From 4a486de7c9db11591840c451ebb84c3ac1b2e8b9 Mon Sep 17 00:00:00 2001 From: Matthias Kortstiege Date: Wed, 10 Dec 2008 14:51:56 +0100 Subject: updated ssl patch --- README | 6 ++++-- pages/vlc.ecpp | 11 ++--------- setup.cpp | 16 ++++++++++++---- setup.h | 2 ++ tntconfig.cpp | 29 ++++++++--------------------- 5 files changed, 28 insertions(+), 36 deletions(-) diff --git a/README b/README index 3eaa56d..6edeb8c 100644 --- a/README +++ b/README @@ -161,8 +161,10 @@ SSL Commandline options -s PORT, --sslport=PORT use PORT to listen for incoming ssl connections (default: 8443) - -c CERT, --cert=CERT path to a custom ssl certificate + -c CERT, --cert=CERT path to a custom ssl certificate file (default: $CONFIGDIR/live.pem) + -k KEY, --cert=CERT path to a custom ssl certificate key file + (default: $CONFIGDIR/live-key.pem) Creating a self-signed SSL server certificate @@ -172,7 +174,7 @@ To create a self-signed certificate file you`ll have to run this litte command. $> cd /put/your/path/here/vdr/plugins/live - $> openssl req -new -x509 -keyout server.pem -out live.pem -days 365 -nodes + $> openssl req -new -x509 -keyout live-key.pem -out live.pem -days 365 -nodes While generating the certifcate you`ll be asked to answer a couple of questions. When it prompts to enter the "Common Name" you`ll have to diff --git a/pages/vlc.ecpp b/pages/vlc.ecpp index d1afd67..db2a74d 100644 --- a/pages/vlc.ecpp +++ b/pages/vlc.ecpp @@ -96,9 +96,7 @@ using namespace vdrlive; <%cpp> #if TNTVERSION >= 1606 string server = request.getHost(); - if (Channel != 0) { - server = server.substr(0, server.rfind(':')); - } + server = server.substr(0, server.rfind(':')); #else string server = request.getServerIp(); #endif @@ -108,12 +106,7 @@ using namespace vdrlive; videourl = string("http://") + server + ":" + lexical_cast(streamdevPort) + "/" + LiveSetup().GetStreamdevType() + "/" + *Channel->GetChannelID().ToString(); } else { -#if TNTVERSION >= 1606 -# define SERVER_AND_PORT server -#else -# define SERVER_AND_PORT server + ":" + lexical_cast(LiveSetup().GetServerPort()); -#endif - videourl = string("http://") + SERVER_AND_PORT + "/recstream.html?recid=" + recid; + videourl = string("http://") + server + ":" + lexical_cast(LiveSetup().GetServerPort()) + "/recstream.html?recid=" + recid; } diff --git a/setup.cpp b/setup.cpp index 2be03cd..2bdf7bd 100644 --- a/setup.cpp +++ b/setup.cpp @@ -26,6 +26,7 @@ Setup::Setup(): #if TNTSSLSUPPORT m_serverSslPort( 8443 ), m_serverSslCert(), + m_serverSslKey(), #endif m_lastChannel( 0 ), m_screenshotInterval( 1000 ), @@ -57,6 +58,7 @@ bool Setup::ParseCommandLine( int argc, char* argv[] ) #if TNTSSLSUPPORT { "sslport", required_argument, NULL, 's' }, { "cert", required_argument, NULL, 'c' }, + { "key", required_argument, NULL, 'k' }, #endif { 0 } }; @@ -71,6 +73,7 @@ bool Setup::ParseCommandLine( int argc, char* argv[] ) #if TNTSSLSUPPORT case 's': m_serverSslPort = atoi( optarg ); break; case 'c': m_serverSslCert = optarg; break; + case 'k': m_serverSslKey = optarg; break; #endif default: return false; } @@ -96,6 +99,7 @@ char const* Setup::CommandLineHelp() const << " -s PORT, --sslport=PORT use PORT to listen for incoming ssl connections\n" " (default: " << m_serverSslPort << ")\n" << " -c CERT, --cert=CERT full path to a custom ssl certificate file\n" + << " -k KEY, --key=KEY full path to a custom ssl certificate key file\n" #endif << " -l level, --log=level log level for tntnet (values: INFO, DEBUG,...)