bug22888: Fix buggy ssl arg checking.

When establishing an https server using the :ssl-args keyword, net.aserve:start required a :certificate argument even when passed a :context. Now, the function accepts either a valid certificate or context object. Tests: none, added in the ssl module. <release-note> bug22888: Better ssl arg checking in net.aserve:start Previously, when specifying an https server, net.aserve:start would require a :certficiate argument even if a :context argument was specified. Now, either is acceptable. </release-note> Change-Id: I890f5d55535a2accf0298fa0dc8d32e10f3f0ad7
franzinc · Dec 3, 2014 · b29ae91 · b29ae91
1 parent d4ac239
commit b29ae91
Show file tree

Hide file tree

Showing 2 changed files with 60 additions and 75 deletions.
diff --git a/main.cl b/main.cl
@@ -38,7 +38,7 @@
 #+ignore
 (check-smp-consistency)
 
-(defparameter *aserve-version* '(1 3 32))
+(defparameter *aserve-version* '(1 3 33))
 
 (eval-when (eval load)
     (require :sock)
@@ -1264,17 +1264,26 @@ by keyword symbols and not by strings"
 
   (if* efp then (setf (wserver-external-format server) external-format))
 
+  ;; the only required ssl arg is a certificate. check that a certificate has been specified here, so
+  ;; that we can error immediately instead of when the first https connection is attempted.
+
+  ;; ssl must be a string or pathmame pointing at a cert, or ssl-args must be specified
+  ;; and include a :certificate that is a string-or-pathname or a :context that is an excl::ssl-context
   (when (or ssl ssl-args)
     (flet ((string-or-pathname-p (arg)
 	     (or (stringp arg) (pathnamep arg)))
 	   (bad-cert (var)
 	     (error "The ~s parameter should be a string or pathname holding the filename of the certificate and private key file" var)))
       (if* ssl-args
-	 then (let ((cert (getf ssl-args :certificate)))
-		(when (not cert)
-		  (error "ssl-args is missing a :certificate parameter."))
-		(when (not (string-or-pathname-p cert))
-		  (bad-cert :certificate))))
+	 then (let ((cert (getf ssl-args :certificate))
+		    (context (getf ssl-args :context)))
+		(when (not (or cert context))
+		  (error "ssl-args is missing a :certificate or :context parameter."))
+		(when (and cert (not (string-or-pathname-p cert)))
+		  (bad-cert :certificate))
+		(when (and context (not (typep context 'excl::ssl-context)))
+		  (error "Invalid :context argument ~a." context))))
+      ;; for backward compatibility. ssl-args is preferred.
       (if* ssl
 	 then (when (not (string-or-pathname-p ssl))
 		(bad-cert :ssl))))

diff --git a/packages.cl b/packages.cl
@@ -1,79 +1,55 @@
 #+(version= 9 0)
-(sys:defpatch "aserve" 15
-  "v1: 1.3.16: fix freeing freed buffer;
-v2: 1.3.18: introduce allegroserve-error condition object,
-    fix compression with logical pathnames;
-v3: add timeout for reading request header.
-v4: 1.3.20: handle connection reset and aborted errors
-    properly in the client;
-v5: 1.3.21: new proxy control.
-v6: 1.3.23: fixes socket leak in client when the the writing
-    of the initial headers and body fails.
-v7: 1.3.24: Move 100-continue expectation handling until after authorization
-    and an entity has been found. Allow disabling of auto handling per entity.
-v8: 1.3.25: fix keep-alive timeout header: use wserver-header-read-timeout
-    instead of wserver-read-request-timeout.
-v9: 1.3.26: Make do-http-request merge the query part of the uri of
-    requests with the query argument.
-v10: 1.3.27: Make clients reading a chunked response detect an unexpected eof
-    instead of busy looping.
-v11: 1.3.28: Have server send a 408 Request Timeout response on timeout
-    instead of closing connection. Allow client to auto-retry.
-v12: 1.3.28: Fix bug in retry-on-timeout code in do-http-request.
-v13: 1.3.29: proxy now returns content-length.
-v14: 1.3.30: For https, use defaults of the underlying ssl module.
-v15: 1.3.32: add no-proxy argument to do-http-request."
+(sys:defpatch "aserve" 16
+  "v16: 1.3.33: Fix buggy argument checking for ssl arguments;
+v15: 1.3.32: add no-proxy argument to do-http-request;
+v14: 1.3.30: For https, use defaults of the underlying ssl module;
+v13: 1.3.29: proxy now returns content-length;
+v12: 1.3.28: Fix bug in retry-on-timeout code in do-http-request;
+v11: 1.3.28: Have server send a 408 Request Timeout response on timeout instead of closing connection. Allow client to auto-retry;
+v10: 1.3.27: Make clients reading a chunked response detect an unexpected eof instead of busy looping;
+v9: 1.3.26: Make do-http-request merge the query part of the uri of requests with the query argument;
+v8: 1.3.25: fix keep-alive timeout header: use wserver-header-read-timeout instead of wserver-read-request-timeout;
+v7: 1.3.24: Move 100-continue expectation handling until after authorization and an entity has been found. Allow disabling of auto handling per entity;
+v6: 1.3.23: fixes socket leak in client when the the writing of the initial headers and body fails;
+v5: 1.3.21: new proxy control;
+v4: 1.3.20: handle connection reset and aborted errors properly in the client;
+v3: add timeout for reading request header;
+v2: 1.3.18: introduce allegroserve-error condition object, fix compression with logical pathnames;
+v1: 1.3.16: fix freeing freed buffer."
 
