Hello community,
here is the log from the commit of package xsp
checked in at Wed Aug 30 23:38:33 CEST 2006.
--------
--- xsp/xsp.changes 2006-08-01 02:56:13.000000000 +0200
+++ xsp/xsp.changes 2006-08-30 20:07:35.000000000 +0200
@@ -1,0 +2,7 @@
+Wed Aug 30 20:03:08 CEST 2006 - wberrier@suse.de
+
+- Update to 1.1.17
+ - Added support for X.509 client certificates
+ - Update to handle newly created AppDomains
+
+-------------------------------------------------------------------
Old:
----
xsp-1.1.16.1.tar.gz
New:
----
xsp-1.1.17.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xsp.spec ++++++
--- /var/tmp/diff_new_pack.h1nn4d/_old 2006-08-30 23:38:29.000000000 +0200
+++ /var/tmp/diff_new_pack.h1nn4d/_new 2006-08-30 23:38:29.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package xsp (Version 1.1.16.1)
+# spec file for package xsp (Version 1.1.17)
#
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -20,7 +20,7 @@
Group: Productivity/Networking/Web/Servers
Autoreqprov: on
Requires: gnome-filesystem
-Version: 1.1.16.1
+Version: 1.1.17
Release: 1
Summary: Small Web Server Hosting ASP.NET
Source: %{name}-%{version}.tar.gz
@@ -49,7 +49,7 @@
make
%install
-make install DESTDIR=$RPM_BUILD_ROOT GACUTIL_FLAGS="/package xsp /root ${RPM_BUILD_ROOT}/usr/lib"
+make install DESTDIR=$RPM_BUILD_ROOT
mkdir -p ${RPM_BUILD_ROOT}/usr/share
mv ${RPM_BUILD_ROOT}/usr/lib/pkgconfig ${RPM_BUILD_ROOT}/usr/share
@@ -59,12 +59,28 @@
%files
%defattr(-,root,root)
%{prefix}/bin/*
-%{prefix}/lib/xsp
%{prefix}/share/pkgconfig/*
%{prefix}/share/man/*/*
+%{prefix}/lib/xsp
+%{prefix}/lib/mono/gac/Mono.WebServer
+%{prefix}/lib/mono/1.0/Mono.WebServer.dll
+%{prefix}/lib/mono/gac/Mono.WebServer2
+%{prefix}/lib/mono/2.0/Mono.WebServer2.dll
+%{prefix}/lib/mono/gac/xsp
+%{prefix}/lib/mono/1.0/xsp.exe
+%{prefix}/lib/mono/gac/xsp2
+%{prefix}/lib/mono/2.0/xsp2.exe
+%{prefix}/lib/mono/gac/mod-mono-server
+%{prefix}/lib/mono/1.0/mod-mono-server.exe
+%{prefix}/lib/mono/gac/mod-mono-server2
+%{prefix}/lib/mono/2.0/mod-mono-server2.exe
%doc NEWS README
%changelog -n xsp
+* Wed Aug 30 2006 - wberrier@suse.de
+- Update to 1.1.17
+- Added support for X.509 client certificates
+- Update to handle newly created AppDomains
* Tue Aug 01 2006 - wberrier@suse.de
- update to 1.1.16.1
- better connection handling
++++++ xsp-1.1.16.1.tar.gz -> xsp-1.1.17.tar.gz ++++++
++++ 1838 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xsp-1.1.16.1/ChangeLog new/xsp-1.1.17/ChangeLog
--- old/xsp-1.1.16.1/ChangeLog 2006-07-20 09:47:38.000000000 +0200
+++ new/xsp-1.1.17/ChangeLog 2006-08-25 21:55:56.000000000 +0200
@@ -1,3 +1,50 @@
+2006-08-23 Wade Berrier
+
+ * configure.in:
+ * src/Makefile.am:
+ * src/Mono.WebServer/Makefile.am: Add GACUTIL_FLAGS to make gac root dir package
+ friendly (Relative to DESTDIR)
+
+2006-08-16 Gonzalo Paniagua Javier
+
+ * configure.in:
+ * src/mono.snk:
+ * src/AssemblyInfo.cs.in:
+ * src/Makefile.am:
+ * src/Mono.WebServer/xsp-2.pc.in:
+ * src/Mono.WebServer/xsp.pc.in:
+ * src/Mono.WebServer/AssemblyInfo2.cs.in:
+ * src/Mono.WebServer/AssemblyInfo.cs.in:
+ * src/Mono.WebServer/Makefile.am:
+ * src/AssemblyInfoModMono.cs.in:
+ * src/mono.pub:
+ * scripts/Makefile.am: xsp, xsp2, Mono.WebServer and Mono.WebServer2 are
+ installed in the GAC now to avoid problems with the upcoming patch in
+ the runtime.
