inets: Improve ssl handling

httpc: CTfy test suite httpd: Simplify ssl configuration OTP-10846
author: Ingela Anderton Andin <[email protected]> 2013-01-31 15:34:51 +0100
committer: Ingela Anderton Andin <[email protected]> 2013-02-18 18:02:59 +0100
commit: baca1b6cf223b03786ea47fc101f4249bda3cb3c (patch)
tree: d5c733444f16e34188f7bc3d9bedf24c35ef63d5 /lib/inets/src
parent: 79f4745f6e7254a5399c63f9947dc39c1abd21ba (diff)
download: otp-baca1b6cf223b03786ea47fc101f4249bda3cb3c.tar.gz
otp-baca1b6cf223b03786ea47fc101f4249bda3cb3c.tar.bz2
otp-baca1b6cf223b03786ea47fc101f4249bda3cb3c.zip
4 files changed, 119 insertions, 26 deletions
diff --git a/lib/inets/src/http_client/httpc_handler.erl b/lib/inets/src/http_client/httpc_handler.erl
index dd8f2b5a6d..857043bae2 100644
--- a/lib/inets/src/http_client/httpc_handler.erl
+++ b/lib/inets/src/http_client/httpc_handler.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %% 
-%% Copyright Ericsson AB 2002-2012. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2013. All Rights Reserved.
 %% 
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -281,7 +281,7 @@ handle_call(#request{address = Addr} = Request, _,
                 httpc_request:is_client_closing(Request#request.headers),
 
             case State0#state.request of
-                #request{} -> %% Old request not yet finished
+                #request{} = OldRequest -> %% Old request not yet finished
                     ?hcrd("old request still not finished", []),
                     %% Make sure to use the new value of timers in state
                     NewTimers = State1#state.timers,
@@ -293,9 +293,11 @@ handle_call(#request{address = Addr} = Request, _,
                                         client_close = ClientClose},
                     insert_session(NewSession, ProfileName),
                     ?hcrd("session updated", []),
-                    {reply, ok, State1#state{pipeline = NewPipeline,
-					     session  = NewSession,
-					     timers   = NewTimers}};
+                    {reply, ok, State1#state{
+				  request = OldRequest,
+				  pipeline = NewPipeline,
+				  session  = NewSession,
+				  timers   = NewTimers}};
                 undefined ->
                     %% Note: tcp-message receiving has already been
                     %% activated by handle_pipeline/2. 
diff --git a/lib/inets/src/http_lib/http_transport.erl b/lib/inets/src/http_lib/http_transport.erl
index 5eb827032f..badc3789ba 100644
--- a/lib/inets/src/http_lib/http_transport.erl
+++ b/lib/inets/src/http_lib/http_transport.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2013. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -178,7 +178,9 @@ listen({essl, SSLConfig}, Addr, Port) ->
 
 
 listen(ip_comm, Addr, Port, Fd) ->
-    listen_ip_comm(Addr, Port, Fd).
+    listen_ip_comm(Addr, Port, Fd);
+listen({_, SSLConfig}, Addr, Port, _Fd) ->
+    listen_ssl(Addr, Port, SSLConfig).
 
 listen_ip_comm(Addr, Port, Fd) ->
     case (catch do_listen_ip_comm(Addr, Port, Fd)) of
diff --git a/lib/inets/src/http_server/httpd_conf.erl b/lib/inets/src/http_server/httpd_conf.erl
index a97bbd9b25..d45f3c0048 100644
--- a/lib/inets/src/http_server/httpd_conf.erl
+++ b/lib/inets/src/http_server/httpd_conf.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1997-2012. All Rights Reserved.
+%% Copyright Ericsson AB 1997-2013. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -582,11 +582,17 @@ validate_config_params([{server_tokens, {private, Value}} | Rest])
 validate_config_params([{server_tokens, Value} | _]) ->
     throw({server_tokens, Value});
 
+validate_config_params([{socket_type, ip_comm} | Rest]) ->
+    validate_config_params(Rest);
+
 validate_config_params([{socket_type, Value} | Rest]) 
-  when (Value =:= ip_comm) orelse 
-       (Value =:= ssl) orelse 
-       (Value =:= essl) ->
+  when Value == ssl; Value == essl ->
     validate_config_params(Rest);
+
+validate_config_params([{socket_type, {Value, _}} | Rest])
+  when Value == essl orelse Value == ssl ->
+    validate_config_params(Rest);
+
 validate_config_params([{socket_type, Value} | _]) ->
     throw({socket_type, Value});
 
@@ -916,6 +922,8 @@ lookup_socket_type(ConfigDB) ->
     case httpd_util:lookup(ConfigDB, socket_type, ip_comm) of
 	ip_comm ->
 	    ip_comm;
+	{Tag, Conf} ->
+	    {Tag, Conf};
 	SSL when (SSL =:= ssl) orelse (SSL =:= essl) ->
 	    SSLTag = 
 		if
diff --git a/lib/inets/src/http_server/httpd_sup.erl b/lib/inets/src/http_server/httpd_sup.erl
index 8f3e8f9500..8ee2661b04 100644
--- a/lib/inets/src/http_server/httpd_sup.erl
+++ b/lib/inets/src/http_server/httpd_sup.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2004-2012. All Rights Reserved.
+%% Copyright Ericsson AB 2004-2013. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -196,7 +196,8 @@ httpd_child_spec(ConfigFile, AcceptTimeoutDef, DebugDef) ->
     end.
 
