Fossil SCM
For the "fossil http" command with the --https option, try to get the remove IP address from the REMOTE_HOST environment variable, it it exists. This will mean that the correct remote IP address is obtained when stunnel provides SSL decoding for Fossil.
Commit
afc2f5e661266b4aff3d3ec0264d4a99c768a14b
Parent
82e30c0000dfe41…
1 file changed
+5
-3
+5
-3
| --- src/main.c | ||
| +++ src/main.c | ||
| @@ -1927,11 +1927,11 @@ | ||
| 1927 | 1927 | ** --scgi Interpret input as SCGI rather than HTTP |
| 1928 | 1928 | ** |
| 1929 | 1929 | ** See also: cgi, server, winsrv |
| 1930 | 1930 | */ |
| 1931 | 1931 | void cmd_http(void){ |
| 1932 | - const char *zIpAddr; | |
| 1932 | + const char *zIpAddr = 0; | |
| 1933 | 1933 | const char *zNotFound; |
| 1934 | 1934 | const char *zHost; |
| 1935 | 1935 | const char *zAltBase; |
| 1936 | 1936 | const char *zFileGlob; |
| 1937 | 1937 | int useSCGI; |
| @@ -1952,11 +1952,14 @@ | ||
| 1952 | 1952 | g.useLocalauth = find_option("localauth", 0, 0)!=0; |
| 1953 | 1953 | g.sslNotAvailable = find_option("nossl", 0, 0)!=0; |
| 1954 | 1954 | useSCGI = find_option("scgi", 0, 0)!=0; |
| 1955 | 1955 | zAltBase = find_option("baseurl", 0, 1); |
| 1956 | 1956 | if( zAltBase ) set_base_url(zAltBase); |
| 1957 | - if( find_option("https",0,0)!=0 ) cgi_replace_parameter("HTTPS","on"); | |
| 1957 | + if( find_option("https",0,0)!=0 ){ | |
| 1958 | + zIpAddr = fossil_getenv("REMOTE_HOST"); /* From stunnel */ | |
| 1959 | + cgi_replace_parameter("HTTPS","on"); | |
| 1960 | + } | |
| 1958 | 1961 | zHost = find_option("host", 0, 1); |
| 1959 | 1962 | if( zHost ) cgi_replace_parameter("HTTP_HOST",zHost); |
| 1960 | 1963 | g.cgiOutput = 1; |
| 1961 | 1964 | |
| 1962 | 1965 | /* We should be done with options.. */ |
| @@ -1972,11 +1975,10 @@ | ||
| 1972 | 1975 | zIpAddr = g.argv[4]; |
| 1973 | 1976 | find_server_repository(0, 5); |
| 1974 | 1977 | }else{ |
| 1975 | 1978 | g.httpIn = stdin; |
| 1976 | 1979 | g.httpOut = stdout; |
| 1977 | - zIpAddr = 0; | |
| 1978 | 1980 | find_server_repository(0, 2); |
| 1979 | 1981 | } |
| 1980 | 1982 | if( zIpAddr==0 ){ |
| 1981 | 1983 | zIpAddr = cgi_ssh_remote_addr(0); |
| 1982 | 1984 | if( zIpAddr && zIpAddr[0] ){ |
| 1983 | 1985 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -1927,11 +1927,11 @@ | |
| 1927 | ** --scgi Interpret input as SCGI rather than HTTP |
| 1928 | ** |
| 1929 | ** See also: cgi, server, winsrv |
| 1930 | */ |
| 1931 | void cmd_http(void){ |
| 1932 | const char *zIpAddr; |
| 1933 | const char *zNotFound; |
| 1934 | const char *zHost; |
| 1935 | const char *zAltBase; |
| 1936 | const char *zFileGlob; |
| 1937 | int useSCGI; |
| @@ -1952,11 +1952,14 @@ | |
| 1952 | g.useLocalauth = find_option("localauth", 0, 0)!=0; |
| 1953 | g.sslNotAvailable = find_option("nossl", 0, 0)!=0; |
| 1954 | useSCGI = find_option("scgi", 0, 0)!=0; |
| 1955 | zAltBase = find_option("baseurl", 0, 1); |
| 1956 | if( zAltBase ) set_base_url(zAltBase); |
| 1957 | if( find_option("https",0,0)!=0 ) cgi_replace_parameter("HTTPS","on"); |
| 1958 | zHost = find_option("host", 0, 1); |
| 1959 | if( zHost ) cgi_replace_parameter("HTTP_HOST",zHost); |
| 1960 | g.cgiOutput = 1; |
| 1961 | |
| 1962 | /* We should be done with options.. */ |
| @@ -1972,11 +1975,10 @@ | |
| 1972 | zIpAddr = g.argv[4]; |
| 1973 | find_server_repository(0, 5); |
| 1974 | }else{ |
| 1975 | g.httpIn = stdin; |
| 1976 | g.httpOut = stdout; |
| 1977 | zIpAddr = 0; |
| 1978 | find_server_repository(0, 2); |
| 1979 | } |
| 1980 | if( zIpAddr==0 ){ |
| 1981 | zIpAddr = cgi_ssh_remote_addr(0); |
| 1982 | if( zIpAddr && zIpAddr[0] ){ |
| 1983 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -1927,11 +1927,11 @@ | |
| 1927 | ** --scgi Interpret input as SCGI rather than HTTP |
| 1928 | ** |
| 1929 | ** See also: cgi, server, winsrv |
| 1930 | */ |
| 1931 | void cmd_http(void){ |
| 1932 | const char *zIpAddr = 0; |
| 1933 | const char *zNotFound; |
| 1934 | const char *zHost; |
| 1935 | const char *zAltBase; |
| 1936 | const char *zFileGlob; |
| 1937 | int useSCGI; |
| @@ -1952,11 +1952,14 @@ | |
| 1952 | g.useLocalauth = find_option("localauth", 0, 0)!=0; |
| 1953 | g.sslNotAvailable = find_option("nossl", 0, 0)!=0; |
| 1954 | useSCGI = find_option("scgi", 0, 0)!=0; |
| 1955 | zAltBase = find_option("baseurl", 0, 1); |
| 1956 | if( zAltBase ) set_base_url(zAltBase); |
| 1957 | if( find_option("https",0,0)!=0 ){ |
| 1958 | zIpAddr = fossil_getenv("REMOTE_HOST"); /* From stunnel */ |
| 1959 | cgi_replace_parameter("HTTPS","on"); |
| 1960 | } |
| 1961 | zHost = find_option("host", 0, 1); |
| 1962 | if( zHost ) cgi_replace_parameter("HTTP_HOST",zHost); |
| 1963 | g.cgiOutput = 1; |
| 1964 | |
| 1965 | /* We should be done with options.. */ |
| @@ -1972,11 +1975,10 @@ | |
| 1975 | zIpAddr = g.argv[4]; |
| 1976 | find_server_repository(0, 5); |
| 1977 | }else{ |
| 1978 | g.httpIn = stdin; |
| 1979 | g.httpOut = stdout; |
| 1980 | find_server_repository(0, 2); |
| 1981 | } |
| 1982 | if( zIpAddr==0 ){ |
| 1983 | zIpAddr = cgi_ssh_remote_addr(0); |
| 1984 | if( zIpAddr && zIpAddr[0] ){ |
| 1985 |