+
+2006-08-16 Gonzalo Paniagua Javier
+
+ * src/Mono.WebServer/MonoWorkerRequest.cs:
+ * src/Mono.WebServer/XSPApplicationHost.cs:
+ * src/ModMonoApplicationHost.cs: display unexpected errors in
+ ProcessRequest from the root domain, as it will help pinpoint deployment
+ errors once the upcoming patch modifies the way assemblies are loaded
+ in newly created domains.
+
+2006-08-03 Sebastien Pouliot
+
+ * src/Makefile.am: Add a reference to Mono.Security.dll for
+ mod-mono-server.exe
+ * src/ModMonoWorkerRequest.cs: Add support for client certificate
+ validation using Apache and/or Mono.
+ * src/ModMonoApplicationHost.cs: Add PEM (Privacy Enhanced Mail)
+ base64 decoding for certificates and set the proper variables so
+ HttpClientCertificate can be used with mod_mono.
+ * src/Mono.WebServer/MonoWorkerRequest.cs: Add support for special SSL
+ variables (moved from XSPWorkerRequest.cs).
+ * src/Mono.WebServer/XSPWorkerRequest.cs: Removed support for special
+ SSL variables (now shared in MonoWorkerRequest.cs).
+
2006-07-20 Gonzalo Paniagua Javier
* src/ModMonoApplicationHost.cs: don't prepend the file:// scheme, as
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xsp-1.1.16.1/configure.in new/xsp-1.1.17/configure.in
--- old/xsp-1.1.16.1/configure.in 2006-07-20 09:47:38.000000000 +0200
+++ new/xsp-1.1.17/configure.in 2006-08-25 21:55:56.000000000 +0200
@@ -1,7 +1,7 @@
AC_PREREQ(2.57)
AC_INIT(src/server.cs)
AC_CANONICAL_SYSTEM
-AM_INIT_AUTOMAKE(xsp, 1.1.16.1)
+AM_INIT_AUTOMAKE(xsp, 1.1.17)
AM_MAINTAINER_MODE
AC_PROG_INSTALL
@@ -15,6 +15,8 @@
AC_PATH_PROG(MCS, mcs, no)
AC_PATH_PROG(GMCS, gmcs, no)
AC_PATH_PROG(RUNTIME, mono, no)
+AC_PATH_PROG(GACUTIL, gacutil, no)
+AC_PATH_PROG(SN, sn, no)
CS="C#"
if test "x$CSC" = "xno" -a "x$MCS" = "xno" ; then
dnl AC_MSG_ERROR([You need to install a C# compiler])
@@ -54,9 +56,14 @@
echo "$CS compiler: $MCS"
test x$GMCS = xno || echo "$CS 2.0 compiler: $GMCS"
+GACUTIL_FLAGS='-root $(DESTDIR)$(prefix)/lib'
+
AC_SUBST(MCS)
AC_SUBST(GMCS)
AC_SUBST(RUNTIME)
+AC_SUBST(GACUTIL)
+AC_SUBST(GACUTIL_FLAGS)
+AC_SUBST(SN)
AC_OUTPUT([
Makefile
man/xsp.1
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xsp-1.1.16.1/scripts/Makefile.am new/xsp-1.1.17/scripts/Makefile.am
--- old/xsp-1.1.16.1/scripts/Makefile.am 2006-07-06 00:27:10.000000000 +0200
+++ new/xsp-1.1.17/scripts/Makefile.am 2006-08-25 21:55:56.000000000 +0200
@@ -1,17 +1,21 @@
EXTRA_DIST = script.in
-bin2_scripts_real = xsp2 mod-mono-server2 asp-state2 dbsessmgr2
+bin2_scripts_real = xsp2 mod-mono-server2
if NET_2_0
bin2_scripts = $(bin2_scripts_real)
+tool2_scripts = asp-state2 dbsessmgr2
endif
-bin1_scripts = xsp mod-mono-server asp-state dbsessmgr
-bin_SCRIPTS = $(bin1_scripts) $(bin2_scripts)
-
-CLEANFILES = $(bin1_scripts) $(bin2_scripts_real)
-
-plat_bindir = $(prefix)/lib/xsp/1.0
-plat_bindir2 = $(prefix)/lib/xsp/2.0
+bin1_scripts = xsp mod-mono-server
+tool_scripts = asp-state dbsessmgr
+bin_SCRIPTS = $(bin1_scripts) $(bin2_scripts) $(tool_scripts) $(tool2_scripts)
+
+CLEANFILES = $(bin1_scripts) $(bin2_scripts_real) $(tool_scripts) $(tool2_scripts)
+
+plat_bindir = $(prefix)/lib/mono/1.0
+plat_bindir2 = $(prefix)/lib/mono/2.0
+plat_tooldir = $(prefix)/lib/xsp/1.0
