[Feature] Allow https maps

author Vsevolod Stakhov <vsevolod@highsecure.ru>

Mon, 13 Jun 2016 14:44:16 +0000 (15:44 +0100)

committer Vsevolod Stakhov <vsevolod@highsecure.ru>

Mon, 13 Jun 2016 16:31:29 +0000 (17:31 +0100)
author Vsevolod Stakhov <vsevolod@highsecure.ru>
Mon, 13 Jun 2016 14:44:16 +0000 (15:44 +0100)
committer Vsevolod Stakhov <vsevolod@highsecure.ru>
Mon, 13 Jun 2016 16:31:29 +0000 (17:31 +0100)
diff --git a/src/libutil/http.c b/src/libutil/http.c

index 46ebf486c9f3909754aa328c2dd32e142be5a06c..b4a1692ccf0a9bdc531321c1933df80e1d7b13db 100644 (file)
--- a/src/libutil/http.c
+++ b/src/libutil/http.c
@@ -1948,7 +1948,7 @@ rspamd_http_connection_write_message_common (struct rspamd_http_connection *conn
                         return;
                 }
                 else {
-                       priv->ssl = rspamd_ssl_connection_new (priv->ssl_ctx);
+                       priv->ssl = rspamd_ssl_connection_new (priv->ssl_ctx, base);
                         g_assert (priv->ssl != NULL);
  
                         if (!rspamd_ssl_connect_fd (priv->ssl, fd, host, &priv->ev,
diff --git a/src/libutil/map.c b/src/libutil/map.c

index 6bc0ef257ec7e5f788f953a37de559091e0deaa0..d334f68eee8b9f4b9d3997d6708ce71d1edeaa8f 100644 (file)
--- a/src/libutil/map.c
+++ b/src/libutil/map.c
@@ -80,6 +80,10 @@ write_http_request (struct http_callback_data *cbd)
         if (cbd->fd != -1) {
                 msg = rspamd_http_new_message (HTTP_REQUEST);
  
+               if (cbd->bk->protocol == MAP_PROTO_HTTPS) {
+                       msg->flags |= RSPAMD_HTTP_FLAG_SSL;
+               }
+
                 if (cbd->check) {
                         msg->method = HTTP_HEAD;
                 }
@@ -652,7 +656,7 @@ rspamd_map_dns_callback (struct rdns_reply *reply, void *arg)
                                                                         RSPAMD_HTTP_CLIENT_SIMPLE,
                                                         RSPAMD_HTTP_CLIENT,
                                                         NULL,
-                                                       NULL);
+                                                       cbd->map->cfg->libs_ctx->ssl_ctx);
  
                                         write_http_request (cbd);
                                 }
@@ -857,7 +861,7 @@ rspamd_map_periodic_callback (gint fd, short what, void *ud)
  
         if (cbd->need_modify) {
                 /* Load data from the next backend */
-               if (bk->protocol == MAP_PROTO_HTTP) {
+               if (bk->protocol == MAP_PROTO_HTTP || bk->protocol == MAP_PROTO_HTTPS) {
                         rspamd_map_http_read_callback (fd, what, cbd);
                 }
                 else {
@@ -866,7 +870,7 @@ rspamd_map_periodic_callback (gint fd, short what, void *ud)
         }
         else {
                 /* Check the next backend */
-               if (bk->protocol == MAP_PROTO_HTTP) {
+               if (bk->protocol == MAP_PROTO_HTTP || bk->protocol == MAP_PROTO_HTTPS) {
                         rspamd_map_http_check_callback (fd, what, cbd);
                 }
                 else {
@@ -985,13 +989,18 @@ rspamd_map_check_proto (struct rspamd_config *cfg,
  
         bk->protocol = MAP_PROTO_FILE;
  
-       if (g_ascii_strncasecmp (pos, "http://",
-                       sizeof ("http://") - 1) == 0) {
+       if (g_ascii_strncasecmp (pos, "http://", sizeof ("http://") - 1) == 0) {
                 bk->protocol = MAP_PROTO_HTTP;
                 /* Include http:// */
                 bk->uri = g_strdup (pos);
                 pos += sizeof ("http://") - 1;
         }
+       else if (g_ascii_strncasecmp (pos, "https://", sizeof ("https://") - 1) == 0) {
+               bk->protocol = MAP_PROTO_HTTPS;
+               /* Include http:// */
+               bk->uri = g_strdup (pos);
+               pos += sizeof ("https://") - 1;
+       }
         else if (g_ascii_strncasecmp (pos, "file://", sizeof ("file://") -
                         1) == 0) {
                 pos += sizeof ("file://") - 1;
@@ -1086,7 +1095,7 @@ rspamd_map_parse_backend (struct rspamd_config *cfg, const gchar *map_line)
                 fdata->filename = g_strdup (bk->uri);
                 bk->data.fd = fdata;
         }
-       else if (bk->protocol == MAP_PROTO_HTTP) {
+       else if (bk->protocol == MAP_PROTO_HTTP || bk->protocol == MAP_PROTO_HTTPS) {
                 hdata = g_slice_alloc0 (sizeof (struct http_map_data));
  
                 memset (&up, 0, sizeof (up));
@@ -1109,7 +1118,12 @@ rspamd_map_parse_backend (struct rspamd_config *cfg, const gchar *map_line)
                                 hdata->port = up.port;
                         }
                         else {
-                               hdata->port = 80;
+                               if (bk->protocol == MAP_PROTO_HTTP) {
+                                       hdata->port = 80;
+                               }
+                               else {
+                                       hdata->port = 443;
+                               }
                         }
  
