~hww3/caudium: beginning of support for SNI virtual hosting

4 files changed, 94 insertions(+), 43 deletions(-)

M server/base_server/config/low_describers.pike
M server/base_server/configuration.pike
M server/base_server/mainconfig.pike
M server/etc/include/module.h

M server/base_server/config/low_describers.pike => server/base_server/config/low_describers.pike +58 -31

@@ 92,6 92,10 @@ string describe_type(int type, mixed flag)
       return "(Commaseparated list of integers)";
     break;
 
+   case TYPE_SSL_CONFIG:
+    if(!flag)
+       return "This is an SSL configuration.";
+    break;
 
    case TYPE_PORTS:
     if(!flag)


@@ 186,7 190,8 @@ string describe_variable_as_text(array var, int|void verbose)
     
    case TYPE_PASSWORD:
     return "****";
-    
+
+   case TYPE_SSL_CONFIG:    
    case TYPE_STRING:
    case TYPE_LOCATION:
    case TYPE_FILE:


@@ 373,36 378,8 @@ string encode_one_port(array port, int id)
     "</tr>\n";
   switch(lower_case(port[1]))
   {
-   case "ssl3":
-    string cf, kf, cc, cca, cci;
-    sscanf(port[3], "%*scert-file %s\n", cf);
-    sscanf(port[3], "%*skey-file %s\n", kf);
-    sscanf(port[3], "%*sclient-cert-request %s\n", cc);
-    sscanf(port[3], "%*sclient-cert-authorities %s\n", cca);
-   sscanf(port[3], "%*sclient-cert-issuers %s\n", cci);
-
-    res += ("<tr><td colspan=3>"
-	    "<table width=100% cellspacing=0  border=0 bgcolor=#f0f0ff>\n"
-	    "<tr width=100%><td colspan=2 width=100%><b>SSL Options</b></td></tr>\n");
-    res += ("<tr><td>Certificate file(s):<br>(A comma-separated list of files)</td> <td><input size=30,1 "
-	    "name=cert_"+id+" value="+Caudium.html_encode_tag_value(cf||"")+
-	    "></td></tr>\n"
-	    "<tr><td>Key file: (OPTIONAL)<br>(A comma-separated list of files)</td><td><input size=30,1 "
-	    "name=key_"+id+"  value="+Caudium.html_encode_tag_value(kf||"")+
-	    "></td></tr>\n");
-    string ccrw = "";
-    foreach(({"no", "request", "require"});; string opt)
-      ccrw +=("<option value=\"" + opt + "\" " + ((cc == opt)?"SELECTED=\"1\"":"") + ">" + opt + "</option>");
-    res += ("<tr><td>Client Certificate Request: (OPTIONAL)</td><td><select "
-	    "name=cc_"+id+">" + ccrw + "</select></td></tr>\n");
-	res += ("<tr><td>Accept client certificates from the following authorities(s):<br>(A comma-separated list of files)</td> <td><input size=30,1 "
-		    "name=auth_"+id+" value="+Caudium.html_encode_tag_value(cca||"")+
-		    "></td></tr>\n");
-	res += ("<tr><td>Trust certificates only if signed by this CA issuer chain:<br>(A comma-separated list of files)</td> <td><input size=30,1 "
-		    "name=cci_"+id+" value="+Caudium.html_encode_tag_value(cci||"")+
-		    "></td></tr>\n");
-
-    res += "</table></td></tr>\n";
+    case "ssl3":
+      res += encode_ssl_config(port[3], id);
     break;
 #if 0
    case "smtp":


@@ 468,6 445,48 @@ string encode_ports(array from)
   return res+"</table>";
 }
 
+string encode_ssl_field(mixed id, string field) {
+  if(intp(id)) return field + "_" + id;
+  else return id + "_" + field;
+} 
+
+//! 
+string encode_ssl_config(string from, mixed id) 
+{
+    string res = "";
+    string cf, kf, cc, cca, cci;
+    sscanf(from, "%*scert-file %s\n", cf);
+    sscanf(from, "%*skey-file %s\n", kf);
+    sscanf(from, "%*sclient-cert-request %s\n", cc);
+    sscanf(from, "%*sclient-cert-authorities %s\n", cca);
+   sscanf(from, "%*sclient-cert-issuers %s\n", cci);
+
+    res += ("<tr><td colspan=3>"
+            "<table width=100% cellspacing=0  border=0 bgcolor=#f0f0ff>\n"
+            "<tr width=100%><td colspan=2 width=100%><b>SSL Options</b></td></tr>\n");
+    res += ("<tr><td>Certificate file(s):<br>(A comma-separated list of files)</td> <td><input size=30,1 "
+            "name=\"" + encode_ssl_field(id, "cert") + "\" value="+Caudium.html_encode_tag_value(cf||"")+
+            "></td></tr>\n"
+            "<tr><td>Key file: (OPTIONAL)<br>(A comma-separated list of files)</td><td><input size=30,1 "
+            "name=\"" + encode_ssl_field(id, "key") +"\" value="+Caudium.html_encode_tag_value(kf||"")+
+            "></td></tr>\n");
+    string ccrw = "";
+    foreach(({"no", "request", "require"});; string opt)
+      ccrw +=("<option value=\"" + opt + "\" " + ((cc == opt)?"SELECTED=\"1\"":"") + ">" + opt + "</option>");
+    res += ("<tr><td>Client Certificate Request: (OPTIONAL)</td><td><select "
+            "name=\"" + encode_ssl_field(id, "cc") + "\">" + ccrw + "</select></td></tr>\n");
+        res += ("<tr><td>Accept client certificates from the following authorities(s):<br>(A comma-separated list of files)</td> <td><input size=30,1 "
+                    "name=\"" + encode_ssl_field(id, "auth") + "\" value="+Caudium.html_encode_tag_value(cca||"")+
+                    "></td></tr>\n");
+        res += ("<tr><td>Trust certificates only if signed by this CA issuer chain:<br>(A comma-separated list of files)</td> <td><input size=30,1 "
+                    "name=\"" + encode_ssl_field(id, "cci") + "\" value="+Caudium.html_encode_tag_value(cci||"")+
+                    "></td></tr>\n");
+
+    res += "</table></td></tr>\n"; 
+
+    return res;
+}
+
 //!
 int module_wanted(mapping mod_info, object module, function check)
 {


