#include <stdarg.h>
#include <pthread.h>
#include <signal.h>
-
#include "webcit.h"
#include "webserver.h"
int verbosity = 9; /* Logging level */
int msock; /* master listening socket */
+int is_https = 0; /* Nonzero if I am an HTTPS service */
extern void *context_loop(int);
extern void *housekeeping_loop(void);
extern pthread_mutex_t SessionListMutex;
struct timeval tv;
int retval;
+
+#ifdef HAVE_OPENSSL
+ if (is_https) {
+ return(client_read_ssl(buf, bytes, timeout));
+ }
+#endif
+
len = 0;
while (len < bytes) {
FD_ZERO(&rfds);
if (FD_ISSET(sock, &rfds) == 0) {
return (0);
}
+
rlen = read(sock, &buf[len], bytes - len);
+
if (rlen < 1) {
lprintf(2, "client_read() failed: %s\n",
strerror(errno));
return (1);
}
+
+ssize_t client_write(const void *buf, size_t count) {
+#ifdef HAVE_OPENSSL
+ if (is_https) {
+ client_write_ssl((char *)buf, count);
+ return(count);
+ }
+#endif
+ return(write(WC->http_sock, buf, count));
+}
+
+
/*
* Read data from the client socket with default timeout.
* (This is implemented in terms of client_read_to() and could be
char tracefile[PATH_MAX];
/* Parse command line */
+#ifdef HAVE_OPENSSL
+ while ((a = getopt(argc, argv, "hp:t:cs")) != EOF)
+#else
while ((a = getopt(argc, argv, "hp:t:c")) != EOF)
+#endif
switch (a) {
case 'p':
port = atoi(optarg);
}
}
break;
+ case 's':
+ is_https = 1;
+ break;
default:
fprintf(stderr, "usage: webserver [-p localport] "
"[-t tracefile] [-c] "
+#ifdef HAVE_OPENSSL
+ "[-s] "
+#endif
"[remotehost [remoteport]]\n");
return 1;
}
}
/* Tell 'em who's in da house */
lprintf(1, SERVER "\n"
-"Copyright (C) 1996-2003 by the Citadel/UX development team.\n"
+"Copyright (C) 1996-2004 by the Citadel/UX development team.\n"
"This software is distributed under the terms of the GNU General Public\n"
"License. If you paid for this software, someone is ripping you off.\n\n");
lprintf(1, "Can't create TSD key: %s\n", strerror(errno));
}
+ /*
+ * Set up a place to put thread-specific SSL data.
+ * We don't stick this in the wcsession struct because SSL starts
+ * up before the session is bound, and it gets torn down between
+ * transactions.
+ */
+#ifdef HAVE_OPENSSL
+ if (pthread_key_create(&ThreadSSL, NULL) != 0) {
+ lprintf(1, "Can't create TSD key: %s\n", strerror(errno));
+ }
+#endif
+
/*
* Bind the server to our favorite port.
* There is no need to check for errors, because ig_tcp_server()
(void *(*)(void *)) housekeeping_loop, NULL);
+ /*
+ * If this is an HTTPS server, fire up SSL
+ */
+#ifdef HAVE_OPENSSL
+ if (is_https) {
+ init_ssl();
+ }
+#endif
+
/* Start a few initial worker threads */
- for (i=0; i<(INITIAL_WORKER_THREADS); ++i) {
+ for (i=0; i<(MIN_WORKER_THREADS); ++i) {
spawn_another_worker_thread();
}
- /* now the original thread can go away. */
- pthread_exit(NULL);
+ /* now the original thread becomes another worker */
+ worker_entry();
return 0;
}
int ssock;
int i = 0;
int time_to_die = 0;
- time_t start_time, stop_time;
+ int fail_this_transaction = 0;
do {
/* Only one thread can accept at a time */
- start_time = time(NULL);
+ fail_this_transaction = 0;
ssock = accept(msock, NULL, 0);
- stop_time = time(NULL);
-
- /* Augment the thread pool if we're not blocking at all */
- if ( (stop_time - start_time) == 0L) {
- spawn_another_worker_thread();
- }
-
if (ssock < 0) {
lprintf(2, "accept() failed: %s\n", strerror(errno));
} else {
setsockopt(ssock, SOL_SOCKET, SO_REUSEADDR,
&i, sizeof(i));
- /* Perform an HTTP transaction... */
- context_loop(ssock);
+ /* If we are an HTTPS server, go crypto now. */
+#ifdef HAVE_OPENSSL
+ if (is_https) {
+ if (starttls(ssock) != 0) {
+ fail_this_transaction = 1;
+ close(ssock);
+ }
+ }
+#endif
+
+ if (fail_this_transaction == 0) {
+ /* Perform an HTTP transaction... */
+ context_loop(ssock);
+ /* ...and close the socket. */
+ lingering_close(ssock);
+ }
- /* ...and close the socket. */
- lingering_close(ssock);
}
} while (!time_to_die);