL base URL (useful with reverse proxies) | |
| 2615 | +** --chroot DIR Use directory for chroot instead of repository path. | |
| 2616 | +** --ckout-alias N Treat URIs of the form /doc/N/... as if they were | |
| 2617 | +** /doc/ckout/... | |
| 2618 | +** --extroot DIR document root for the /ext extension mechanism | |
| 2619 | +** --files GLOB comma-separate glob patterns for static file to serve | |
| 2620 | +** --host NAME specify hostname of the server | |
| 2621 | +** --https signal a request coming in via https | |
| 2622 | +** --in FILE Take input from FILE instead of standard input | |
| 2623 | +** --ipaddr ADDR Assume the request comes from the given IP address | |
| 2605 | 2624 | ** --jsmode MODE Determine how JavaScript is delivered with pages. |
| 2606 | 2625 | ** Mode can be one of: |
| 2607 | 2626 | ** inline All JavaScript is inserted inline at |
| 2608 | 2627 | ** one or more points in the HTML file. |
| 2609 | 2628 | ** separate Separate HTTP requests are made for |
| @@ -2613,25 +2632,29 @@ | ||
| 2613 | 2632 | ** concatenate scripts together. |
| 2614 | 2633 | ** Depending on the needs of any given page, inline |
| 2615 | 2634 | ** and bundled modes might result in a single |
| 2616 | 2635 | ** amalgamated script or several, but both approaches |
| 2617 | 2636 | ** result in fewer HTTP requests than the separate mode. |
| 2618 | -** --localauth enable automatic login for local connections | |
| 2619 | -** --nocompress do not compress HTTP replies | |
| 2620 | -** --nodelay omit backoffice processing if it would delay process exit | |
| 2621 | -** --nojail drop root privilege but do not enter the chroot jail | |
| 2622 | -** --nossl signal that no SSL connections are available | |
| 2623 | -** --notfound URL use URL as "HTTP 404, object not found" page. | |
| 2624 | -** --out FILE write results to FILE instead of to standard output | |
| 2625 | -** --repolist If REPOSITORY is directory, URL "/" lists all repos | |
| 2626 | -** --scgi Interpret input as SCGI rather than HTTP | |
| 2627 | -** --skin LABEL Use override skin LABEL | |
| 2628 | -** --th-trace trace TH1 execution (for debugging purposes) | |
| 2629 | -** --mainmenu FILE Override the mainmenu config setting with the contents | |
| 2630 | -** of the given file. | |
| 2631 | -** --usepidkey Use saved encryption key from parent process. This is | |
| 2632 | -** only necessary when using SEE on Windows. | |
| 2637 | +** --localauth enable automatic login for local connections | |
| 2638 | +** --mainmenu FILE Override the mainmenu config setting with the contents | |
| 2639 | +** of the given file. | |
| 2640 | +** --nocompress do not compress HTTP replies | |
| 2641 | +** --nodelay omit backoffice processing if it would delay | |
| 2642 | +** process exit | |
| 2643 | +** --nojail drop root privilege but do not enter the chroot jail | |
| 2644 | +** --nossl signal that no SSL connections are available | |
| 2645 | +** --notfound URL use URL as "HTTP 404, object not found" page. | |
| 2646 | +** --out FILE write results to FILE instead of to standard output | |