\n" << " -e , --epgimages= directory for epgimages\n"; @@ -153,16 +157,20 @@ bool Setup::CheckServerSslPort() bool Setup::CheckServerIps() { + struct in6_addr buf; + if ( m_serverIps.empty() ) { - m_serverIps.push_back( "0.0.0.0" ); + m_serverIps.push_back( "::" ); return true; } for ( IpList::const_iterator ip = m_serverIps.begin(); ip != m_serverIps.end(); ++ip ) { if ( inet_addr( ip->c_str() ) == static_cast< in_addr_t >( -1 ) ) { - esyslog( "ERROR: live server ip %s is not a valid ip address", ip->c_str() ); - cerr << "ERROR: live server ip " << *ip << " is not a valid ip address" << endl; - return false; + if ( ! inet_pton( AF_INET6, ip->c_str(), &buf ) ) { + esyslog( "ERROR: live server ip %s is not a valid ip address", ip->c_str() ); + cerr << "ERROR: live server ip " << *ip << " is not a valid ip address" << endl; + return false; + } } } return true; diff --git a/setup.h b/setup.h index 1cf153f..dd315c1 100644 --- a/setup.h +++ b/setup.h @@ -34,6 +34,7 @@ class Setup #if TNTSSLSUPPORT int GetServerSslPort() const { return m_serverSslPort; } std::string GetServerSslCert() const { return m_serverSslCert; } + std::string GetServerSslKey() const { return m_serverSslKey; } #endif IpList const& GetServerIps() const { return m_serverIps; } // vdr-setup @@ -106,6 +107,7 @@ class Setup #if TNTSSLSUPPORT int m_serverSslPort; std::string m_serverSslCert; + std::string m_serverSslKey; static std::string m_configDirectory; #endif IpList m_serverIps; diff --git a/tntconfig.cpp b/tntconfig.cpp index 71bee4d..23943a5 100644 --- a/tntconfig.cpp +++ b/tntconfig.cpp @@ -128,24 +128,6 @@ namespace vdrlive { for ( Setup::IpList::const_iterator ip = ips.begin(); ip != ips.end(); ++ip ) { file << "Listen " << *ip << " " << port << endl; } - -// not used any more see below: #ifdef TNTVERS7 -// not used any more see below: int s_port = LiveSetup().GetServerSslPort(); -// not used any more see below: string s_cert = LiveSetup().GetServerSslCert(); -// not used any more see below: -// not used any more see below: if (s_cert.empty()) { -// not used any more see below: s_cert = configDir + "/live.pem"; -// not used any more see below: } -// not used any more see below: -// not used any more see below: if ( ifstream( s_cert.c_str() ) ) { -// not used any more see below: for ( Setup::IpList::const_iterator ip = ips.begin(); ip != ips.end(); ++ip ) { -// not used any more see below: file << "SslListen " << *ip << " " << s_port << " " << s_cert << endl; -// not used any more see below: } -// not used any more see below: } -// not used any more see below: else { -// not used any more see below: esyslog( "ERROR: %s: %s", s_cert.c_str(), strerror( errno ) ); -// not used any more see below: } -// not used any more see below: #endif } #endif @@ -277,18 +259,23 @@ namespace vdrlive { #if TNTSSLSUPPORT int s_port = LiveSetup().GetServerSslPort(); string s_cert = LiveSetup().GetServerSslCert(); + string s_key = LiveSetup().GetServerSslKey(); if (s_cert.empty()) { s_cert = configDir + "/live.pem"; } - if ( ifstream( s_cert.c_str() ) ) { + if (s_key.empty()) { + s_key = configDir + "/live-key.pem"; + } + + if ( ifstream( s_cert.c_str() ) && ifstream( s_key.c_str() ) ) { for ( Setup::IpList::const_iterator ip = ips.begin(); ip != ips.end(); ++ip ) { - app.sslListen(s_cert, s_cert, *ip, s_port); + app.sslListen(s_cert, s_key, *ip, s_port); } } else { - esyslog( "ERROR: %s: %s", s_cert.c_str(), strerror( errno ) ); + esyslog( "ERROR: Unable to load cert/key (%s/%s): %s", s_cert.c_str(), s_key.c_str(), strerror( errno ) ); } #endif // TNTSSLSUPPORT -- cgit v1.2.3