 httpd_child_spec(Config, AcceptTimeout, Debug, Addr, Port) ->
-    case (Port =:= 0) orelse proplists:is_defined(fd, Config) of
+    Fd  = proplists:get_value(fd, Config, undefined),
+    case Port == 0 orelse Fd =/= undefined of
 	true ->
 	    httpd_child_spec_listen(Config, AcceptTimeout, Debug, Addr, Port);
 	false ->
@@ -242,21 +243,26 @@ error_msg(F, A) ->
     error_logger:error_msg(F ++ "~n", A).
 
 listen(Address, Port, Config)  ->
-    SocketType = proplists:get_value(socket_type, Config, ip_comm), 
-    case http_transport:start(SocketType) of
-	ok ->
-	    Fd = proplists:get_value(fd, Config), 
-	    case http_transport:listen(SocketType, Address, Port, Fd) of
-		{ok, ListenSocket} ->
-		    NewConfig = proplists:delete(port, Config),
-		    {ok, NewPort} = inet:port(ListenSocket),
-		    {NewPort, [{port, NewPort} | NewConfig], ListenSocket};
+    try socket_type(Config) of 
+	SocketType ->
+	    case http_transport:start(SocketType) of
+		ok ->
+		    Fd = proplists:get_value(fd, Config), 
+		    case http_transport:listen(SocketType, Address, Port, Fd) of
+			{ok, ListenSocket} ->
+			    NewConfig = proplists:delete(port, Config),
+			    {NewPort, _} = http_transport:sockname(SocketType, ListenSocket),
+			    {NewPort, [{port, NewPort} | NewConfig], ListenSocket};
+			{error, Reason} ->
+			    {error, {listen, Reason}}
+		    end;
 		{error, Reason} ->
-		    {error, {listen, Reason}}
-	    end;
-	{error, Reason} ->
+		    {error, {socket_start_failed, Reason}}
+	    end
+    catch 
+	_:Reason ->
 	    {error, {socket_start_failed, Reason}}
-    end.
+    end.		
 
 start_listen(Address, Port, Config) ->
     Pid = listen_owner(Address, Port, Config),
@@ -280,7 +286,82 @@ listen_loop() ->
 	    ok
     end.
 	    
+socket_type(Config) ->
+    SocketType = proplists:get_value(socket_type, Config, ip_comm), 
+    socket_type(SocketType, Config).
+
+socket_type(ip_comm = SocketType, _) ->
+    SocketType;
+socket_type({essl, _} = SocketType, _) ->
+    SocketType;
+socket_type(_, Config) ->
+    {essl, ssl_config(Config)}.
+
+%%% Backwards compatibility    
+ssl_config(Config) ->
+    ssl_certificate_key_file(Config) ++
+	ssl_verify_client(Config) ++
+	ssl_ciphers(Config) ++
+	ssl_password(Config) ++
+	ssl_verify_depth(Config) ++
+	ssl_ca_certificate_file(Config).
+
+ssl_certificate_key_file(Config) ->
+    case proplists:get_value(ssl_certificate_key_file, Config) of
+	undefined ->
+	    [];
+	SSLCertificateKeyFile ->
+	    [{keyfile,SSLCertificateKeyFile}]
+    end.
 
+ssl_verify_client(Config) ->
+    case proplists:get_value(ssl_verify_client, Config) of
+	undefined ->
+	    [];
+	SSLVerifyClient ->
+	    [{verify,SSLVerifyClient}]
+    end.
 
+ssl_ciphers(Config) ->
+    case proplists:get_value(ssl_ciphers, Config) of
+	undefined ->
+	    [];
+	Ciphers ->
+	    [{ciphers, Ciphers}]
+    end.
 
+ssl_password(Config) ->
+    case  proplists:get_value(ssl_password_callback_module, Config) of
+	undefined ->
+	    [];
+	Module ->
+	    case proplists:get_value(ssl_password_callback_function, Config) of
+		undefined ->
+		    [];
+		Function ->
+		    Args = case  proplists:get_value(ssl_password_callback_arguments, Config) of
+			       undefined ->
+				   [];
+			       Arguments  ->
+				   [Arguments]
+			   end,
+		    Password = apply(Module, Function, Args),
+		    [{password, Password}]
+	    end
+    end.
 
+ssl_verify_depth(Config) ->
+    case proplists:get_value(ssl_verify_client_depth, Config) of
+	undefined ->
+	    [];
+	Depth ->
+	    [{depth, Depth}]
+    end.
+
+ssl_ca_certificate_file(Config) ->
+    case proplists:get_value(ssl_ca_certificate_file, Config) of
+	undefined ->
+	    [];
+	File ->
+	    [{cacertfile, File}]
+    end.
author	Ingela Anderton Andin <[email protected]>	2013-01-31 15:34:51 +0100
committer	Ingela Anderton Andin <[email protected]>	2013-02-18 18:02:59 +0100
commit	baca1b6cf223b03786ea47fc101f4249bda3cb3c (patch)
tree	d5c733444f16e34188f7bc3d9bedf24c35ef63d5 /lib/inets/src
parent	79f4745f6e7254a5399c63f9947dc39c1abd21ba (diff)
download	otp-baca1b6cf223b03786ea47fc101f4249bda3cb3c.tar.gz otp-baca1b6cf223b03786ea47fc101f4249bda3cb3c.tar.bz2 otp-baca1b6cf223b03786ea47fc101f4249bda3cb3c.zip