Permalink
Browse files

add support for per-hostname ssl-context

  • Loading branch information...
1 parent 494d9cd commit de7735c8f94469f7de5ed445522f319a2a04be5f Roberto De Ioris committed Aug 22, 2012
Showing with 23 additions and 7 deletions.
  1. +5 −1 blastbeat.h
  2. +2 −1 blastbeat.ini
  3. +5 −2 src/config.c
  4. +1 −1 src/main.c
  5. +10 −2 src/ssl.c
View
@@ -513,6 +513,10 @@ struct bb_vhost_acceptor {
struct bb_hostname {
char *name;
size_t len;
+
+ // this could be overwritten multiple times by the dealers
+ SSL_CTX *ctx;
+
struct bb_virtualhost *vhost;
struct bb_hostname *next;
};
@@ -658,7 +662,7 @@ int bb_http_send_body(struct bb_session *, char *, size_t);
int bb_websocket_func(struct bb_connection *, char *, size_t);
-struct bb_virtualhost *bb_vhost_get(char *, size_t);
+struct bb_virtualhost *bb_vhost_get(char *, size_t, struct bb_hostname **);
void bb_vhost_push_acceptor(struct bb_virtualhost *, struct bb_acceptor *);
int bb_manage_cache(struct bb_session *, char *, size_t);
View
@@ -1,5 +1,6 @@
[blastbeat]
-bind = 0.0.0.0:8080
+; set a priority of 17 for clustering
+bind = 0.0.0.0:8080 17
;bind = 192.168.173.5:8081
bind = 0.0.0.0:8082
bind = 0.0.0.0:8083
View
@@ -43,7 +43,7 @@ static int bb_hostname_compare(struct bb_hostname *bbhn, char *name, size_t len)
// add the hostname to the hostnames hash
static int bb_hostname_add(char *name, size_t len, struct bb_virtualhost *vhost) {
- struct bb_virtualhost *already = bb_vhost_get(name, len);
+ struct bb_virtualhost *already = bb_vhost_get(name, len, NULL);
if (already) {
fprintf(stderr,"!!! hostname \"%.*s\" is already configured for virtualhost \"%.*s\" !!!\n", (int) len, name, (int) already->len, already->name);
return -1;
@@ -77,12 +77,15 @@ static int bb_hostname_add(char *name, size_t len, struct bb_virtualhost *vhost)
}
// get a vhost by hostname
-struct bb_virtualhost *bb_vhost_get(char *name, size_t len) {
+struct bb_virtualhost *bb_vhost_get(char *name, size_t len, struct bb_hostname **hostname) {
uint32_t hnht_pos = djb2_hash_hostname(name, len);
struct bb_hostname *bbhn = blastbeat.hnht[hnht_pos];
while(bbhn) {
if (bb_hostname_compare(bbhn, name, len)) {
+ if (hostname) {
+ *hostname = bbhn;
+ }
return bbhn->vhost;
}
bbhn = bbhn->next;
View
@@ -154,7 +154,7 @@ void bb_connection_close(struct bb_connection *bbc) {
int bb_set_dealer(struct bb_session *bbs, char *name, size_t len) {
// get the virtualhost from the hostname
- struct bb_virtualhost *vhost = bb_vhost_get(name, len);
+ struct bb_virtualhost *vhost = bb_vhost_get(name, len, NULL);
if (!vhost) return -1;
// check if the virtualhost is allowed in that acceptor
View
@@ -102,6 +102,7 @@ static int bb_ssl_servername(SSL *ssl,int *ad, void *arg) {
size_t servername_len = strlen(servername);
struct bb_virtualhost *vhost = NULL;
+ struct bb_hostname *bbhn = NULL;
if (bba->addr.in4.sin_port != htons(443) && !strchr(servername, ':')) {
size_t port_len = strlen(bba->port_str);
@@ -110,14 +111,21 @@ static int bb_ssl_servername(SSL *ssl,int *ad, void *arg) {
memcpy(new_sn, servername, servername_len);
memcpy(new_sn + servername_len, bba->port_str, port_len);
- vhost = bb_vhost_get(new_sn, servername_len+port_len);
+ vhost = bb_vhost_get(new_sn, servername_len+port_len, &bbhn);
bb_free(new_sn, servername_len+port_len);
}
else {
- vhost = bb_vhost_get((char *)servername, servername_len);
+ vhost = bb_vhost_get((char *)servername, servername_len, &bbhn);
}
if (!vhost) return SSL_TLSEXT_ERR_NOACK;
+
+ // prefer dealer-defined context
+ if (bbhn->ctx) {
+ SSL_set_SSL_CTX(ssl, bbhn->ctx);
+ return SSL_TLSEXT_ERR_OK;
+ }
+
if (!vhost->ctx) return SSL_TLSEXT_ERR_NOACK;
SSL_set_SSL_CTX(ssl, vhost->ctx);

0 comments on commit de7735c

Please sign in to comment.