   :type :system
   :post-loadable t)
 
 #+(version= 8 2)
-(sys:defpatch "aserve" 27
-  "v1: version 1.2.67, implement keep-alive in allegroserve client;
-v2: 1.2.68, obey keep-alive requests for PUT and POST requests;
-v3: 1.2.69, make logging though method specialized on wserver class;
-v4: 1.2.70: add support for Expect: 100-continue requests;
-v5: 1.3.1: compression support, publish-directory :destination can be a
-   list of directories, and various SSL improvements;
-v6: 1.3.5: doc updates, make client-request-read-sequence work with
-   compressed responses, delay sending headers for computed entities,
-   add option to do hidden redirect to an index file in a directory,
-   fix prepend-headers so that it works on windows;
-v7: 1.3.7: Add :default-actions to webactions,
-   Avoid polling in http-accept-thread,
-   smp thread safety changes;
-v8: 1.3.8: fix problem w/response handler using string output streams;
-v9: 1.3.9: speed up unchunking-streams;
-v10: 1.3.10: fix buffer boundary error in unchunking-streams.
-v11: 1.3.11: fix log reporting of content-length when using keep-alive.
-v12: 1.3.12: make aserve compatible with patch inflate.003,
-             request-query cache includes external-format as a key,
-             send cookies on one line as per rfc6265,
-             add support for ssl CRLs;
-v13: 1.3.13: improve debugging facilities;
-v14: 1.3.16: fix freeing freed buffer;
-v15: 1.3.18: introduce allegroserve-error condition object,
-    fix compression with logical pathnames;
-v16: add timeout for reading request header.
-    fix compression with logical pathnames.
-v17: 1.3.20: handle connection reset and aborted errors
-    properly in the client;
-v18: 1.3.23: fixes socket leak in client when the the writing
-    of the initial headers and body fails.
-v19: 1.3.24: Move 100-continue expectation handling until after authorization
-    and an entity has been found. Allow disabling of auto handling per entity.
-v20: 1.3.25: fix keep-alive timeout header: use wserver-header-read-timeout
-    instead of wserver-read-request-timeout.
-v21: 1.3.26: Make do-http-request merge the query part of the uri of
-    requests with the query argument.
-v22: 1.3.27: Make clients reading a chunked response detect an unexpected eof
-    instead of busy looping.
-v23: 1.3.28: Have server send a 408 Request Timeout response on timeout
-    instead of closing connection. Allow client to auto-retry.
-v24: 1.3.28: Fix bug in retry-on-timeout code in do-http-request.
-v25: 1.3.29: proxy now returns content-length.
+(sys:defpatch "aserve" 28
+  "v28: 1.3.33: Fix buggy argument checking for ssl arguments;
+v27: 1.3.32: add no-proxy argument to do-http-request;
 v26: 1.3.30: For https, use defaults of the underlying ssl module.
-v27: 1.3.32: add no-proxy argument to do-http-request."
+v25: 1.3.29: proxy now returns content-length;
+v24: 1.3.28: Fix bug in retry-on-timeout code in do-http-request;
+v23: 1.3.28: Have server send a 408 Request Timeout response on timeout instead of closing connection. Allow client to auto-retry;
+v22: 1.3.27: Make clients reading a chunked response detect an unexpected eof instead of busy looping;
+v21: 1.3.26: Make do-http-request merge the query part of the uri of requests with the query argument;
+v20: 1.3.25: fix keep-alive timeout header: use wserver-header-read-timeout instead of wserver-read-request-timeout;
+v19: 1.3.24: Move 100-continue expectation handling until after authorization and an entity has been found. Allow disabling of auto handling per entity;
+v18: 1.3.23: fixes socket leak in client when the the writing of the initial headers and body fails;
+v17: 1.3.20: handle connection reset and aborted errors properly in the client;
+v16: add timeout for reading request header. Fix compression with logical pathnames;
+v15: 1.3.18: introduce allegroserve-error condition object, Fix compression with logical pathnames;
+v14: 1.3.16: fix freeing freed buffer;
+v13: 1.3.13: improve debugging facilities;
+v12: 1.3.12: make aserve compatible with patch inflate.003, request-query cache includes external-format as a key, send cookies on one line as per rfc6265, add support for ssl CRLs;
+v11: 1.3.11: fix log reporting of content-length when using keep-alive;
+v10: 1.3.10: fix buffer boundary error in unchunking-streams;
+v9: 1.3.9: speed up unchunking-streams;
+v8: 1.3.8: fix problem w/response handler using string output streams;
+v7: 1.3.7: Add :default-actions to webactions, Avoid polling in http-accept-thread, smp thread safety changes;
+v6: 1.3.5: doc updates, make client-request-read-sequence work with compressed responses, delay sending headers for computed entities, add option to do hidden redirect to an index file in a directory, fix prepend-headers so that it works on windows;
+v5: 1.3.1: compression support, publish-directory :destination can be a list of directories, and various SSL improvements;
+v4: 1.2.70: add support for Expect: 100-continue requests;
+v3: 1.2.69, make logging though method specialized on wserver class;
+v2: 1.2.68, obey keep-alive requests for PUT and POST requests;
+v1: version 1.2.67, implement keep-alive in allegroserve client."
   :type :system
   :post-loadable t)