+plat_tooldir2 = $(prefix)/lib/xsp/2.0
REWRITE = sed \
-e 's,@''plat_bindir@,$(plat_bindir),g' \
@@ -23,12 +27,31 @@
-e 's,@''exe_file@,$@.exe,g' \
-e 's,@''RUNTIME@,@RUNTIME@,g'
+REWRITE_TOOLS = sed \
+ -e 's,@''plat_bindir@,$(plat_tooldir),g' \
+ -e 's,@''exe_file@,$@.exe,g' \
+ -e 's,@''RUNTIME@,@RUNTIME@,g'
+
+REWRITE_TOOLS2 = sed \
+ -e 's,@''plat_bindir@,$(plat_tooldir2),g' \
+ -e 's,@''exe_file@,$@.exe,g' \
+ -e 's,@''RUNTIME@,@RUNTIME@,g'
+
$(bin1_scripts): $(srcdir)/script.in Makefile.am
$(REWRITE) $(srcdir)/script.in > $@.tmp
mv $@.tmp $@
+$(tool_scripts): $(srcdir)/script.in Makefile.am
+ $(REWRITE_TOOLS) $(srcdir)/script.in > $@.tmp
+ mv $@.tmp $@
+
if NET_2_0
$(bin2_scripts): $(srcdir)/script.in Makefile.am
$(REWRITE2) $(srcdir)/script.in > $@.tmp
mv $@.tmp $@
+
+$(tool2_scripts): $(srcdir)/script.in Makefile.am
+ $(REWRITE_TOOLS2) $(srcdir)/script.in > $@.tmp
+ mv $@.tmp $@
endif
+
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xsp-1.1.16.1/scripts/script.in new/xsp-1.1.17/scripts/script.in
--- old/xsp-1.1.16.1/scripts/script.in 2006-07-06 00:27:10.000000000 +0200
+++ new/xsp-1.1.17/scripts/script.in 2006-08-25 21:55:56.000000000 +0200
@@ -1,2 +1,2 @@
#!/bin/sh
-exec @RUNTIME@ "@plat_bindir@/@exe_file@" "$@"
+exec @RUNTIME@ $MONO_OPTIONS "@plat_bindir@/@exe_file@" "$@"
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xsp-1.1.16.1/src/AssemblyInfo.cs.in new/xsp-1.1.17/src/AssemblyInfo.cs.in
--- old/xsp-1.1.16.1/src/AssemblyInfo.cs.in 2006-07-06 00:27:10.000000000 +0200
+++ new/xsp-1.1.17/src/AssemblyInfo.cs.in 2006-08-25 21:55:56.000000000 +0200
@@ -3,7 +3,7 @@
// Authors:
// Gonzalo Paniagua Javier (gonzalo@ximian.com)
//
-// Copyright (c) 2002,2003,2004,2005 Novell, Inc. (http://www.novell.com)
+// Copyright (c) 2002,2003,2004,2005,2006 Novell, Inc. (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
@@ -31,5 +31,7 @@
[assembly: AssemblyVersion("@VERSION@")]
[assembly: AssemblyTitle ("Mono-XSP Server")]
[assembly: AssemblyDescription ("Minimalistic web server for testing System.Web")]
-[assembly: AssemblyCopyright ("(c) 2002-2005 Novell, Inc.")]
+[assembly: AssemblyCopyright ("(c) 2002-2006 Novell, Inc.")]
[assembly: AssemblyCompany ("Novell, Inc.")]
+[assembly: AssemblyDelaySign(true)]
+[assembly: AssemblyKeyFile("@top_srcdir@/src/mono.pub")]
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xsp-1.1.16.1/src/AssemblyInfoModMono.cs.in new/xsp-1.1.17/src/AssemblyInfoModMono.cs.in
--- old/xsp-1.1.16.1/src/AssemblyInfoModMono.cs.in 2006-07-06 00:27:10.000000000 +0200
+++ new/xsp-1.1.17/src/AssemblyInfoModMono.cs.in 2006-08-25 21:55:56.000000000 +0200
@@ -3,7 +3,7 @@
// Authors:
// Gonzalo Paniagua Javier (gonzalo@ximian.com)
//
-// Copyright (c) 2002,2003,2004 Novell, Inc. (http://www.novell.com)
+// Copyright (c) 2002,2003,2004,2005,2006 Novell, Inc. (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
@@ -31,5 +31,7 @@
[assembly: AssemblyVersion("@VERSION@")]
[assembly: AssemblyTitle ("ModMono-XSP Server")]
[assembly: AssemblyDescription ("Minimalistic web server for testing System.Web")]
-[assembly: AssemblyCopyright ("(c) 2002-2005 Novell, Inc.")]
+[assembly: AssemblyCopyright ("(c) 2002-2006 Novell, Inc.")]
[assembly: AssemblyCompany ("Novell, Inc.")]
