symlink to Citadel's if possible.
* One server binary now forks to start both http and https servers.
$Log$
+Revision 506.11 2004/04/27 03:16:31 ajc
+* When running on the same host as Citadel, if no key/cert are found,
+ symlink to Citadel's if possible.
+* One server binary now forks to start both http and https servers.
+
Revision 506.10 2004/04/21 03:43:39 ajc
* Completed remaining SSL fixes. Works in Moz, aIEeee, Konq; self-signed
certs are also no longer invalid.
1998-12-03 Nathan Bryant <bryant@cs.usm.maine.edu>
* webserver.c: warning fix
+
Several command-line options are also available. Here's the usage for
the "webserver" program:
- webserver [-p localport] [-t tracefile] [-c] [remotehost [remoteport]]
+ webserver [-p http_port] [-s https_port] [-t tracefile]
+ [-c] [remotehost [remoteport]]
*or*
- webserver [-p localport] [-t tracefile] [-c] uds /your/citadel/directory
+ webserver [-p http_port] [-s https_port] [-t tracefile]
+ [-c] uds /your/citadel/directory
Explained:
- -> localport: the TCP port on which you wish your WebCit server to run.
+ -> http_port: the TCP port on which you wish your WebCit server to run.
this can be any port number at all; there is no standard. Naturally,
you'll want to create a link to this port on your system's regular web
pages (presumably on an Apache server running on port 80). Or, if you
are installing WebCit on a dedicated server, then you might choose to
use port 80 after all.
+ -> https_port: an optional TCP port on which you wish your WebCit server
+ to run an SSL-encrypted web service. The standard port number for this
+ is 443, and if you're not already running a secure web server you might
+ choose to use that port. Otherwise, select any free port number.
+
-> tracefile: where you want WebCit to log to. This can be a file, a
virtual console, or /dev/null to suppress logging altogether.
EVP_PKEY *req_pkey = NULL;
X509_NAME *name = NULL;
FILE *fp;
+ char buf[SIZ];
if (!access("/var/run/egd-pool", F_OK))
RAND_egd("/var/run/egd-pool");
mkdir(CTDL_CRYPTO_DIR, 0700);
/*
- * Generate a key pair if we don't have one.
+ * Before attempting to generate keys/certificates, first try
+ * link to them from the Citadel server if it's on the same host.
+ * We ignore any error return because it either meant that there
+ * was nothing in Citadel to link from (in which case we just
+ * generate new files) or the target files already exist (which
+ * is not fatal either).
+ */
+ if (!strcasecmp(ctdlhost, "uds")) {
+ sprintf(buf, "%s/keys/citadel.key", ctdlport);
+ symlink(buf, CTDL_KEY_PATH);
+ sprintf(buf, "%s/keys/citadel.csr", ctdlport);
+ symlink(buf, CTDL_CSR_PATH);
+ sprintf(buf, "%s/keys/citadel.cer", ctdlport);
+ symlink(buf, CTDL_CER_PATH);
+ }
+
+ /*
+ * If we still don't have a private key, generate one.
*/
if (access(CTDL_KEY_PATH, R_OK) != 0) {
lprintf(5, "Generating RSA key pair.\n");
pthread_attr_t attr; /* Thread attributes */
int a, i; /* General-purpose variables */
int port = PORT_NUM; /* Port to listen on */
+ int https_port = (-1);
char tracefile[PATH_MAX];
/* Parse command line */
#ifdef HAVE_OPENSSL
- while ((a = getopt(argc, argv, "hp:t:cs")) != EOF)
+ while ((a = getopt(argc, argv, "hp:t:cs:")) != EOF)
#else
while ((a = getopt(argc, argv, "hp:t:c")) != EOF)
#endif
}
break;
case 's':
- is_https = 1;
+ https_port = atoi(optarg);
break;
default:
- fprintf(stderr, "usage: webserver [-p localport] "
+ fprintf(stderr, "usage: webserver [-p http_port] "
"[-t tracefile] [-c] "
#ifdef HAVE_OPENSSL
- "[-s] "
+ "[-s https_port] "
#endif
"[remotehost [remoteport]]\n");
return 1;
if (chdir(WEBCITDIR) != 0)
perror("chdir");
+ /*
+ * If an HTTPS port was specified, fork an HTTPS server.
+ */
+ if (https_port > 0) {
+ if (fork() == 0) {
+ is_https = 1;
+ port = https_port;
+ }
+ }
+
/*
* Set up a place to put thread-specific data.
* We only need a single pointer per thread - it points to the