aniani/gophernicus
1
0
Fork 0
mirror of https://github.com/gophernicus/gophernicus.git synced 2025-01-03 14:56:43 -05:00
Code

Add TLS support for CGI apps and caps.txt via -T <tls port> option

Browse Source
This commit is contained in:
Kim Holviala 2017-02-04 10:18:49 +02:00
parent d3951b52e8
commit 00adea815b
5 changed files with 33 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README
View File

@ -6,6 +6,7 @@ daemon. It is licensed under the BSD license.
Command line options: Command line options:
-h hostname Change server hostname (FQDN) [$HOSTNAME] -h hostname Change server hostname (FQDN) [$HOSTNAME]
-p port Change server port [70] -p port Change server port [70]
-T port Change TLS/SSL port [0 = disabled]
-r root Change gopher root [/var/gopher] -r root Change gopher root [/var/gopher]
-t type Change default gopher filetype [0] -t type Change default gopher filetype [0]
-g mapfile Change gophermap file [gophermap] -g mapfile Change gophermap file [gophermap]
@ -251,6 +252,12 @@ address. The below sample stunnel configuration is all you need to
TLS-enable your gopher server. Well, you'll need a certificate too and for TLS-enable your gopher server. Well, you'll need a certificate too and for
that I recommend Let's Encrypt. that I recommend Let's Encrypt.
In addition to configuring Stunnel for TLS you should add -T <TLS port>
to Gophernicus options so that it knows which connetions are coming in
encrypted and which are not. Using proper -T also makes it possible for
CGI programs to use the $TLS environment variable to know whether the
current request was encrypted or not.
; ;
; Gophernicus behind Stunnel4 for gopher over TLS ; Gophernicus behind Stunnel4 for gopher over TLS

9
file.c
View File

@ -261,12 +261,14 @@ void caps_txt(state *st, shm_state *shm)
"PathKeepPreDelimeter=FALSE" CRLF "PathKeepPreDelimeter=FALSE" CRLF
"ServerSupportsStdinScripts=TRUE" CRLF "ServerSupportsStdinScripts=TRUE" CRLF
"ServerDefaultEncoding=%s" CRLF "ServerDefaultEncoding=%s" CRLF
"ServerTLSPort=%i" CRLF
CRLF CRLF
"ServerSoftware=" SERVER_SOFTWARE CRLF "ServerSoftware=" SERVER_SOFTWARE CRLF
"ServerSoftwareVersion=" VERSION " \"" CODENAME "\"" CRLF "ServerSoftwareVersion=" VERSION " \"" CODENAME "\"" CRLF
"ServerArchitecture=%s" CRLF, "ServerArchitecture=%s" CRLF,
st->session_timeout, st->session_timeout,
strcharset(st->out_charset), strcharset(st->out_charset),
st->server_tls_port,
st->server_platform); st->server_platform);
/* Optional keys */ /* Optional keys */
@ -305,9 +307,16 @@ void setenv_cgi(state *st, char *script)
else else
setenv("SERVER_PROTOCOL", "RFC1436", 1); setenv("SERVER_PROTOCOL", "RFC1436", 1);
if (st->server_port == st->server_tls_port) {
setenv("HTTPS", "on", 1);
setenv("TLS", "on", 1);
}
setenv("SERVER_NAME", st->server_host, 1); setenv("SERVER_NAME", st->server_host, 1);
snprintf(buf, sizeof(buf), "%i", st->server_port); snprintf(buf, sizeof(buf), "%i", st->server_port);
setenv("SERVER_PORT", buf, 1); setenv("SERVER_PORT", buf, 1);
snprintf(buf, sizeof(buf), "%i", st->server_tls_port);
setenv("SERVER_TLS_PORT", buf, 1);
setenv("REQUEST_METHOD", "GET", 1); setenv("REQUEST_METHOD", "GET", 1);
setenv("DOCUMENT_ROOT", st->server_root, 1); setenv("DOCUMENT_ROOT", st->server_root, 1);
setenv("SCRIPT_NAME", st->req_selector, 1); setenv("SCRIPT_NAME", st->req_selector, 1);