| 2647 | +** --repolist If REPOSITORY is directory, URL "/" lists all repos | |
| 2648 | +** --scgi Interpret input as SCGI rather than HTTP | |
| 2649 | +** --skin LABEL Use override skin LABEL | |
| 2650 | +** --ssl Use TLS (HTTPS) encryption. Alias for --tls | |
| 2651 | +** --th-trace trace TH1 execution (for debugging purposes) | |
| 2652 | +** --tls Use TLS (HTTPS) encryption. | |
| 2653 | +** --tls-cert-file FN Read the TLS certificate and private key from FN | |
| 2654 | +** --usepidkey Use saved encryption key from parent process. This is | |
| 2655 | +** only necessary when using SEE on Windows. | |
| 2633 | 2656 | ** |
| 2634 | 2657 | ** See also: [[cgi]], [[server]], [[winsrv]] |
| 2635 | 2658 | */ |
| 2636 | 2659 | void cmd_http(void){ |
| 2637 | 2660 | const char *zIpAddr = 0; |
| @@ -2699,13 +2722,26 @@ | ||
| 2699 | 2722 | if( zHost ) cgi_replace_parameter("HTTP_HOST",zHost); |
| 2700 | 2723 | g.zMainMenuFile = find_option("mainmenu",0,1); |
| 2701 | 2724 | if( g.zMainMenuFile!=0 && file_size(g.zMainMenuFile,ExtFILE)<0 ){ |
| 2702 | 2725 | fossil_fatal("Cannot read --mainmenu file %s", g.zMainMenuFile); |
| 2703 | 2726 | } |
| 2727 | + decode_ssl_options(); | |
| 2704 | 2728 | |
| 2705 | 2729 | /* We should be done with options.. */ |
| 2706 | 2730 | verify_all_options(); |
| 2731 | + if( g.httpUseSSL ){ | |
| 2732 | + if( useSCGI ){ | |
| 2733 | + fossil_fatal("SSL not (yet) supported for SCGI"); | |
| 2734 | + } | |
| 2735 | + if( g.fSshClient & CGI_SSH_CLIENT ){ | |
| 2736 | + fossil_fatal("SSL not compatible with SSH"); | |
| 2737 | + } | |
| 2738 | + if( zInFile || zOutFile ){ | |
| 2739 | + fossil_fatal("SSL usable only on a socket"); | |
| 2740 | + } | |
| 2741 | + cgi_replace_parameter("HTTPS","on"); | |
| 2742 | + } | |
| 2707 | 2743 | |
| 2708 | 2744 | if( g.argc!=2 && g.argc!=3 ) usage("?REPOSITORY?"); |
| 2709 | 2745 | g.cgiOutput = 1; |
| 2710 | 2746 | g.fullHttpReply = 1; |
| 2711 | 2747 | find_server_repository(2, 0); |
| @@ -2723,13 +2759,24 @@ | ||
| 2723 | 2759 | if( useSCGI ){ |
| 2724 | 2760 | cgi_handle_scgi_request(); |
| 2725 | 2761 | }else if( g.fSshClient & CGI_SSH_CLIENT ){ |
| 2726 | 2762 | ssh_request_loop(zIpAddr, glob_create(zFileGlob)); |
| 2727 | 2763 | }else{ |
| 2764 | +#if FOSSIL_ENABLE_SSL | |
| 2765 | + if( g.httpUseSSL ){ | |
| 2766 | + g.httpSSLConn = ssl_new_server(0,-1); | |
| 2767 | + } | |
| 2768 | +#endif | |
| 2728 | 2769 | cgi_handle_http_request(zIpAddr); |
| 2729 | 2770 | } |
| 2730 | 2771 | process_one_web_page(zNotFound, glob_create(zFileGlob), allowRepoList); |
| 2772 | +#if FOSSIL_ENABLE_SSL | |
| 2773 | + if( g.httpUseSSL && g.httpSSLConn ){ | |
| 2774 | + ssl_close_server(g.httpSSLConn); | |
| 2775 | + g.httpSSLConn = 0; | |
| 2776 | + } | |
| 2777 | +#endif /* FOSSIL_ENABLE_SSL */ | |
| 2731 | 2778 | } |
| 2732 | 2779 | |
| 2733 | 2780 | /* |
| 2734 | 2781 | ** Process all requests in a single SSH connection if possible. |
| 2735 | 2782 | */ |
| @@ -2833,35 +2880,10 @@ | ||
| 2833 | 2880 | void fossil_set_timeout(int N){ |
| 2834 | 2881 | #ifndef _WIN32 |
| 2835 | 2882 | signal(SIGALRM, sigalrm_handler); |
