[Feature] Allow https maps

6 files changed, 33 insertions, 12 deletions

diff --git a/src/libutil/http.c b/src/libutil/http.c
index 46ebf486c..b4a1692cc 100644
--- a/src/libutil/http.c
+++ b/src/libutil/http.c
@@ -1948,7 +1948,7 @@ rspamd_http_connection_write_message_common (struct rspamd_http_connection *conn
 			return;
 		}
 		else {
-			priv->ssl = rspamd_ssl_connection_new (priv->ssl_ctx);
+			priv->ssl = rspamd_ssl_connection_new (priv->ssl_ctx, base);
 			g_assert (priv->ssl != NULL);
 
 			if (!rspamd_ssl_connect_fd (priv->ssl, fd, host, &priv->ev,
diff --git a/src/libutil/map.c b/src/libutil/map.c
index 6bc0ef257..d334f68ee 100644
--- a/src/libutil/map.c
+++ b/src/libutil/map.c
@@ -80,6 +80,10 @@ write_http_request (struct http_callback_data *cbd)
 	if (cbd->fd != -1) {
 		msg = rspamd_http_new_message (HTTP_REQUEST);
 
+		if (cbd->bk->protocol == MAP_PROTO_HTTPS) {
+			msg->flags |= RSPAMD_HTTP_FLAG_SSL;
+		}
+
 		if (cbd->check) {
 			msg->method = HTTP_HEAD;
 		}
@@ -652,7 +656,7 @@ rspamd_map_dns_callback (struct rdns_reply *reply, void *arg)
 									RSPAMD_HTTP_CLIENT_SIMPLE,
 							RSPAMD_HTTP_CLIENT,
 							NULL,
-							NULL);
+							cbd->map->cfg->libs_ctx->ssl_ctx);
 
 					write_http_request (cbd);
 				}
@@ -857,7 +861,7 @@ rspamd_map_periodic_callback (gint fd, short what, void *ud)
 
 	if (cbd->need_modify) {
 		/* Load data from the next backend */
-		if (bk->protocol == MAP_PROTO_HTTP) {
+		if (bk->protocol == MAP_PROTO_HTTP || bk->protocol == MAP_PROTO_HTTPS) {
 			rspamd_map_http_read_callback (fd, what, cbd);
 		}
 		else {
@@ -866,7 +870,7 @@ rspamd_map_periodic_callback (gint fd, short what, void *ud)
 	}
 	else {
 		/* Check the next backend */
-		if (bk->protocol == MAP_PROTO_HTTP) {
+		if (bk->protocol == MAP_PROTO_HTTP || bk->protocol == MAP_PROTO_HTTPS) {
 			rspamd_map_http_check_callback (fd, what, cbd);
 		}
 		else {
@@ -985,13 +989,18 @@ rspamd_map_check_proto (struct rspamd_config *cfg,
 
 	bk->protocol = MAP_PROTO_FILE;
 
-	if (g_ascii_strncasecmp (pos, "http://",
-			sizeof ("http://") - 1) == 0) {
+	if (g_ascii_strncasecmp (pos, "http://", sizeof ("http://") - 1) == 0) {
 		bk->protocol = MAP_PROTO_HTTP;
 		/* Include http:// */
 		bk->uri = g_strdup (pos);
 		pos += sizeof ("http://") - 1;
 	}
+	else if (g_ascii_strncasecmp (pos, "https://", sizeof ("https://") - 1) == 0) {
+		bk->protocol = MAP_PROTO_HTTPS;
+		/* Include http:// */
+		bk->uri = g_strdup (pos);
+		pos += sizeof ("https://") - 1;
+	}
 	else if (g_ascii_strncasecmp (pos, "file://", sizeof ("file://") -
 			1) == 0) {
 		pos += sizeof ("file://") - 1;
@@ -1086,7 +1095,7 @@ rspamd_map_parse_backend (struct rspamd_config *cfg, const gchar *map_line)
 		fdata->filename = g_strdup (bk->uri);
 		bk->data.fd = fdata;
 	}
-	else if (bk->protocol == MAP_PROTO_HTTP) {
+	else if (bk->protocol == MAP_PROTO_HTTP || bk->protocol == MAP_PROTO_HTTPS) {
 		hdata = g_slice_alloc0 (sizeof (struct http_map_data));
 
