From 4a486de7c9db11591840c451ebb84c3ac1b2e8b9 Mon Sep 17 00:00:00 2001 From: Matthias Kortstiege Date: Wed, 10 Dec 2008 14:51:56 +0100 Subject: updated ssl patch --- README | 6 ++++-- pages/vlc.ecpp | 11 ++--------- setup.cpp | 16 ++++++++++++---- setup.h | 2 ++ tntconfig.cpp | 29 ++++++++--------------------- 5 files changed, 28 insertions(+), 36 deletions(-) diff --git a/README b/README index 3eaa56d..6edeb8c 100644 --- a/README +++ b/README @@ -161,8 +161,10 @@ SSL Commandline options -s PORT, --sslport=PORT use PORT to listen for incoming ssl connections (default: 8443) - -c CERT, --cert=CERT path to a custom ssl certificate + -c CERT, --cert=CERT path to a custom ssl certificate file (default: $CONFIGDIR/live.pem) + -k KEY, --cert=CERT path to a custom ssl certificate key file + (default: $CONFIGDIR/live-key.pem) Creating a self-signed SSL server certificate @@ -172,7 +174,7 @@ To create a self-signed certificate file you`ll have to run this litte command. $> cd /put/your/path/here/vdr/plugins/live - $> openssl req -new -x509 -keyout server.pem -out live.pem -days 365 -nodes + $> openssl req -new -x509 -keyout live-key.pem -out live.pem -days 365 -nodes While generating the certifcate you`ll be asked to answer a couple of questions. When it prompts to enter the "Common Name" you`ll have to diff --git a/pages/vlc.ecpp b/pages/vlc.ecpp index d1afd67..db2a74d 100644 --- a/pages/vlc.ecpp +++ b/pages/vlc.ecpp @@ -96,9 +96,7 @@ using namespace vdrlive; <%cpp> #if TNTVERSION >= 1606 string server = request.getHost(); - if (Channel != 0) { - server = server.substr(0, server.rfind(':')); - } + server = server.substr(0, server.rfind(':')); #else string server = request.getServerIp(); #endif @@ -108,12 +106,7 @@ using namespace vdrlive; videourl = string("http://") + server + ":" + lexical_cast(streamdevPort) + "/" + LiveSetup().GetStreamdevType() + "/" + *Channel->GetChannelID().ToString(); } else { -#if TNTVERSION >= 1606 -# define SERVER_AND_PORT server -#else -# define SERVER_AND_PORT server + ":" + lexical_cast(LiveSetup().GetServerPort()); -#endif - videourl = string("http://") + SERVER_AND_PORT + "/recstream.html?recid=" + recid; + videourl = string("http://") + server + ":" + lexical_cast(LiveSetup().GetServerPort()) + "/recstream.html?recid=" + recid; } diff --git a/setup.cpp b/setup.cpp index 2be03cd..2bdf7bd 100644 --- a/setup.cpp +++ b/setup.cpp @@ -26,6 +26,7 @@ Setup::Setup(): #if TNTSSLSUPPORT m_serverSslPort( 8443 ), m_serverSslCert(), + m_serverSslKey(), #endif m_lastChannel( 0 ), m_screenshotInterval( 1000 ), @@ -57,6 +58,7 @@ bool Setup::ParseCommandLine( int argc, char* argv[] ) #if TNTSSLSUPPORT { "sslport", required_argument, NULL, 's' }, { "cert", required_argument, NULL, 'c' }, + { "key", required_argument, NULL, 'k' }, #endif { 0 } }; @@ -71,6 +73,7 @@ bool Setup::ParseCommandLine( int argc, char* argv[] ) #if TNTSSLSUPPORT case 's': m_serverSslPort = atoi( optarg ); break; case 'c': m_serverSslCert = optarg; break; + case 'k': m_serverSslKey = optarg; break; #endif default: return false; } @@ -96,6 +99,7 @@ char const* Setup::CommandLineHelp() const << " -s PORT, --sslport=PORT use PORT to listen for incoming ssl connections\n" " (default: " << m_serverSslPort << ")\n" << " -c CERT, --cert=CERT full path to a custom ssl certificate file\n" + << " -k KEY, --key=KEY full path to a custom ssl certificate key file\n" #endif << " -l level, --log=level log level for tntnet (values: INFO, DEBUG,...)