+[assembly: AssemblyDelaySign(true)]
+[assembly: AssemblyKeyFile("@top_srcdir@/src/mono.pub")]
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xsp-1.1.16.1/src/Makefile.am new/xsp-1.1.17/src/Makefile.am
--- old/xsp-1.1.16.1/src/Makefile.am 2006-07-06 00:27:10.000000000 +0200
+++ new/xsp-1.1.17/src/Makefile.am 2006-08-25 21:55:56.000000000 +0200
@@ -1,4 +1,5 @@
SUBDIRS=Mono.WebServer
+builddir=$(top_builddir)/src
MCSFLAGS= -debug+ -debug:full -nologo -nowarn:618
@@ -7,34 +8,34 @@
xsp2dir = $(prefix)/lib/xsp/2.0
modmonoserver2dir = $(prefix)/lib/xsp/2.0
+GACUTIL1=$(GACUTIL) -package 1.0
if NET_2_0
XSP2_EXE = xsp2.exe
MODMONOSERVER2_EXE = mod-mono-server2.exe
+GACUTIL2=$(GACUTIL) -package 2.0
endif
-xsp_SCRIPTS = xsp.exe
-xsp2_SCRIPTS = $(XSP2_EXE)
-
if !XSP_ONLY
-modmonoserver_SCRIPTS = mod-mono-server.exe
-modmonoserver2_SCRIPTS = $(MODMONOSERVER2_EXE)
+modmonoserver_SCR = mod-mono-server.exe
+modmonoserver2_SCR = $(MODMONOSERVER2_EXE)
endif
-CLEANFILES = *.exe *.mdb
+noinst_SCRIPTS=xsp.exe xsp.exe $(XSP2_EXE) $(modmonoserver_SCR) $(modmonoserver2_SCR)
-EXTRA_DIST = $(xsp_sources) $(modmono_only) AssemblyInfo.cs.in AssemblyInfoModMono.cs.in
+CLEANFILES = *.exe *.mdb
#
xsp_references= -r:System.Web.dll -r:Mono.WebServer/Mono.WebServer.dll -r:Mono.Security.dll
xsp2_references= -r:System.Web.dll -r:System.Configuration.dll -r:Mono.WebServer/Mono.WebServer2.dll -r:Mono.Security.dll
if PLATFORM_WIN32
modmono_references= -lib:"$(prefix)/lib" -r:Mono.WebServer/Mono.WebServer.dll \
- -r:System.Web.dll -r:Mono.Posix.dll
+ -r:System.Web.dll -r:Mono.Posix.dll -r:Mono.Security.dll
modmono2_references= -lib:"$(prefix)/lib" -r:Mono.WebServer/Mono.WebServer2.dll \
- -r:System.Web.dll -r:Mono.Posix.dll
+ -r:System.Web.dll -r:Mono.Posix.dll -r:Mono.Security.dll
else
-modmono_references= -r:System.Web.dll -r:Mono.WebServer/Mono.WebServer.dll -r:Mono.Posix.dll
-modmono2_references= -r:System.Web.dll -r:System.Configuration.dll -r:Mono.WebServer/Mono.WebServer2.dll -r:Mono.Posix.dll
+modmono_references= -r:System.Web.dll -r:Mono.WebServer/Mono.WebServer.dll -r:Mono.Posix.dll -r:Mono.Security.dll
+modmono2_references= -r:System.Web.dll -r:System.Configuration.dll -r:Mono.WebServer/Mono.WebServer2.dll \
+ -r:Mono.Posix.dll -r:Mono.Security.dll
endif
xsp_sources = server.cs security.cs
@@ -48,16 +49,38 @@
modmono_sources = $(modmono_only) $(xsp_sources)
modmono_build_sources = $(addprefix $(srcdir)/, $(modmono_sources)) AssemblyInfoModMono.cs
+EXTRA_DIST = $(xsp_sources) $(modmono_only) AssemblyInfo.cs.in AssemblyInfoModMono.cs.in mono.pub mono.snk
+
xsp.exe: $(xsp_build_sources)
$(MCS) $(MCSFLAGS) $(xsp_references) /out:$@ $(xsp_build_sources)
+ $(SN) -q -R $(builddir)/$@ $(srcdir)/mono.snk
mod-mono-server.exe: $(modmono_build_sources)
$(MCS) $(MCSFLAGS) $(modmono_references) /d:MODMONO_SERVER /out:$@ $(modmono_build_sources)
+ $(SN) -q -R $(builddir)/$@ $(srcdir)/mono.snk
xsp2.exe: $(xsp_build_sources)
$(GMCS) -d:NET_2_0 $(MCSFLAGS) $(xsp2_references) /out:$@ $(xsp_build_sources)
+ $(SN) -q -R $(builddir)/$@ $(srcdir)/mono.snk
mod-mono-server2.exe: $(modmono_build_sources)
$(GMCS) -d:NET_2_0 $(MCSFLAGS) $(modmono2_references) /d:MODMONO_SERVER /out:$@ $(modmono_build_sources)
+ $(SN) -q -R $(builddir)/$@ $(srcdir)/mono.snk
+
+install-data-local:
+ for i in xsp.exe mod-mono-server.exe ; do \
+ $(GACUTIL1) $(GACUTIL_FLAGS) -i $(top_builddir)/src/$$i ; \