                         if (up.field_set & 1 << UF_PATH) {
diff --git a/src/libutil/map_private.h b/src/libutil/map_private.h

index 9bdca5f9016ec7d14c32e4715d904257a9ece01c..0370fc607fe5f7b6c24ca0faa8e1fc598f72fb4a 100644 (file)
--- a/src/libutil/map_private.h
+++ b/src/libutil/map_private.h
@@ -44,6 +44,7 @@ typedef void (*rspamd_map_dtor) (gpointer p);
  enum fetch_proto {
         MAP_PROTO_FILE,
         MAP_PROTO_HTTP,
+       MAP_PROTO_HTTPS
  };
  
  struct rspamd_map_backend {
diff --git a/src/libutil/ssl_util.c b/src/libutil/ssl_util.c

index 6c426761b8ea8ad86de25a76d39afa7cc8b1110c..17bd2880d42e6b04c05b6923a53c16e4be1b2dc1 100644 (file)
--- a/src/libutil/ssl_util.c
+++ b/src/libutil/ssl_util.c
@@ -392,13 +392,14 @@ rspamd_ssl_event_handler (gint fd, short what, gpointer ud)
  }
  
  struct rspamd_ssl_connection *
-rspamd_ssl_connection_new (gpointer ssl_ctx)
+rspamd_ssl_connection_new (gpointer ssl_ctx, struct event_base *ev_base)
  {
         struct rspamd_ssl_connection *c;
  
         g_assert (ssl_ctx != NULL);
         c = g_slice_alloc0 (sizeof (*c));
         c->ssl = SSL_new (ssl_ctx);
+       c->ev_base = ev_base;
  
         return c;
  }
@@ -424,7 +425,6 @@ rspamd_ssl_connect_fd (struct rspamd_ssl_connection *conn, gint fd,
         conn->handler = handler;
         conn->err_handler = err_handler;
         conn->handler_data = handler_data;
-       conn->ev_base = event_get_base (ev);
  
         if (SSL_set_fd (conn->ssl, fd) != 1) {
                 return FALSE;
@@ -444,7 +444,9 @@ rspamd_ssl_connect_fd (struct rspamd_ssl_connection *conn, gint fd,
         if (ret == 1) {
                 conn->state = ssl_conn_connected;
                 event_set (ev, fd, EV_WRITE, rspamd_ssl_event_handler, conn);
-               event_base_set (conn->ev_base, ev);
+               if (conn->ev_base) {
+                       event_base_set (conn->ev_base, ev);
+               }
                 event_add (ev, tv);
         }
         else {
diff --git a/src/libutil/ssl_util.h b/src/libutil/ssl_util.h

index 1fcd65a3517f2e0939db7645e62273e1e7b755ba..719c8ffd1502225550dc2b0cd7422b76e391e520 100644 (file)
--- a/src/libutil/ssl_util.h
+++ b/src/libutil/ssl_util.h
@@ -29,7 +29,8 @@ typedef void (*rspamd_ssl_error_handler_t)(gpointer d, GError *err);
   * @param ssl_ctx initialized SSL_CTX structure
   * @return opaque connection data
   */
-struct rspamd_ssl_connection * rspamd_ssl_connection_new (gpointer ssl_ctx);
+struct rspamd_ssl_connection * rspamd_ssl_connection_new (gpointer ssl_ctx,
+               struct event_base *ev_base);
  
  /**
   * Connects SSL session using the specified (connected) FD
diff --git a/src/lua/lua_map.c b/src/lua/lua_map.c

index a74ee205c87c2b450595ef9eec3b21d35341408f..cf2b29f04032a88ba4e16fa7735f0faa6c3addec 100644 (file)
--- a/src/lua/lua_map.c
+++ b/src/lua/lua_map.c
@@ -621,6 +621,9 @@ lua_map_get_proto (lua_State *L)
                                 case MAP_PROTO_HTTP:
                                         ret = "http";
                                         break;
+                               case MAP_PROTO_HTTPS:
+                                       ret = "https";
+                                       break;
                                 }
                                 lua_pushstring (L, ret);
                         }
author	Vsevolod Stakhov <vsevolod@highsecure.ru>
	Mon, 13 Jun 2016 14:44:16 +0000 (15:44 +0100)
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>
	Mon, 13 Jun 2016 16:31:29 +0000 (17:31 +0100)
src/libutil/http.c		patch \| blob \| history
src/libutil/map.c		patch \| blob \| history
src/libutil/map_private.h		patch \| blob \| history
src/libutil/ssl_util.c		patch \| blob \| history
src/libutil/ssl_util.h		patch \| blob \| history
src/lua/lua_map.c		patch \| blob \| history