1
gophernicus.c
View File

@ -414,6 +414,7 @@ void init_state(state *st)
sstrlcpy(st->server_host, buf); sstrlcpy(st->server_host, buf);
st->server_port = DEFAULT_PORT; st->server_port = DEFAULT_PORT;
st->server_tls_port = DEFAULT_TLS_PORT;
st->default_filetype = DEFAULT_TYPE; st->default_filetype = DEFAULT_TYPE;
sstrlcpy(st->map_file, DEFAULT_MAP); sstrlcpy(st->map_file, DEFAULT_MAP);

26
gophernicus.h
View File

@ -195,18 +195,19 @@ size_t strlcat(char *dst, const char *src, size_t siz);
#define HTTP_USERAGENT "Unknown gopher client" #define HTTP_USERAGENT "Unknown gopher client"
/* Defaults for settings */ /* Defaults for settings */
#define DEFAULT_HOST "localhost" #define DEFAULT_HOST "localhost"
#define DEFAULT_PORT 70 #define DEFAULT_PORT 70
#define DEFAULT_TYPE TYPE_TEXT #define DEFAULT_TLS_PORT 0
#define DEFAULT_MAP "gophermap" #define DEFAULT_TYPE TYPE_TEXT
#define DEFAULT_TAG "gophertag" #define DEFAULT_MAP "gophermap"
#define DEFAULT_CGI "/cgi-bin/" #define DEFAULT_TAG "gophertag"
#define DEFAULT_USERDIR "public_gopher" #define DEFAULT_CGI "/cgi-bin/"
#define DEFAULT_WIDTH 76 #define DEFAULT_USERDIR "public_gopher"
#define DEFAULT_CHARSET US_ASCII #define DEFAULT_WIDTH 76
#define MIN_WIDTH 33 #define DEFAULT_CHARSET US_ASCII
#define MAX_WIDTH 200 #define MIN_WIDTH 33
#define UNKNOWN_ADDR "unknown" #define MAX_WIDTH 200
#define UNKNOWN_ADDR "unknown"
/* Session defaults */ /* Session defaults */
#define DEFAULT_SESSION_TIMEOUT 1800 #define DEFAULT_SESSION_TIMEOUT 1800
@ -310,6 +311,7 @@ typedef struct {
char server_host_default[64]; char server_host_default[64];
char server_host[64]; char server_host[64];
int server_port; int server_port;
int server_tls_port;
char default_filetype; char default_filetype;
char map_file[64]; char map_file[64];

3
options.c
View File

@ -97,10 +97,11 @@ void parse_args(state *st, int argc, char *argv[])
int opt; int opt;
/* Parse args */ /* Parse args */
while ((opt = getopt(argc, argv, "h:p:r:t:g:a:c:u:m:l:w:o:s:i:k:f:e:R:D:L:A:P:n:dbv?-")) != ERROR) { while ((opt = getopt(argc, argv, "h:p:T:r:t:g:a:c:u:m:l:w:o:s:i:k:f:e:R:D:L:A:P:n:dbv?-")) != ERROR) {
switch(opt) { switch(opt) {
case 'h': sstrlcpy(st->server_host, optarg); break; case 'h': sstrlcpy(st->server_host, optarg); break;
case 'p': st->server_port = atoi(optarg); break; case 'p': st->server_port = atoi(optarg); break;
case 'T': st->server_tls_port = atoi(optarg); break;
case 'r': sstrlcpy(st->server_root, optarg); break; case 'r': sstrlcpy(st->server_root, optarg); break;
case 't': st->default_filetype = *optarg; break; case 't': st->default_filetype = *optarg; break;
case 'g': sstrlcpy(st->map_file, optarg); break; case 'g': sstrlcpy(st->map_file, optarg); break;