+ done
+
+#if NET_2_0
+ for i in xsp2.exe mod-mono-server2.exe ; do \
+ $(GACUTIL2) $(GACUTIL_FLAGS) -i $(top_builddir)/src/$$i ; \
+ done
+#endif
+
+uninstall-local:
+ -for i in xsp mod-mono-server xsp2 mod-mono-server2 ; do \
+ $(GACUTIL) $(GACUTIL_FLAGS) -u $$(basename $$i .exe) ; \
+ done
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xsp-1.1.16.1/src/ModMonoApplicationHost.cs new/xsp-1.1.17/src/ModMonoApplicationHost.cs
--- old/xsp-1.1.16.1/src/ModMonoApplicationHost.cs 2006-07-20 09:47:38.000000000 +0200
+++ new/xsp-1.1.17/src/ModMonoApplicationHost.cs 2006-08-25 21:55:56.000000000 +0200
@@ -31,6 +31,7 @@
using System.IO;
using System.Net;
using System.Net.Sockets;
+using System.Security.Cryptography.X509Certificates;
using Mono.Unix;
namespace Mono.WebServer
@@ -187,6 +188,21 @@
//
public class ModMonoApplicationHost : BaseApplicationHost
{
+ private byte[] FromPEM (string pem)
+ {
+ int start = pem.IndexOf ("-----BEGIN CERTIFICATE-----");
+ if (start < 0)
+ return null;
+
+ start += 27; // 27 being the -----BEGIN CERTIFICATE----- length
+ int end = pem.IndexOf ("-----END CERTIFICATE-----", start);
+ if (end < start)
+ return null;
+
+ string base64 = pem.Substring (start, (end - start));
+ return Convert.FromBase64String (base64);
+ }
+
public void ProcessRequest (int reqId, string verb, string queryString, string path,
string protocol, string localAddress, int serverPort, string remoteAddress,
int remotePort, string remoteName, string [] headers, string [] headerValues)
@@ -195,6 +211,38 @@
ModMonoWorkerRequest mwr = new ModMonoWorkerRequest (reqId, broker, this, verb, path, queryString,
protocol, localAddress, serverPort, remoteAddress,
remotePort, remoteName, headers, headerValues);
+ if (mwr.IsSecure ()) {
+ // note: we're only setting what we use (and not the whole lot)
+ mwr.AddServerVariable ("CERT_KEYSIZE", broker.GetServerVariable (reqId, "SSL_CIPHER_USEKEYSIZE"));
+ mwr.AddServerVariable ("CERT_SECRETKEYSIZE", broker.GetServerVariable (reqId, "SSL_CIPHER_ALGKEYSIZE"));
+
+ string pem_cert = broker.GetServerVariable (reqId, "SSL_CLIENT_CERT");
+ // 52 is the minimal PEM size for certificate header/footer
+ if ((pem_cert != null) && (pem_cert.Length > 52)) {
+ byte[] certBytes = FromPEM (pem_cert);
+ mwr.SetClientCertificate (certBytes);
+
+ // check client certificate validity with Apache and/or Mono
+ if (mwr.IsClientCertificateValid (certBytes)) {
+ // client cert present (bit0 = 1) and valid (bit1 = 0)
+ mwr.AddServerVariable ("CERT_FLAGS", "1");
+ } else {
+ // client cert present (bit0 = 1) but invalid (bit1 = 1)
+ mwr.AddServerVariable ("CERT_FLAGS", "3");
+ }
+ } else {
+ mwr.AddServerVariable ("CERT_FLAGS", "0");
+ }
+
+ pem_cert = broker.GetServerVariable (reqId, "SSL_SERVER_CERT");
+ // 52 is the minimal PEM size for certificate header/footer
+ if ((pem_cert != null) && (pem_cert.Length > 52)) {
+ byte[] certBytes = FromPEM (pem_cert);
+ X509Certificate cert = new X509Certificate (certBytes);
+ mwr.AddServerVariable ("CERT_SERVER_ISSUER", cert.GetIssuerName ());
+ mwr.AddServerVariable ("CERT_SERVER_SUBJECT", cert.GetName ());
+ }
+ }
ProcessRequest (mwr);
}
@@ -225,7 +273,15 @@
{
try {
InnerRun (state);
- } catch (Exception) {
+ } catch (FileNotFoundException fnf) {
+ // We print this one, as it might be a sign of a bad deployment
+ // once we require the .exe and Mono.WebServer in bin or the GAC.