 		memset (&up, 0, sizeof (up));
@@ -1109,7 +1118,12 @@ rspamd_map_parse_backend (struct rspamd_config *cfg, const gchar *map_line)
 				hdata->port = up.port;
 			}
 			else {
-				hdata->port = 80;
+				if (bk->protocol == MAP_PROTO_HTTP) {
+					hdata->port = 80;
+				}
+				else {
+					hdata->port = 443;
+				}
 			}
 
 			if (up.field_set & 1 << UF_PATH) {
diff --git a/src/libutil/map_private.h b/src/libutil/map_private.h
index 9bdca5f90..0370fc607 100644
--- a/src/libutil/map_private.h
+++ b/src/libutil/map_private.h
@@ -44,6 +44,7 @@ typedef void (*rspamd_map_dtor) (gpointer p);
 enum fetch_proto {
 	MAP_PROTO_FILE,
 	MAP_PROTO_HTTP,
+	MAP_PROTO_HTTPS
 };
 
 struct rspamd_map_backend {
diff --git a/src/libutil/ssl_util.c b/src/libutil/ssl_util.c
index 6c426761b..17bd2880d 100644
--- a/src/libutil/ssl_util.c
+++ b/src/libutil/ssl_util.c
@@ -392,13 +392,14 @@ rspamd_ssl_event_handler (gint fd, short what, gpointer ud)
 }
 
 struct rspamd_ssl_connection *
-rspamd_ssl_connection_new (gpointer ssl_ctx)
+rspamd_ssl_connection_new (gpointer ssl_ctx, struct event_base *ev_base)
 {
 	struct rspamd_ssl_connection *c;
 
 	g_assert (ssl_ctx != NULL);
 	c = g_slice_alloc0 (sizeof (*c));
 	c->ssl = SSL_new (ssl_ctx);
+	c->ev_base = ev_base;
 
 	return c;
 }
@@ -424,7 +425,6 @@ rspamd_ssl_connect_fd (struct rspamd_ssl_connection *conn, gint fd,
 	conn->handler = handler;
 	conn->err_handler = err_handler;
 	conn->handler_data = handler_data;
-	conn->ev_base = event_get_base (ev);
 
 	if (SSL_set_fd (conn->ssl, fd) != 1) {
 		return FALSE;
@@ -444,7 +444,9 @@ rspamd_ssl_connect_fd (struct rspamd_ssl_connection *conn, gint fd,
 	if (ret == 1) {
 		conn->state = ssl_conn_connected;
 		event_set (ev, fd, EV_WRITE, rspamd_ssl_event_handler, conn);
-		event_base_set (conn->ev_base, ev);
+		if (conn->ev_base) {
+			event_base_set (conn->ev_base, ev);
+		}
 		event_add (ev, tv);
 	}
 	else {
diff --git a/src/libutil/ssl_util.h b/src/libutil/ssl_util.h
index 1fcd65a35..719c8ffd1 100644
--- a/src/libutil/ssl_util.h
+++ b/src/libutil/ssl_util.h
@@ -29,7 +29,8 @@ typedef void (*rspamd_ssl_error_handler_t)(gpointer d, GError *err);
  * @param ssl_ctx initialized SSL_CTX structure
  * @return opaque connection data
  */
-struct rspamd_ssl_connection * rspamd_ssl_connection_new (gpointer ssl_ctx);
+struct rspamd_ssl_connection * rspamd_ssl_connection_new (gpointer ssl_ctx,
+		struct event_base *ev_base);
 
 /**
  * Connects SSL session using the specified (connected) FD
diff --git a/src/lua/lua_map.c b/src/lua/lua_map.c
index a74ee205c..cf2b29f04 100644
--- a/src/lua/lua_map.c
+++ b/src/lua/lua_map.c
@@ -621,6 +621,9 @@ lua_map_get_proto (lua_State *L)
 				case MAP_PROTO_HTTP:
 					ret = "http";
 					break;
+				case MAP_PROTO_HTTPS:
+					ret = "https";
+					break;
 				}
 				lua_pushstring (L, ret);
 			}