added support for OTP new ssl implementation

capflam · Feb 1, 2010 · d4fec79 · d4fec79
1 parent bd0bf89
commit d4fec79
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 16 deletions.
diff --git a/man/yaws.conf.5 b/man/yaws.conf.5
@@ -92,7 +92,11 @@ to the yaws start script, this value is automatically set to 0.
 This enables traffic or http tracing. Tracing is also possible to enable with
 a command line flag to yaws. Default is false.
 
-
+.TP
+\fBuse_old_ssl = true | false\fR
+This re-enables the old OTP ssl implementation. By default we use the
+new ssl implementation. 
+
 .TP
 \fB auth_log  = true | false\fR
 Enable or disable the auth log. Default is true.

diff --git a/scripts/yaws.conf.template b/scripts/yaws.conf.template
@@ -37,8 +37,9 @@ max_connections = nolimit
 
 trace = false
 
-
-
+# Enable this if we want to use the old OTP ssl implementation
+# OTP R13B03 is known to work with this flag set         to false (default)
+use_old_ssl = false
 
 
 # it is possible to have yaws start additional 
@@ -85,7 +86,10 @@ auth_log = true
 # name. Yaws will write a number of runtime files under
 # ${HOME}/.yaws/yaws/${id}
 # The default value is "default"
-
+# If we're not planning to run multiple webservers on the
+# same host it's mych better to leave this value unset since
+# then all the ctl function (--stop et.el) work without having
+# to supply the id.
 
 # id = myname
 
@@ -95,6 +99,7 @@ auth_log = true
 # header doesn't match any name on any Host
 # This is often nice in testing environments but not
 # acceptable in real live hosting scenarios
+# think http://suckmydick.bigcompany.com
 
 pick_first_virthost_on_nomatch = true
 
@@ -106,7 +111,9 @@ pick_first_virthost_on_nomatch = true
 # a privileged port.
 # If we use this feature, it requires fdsrv to be properly installed.
 # Doesn't yet work with SSL.
-# Read http://yaws.hyber.org/privbind.yaws for more info
+# Read http://yaws.hyber.org/privbind.yaws for more info and a better 
+# solution than fd_srv
+
 use_fdsrv = false
 
 
@@ -149,6 +156,7 @@ use_fdsrv = false
         <ssl>  
                 keyfile = %certdir%/yaws-key.pem
                 certfile = %certdir%/yaws-cert.pem
+                depth = 0
         </ssl>
 </server>
 

diff --git a/src/yaws.erl b/src/yaws.erl
@@ -12,8 +12,6 @@
 -include("../include/yaws_api.hrl").
 -include("yaws_debug.hrl").
 
-
-
 -include_lib("kernel/include/file.hrl").
 -export([start/0, stop/0, hup/1, restart/0, modules/0, load/0]).
 -export([start_embedded/1, start_embedded/2, start_embedded/3,
@@ -1774,7 +1772,6 @@ do_recv(Sock, Num, nossl) ->
 do_recv(Sock, Num, ssl) ->
     ssl:recv(Sock, Num, ?READ_TIMEOUT).
 
-
 cli_recv(S, Num, SslBool) ->
     Res = do_recv(S, Num, SslBool),
     cli_recv_trace((get(gc))#gconf.trace, Res),
@@ -1883,7 +1880,6 @@ setopts(Sock, Opts, ssl) ->
     ok = ssl:setopts(Sock, Opts).
 
 do_http_get_headers(CliSock, SSL) ->
-    setopts(CliSock, [{packet, http}], SSL),
     case http_recv_request(CliSock,SSL) of
         bad_request ->
             {#http_request{method=bad_request, version={0,9}},
@@ -1897,6 +1893,7 @@ do_http_get_headers(CliSock, SSL) ->
 
 
 http_recv_request(CliSock, SSL) ->
+    setopts(CliSock, [{packet, http}], SSL),
     case do_recv(CliSock, 0,  SSL) of
         {ok, R} when is_record(R, http_request) ->
             R;
@@ -1912,13 +1909,12 @@ http_recv_request(CliSock, SSL) ->
             closed;
         {error, timeout} -> closed;
         _Other ->
-            ?Debug("Got ~p~n", [_Other]),
+            error_logger:format("Unhandled reply fr. do_recv() ~p~n", [_Other]),
             exit(normal)
     end.
 
-
-
 http_collect_headers(CliSock, Req, H, SSL, Count) when Count < 1000 ->
+    setopts(CliSock, [{packet, httph}], SSL),
     Recv = do_recv(CliSock, 0, SSL),
     case Recv of
         {ok, {http_header,  _Num, 'Host', _, Host}} ->

diff --git a/src/yaws_config.erl b/src/yaws_config.erl
@@ -1103,15 +1103,15 @@ fload(FD, ssl, GC, C, Cs, Lno, Chars) ->
             end;
         ["depth", '=', Val0] ->
             Val = (catch list_to_integer(Val0)),
-            case lists:member(Val, [1,2,3,4,5,6,7]) of
+            case lists:member(Val, [0, 1,2,3,4,5,6,7]) of
                 true when  is_record(C#sconf.ssl, ssl) ->
                     C2 = C#sconf{ssl = (C#sconf.ssl)#ssl{depth = Val}},
                     fload(FD, ssl, GC, C2, Cs, Lno+1, Next);
                 true ->
                     {error, ?F("Need to set option ssl to true before line ~w",
                                [Lno])};
                 _ ->
-                    {error, ?F("Expect reasonable integer at line ~w", [Lno])}
+                    {error, ?F("Expect integer 0..7 at line ~w", [Lno])}
             end;
         ["password", '=', Val] ->
             if 

diff --git a/src/yaws_server.erl b/src/yaws_server.erl
@@ -860,11 +860,15 @@ ssl_listen_opts(GC, SSL) ->
             true ->
                  false
          end,
+         if SSL#ssl.depth /= undefined ->
+                 {depth, SSL#ssl.depth};
+            true ->
+                 false
+         end,
          if ?gc_use_old_ssl(GC) ->
                  false;
             true ->
-                 %%{ssl_imp, new} - still doesn't work (R13B)
-                 false
+                 {ssl_imp, new}
          end
         ],
     filter_false(L).