+ Console.Error.WriteLine (fnf);
+ } catch (IOException) {
+ // This is ok (including EndOfStreamException)
+ } catch (Exception e) {
+ Console.Error.WriteLine (e);
+ } finally {
try {
// Closing is enough for mod_mono. the module will return a 50x
Stream.Close ();
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xsp-1.1.16.1/src/ModMonoWorkerRequest.cs new/xsp-1.1.17/src/ModMonoWorkerRequest.cs
--- old/xsp-1.1.16.1/src/ModMonoWorkerRequest.cs 2006-07-06 00:27:10.000000000 +0200
+++ new/xsp-1.1.17/src/ModMonoWorkerRequest.cs 2006-08-25 21:55:56.000000000 +0200
@@ -34,10 +34,13 @@
using System.Web;
using System.Collections;
using System.Configuration;
+using System.Globalization;
using System.IO;
using System.Net.Sockets;
using System.Runtime.InteropServices;
using System.Runtime.CompilerServices;
+using Mono.Security.X509;
+using Mono.Security.X509.Extensions;
namespace Mono.WebServer
{
@@ -107,6 +110,12 @@
bool gotSecure;
bool isSecure;
+ // client certificate validity support
+ string cert_hash;
+ bool cert_validity;
+ static bool cert_check_apache;
+ static bool cert_check_mono;
+
string [][] unknownHeaders;
static string [] indexFiles = { "index.aspx",
"Default.aspx",
@@ -122,6 +131,24 @@
string indexes = ConfigurationSettings.AppSettings ["MonoServerDefaultIndexFiles"];
#endif
SetDefaultIndexFiles (indexes);
+
+ // by default the client certificate validity (CCV) checks are done by both Apache and Mono
+ // but this can be limited to either Apache or Mono using the MOD_MONO_CCV environment variable
+ string ccv = Environment.GetEnvironmentVariable ("MOD_MONO_CCV");
+ if (ccv != null)
+ ccv = ccv.ToLower (CultureInfo.InvariantCulture);
+ switch (ccv) {
+ case "mono":
+ cert_check_mono = true;
+ break;
+ case "apache":
+ cert_check_apache = true;
+ break;
+ default: // both
+ cert_check_apache = true;
+ cert_check_mono = true;
+ break;
+ }
}
static void SetDefaultIndexFiles (string list)
@@ -254,6 +281,96 @@
return isSecure;
}
+ private bool IsClientCertificateValidForApache ()
+ {
+ string val = requestBroker.GetServerVariable (requestId, "SSL_CLIENT_VERIFY");
+ if ((val == null) || (val.Length == 0))
+ return false;
+ return (val.Trim () == "SUCCESS");
+ }
+
+ private bool CheckClientCertificateExtensions (X509Certificate cert)
+ {
+ KeyUsages ku = KeyUsages.digitalSignature | KeyUsages.keyEncipherment | KeyUsages.keyAgreement;
+ KeyUsageExtension kux = null;
+ ExtendedKeyUsageExtension eku = null;
+
+ X509Extension xtn = cert.Extensions["2.5.29.15"];
+ if (xtn != null)
+ kux = new KeyUsageExtension (xtn);
+
+ xtn = cert.Extensions["2.5.29.37"];
+ if (xtn != null)
+ eku = new ExtendedKeyUsageExtension (xtn);
+
+ if ((kux != null) && (eku != null)) {
+ // RFC3280 states that when both KeyUsageExtension and
+ // ExtendedKeyUsageExtension are present then BOTH should
+ // be valid
+ return (kux.Support (ku) &&
+ eku.KeyPurpose.Contains ("1.3.6.1.5.5.7.3.2"));
+ } else if (kux != null) {
+ return kux.Support (ku);
+ } else if (eku != null) {
+ // Client Authentication (1.3.6.1.5.5.7.3.2)
+ return eku.KeyPurpose.Contains ("1.3.6.1.5.5.7.3.2");
+ }
+
+ // last chance - try with older (deprecated) Netscape extensions
+ xtn = cert.Extensions["2.16.840.1.113730.1.1"];
+ if (xtn != null) {
+ NetscapeCertTypeExtension ct = new NetscapeCertTypeExtension (xtn);
+ return ct.Support (NetscapeCertTypeExtension.CertTypes.SslClient);
+ }
+
+ // certificate isn't valid for SSL client usage
+ return false;
+ }
+
+ private bool CheckChain (X509Certificate cert)
+ {
+ return new X509Chain ().Build (cert);
+ }
+
+ private bool IsCertificateValidForMono (byte[] der)
+ {
+ X509Certificate cert = new X509Certificate (der);
+ // invalidate cache if the certificate validity period has ended
+ if (cert.ValidUntil > DateTime.UtcNow)
+ cert_hash = null;
+
+ // heavyweight process, cache result
+ string hash = BitConverter.ToString (cert.Hash);
+ if (hash != cert_hash) {
+ try {
+ cert_validity = CheckClientCertificateExtensions (cert) && CheckChain (cert);
+ cert_hash = hash;
+ }
+ catch {
+ cert_validity = false;
+ }
+ }
+ return cert_validity;
+ }
+
+ // apache: Client certificate is valid if Apache is satisfied (SSL_CLIENT_VERIFY).
+ // mono: Client certificate is valid if Mono is satisfied.
+ // both: (Default) Client certificate is valid if BOTH Apache and Mono agree it is.