\n" << " -e , --epgimages= directory for epgimages\n"; @@ -153,16 +157,20 @@ bool Setup::CheckServerSslPort() bool Setup::CheckServerIps() { + struct in6_addr buf; + if ( m_serverIps.empty() ) { - m_serverIps.push_back( "0.0.0.0" ); + m_serverIps.push_back( "::" ); return true; } for ( IpList::const_iterator ip = m_serverIps.begin(); ip != m_serverIps.end(); ++ip ) { if ( inet_addr( ip->c_str() ) == static_cast< in_addr_t >( -1 ) ) { - esyslog( "ERROR: live server ip %s is not a valid ip address", ip->c_str() ); - cerr << "ERROR: live server ip " << *ip << " is not a valid ip address" << endl; - return false; + if ( ! inet_pton( AF_INET6, ip->c_str(), &buf ) ) { + esyslog( "ERROR: live server ip %s is not a valid ip address", ip->c_str() ); + cerr << "ERROR: live server ip " << *ip << " is not a valid ip address" << endl; + return false; + } } } return true; diff --git a/setup.h b/setup.h index 1cf153f..dd315c1 100644 --- a/setup.h +++ b/setup.h @@ -34,6 +34,7 @@ class Setup #if TNTSSLSUPPORT int GetServerSslPort() const { return m_serverSslPort; } std::string GetServerSslCert() const { return m_serverSslCert; } + std::string GetServerSslKey() const { return m_serverSslKey; } #endif IpList const& GetServerIps() const { return m_serverIps; } // vdr-setup @@ -106,6 +107,7 @@ class Setup #if TNTSSLSUPPORT int m_serverSslPort; std::string m_serverSslCert; + std::string m_serverSslKey; static std::string m_configDirectory; #endif IpList m_serverIps; diff --git a/tntconfig.cpp b/tntconfig.cpp index 71bee4d..23943a5 100644 --- a/tntconfig.cpp +++ b/tntconfig.cpp @@ -128,24 +128,6 @@ namespace vdrlive { for ( Setup::IpList::const_iterator ip = ips.begin(); ip != ips.end(); ++ip ) { file << "Listen " << *ip << " " << port << endl; } - -// not used any more see below: #ifdef TNTVERS7 -// not used any more see below: int s_port = LiveSetup().GetServerSslPort(); -// not used any more see below: string s_cert = LiveSetup().GetServerSslCert(); -// not used any more see below: -// not used any more see below: if (s_cert.empty()) { -// not used any more see below: s_cert = configDir + "/live.pem"; -// not used any more see below: } -// not used any more see below: -// not used any more see below: if ( ifstream( s_cert.c_str() ) ) { -// not used any more see below: for ( Setup::IpList::const_iterator ip = ips.begin(); ip != ips.end(); ++ip ) { -// not used any more see below: file << "SslListen " << *ip << " " << s_port << " " << s_cert << endl; -// not used any more see below: } -// not used any more see below: } -// not used any more see below: else { -// not used any more see below: esyslog( "ERROR: %s: %s", s_cert.c_str(), strerror( errno ) ); -// not used any more see below: } -// not used any more see below: #endif } #endif @@ -277,18 +259,23 @@ namespace vdrlive { #if TNTSSLSUPPORT int s_port = LiveSetup().GetServerSslPort(); string s_cert = LiveSetup().GetServerSslCert(); + string s_key = LiveSetup().GetServerSslKey(); if (s_cert.empty()) { s_cert = configDir + "/live.pem"; } - if ( ifstream( s_cert.c_str() ) ) { + if (s_key.empty()) { + s_key = configDir + "/live-key.pem"; + } + + if ( ifstream( s_cert.c_str() ) && ifstream( s_key.c_str() ) ) { for ( Setup::IpList::const_iterator ip = ips.begin(); ip != ips.end(); ++ip ) { - app.sslListen(s_cert, s_cert, *ip, s_port); + app.sslListen(s_cert, s_key, *ip, s_port); } } else { - esyslog( "ERROR: %s: %s", s_cert.c_str(), strerror( errno ) ); + esyslog( "ERROR: Unable to load cert/key (%s/%s): %s", s_cert.c_str(), s_key.c_str(), strerror( errno ) ); } #endif // TNTSSLSUPPORT -- cgit v1.2.3 From f9738cfe51da2e3dd0533398e51079f8487b7ff5 Mon Sep 17 00:00:00 2001 From: Dieter Hametner Date: Thu, 11 Dec 2008 00:34:34 +0100 Subject: Preserved enhancements lost by the previous ssl patch --- pages/vlc.ecpp | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/pages/vlc.ecpp b/pages/vlc.ecpp index