Permalink
Browse files

added support for OTP new ssl implementation

  • Loading branch information...
1 parent bd0bf89 commit d4fec792ddc73f475514fbf41974a05d65a801aa @klacke committed Feb 1, 2010
Showing with 28 additions and 16 deletions.
  1. +5 −1 man/yaws.conf.5
  2. +12 −4 scripts/yaws.conf.template
  3. +3 −7 src/yaws.erl
  4. +2 −2 src/yaws_config.erl
  5. +6 −2 src/yaws_server.erl
View
@@ -92,7 +92,11 @@ to the yaws start script, this value is automatically set to 0.
This enables traffic or http tracing. Tracing is also possible to enable with
a command line flag to yaws. Default is false.
-
+.TP
+\fBuse_old_ssl = true | false\fR
+This re-enables the old OTP ssl implementation. By default we use the
+new ssl implementation.
+
.TP
\fB auth_log = true | false\fR
Enable or disable the auth log. Default is true.
View
@@ -37,8 +37,9 @@ max_connections = nolimit
trace = false
-
-
+# Enable this if we want to use the old OTP ssl implementation
+# OTP R13B03 is known to work with this flag set to false (default)
+use_old_ssl = false
# it is possible to have yaws start additional
@@ -85,7 +86,10 @@ auth_log = true
# name. Yaws will write a number of runtime files under
# ${HOME}/.yaws/yaws/${id}
# The default value is "default"
-
+# If we're not planning to run multiple webservers on the
+# same host it's mych better to leave this value unset since
+# then all the ctl function (--stop et.el) work without having
+# to supply the id.
# id = myname
@@ -95,6 +99,7 @@ auth_log = true
# header doesn't match any name on any Host
# This is often nice in testing environments but not
# acceptable in real live hosting scenarios
+# think http://suckmydick.bigcompany.com
pick_first_virthost_on_nomatch = true
@@ -106,7 +111,9 @@ pick_first_virthost_on_nomatch = true
# a privileged port.
# If we use this feature, it requires fdsrv to be properly installed.
# Doesn't yet work with SSL.
-# Read http://yaws.hyber.org/privbind.yaws for more info
+# Read http://yaws.hyber.org/privbind.yaws for more info and a better
+# solution than fd_srv
+
use_fdsrv = false
@@ -149,6 +156,7 @@ use_fdsrv = false
<ssl>
keyfile = %certdir%/yaws-key.pem
certfile = %certdir%/yaws-cert.pem
+ depth = 0
</ssl>
</server>
View
@@ -12,8 +12,6 @@
-include("../include/yaws_api.hrl").
-include("yaws_debug.hrl").
-
-
-include_lib("kernel/include/file.hrl").
-export([start/0, stop/0, hup/1, restart/0, modules/0, load/0]).
-export([start_embedded/1, start_embedded/2, start_embedded/3,
@@ -1774,7 +1772,6 @@ do_recv(Sock, Num, nossl) ->
do_recv(Sock, Num, ssl) ->
ssl:recv(Sock, Num, ?READ_TIMEOUT).
-
cli_recv(S, Num, SslBool) ->
Res = do_recv(S, Num, SslBool),
cli_recv_trace((get(gc))#gconf.trace, Res),
@@ -1883,7 +1880,6 @@ setopts(Sock, Opts, ssl) ->
ok = ssl:setopts(Sock, Opts).
do_http_get_headers(CliSock, SSL) ->
- setopts(CliSock, [{packet, http}], SSL),
case http_recv_request(CliSock,SSL) of
bad_request ->
{#http_request{method=bad_request, version={0,9}},
@@ -1897,6 +1893,7 @@ do_http_get_headers(CliSock, SSL) ->
http_recv_request(CliSock, SSL) ->
+ setopts(CliSock, [{packet, http}], SSL),
case do_recv(CliSock, 0, SSL) of
{ok, R} when is_record(R, http_request) ->
R;
@@ -1912,13 +1909,12 @@ http_recv_request(CliSock, SSL) ->
closed;
{error, timeout} -> closed;
_Other ->
- ?Debug("Got ~p~n", [_Other]),
+ error_logger:format("Unhandled reply fr. do_recv() ~p~n", [_Other]),
exit(normal)
end.
-
-
http_collect_headers(CliSock, Req, H, SSL, Count) when Count < 1000 ->
+ setopts(CliSock, [{packet, httph}], SSL),
Recv = do_recv(CliSock, 0, SSL),
case Recv of
{ok, {http_header, _Num, 'Host', _, Host}} ->
View
@@ -1103,15 +1103,15 @@ fload(FD, ssl, GC, C, Cs, Lno, Chars) ->
end;
["depth", '=', Val0] ->
Val = (catch list_to_integer(Val0)),
- case lists:member(Val, [1,2,3,4,5,6,7]) of
+ case lists:member(Val, [0, 1,2,3,4,5,6,7]) of
true when is_record(C#sconf.ssl, ssl) ->
C2 = C#sconf{ssl = (C#sconf.ssl)#ssl{depth = Val}},
fload(FD, ssl, GC, C2, Cs, Lno+1, Next);
true ->
{error, ?F("Need to set option ssl to true before line ~w",
[Lno])};
_ ->
- {error, ?F("Expect reasonable integer at line ~w", [Lno])}
+ {error, ?F("Expect integer 0..7 at line ~w", [Lno])}
end;
["password", '=', Val] ->
if
View
@@ -860,11 +860,15 @@ ssl_listen_opts(GC, SSL) ->
true ->
false
end,
+ if SSL#ssl.depth /= undefined ->
+ {depth, SSL#ssl.depth};
+ true ->
+ false
+ end,
if ?gc_use_old_ssl(GC) ->
false;
true ->
- %%{ssl_imp, new} - still doesn't work (R13B)
- false
+ {ssl_imp, new}
end
],
filter_false(L).

0 comments on commit d4fec79

Please sign in to comment.