aboutsummaryrefslogtreecommitdiffstats
path: root/lib/inets/src/http_server
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2013-01-31 15:34:51 +0100
committerIngela Anderton Andin <[email protected]>2013-02-18 18:02:59 +0100
commitbaca1b6cf223b03786ea47fc101f4249bda3cb3c (patch)
treed5c733444f16e34188f7bc3d9bedf24c35ef63d5 /lib/inets/src/http_server
parent79f4745f6e7254a5399c63f9947dc39c1abd21ba (diff)
downloadotp-baca1b6cf223b03786ea47fc101f4249bda3cb3c.tar.gz
otp-baca1b6cf223b03786ea47fc101f4249bda3cb3c.tar.bz2
otp-baca1b6cf223b03786ea47fc101f4249bda3cb3c.zip
inets: Improve ssl handling
httpc: CTfy test suite httpd: Simplify ssl configuration OTP-10846
Diffstat (limited to 'lib/inets/src/http_server')
-rw-r--r--lib/inets/src/http_server/httpd_conf.erl16
-rw-r--r--lib/inets/src/http_server/httpd_sup.erl111
2 files changed, 108 insertions, 19 deletions
diff --git a/lib/inets/src/http_server/httpd_conf.erl b/lib/inets/src/http_server/httpd_conf.erl
index a97bbd9b25..d45f3c0048 100644
--- a/lib/inets/src/http_server/httpd_conf.erl
+++ b/lib/inets/src/http_server/httpd_conf.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 1997-2012. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2013. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -582,11 +582,17 @@ validate_config_params([{server_tokens, {private, Value}} | Rest])
validate_config_params([{server_tokens, Value} | _]) ->
throw({server_tokens, Value});
+validate_config_params([{socket_type, ip_comm} | Rest]) ->
+ validate_config_params(Rest);
+
validate_config_params([{socket_type, Value} | Rest])
- when (Value =:= ip_comm) orelse
- (Value =:= ssl) orelse
- (Value =:= essl) ->
+ when Value == ssl; Value == essl ->
validate_config_params(Rest);
+
+validate_config_params([{socket_type, {Value, _}} | Rest])
+ when Value == essl orelse Value == ssl ->
+ validate_config_params(Rest);
+
validate_config_params([{socket_type, Value} | _]) ->
throw({socket_type, Value});
@@ -916,6 +922,8 @@ lookup_socket_type(ConfigDB) ->
case httpd_util:lookup(ConfigDB, socket_type, ip_comm) of
ip_comm ->
ip_comm;
+ {Tag, Conf} ->
+ {Tag, Conf};
SSL when (SSL =:= ssl) orelse (SSL =:= essl) ->
SSLTag =
if
diff --git a/lib/inets/src/http_server/httpd_sup.erl b/lib/inets/src/http_server/httpd_sup.erl
index 8f3e8f9500..8ee2661b04 100644
--- a/lib/inets/src/http_server/httpd_sup.erl
+++ b/lib/inets/src/http_server/httpd_sup.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2004-2012. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2013. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -196,7 +196,8 @@ httpd_child_spec(ConfigFile, AcceptTimeoutDef, DebugDef) ->
end.
httpd_child_spec(Config, AcceptTimeout, Debug, Addr, Port) ->
- case (Port =:= 0) orelse proplists:is_defined(fd, Config) of
+ Fd = proplists:get_value(fd, Config, undefined),
+ case Port == 0 orelse Fd =/= undefined of
true ->
httpd_child_spec_listen(Config, AcceptTimeout, Debug, Addr, Port);
false ->
@@ -242,21 +243,26 @@ error_msg(F, A) ->
error_logger:error_msg(F ++ "~n", A).
listen(Address, Port, Config) ->
- SocketType = proplists:get_value(socket_type, Config, ip_comm),
- case http_transport:start(SocketType) of
- ok ->
- Fd = proplists:get_value(fd, Config),
- case http_transport:listen(SocketType, Address, Port, Fd) of
- {ok, ListenSocket} ->
- NewConfig = proplists:delete(port, Config),
- {ok, NewPort} = inet:port(ListenSocket),
- {NewPort, [{port, NewPort} | NewConfig], ListenSocket};
+ try socket_type(Config) of
+ SocketType ->
+ case http_transport:start(SocketType) of
+ ok ->
+ Fd = proplists:get_value(fd, Config),
+ case http_transport:listen(SocketType, Address, Port, Fd) of
+ {ok, ListenSocket} ->
+ NewConfig = proplists:delete(port, Config),
+ {NewPort, _} = http_transport:sockname(SocketType, ListenSocket),
+ {NewPort, [{port, NewPort} | NewConfig], ListenSocket};
+ {error, Reason} ->
+ {error, {listen, Reason}}
+ end;
{error, Reason} ->
- {error, {listen, Reason}}
- end;
- {error, Reason} ->
+ {error, {socket_start_failed, Reason}}
+ end
+ catch
+ _:Reason ->
{error, {socket_start_failed, Reason}}
- end.
+ end.
start_listen(Address, Port, Config) ->
Pid = listen_owner(Address, Port, Config),
@@ -280,7 +286,82 @@ listen_loop() ->
ok
end.
+socket_type(Config) ->
+ SocketType = proplists:get_value(socket_type, Config, ip_comm),
+ socket_type(SocketType, Config).
+
+socket_type(ip_comm = SocketType, _) ->
+ SocketType;
+socket_type({essl, _} = SocketType, _) ->
+ SocketType;
+socket_type(_, Config) ->
+ {essl, ssl_config(Config)}.
+
+%%% Backwards compatibility
+ssl_config(Config) ->
+ ssl_certificate_key_file(Config) ++
+ ssl_verify_client(Config) ++
+ ssl_ciphers(Config) ++
+ ssl_password(Config) ++
+ ssl_verify_depth(Config) ++
+ ssl_ca_certificate_file(Config).
+
+ssl_certificate_key_file(Config) ->
+ case proplists:get_value(ssl_certificate_key_file, Config) of
+ undefined ->
+ [];
+ SSLCertificateKeyFile ->
+ [{keyfile,SSLCertificateKeyFile}]
+ end.
+ssl_verify_client(Config) ->
+ case proplists:get_value(ssl_verify_client, Config) of
+ undefined ->
+ [];
+ SSLVerifyClient ->
+ [{verify,SSLVerifyClient}]
+ end.
+ssl_ciphers(Config) ->
+ case proplists:get_value(ssl_ciphers, Config) of
+ undefined ->
+ [];
+ Ciphers ->
+ [{ciphers, Ciphers}]
+ end.
+ssl_password(Config) ->
+ case proplists:get_value(ssl_password_callback_module, Config) of
+ undefined ->
+ [];
+ Module ->
+ case proplists:get_value(ssl_password_callback_function, Config) of
+ undefined ->
+ [];
+ Function ->
+ Args = case proplists:get_value(ssl_password_callback_arguments, Config) of
+ undefined ->
+ [];
+ Arguments ->
+ [Arguments]
+ end,
+ Password = apply(Module, Function, Args),
+ [{password, Password}]
+ end
+ end.
+ssl_verify_depth(Config) ->
+ case proplists:get_value(ssl_verify_client_depth, Config) of
+ undefined ->
+ [];
+ Depth ->
+ [{depth, Depth}]
+ end.
+
+ssl_ca_certificate_file(Config) ->
+ case proplists:get_value(ssl_ca_certificate_file, Config) of
+ undefined ->
+ [];
+ File ->
+ [{cacertfile, File}]
+ end.