db2a74d..d1afd67 100644 --- a/pages/vlc.ecpp +++ b/pages/vlc.ecpp @@ -96,7 +96,9 @@ using namespace vdrlive; <%cpp> #if TNTVERSION >= 1606 string server = request.getHost(); - server = server.substr(0, server.rfind(':')); + if (Channel != 0) { + server = server.substr(0, server.rfind(':')); + } #else string server = request.getServerIp(); #endif @@ -106,7 +108,12 @@ using namespace vdrlive; videourl = string("http://") + server + ":" + lexical_cast(streamdevPort) + "/" + LiveSetup().GetStreamdevType() + "/" + *Channel->GetChannelID().ToString(); } else { - videourl = string("http://") + server + ":" + lexical_cast(LiveSetup().GetServerPort()) + "/recstream.html?recid=" + recid; +#if TNTVERSION >= 1606 +# define SERVER_AND_PORT server +#else +# define SERVER_AND_PORT server + ":" + lexical_cast(LiveSetup().GetServerPort()); +#endif + videourl = string("http://") + SERVER_AND_PORT + "/recstream.html?recid=" + recid; } -- cgit v1.2.3 From e3343f602dfe288afa1f027563d307d049d95c1e Mon Sep 17 00:00:00 2001 From: Dieter Hametner Date: Wed, 18 Feb 2009 00:19:32 +0100 Subject: Fixed the need to add an --ip parameter on the live command line if the host had no IPv6 support in the kernel (or module). Don't abort operation if one of the given ips fails at bind call. Abort only if every bind call fails. --- setup.cpp | 39 +++++++++++++++++++++++++++------------ tntconfig.cpp | 13 ++++++++++++- 2 files changed, 39 insertions(+), 13 deletions(-) diff --git a/setup.cpp b/setup.cpp index 2bdf7bd..5b6a9f3 100644 --- a/setup.cpp +++ b/setup.cpp @@ -155,25 +155,40 @@ bool Setup::CheckServerSslPort() } #endif +namespace { + struct IpValidator + { + bool operator() (string const & ip) + { + struct in6_addr buf; + struct in_addr buf4; + + bool valid = inet_aton(ip.c_str(), &buf4) || inet_pton(AF_INET6, ip.c_str(), &buf); + + if (!valid) { + esyslog( "ERROR: live server ip %s is not a valid ip address", ip.c_str()); + cerr << "ERROR: live server ip '" << ip << "' is not a valid ip address" << endl; + } + return valid; + } + }; +} + bool Setup::CheckServerIps() { - struct in6_addr buf; - if ( m_serverIps.empty() ) { + // add a default IPv4 listener address + m_serverIps.push_back( "0.0.0.0" ); + // and be prepared for IPv6 only hosts. m_serverIps.push_back( "::" ); + // we assume these are ok :) return true; } - for ( IpList::const_iterator ip = m_serverIps.begin(); ip != m_serverIps.end(); ++ip ) { - if ( inet_addr( ip->c_str() ) == static_cast< in_addr_t >( -1 ) ) { - if ( ! inet_pton( AF_INET6, ip->c_str(), &buf ) ) { - esyslog( "ERROR: live server ip %s is not a valid ip address", ip->c_str() ); - cerr << "ERROR: live server ip " << *ip << " is not a valid ip address" << endl; - return false; - } - } - } - return true; + IpList::iterator i = partition(m_serverIps.begin(), m_serverIps.end(), IpValidator()); + m_serverIps.erase(i, m_serverIps.end()); + + return !m_serverIps.empty(); } std::string const Setup::GetMD5HashAdminPassword() const diff --git a/tntconfig.cpp b/tntconfig.cpp index 23943a5..d35dad4 100644 --- a/tntconfig.cpp +++ b/tntconfig.cpp @@ -252,8 +252,19 @@ namespace vdrlive { Setup::IpList const& ips = LiveSetup().GetServerIps(); int port = LiveSetup().GetServerPort(); + size_t listenFailures = 0; for ( Setup::IpList::const_iterator ip = ips.begin(); ip != ips.end(); ++ip ) { - app.listen(*ip, port); + try { + app.listen(*ip, port); + } + catch (exception const & ex) { + esyslog("ERROR: live ip = %s is invalid: exception = %s", ip->c_str(), ex.what()); + if (++listenFailures == ips.size()) { + // if no listener was initialized we throw at + // least the last exception to the next layer. + throw; + } + } } #if TNTSSLSUPPORT -- cgit v1.2.3