From 84858f5f0b10e68c772122fbb07b61fc1f010f9c Mon Sep 17 00:00:00 2001
From: Art Cancro <ajc@citadel.org>
Date: Wed, 21 Apr 2004 02:19:41 +0000
Subject: [PATCH] * Got HTTPS to work with Mozilla (by twiddling stuff that I
 still don't   understand, but read at
 http://www.informit.com/articles/article.asp?p=22078   ).  Still doesn't work
 with Internet Monopolizer, though.

---
 webcit/ChangeLog   |  6 +++++-
 webcit/crypto.c    | 16 ++--------------
 webcit/webserver.c |  7 ++++---
 3 files changed, 11 insertions(+), 18 deletions(-)

diff --git a/webcit/ChangeLog b/webcit/ChangeLog
index 7fdfb112f..3f4ee179c 100644
--- a/webcit/ChangeLog
+++ b/webcit/ChangeLog
@@ -1,4 +1,9 @@
 $Log$
+Revision 506.8  2004/04/21 02:19:41  ajc
+* Got HTTPS to work with Mozilla (by twiddling stuff that I still don't
+  understand, but read at http://www.informit.com/articles/article.asp?p=22078
+  ).  Still doesn't work with Internet Monopolizer, though.
+
 Revision 506.7  2004/04/20 02:32:44  ajc
 * Allow setup to run seamlessly from within the Citadel/UX Ridiculously
   Easy Installer by observing the values of environment variables
@@ -1781,4 +1786,3 @@ Sun Dec  6 19:50:55 EST 1998 Art Cancro <ajc@uncnsrd.mt-kisco.ny.us>
 
 1998-12-03 Nathan Bryant <bryant@cs.usm.maine.edu>
 	* webserver.c: warning fix
-
diff --git a/webcit/crypto.c b/webcit/crypto.c
index c0e28726e..66b21cf20 100644
--- a/webcit/crypto.c
+++ b/webcit/crypto.c
@@ -25,7 +25,6 @@
 #define DH_P		"1A74527AEE4EE2568E85D4FB2E65E18C9394B9C80C42507D7A6A0DBE9A9A54B05A9A96800C34C7AA5297095B69C88901EEFD127F969DCA26A54C0E0B5C5473EBAEB00957D2633ECAE3835775425DE66C0DE6D024DBB17445E06E6B0C78415E589B8814F08531D02FD43778451E7685541079CFFB79EF0D26EFEEBBB69D1E80383"
 #define DH_G		"2"
 #define DH_L		1024
-#define CIT_CIPHERS	"ALL:RC4+RSA:+SSLv2:@STRENGTH"	/* see ciphers(1) */
 
 SSL_CTX *ssl_ctx;		/* SSL context */
 pthread_mutex_t **SSLCritters;	/* Things needing locking */
@@ -120,25 +119,14 @@ void init_ssl(void)
 	 * Initialize SSL transport layer
 	 */
 	SSL_library_init();
+	OpenSSL_add_all_algorithms();
 	SSL_load_error_strings();
-	ssl_method = SSLv23_server_method();
+	ssl_method = SSLv2_server_method();
 	if (!(ssl_ctx = SSL_CTX_new(ssl_method))) {
 		lprintf(3, "SSL_CTX_new failed: %s\n",
 			ERR_reason_error_string(ERR_get_error()));
 		return;
 	}
-	if (!(SSL_CTX_set_cipher_list(ssl_ctx, CIT_CIPHERS))) {
-		lprintf(3, "SSL: No ciphers available\n");
-		SSL_CTX_free(ssl_ctx);
-		ssl_ctx = NULL;
-		return;
-	}
-#if 0
-#if SSLEAY_VERSION_NUMBER >= 0x00906000L
-	SSL_CTX_set_mode(ssl_ctx, SSL_CTX_get_mode(ssl_ctx) |
-			 SSL_MODE_AUTO_RETRY);
-#endif
-#endif
 
 	CRYPTO_set_locking_callback(ssl_lock);
 	CRYPTO_set_id_callback(id_callback);
diff --git a/webcit/webserver.c b/webcit/webserver.c
index 1c308dc0c..07e10504f 100644
--- a/webcit/webserver.c
+++ b/webcit/webserver.c
@@ -395,17 +395,18 @@ void worker_entry(void) {
 			if (is_https) {
 				if (starttls(ssock) != 0) {
 					fail_this_transaction = 1;
+					close(ssock);
 				}
 			}
 #endif
 
-			/* Perform an HTTP transaction... */
 			if (fail_this_transaction == 0) {
+				/* Perform an HTTP transaction... */
 				context_loop(ssock);
+				/* ...and close the socket. */
+				lingering_close(ssock);
 			}
 
-			/* ...and close the socket. */
-			lingering_close(ssock);
 		}
 
 	} while (!time_to_die);
-- 
2.30.2