| 2836 | 2883 | alarm(N); |
| 2837 | 2884 | nAlarmSeconds = N; |
| 2838 | -#endif | |
| 2839 | -} | |
| 2840 | - | |
| 2841 | -/* | |
| 2842 | -** Check for options to "fossil server" or "fossil ui" that imply that | |
| 2843 | -** SSL should be used, and initialize the SSL decoder. | |
| 2844 | -*/ | |
| 2845 | -static void decode_ssl_options(void){ | |
| 2846 | -#if FOSSIL_ENABLE_SSL | |
| 2847 | - const char *zCertFile = 0; | |
| 2848 | - zCertFile = find_option("tls-cert-file",0,1); | |
| 2849 | - if( zCertFile ){ | |
| 2850 | - g.httpUseSSL = 1; | |
| 2851 | - ssl_init_server(zCertFile, zCertFile); | |
| 2852 | - } | |
| 2853 | - if( find_option("tls",0,0)!=0 || find_option("ssl",0,0)!=0 ){ | |
| 2854 | - g.httpUseSSL = 1; | |
| 2855 | - ssl_init_server(0,0); | |
| 2856 | - } | |
| 2857 | -#if !defined(_WIN32) | |
| 2858 | - if( db_get_int("redirect-to-https",0)==2 ){ | |
| 2859 | - g.httpUseSSL = 1; | |
| 2860 | - ssl_init_server(0,0); | |
| 2861 | - } | |
| 2862 | -#endif | |
| 2863 | 2885 | #endif |
| 2864 | 2886 | } |
| 2865 | 2887 | |
| 2866 | 2888 | /* |
| 2867 | 2889 | ** COMMAND: server* |
| 2868 | 2890 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -2556,10 +2556,29 @@ | |
| 2556 | } |
| 2557 | } |
| 2558 | #endif |
| 2559 | @ %d(GETPID()) |
| 2560 | } |
| 2561 | |
| 2562 | /* |
| 2563 | ** COMMAND: http* |
| 2564 | ** |
| 2565 | ** Usage: %fossil http ?REPOSITORY? ?OPTIONS? |
| @@ -2590,20 +2609,20 @@ | |
| 2590 | ** If the --localauth option is given, then automatic login is performed |
| 2591 | ** for requests coming from localhost, if the "localauth" setting is not |
| 2592 | ** enabled. |
| 2593 | ** |
| 2594 | ** Options: |
| 2595 | ** --baseurl URL base URL (useful with reverse proxies) |
| 2596 | ** --chroot DIR Use directory for chroot instead of repository path. |
| 2597 | ** --ckout-alias N Treat URIs of the form /doc/N/... as if they were |
| 2598 | ** /doc/ckout/... |
| 2599 | ** --extroot DIR document root for the /ext extension mechanism |
| 2600 | ** --files GLOB comma-separate glob patterns for static file to serve |
| 2601 | ** --host NAME specify hostname of the server |
| 2602 | ** --https signal a request coming in via https |
| 2603 | ** --in FILE Take input from FILE instead of standard input |
| 2604 | ** --ipaddr ADDR Assume the request comes from the given IP address |
| 2605 | ** --jsmode MODE Determine how JavaScript is delivered with pages. |
| 2606 | ** Mode can be one of: |
| 2607 | ** inline All JavaScript is inserted inline at |
| 2608 | ** one or more points in the HTML file. |
| 2609 | ** separate Separate HTTP requests are made for |
| @@ -2613,25 +2632,29 @@ | |
| 2613 | ** concatenate scripts together. |
| 2614 | ** Depending on the needs of any given page, inline |
| 2615 | ** and bundled modes might result in a single |
| 2616 | ** amalgamated script or several, but both approaches |
| 2617 | ** result in fewer HTTP requests than the separate mode. |
| 2618 | ** --localauth enable automatic login for local connections |
| 2619 | ** --nocompress do not compress HTTP replies |
