From 4a486de7c9db11591840c451ebb84c3ac1b2e8b9 Mon Sep 17 00:00:00 2001
From: Matthias Kortstiege <matthias (at) kortstiege (dot) net>
Date: Wed, 10 Dec 2008 14:51:56 +0100
Subject: updated ssl patch

---
 README         |  6 ++++--
 pages/vlc.ecpp | 11 ++---------
 setup.cpp      | 16 ++++++++++++----
 setup.h        |  2 ++
 tntconfig.cpp  | 29 ++++++++---------------------
 5 files changed, 28 insertions(+), 36 deletions(-)

diff --git a/README b/README
index 3eaa56d..6edeb8c 100644
--- a/README
+++ b/README
@@ -161,8 +161,10 @@ SSL Commandline options
 
   -s PORT,  --sslport=PORT     use PORT to listen for incoming ssl connections
                                (default: 8443)
-  -c CERT,  --cert=CERT        path to a custom ssl certificate
+  -c CERT,  --cert=CERT        path to a custom ssl certificate file
   			       (default: $CONFIGDIR/live.pem)
+  -k KEY,   --cert=CERT        path to a custom ssl certificate key file
+			       (default: $CONFIGDIR/live-key.pem)
 
 
 Creating a self-signed SSL server certificate
@@ -172,7 +174,7 @@ To create a self-signed certificate file you`ll have to run this litte
 command.
 
   $> cd /put/your/path/here/vdr/plugins/live
-  $> openssl req -new -x509 -keyout server.pem -out live.pem -days 365 -nodes
+  $> openssl req -new -x509 -keyout live-key.pem -out live.pem -days 365 -nodes
 
 While generating the certifcate you`ll be asked to answer a couple of
 questions.  When it prompts to enter the "Common Name" you`ll have to
diff --git a/pages/vlc.ecpp b/pages/vlc.ecpp
index d1afd67..db2a74d 100644
--- a/pages/vlc.ecpp
+++ b/pages/vlc.ecpp
@@ -96,9 +96,7 @@ using namespace vdrlive;
 <%cpp>
 #if TNTVERSION >= 1606
 	string server = request.getHost();
-	if (Channel != 0) {
-		server = server.substr(0, server.rfind(':'));
-	}
+	server = server.substr(0, server.rfind(':'));
 #else
 	string server = request.getServerIp();
 #endif
@@ -108,12 +106,7 @@ using namespace vdrlive;
 		videourl = string("http://") + server + ":" + lexical_cast<string,int>(streamdevPort) + "/" + LiveSetup().GetStreamdevType() + "/" + *Channel->GetChannelID().ToString();
 	}
 	else {
-#if TNTVERSION >= 1606
-#  define SERVER_AND_PORT server
-#else
-#  define SERVER_AND_PORT server + ":" + lexical_cast<string,int>(LiveSetup().GetServerPort());
-#endif
-		videourl = string("http://") + SERVER_AND_PORT + "/recstream.html?recid=" + recid;
+		videourl = string("http://") + server + ":" + lexical_cast<string,int>(LiveSetup().GetServerPort()) + "/recstream.html?recid=" + recid;
 	}
 </%cpp>
 			<embed type="application/x-vlc-plugin" pluginspage="http://www.videolan.org/" version="VideoLAN.VLCPlugin.2" id="video1" name="video1" autoplay="yes" loop="no" width="720" height="576" target="<$ videourl $>" />
diff --git a/setup.cpp b/setup.cpp
index 2be03cd..2bdf7bd 100644
--- a/setup.cpp
+++ b/setup.cpp
@@ -26,6 +26,7 @@ Setup::Setup():
 #if TNTSSLSUPPORT
 		m_serverSslPort( 8443 ),
 		m_serverSslCert(),
+		m_serverSslKey(),
 #endif
 		m_lastChannel( 0 ),
 		m_screenshotInterval( 1000 ),
@@ -57,6 +58,7 @@ bool Setup::ParseCommandLine( int argc, char* argv[] )
 #if TNTSSLSUPPORT
 			{ "sslport", required_argument, NULL, 's' },
 			{ "cert", required_argument, NULL, 'c' },
+			{ "key", required_argument, NULL, 'k' },
 #endif
 			{ 0 }
 	};
@@ -71,6 +73,7 @@ bool Setup::ParseCommandLine( int argc, char* argv[] )
 #if TNTSSLSUPPORT
 		case 's': m_serverSslPort = atoi( optarg ); break;
 		case 'c': m_serverSslCert = optarg; break;
+		case 'k': m_serverSslKey = optarg; break;
 #endif
 		default:  return false;
 		}
@@ -96,6 +99,7 @@ char const* Setup::CommandLineHelp() const
 				<< "  -s PORT,  --sslport=PORT     use PORT to listen for incoming ssl connections\n"
 				   "                               (default: " << m_serverSslPort << ")\n"
 				<< "  -c CERT,  --cert=CERT        full path to a custom ssl certificate file\n"
+				<< "  -k KEY,  --key=KEY           full path to a custom ssl certificate key file\n"
 #endif
 				<< "  -l level, --log=level        log level for tntnet (values: INFO, DEBUG,...)\n"
 				<< "  -e <dir>, --epgimages=<dir>  directory for epgimages\n";
@@ -153,16 +157,20 @@ bool Setup::CheckServerSslPort()
 