@@ 555,6 574,14 @@ string describe_variable_low(array var, mixed path, int really_short,
     res += "</select><input type=submit value=Ok>";
     break;
 
+   case TYPE_SSL_CONFIG:
+    res += "<table>";
+
+    res = encode_ssl_config(var[VAR_VALUE] || "", path);
+    res += "<input type=submit value=Ok>";
+    res += "</table>";
+    break;
+
    case TYPE_STRING:
     res=input(path, var[VAR_VALUE], 30)+"<input type=submit value=Ok>";
     break;

M server/base_server/configuration.pike => server/base_server/configuration.pike +3 -1

@@ 3860,7 3860,9 @@ void create(string config)
          TYPE_TEXT_FIELD|VAR_MORE,
          "This text will be visible in the configuration interface, it "
          " can be quite useful to use as a memory helper.");
-  
+  defvar("sni_tls_config", "", "SNI TLS Configuration",
+         TYPE_SSL_CONFIG,
+         "Configuration for TLS-SNI based virtual hosting."); 
   defvar("name", "", "Virtual server name",
          TYPE_STRING|VAR_MORE,
          "This is the name that will be used in the configuration "

M server/base_server/mainconfig.pike => server/base_server/mainconfig.pike +32 -11

@@ 477,6 477,30 @@ object find_module(string name, object in)
 }
 
 //!
+string parse_ssl_config(mixed path, mapping allvars) {
+   string args = "";
+   string k;
+
+   k = encode_ssl_field(path, "key");
+   if(allvars[k] && strlen(allvars[k]))
+      args += "key-file "+allvars[k]+"\n";
+   k = encode_ssl_field(path, "cert");
+   if(allvars[k] && strlen(allvars[k]))
+      args += "cert-file "+ allvars[k]+"\n";
+   k = encode_ssl_field(path, "cc"); 
+   if(allvars[k] && strlen(allvars[k]))
+      args += "client-cert-request "+allvars[k]+"\n";
+   k = encode_ssl_field(path, "auth");
+   if(allvars[k] && strlen(allvars[k]))
+      args += "client-cert-authorities "+allvars[k]+"\n";
+   k = encode_ssl_field(path, "cci");
+   if(allvars[k] && strlen(allvars[k]))
+     args += "client-cert-issuers "+allvars[k]+"\n";
+
+   return args;
+}
+
+//!
 mixed decode_form_result(string var, int type, object node, mapping allvars)
 {
   mixed tmp;


@@ 524,17 548,7 @@ mixed decode_form_result(string var, int type, object node, mapping allvars)
             op[i][1] = allvars["protocol_"+i]||op[i][1];
             op[i][2] = allvars["ip_number_"+i]||op[i][2];
             string args = "";
-       
-            if(allvars["key_"+i] && strlen(allvars["key_"+i]))
-              args += "key-file "+allvars["key_"+i]+"\n";
-            if(allvars["cert_"+i] && strlen(allvars["cert_"+i]))
-              args += "cert-file "+allvars["cert_"+i]+"\n";
-            if(allvars["cc_"+i] && strlen(allvars["cc_"+i]))
-              args += "client-cert-request "+allvars["cc_"+i]+"\n";
-            if(allvars["auth_"+i] && strlen(allvars["auth_"+i]))
-              args += "client-cert-authorities "+allvars["auth_"+i]+"\n";
-            if(allvars["cci_"+i] && strlen(allvars["cci_"+i]))
-              args += "client-cert-issuers "+allvars["cci_"+i]+"\n";
+            args = parse_ssl_config(i, allvars);
        
             if(strlen(args))
               op[i][3] = args;


@@ 544,6 558,13 @@ mixed decode_form_result(string var, int type, object node, mapping allvars)
         }
         return op  - ({ 0 });
 
+      case TYPE_SSL_CONFIG:
+           string args = "";
+           string path = node->path(1);
+
+           args = parse_ssl_config(path, allvars);
+        return args;
+
       case TYPE_DIR_LIST:
         array foo;
         foo=Array.map((var-" ")/",", lambda(string var, object node) {

M server/etc/include/module.h => server/etc/include/module.h +1 -0

@@ 40,6 40,7 @@
 
 #define TYPE_EXISTING_FILE   22
 
+#define TYPE_SSL_CONFIG	25
 
 /* Variable indexes */
 #define VAR_VALUE           0