| 2620 | ** --nodelay omit backoffice processing if it would delay process exit |
| 2621 | ** --nojail drop root privilege but do not enter the chroot jail |
| 2622 | ** --nossl signal that no SSL connections are available |
| 2623 | ** --notfound URL use URL as "HTTP 404, object not found" page. |
| 2624 | ** --out FILE write results to FILE instead of to standard output |
| 2625 | ** --repolist If REPOSITORY is directory, URL "/" lists all repos |
| 2626 | ** --scgi Interpret input as SCGI rather than HTTP |
| 2627 | ** --skin LABEL Use override skin LABEL |
| 2628 | ** --th-trace trace TH1 execution (for debugging purposes) |
| 2629 | ** --mainmenu FILE Override the mainmenu config setting with the contents |
| 2630 | ** of the given file. |
| 2631 | ** --usepidkey Use saved encryption key from parent process. This is |
| 2632 | ** only necessary when using SEE on Windows. |
| 2633 | ** |
| 2634 | ** See also: [[cgi]], [[server]], [[winsrv]] |
| 2635 | */ |
| 2636 | void cmd_http(void){ |
| 2637 | const char *zIpAddr = 0; |
| @@ -2699,13 +2722,26 @@ | |
| 2699 | if( zHost ) cgi_replace_parameter("HTTP_HOST",zHost); |
| 2700 | g.zMainMenuFile = find_option("mainmenu",0,1); |
| 2701 | if( g.zMainMenuFile!=0 && file_size(g.zMainMenuFile,ExtFILE)<0 ){ |
| 2702 | fossil_fatal("Cannot read --mainmenu file %s", g.zMainMenuFile); |
| 2703 | } |
| 2704 | |
| 2705 | /* We should be done with options.. */ |
| 2706 | verify_all_options(); |
| 2707 | |
| 2708 | if( g.argc!=2 && g.argc!=3 ) usage("?REPOSITORY?"); |
| 2709 | g.cgiOutput = 1; |
| 2710 | g.fullHttpReply = 1; |
| 2711 | find_server_repository(2, 0); |
| @@ -2723,13 +2759,24 @@ | |
| 2723 | if( useSCGI ){ |
| 2724 | cgi_handle_scgi_request(); |
| 2725 | }else if( g.fSshClient & CGI_SSH_CLIENT ){ |
| 2726 | ssh_request_loop(zIpAddr, glob_create(zFileGlob)); |
| 2727 | }else{ |
| 2728 | cgi_handle_http_request(zIpAddr); |
| 2729 | } |
| 2730 | process_one_web_page(zNotFound, glob_create(zFileGlob), allowRepoList); |
| 2731 | } |
| 2732 | |
| 2733 | /* |
| 2734 | ** Process all requests in a single SSH connection if possible. |
| 2735 | */ |
| @@ -2833,35 +2880,10 @@ | |
| 2833 | void fossil_set_timeout(int N){ |
| 2834 | #ifndef _WIN32 |
| 2835 | signal(SIGALRM, sigalrm_handler); |
| 2836 | alarm(N); |
| 2837 | nAlarmSeconds = N; |
| 2838 | #endif |
| 2839 | } |
| 2840 | |
| 2841 | /* |
| 2842 | ** Check for options to "fossil server" or "fossil ui" that imply that |
| 2843 | ** SSL should be used, and initialize the SSL decoder. |
| 2844 | */ |
| 2845 | static void decode_ssl_options(void){ |
| 2846 | #if FOSSIL_ENABLE_SSL |
| 2847 | const char *zCertFile = 0; |
| 2848 | zCertFile = find_option("tls-cert-file",0,1); |
| 2849 | if( zCertFile ){ |
| 2850 | g.httpUseSSL = 1; |
| 2851 | ssl_init_server(zCertFile, zCertFile); |
| 2852 | } |
| 2853 | if( find_option("tls",0,0)!=0 || find_option("ssl",0,0)!=0 ){ |
| 2854 | g.httpUseSSL = 1; |
| 2855 | ssl_init_server(0,0); |
| 2856 | } |
| 2857 | #if !defined(_WIN32) |
| 2858 | if( db_get_int("redirect-to-https",0)==2 ){ |
| 2859 | g.httpUseSSL = 1; |