 bool Setup::CheckServerIps()
 {
+	struct in6_addr buf;
+
 	if ( m_serverIps.empty() ) {
-		m_serverIps.push_back( "0.0.0.0" );
+		m_serverIps.push_back( "::" );
 		return true;
 	}
 
 	for ( IpList::const_iterator ip = m_serverIps.begin(); ip != m_serverIps.end(); ++ip ) {
 		if ( inet_addr( ip->c_str() ) == static_cast< in_addr_t >( -1 ) ) {
-			esyslog( "ERROR: live server ip %s is not a valid ip address", ip->c_str() );
-			cerr << "ERROR: live server ip " << *ip << " is not a valid ip address" << endl;
-			return false;
+			if ( ! inet_pton( AF_INET6, ip->c_str(), &buf ) ) {
+				esyslog( "ERROR: live server ip %s is not a valid ip address", ip->c_str() );
+				cerr << "ERROR: live server ip " << *ip << " is not a valid ip address" << endl;
+				return false;
+			}
 		}
 	}
 	return true;
diff --git a/setup.h b/setup.h
index 1cf153f..dd315c1 100644
--- a/setup.h
+++ b/setup.h
@@ -34,6 +34,7 @@ class Setup
 #if TNTSSLSUPPORT
 		int GetServerSslPort() const { return m_serverSslPort; }
 		std::string GetServerSslCert() const { return m_serverSslCert; }
+		std::string GetServerSslKey() const { return m_serverSslKey; }
 #endif
 		IpList const& GetServerIps() const { return m_serverIps; }
 		// vdr-setup
@@ -106,6 +107,7 @@ class Setup
 #if TNTSSLSUPPORT
 		int m_serverSslPort;
 		std::string m_serverSslCert;
+		std::string m_serverSslKey;
 		static std::string m_configDirectory;
 #endif
 		IpList m_serverIps;
diff --git a/tntconfig.cpp b/tntconfig.cpp
index 71bee4d..23943a5 100644
--- a/tntconfig.cpp
+++ b/tntconfig.cpp
@@ -128,24 +128,6 @@ namespace vdrlive {
 		for ( Setup::IpList::const_iterator ip = ips.begin(); ip != ips.end(); ++ip ) {
 			file << "Listen " << *ip << " " << port << endl;
 		}
-
-// not used any more see below: #ifdef TNTVERS7
-// not used any more see below: 		int s_port = LiveSetup().GetServerSslPort();
-// not used any more see below: 		string s_cert = LiveSetup().GetServerSslCert();
-// not used any more see below: 
-// not used any more see below: 		if (s_cert.empty()) {
-// not used any more see below: 			s_cert = configDir + "/live.pem";
-// not used any more see below: 		}
-// not used any more see below: 
-// not used any more see below: 		if ( ifstream( s_cert.c_str() ) ) {
-// not used any more see below: 			for ( Setup::IpList::const_iterator ip = ips.begin(); ip != ips.end(); ++ip ) {
-// not used any more see below: 				file << "SslListen " << *ip << " " << s_port << " " << s_cert << endl;
-// not used any more see below: 			}
-// not used any more see below: 		}
-// not used any more see below: 		else {
-// not used any more see below: 			esyslog( "ERROR: %s: %s", s_cert.c_str(), strerror( errno ) );
-// not used any more see below: 		}
-// not used any more see below: #endif
 	}
 #endif
 
@@ -277,18 +259,23 @@ namespace vdrlive {
 #if TNTSSLSUPPORT
 		int s_port = LiveSetup().GetServerSslPort();
 		string s_cert = LiveSetup().GetServerSslCert();
+		string s_key = LiveSetup().GetServerSslKey();
 
 		if (s_cert.empty()) {
 			s_cert = configDir + "/live.pem";
 		}
 
-		if ( ifstream( s_cert.c_str() ) ) {
+		if (s_key.empty()) {
+			s_key = configDir + "/live-key.pem";
+		}
+
+		if ( ifstream( s_cert.c_str() ) && ifstream( s_key.c_str() ) ) {
 			for ( Setup::IpList::const_iterator ip = ips.begin(); ip != ips.end(); ++ip ) {
-				app.sslListen(s_cert, s_cert, *ip, s_port);
+				app.sslListen(s_cert, s_key, *ip, s_port);
 			}
 		}
 		else {
-			esyslog( "ERROR: %s: %s", s_cert.c_str(), strerror( errno ) );
+			esyslog( "ERROR: Unable to load cert/key (%s/%s): %s", s_cert.c_str(), s_key.c_str(), strerror( errno ) );
 		}
 #endif // TNTSSLSUPPORT
 
-- 
cgit v1.2.3