* Got HTTPS to work with Mozilla (by twiddling stuff that I still don't

  understand, but read at http://www.informit.com/articles/article.asp?p=22078
  ).  Still doesn't work with Internet Monopolizer, though.

diff --git a/webcit/ChangeLog b/webcit/ChangeLog
index 7fdfb112ff51ec59c6c70c2d65fafa9067a001a8..3f4ee179cd607eaa741f7ec55391067fe834ead3 100644 (file)
--- a/webcit/ChangeLog
+++ b/webcit/ChangeLog
@@ -1,4 +1,9 @@
 $Log$
+Revision 506.8  2004/04/21 02:19:41  ajc
+* Got HTTPS to work with Mozilla (by twiddling stuff that I still don't
+  understand, but read at http://www.informit.com/articles/article.asp?p=22078
+  ).  Still doesn't work with Internet Monopolizer, though.
+
 Revision 506.7  2004/04/20 02:32:44  ajc
 * Allow setup to run seamlessly from within the Citadel/UX Ridiculously
   Easy Installer by observing the values of environment variables
@@ -1781,4 +1786,3 @@ Sun Dec  6 19:50:55 EST 1998 Art Cancro <ajc@uncnsrd.mt-kisco.ny.us>
 
 1998-12-03 Nathan Bryant <bryant@cs.usm.maine.edu>
        * webserver.c: warning fix
-

diff --git a/webcit/crypto.c b/webcit/crypto.c
index c0e28726eb59e630244c756082ae395130ba220d..66b21cf20ac5b5f0b544ca7056b9275d5d59e2f2 100644 (file)
--- a/webcit/crypto.c
+++ b/webcit/crypto.c
@@ -25,7 +25,6 @@
 #define DH_P           "1A74527AEE4EE2568E85D4FB2E65E18C9394B9C80C42507D7A6A0DBE9A9A54B05A9A96800C34C7AA5297095B69C88901EEFD127F969DCA26A54C0E0B5C5473EBAEB00957D2633ECAE3835775425DE66C0DE6D024DBB17445E06E6B0C78415E589B8814F08531D02FD43778451E7685541079CFFB79EF0D26EFEEBBB69D1E80383"
 #define DH_G           "2"
 #define DH_L           1024
-#define CIT_CIPHERS    "ALL:RC4+RSA:+SSLv2:@STRENGTH"  /* see ciphers(1) */
 
 SSL_CTX *ssl_ctx;              /* SSL context */
 pthread_mutex_t **SSLCritters; /* Things needing locking */
@@ -120,25 +119,14 @@ void init_ssl(void)
         * Initialize SSL transport layer
         */
        SSL_library_init();
+       OpenSSL_add_all_algorithms();
        SSL_load_error_strings();
-       ssl_method = SSLv23_server_method();
+       ssl_method = SSLv2_server_method();
        if (!(ssl_ctx = SSL_CTX_new(ssl_method))) {
                lprintf(3, "SSL_CTX_new failed: %s\n",
                        ERR_reason_error_string(ERR_get_error()));
                return;
        }
-       if (!(SSL_CTX_set_cipher_list(ssl_ctx, CIT_CIPHERS))) {
-               lprintf(3, "SSL: No ciphers available\n");
-               SSL_CTX_free(ssl_ctx);
-               ssl_ctx = NULL;
-               return;
-       }
-#if 0
-#if SSLEAY_VERSION_NUMBER >= 0x00906000L
-       SSL_CTX_set_mode(ssl_ctx, SSL_CTX_get_mode(ssl_ctx) |
-                        SSL_MODE_AUTO_RETRY);
-#endif
-#endif
 
        CRYPTO_set_locking_callback(ssl_lock);
        CRYPTO_set_id_callback(id_callback);

diff --git a/webcit/webserver.c b/webcit/webserver.c
index 1c308dc0c3db2ea5c030ce4c549be44e6caade29..07e10504fb792039a601e31c73d89e05d62df5ff 100644 (file)
--- a/webcit/webserver.c
+++ b/webcit/webserver.c
@@ -395,17 +395,18 @@ void worker_entry(void) {
                        if (is_https) {
                                if (starttls(ssock) != 0) {
                                        fail_this_transaction = 1;
+                                       close(ssock);
                                }
                        }
 #endif
 
-                       /* Perform an HTTP transaction... */
                        if (fail_this_transaction == 0) {
+                               /* Perform an HTTP transaction... */
                                context_loop(ssock);
+                               /* ...and close the socket. */
+                               lingering_close(ssock);
                        }
 
-                       /* ...and close the socket. */
-                       lingering_close(ssock);
                }
 
        } while (!time_to_die);