| 2860 | ssl_init_server(0,0); |
| 2861 | } |
| 2862 | #endif |
| 2863 | #endif |
| 2864 | } |
| 2865 | |
| 2866 | /* |
| 2867 | ** COMMAND: server* |
| 2868 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -2556,10 +2556,29 @@ | |
| 2556 | } |
| 2557 | } |
| 2558 | #endif |
| 2559 | @ %d(GETPID()) |
| 2560 | } |
| 2561 | |
| 2562 | /* |
| 2563 | ** Check for options to "fossil server" or "fossil ui" that imply that |
| 2564 | ** SSL should be used, and initialize the SSL decoder. |
| 2565 | */ |
| 2566 | static void decode_ssl_options(void){ |
| 2567 | #if FOSSIL_ENABLE_SSL |
| 2568 | const char *zCertFile = 0; |
| 2569 | zCertFile = find_option("tls-cert-file",0,1); |
| 2570 | if( zCertFile ){ |
| 2571 | g.httpUseSSL = 1; |
| 2572 | ssl_init_server(zCertFile, zCertFile); |
| 2573 | } |
| 2574 | if( find_option("tls",0,0)!=0 || find_option("ssl",0,0)!=0 ){ |
| 2575 | g.httpUseSSL = 1; |
| 2576 | ssl_init_server(0,0); |
| 2577 | } |
| 2578 | #endif |
| 2579 | } |
| 2580 | |
| 2581 | /* |
| 2582 | ** COMMAND: http* |
| 2583 | ** |
| 2584 | ** Usage: %fossil http ?REPOSITORY? ?OPTIONS? |
| @@ -2590,20 +2609,20 @@ | |
| 2609 | ** If the --localauth option is given, then automatic login is performed |
| 2610 | ** for requests coming from localhost, if the "localauth" setting is not |
| 2611 | ** enabled. |
| 2612 | ** |
| 2613 | ** Options: |
| 2614 | ** --baseurl URL base URL (useful with reverse proxies) |
| 2615 | ** --chroot DIR Use directory for chroot instead of repository path. |
| 2616 | ** --ckout-alias N Treat URIs of the form /doc/N/... as if they were |
| 2617 | ** /doc/ckout/... |
| 2618 | ** --extroot DIR document root for the /ext extension mechanism |
| 2619 | ** --files GLOB comma-separate glob patterns for static file to serve |
| 2620 | ** --host NAME specify hostname of the server |
| 2621 | ** --https signal a request coming in via https |
| 2622 | ** --in FILE Take input from FILE instead of standard input |
| 2623 | ** --ipaddr ADDR Assume the request comes from the given IP address |
| 2624 | ** --jsmode MODE Determine how JavaScript is delivered with pages. |
| 2625 | ** Mode can be one of: |
| 2626 | ** inline All JavaScript is inserted inline at |
| 2627 | ** one or more points in the HTML file. |
| 2628 | ** separate Separate HTTP requests are made for |
| @@ -2613,25 +2632,29 @@ | |
| 2632 | ** concatenate scripts together. |
| 2633 | ** Depending on the needs of any given page, inline |
| 2634 | ** and bundled modes might result in a single |
| 2635 | ** amalgamated script or several, but both approaches |
| 2636 | ** result in fewer HTTP requests than the separate mode. |
| 2637 | ** --localauth enable automatic login for local connections |
| 2638 | ** --mainmenu FILE Override the mainmenu config setting with the contents |
| 2639 | ** of the given file. |
| 2640 | ** --nocompress do not compress HTTP replies |
| 2641 | ** --nodelay omit backoffice processing if it would delay |
| 2642 | ** process exit |
| 2643 | ** --nojail drop root privilege but do not enter the chroot jail |
| 2644 | ** --nossl signal that no SSL connections are available |