+ public bool IsClientCertificateValid (byte[] der)
+ {
+ bool apache = true;
+ // both or apache-only
+ if (cert_check_apache) {
+ apache = IsClientCertificateValidForApache ();
+ }
+ bool mono = true;
+ // both or mono-only
+ if (cert_check_mono) {
+ mono = IsCertificateValidForMono (der);
+ }
+ return (apache && mono);
+ }
+
public override void CloseConnection ()
{
if (!closed) {
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xsp-1.1.16.1/src/Mono.WebServer/AssemblyInfo.cs.in new/xsp-1.1.17/src/Mono.WebServer/AssemblyInfo.cs.in
--- old/xsp-1.1.16.1/src/Mono.WebServer/AssemblyInfo.cs.in 2006-07-06 00:27:10.000000000 +0200
+++ new/xsp-1.1.17/src/Mono.WebServer/AssemblyInfo.cs.in 2006-08-25 21:55:56.000000000 +0200
@@ -33,4 +33,6 @@
[assembly: AssemblyDescription ("Classes for embedding an ASP.NET server in your application .NET 1.1")]
[assembly: AssemblyCopyright ("(c) 2002-2005 Novell, Inc.")]
[assembly: AssemblyCompany ("Novell, Inc.")]
+[assembly: AssemblyDelaySign(true)]
+[assembly: AssemblyKeyFile("@top_srcdir@/src/mono.pub")]
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xsp-1.1.16.1/src/Mono.WebServer/AssemblyInfo2.cs.in new/xsp-1.1.17/src/Mono.WebServer/AssemblyInfo2.cs.in
--- old/xsp-1.1.16.1/src/Mono.WebServer/AssemblyInfo2.cs.in 2006-07-06 00:27:10.000000000 +0200
+++ new/xsp-1.1.17/src/Mono.WebServer/AssemblyInfo2.cs.in 2006-08-25 21:55:56.000000000 +0200
@@ -33,4 +33,6 @@
[assembly: AssemblyDescription ("Classes for embedding an ASP.NET server in your application .NET 2.0.")]
[assembly: AssemblyCopyright ("(c) 2002-2005 Novell, Inc.")]
[assembly: AssemblyCompany ("Novell, Inc.")]
+[assembly: AssemblyDelaySign(true)]
+[assembly: AssemblyKeyFile("@top_srcdir@/src/mono.pub")]
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xsp-1.1.16.1/src/Mono.WebServer/Makefile.am new/xsp-1.1.17/src/Mono.WebServer/Makefile.am
--- old/xsp-1.1.16.1/src/Mono.WebServer/Makefile.am 2006-07-06 00:27:10.000000000 +0200
+++ new/xsp-1.1.17/src/Mono.WebServer/Makefile.am 2006-08-25 21:55:56.000000000 +0200
@@ -1,16 +1,18 @@
pkgconfigdir=$(libdir)/pkgconfig
+builddir=$(top_builddir)/src/Mono.WebServer
MCSFLAGS= -debug+ -debug:full -nologo -unsafe -nowarn:618
monowebserverdir = $(prefix)/lib/xsp/1.0
monowebserver2dir = $(prefix)/lib/xsp/2.0
pkgconfig_DATA = xsp.pc xsp-2.pc
-monowebserver_SCRIPTS = Mono.WebServer.dll
-monowebserver2_SCRIPTS = $(monowebserver2_install)
+noinst_SCRIPTS= Mono.WebServer.dll $(monowebserver2_install)
+GACUTIL1=$(GACUTIL) -package 1.0
if NET_2_0
monowebserver2_install = Mono.WebServer2.dll
monowebserver2_references = -r:System.Web.dll -r:System.Configuration.dll -r:Mono.Security.dll
+GACUTIL2=$(GACUTIL) -package 2.0
endif
CLEANFILES = Mono.WebServer.dll* Mono.WebServer2.dll*
@@ -30,13 +32,26 @@
MonoWorkerRequest.cs \
XSPApplicationHost.cs \
XSPWorkerRequest.cs
-
monowebserver_build_sources = $(addprefix $(srcdir)/, $(monowebserver_sources)) $(addprefix $(top_builddir)/src/Mono.WebServer/, AssemblyInfo.cs)
monowebserver2_build_sources = $(addprefix $(srcdir)/, $(monowebserver_sources)) $(addprefix $(top_builddir)/src/Mono.WebServer/, AssemblyInfo2.cs)
Mono.WebServer.dll: $(monowebserver_build_sources)
$(MCS) $(MCSFLAGS) $(monowebserver_references) /target:library /out:$@ $(monowebserver_build_sources)
+ $(SN) -q -R $(builddir)/$@ $(srcdir)/../mono.snk
Mono.WebServer2.dll: $(monowebserver2_build_sources)
$(GMCS) -d:NET_2_0 $(MCSFLAGS) $(monowebserver2_references) /target:library /out:$@ $(monowebserver2_build_sources)
+ $(SN) -q -R $(builddir)/$@ $(srcdir)/../mono.snk
+
+install-data-local:
+ $(GACUTIL1) $(GACUTIL_FLAGS) -i $(builddir)/Mono.WebServer.dll
+
+#if NET_2_0