| 2645 | ** --notfound URL use URL as "HTTP 404, object not found" page. |
| 2646 | ** --out FILE write results to FILE instead of to standard output |
| 2647 | ** --repolist If REPOSITORY is directory, URL "/" lists all repos |
| 2648 | ** --scgi Interpret input as SCGI rather than HTTP |
| 2649 | ** --skin LABEL Use override skin LABEL |
| 2650 | ** --ssl Use TLS (HTTPS) encryption. Alias for --tls |
| 2651 | ** --th-trace trace TH1 execution (for debugging purposes) |
| 2652 | ** --tls Use TLS (HTTPS) encryption. |
| 2653 | ** --tls-cert-file FN Read the TLS certificate and private key from FN |
| 2654 | ** --usepidkey Use saved encryption key from parent process. This is |
| 2655 | ** only necessary when using SEE on Windows. |
| 2656 | ** |
| 2657 | ** See also: [[cgi]], [[server]], [[winsrv]] |
| 2658 | */ |
| 2659 | void cmd_http(void){ |
| 2660 | const char *zIpAddr = 0; |
| @@ -2699,13 +2722,26 @@ | |
| 2722 | if( zHost ) cgi_replace_parameter("HTTP_HOST",zHost); |
| 2723 | g.zMainMenuFile = find_option("mainmenu",0,1); |
| 2724 | if( g.zMainMenuFile!=0 && file_size(g.zMainMenuFile,ExtFILE)<0 ){ |
| 2725 | fossil_fatal("Cannot read --mainmenu file %s", g.zMainMenuFile); |
| 2726 | } |
| 2727 | decode_ssl_options(); |
| 2728 | |
| 2729 | /* We should be done with options.. */ |
| 2730 | verify_all_options(); |
| 2731 | if( g.httpUseSSL ){ |
| 2732 | if( useSCGI ){ |
| 2733 | fossil_fatal("SSL not (yet) supported for SCGI"); |
| 2734 | } |
| 2735 | if( g.fSshClient & CGI_SSH_CLIENT ){ |
| 2736 | fossil_fatal("SSL not compatible with SSH"); |
| 2737 | } |
| 2738 | if( zInFile || zOutFile ){ |
| 2739 | fossil_fatal("SSL usable only on a socket"); |
| 2740 | } |
| 2741 | cgi_replace_parameter("HTTPS","on"); |
| 2742 | } |
| 2743 | |
| 2744 | if( g.argc!=2 && g.argc!=3 ) usage("?REPOSITORY?"); |
| 2745 | g.cgiOutput = 1; |
| 2746 | g.fullHttpReply = 1; |
| 2747 | find_server_repository(2, 0); |
| @@ -2723,13 +2759,24 @@ | |
| 2759 | if( useSCGI ){ |
| 2760 | cgi_handle_scgi_request(); |
| 2761 | }else if( g.fSshClient & CGI_SSH_CLIENT ){ |
| 2762 | ssh_request_loop(zIpAddr, glob_create(zFileGlob)); |
| 2763 | }else{ |
| 2764 | #if FOSSIL_ENABLE_SSL |
| 2765 | if( g.httpUseSSL ){ |
| 2766 | g.httpSSLConn = ssl_new_server(0,-1); |
| 2767 | } |
| 2768 | #endif |
| 2769 | cgi_handle_http_request(zIpAddr); |
| 2770 | } |
| 2771 | process_one_web_page(zNotFound, glob_create(zFileGlob), allowRepoList); |
| 2772 | #if FOSSIL_ENABLE_SSL |
| 2773 | if( g.httpUseSSL && g.httpSSLConn ){ |
| 2774 | ssl_close_server(g.httpSSLConn); |
| 2775 | g.httpSSLConn = 0; |
| 2776 | } |
| 2777 | #endif /* FOSSIL_ENABLE_SSL */ |
| 2778 | } |
| 2779 | |
| 2780 | /* |
| 2781 | ** Process all requests in a single SSH connection if possible. |
| 2782 | */ |
| @@ -2833,35 +2880,10 @@ | |
| 2880 | void fossil_set_timeout(int N){ |
| 2881 | #ifndef _WIN32 |
| 2882 | signal(SIGALRM, sigalrm_handler); |
| 2883 | alarm(N); |
| 2884 | nAlarmSeconds = N; |
| 2885 | #endif |
| 2886 | } |
| 2887 | |
| 2888 | /* |
| 2889 | ** COMMAND: server* |
| 2890 |