+ $(GACUTIL2) $(GACUTIL_FLAGS) -i $(builddir)/Mono.WebServer2.dll
+#endif
+
+uninstall-local:
+ -for i in Mono.WebServer Mono.WebServer2 ; do \
+ $(GACUTIL) $(GACUTIL_FLAGS) -u $$(basename $$i .exe) ; \
+ done
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xsp-1.1.16.1/src/Mono.WebServer/MonoWorkerRequest.cs new/xsp-1.1.17/src/Mono.WebServer/MonoWorkerRequest.cs
--- old/xsp-1.1.16.1/src/Mono.WebServer/MonoWorkerRequest.cs 2006-07-06 00:27:10.000000000 +0200
+++ new/xsp-1.1.17/src/Mono.WebServer/MonoWorkerRequest.cs 2006-08-25 21:55:56.000000000 +0200
@@ -321,12 +321,56 @@
}
}
-
+ // as we must have the client certificate (if provided) then we're able to avoid
+ // pre-calculating some items (and cache them if we have to calculate)
+ private string cert_cookie;
+ private string cert_issuer;
+ private string cert_serial;
+ private string cert_subject;
+
public override string GetServerVariable (string name)
{
if (server_variables == null)
return String.Empty;
+ if (IsSecure ()) {
+ X509Certificate client = ClientCertificate;
+ switch (name) {
+ case "CERT_COOKIE":
+ if (cert_cookie == null) {
+ if (client == null)
+ cert_cookie = String.Empty;
+ else
+ cert_cookie = client.GetCertHashString ();
+ }
+ return cert_cookie;
+ case "CERT_ISSUER":
+ if (cert_issuer == null) {
+ if (client == null)
+ cert_issuer = String.Empty;
+ else
+ cert_issuer = client.GetIssuerName ();
+ }
+ return cert_issuer;
+ case "CERT_SERIALNUMBER":
+ if (cert_serial == null) {
+ if (client == null)
+ cert_serial = String.Empty;
+ else
+ cert_serial = client.GetSerialNumberString ();
+ }
+ return cert_serial;
+ case "CERT_SUBJECT":
+ if (cert_subject == null) {
+ if (client == null)
+ cert_subject = String.Empty;
+ else
+ cert_subject = client.GetName ();
+ }
+ return cert_subject;
+ }
+ }
+
string s = server_variables [name];
return (s == null) ? String.Empty : s;
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xsp-1.1.16.1/src/Mono.WebServer/XSPApplicationHost.cs new/xsp-1.1.17/src/Mono.WebServer/XSPApplicationHost.cs
--- old/xsp-1.1.16.1/src/Mono.WebServer/XSPApplicationHost.cs 2006-07-06 00:27:10.000000000 +0200
+++ new/xsp-1.1.17/src/Mono.WebServer/XSPApplicationHost.cs 2006-08-25 21:55:56.000000000 +0200
@@ -414,12 +414,22 @@
ssl.SecretKeySize = s.KeyExchangeStrength;
}
- string redirect;
- vapp.Redirect (rdata.Path, out redirect);
- host.ProcessRequest (requestId, localEP.Address.Address, localEP.Port,
- remoteEP.Address.Address, remoteEP.Port, rdata.Verb,
- rdata.Path, rdata.QueryString,
- rdata.Protocol, rdata.InputBuffer, redirect, sock.Handle, ssl);
+ try {
+ string redirect;
+ vapp.Redirect (rdata.Path, out redirect);
+ host.ProcessRequest (requestId, localEP.Address.Address, localEP.Port,
+ remoteEP.Address.Address, remoteEP.Port, rdata.Verb,
+ rdata.Path, rdata.QueryString,
+ rdata.Protocol, rdata.InputBuffer, redirect, sock.Handle, ssl);
+ } catch (FileNotFoundException fnf) {
+ // We print this one, as it might be a sign of a bad deployment
+ // once we require the .exe and Mono.WebServer in bin or the GAC.
+ Console.Error.WriteLine (fnf);
+ } catch (IOException) {
+ // This is ok (including EndOfStreamException)
+ } catch (Exception e) {
+ Console.Error.WriteLine (e);
+ }
}
public override int Read (byte[] buffer, int position, int size)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xsp-1.1.16.1/src/Mono.WebServer/XSPWorkerRequest.cs new/xsp-1.1.17/src/Mono.WebServer/XSPWorkerRequest.cs
--- old/xsp-1.1.16.1/src/Mono.WebServer/XSPWorkerRequest.cs 2006-07-06 00:27:10.000000000 +0200
+++ new/xsp-1.1.17/src/Mono.WebServer/XSPWorkerRequest.cs 2006-08-25 21:55:56.000000000 +0200
@@ -509,11 +509,7 @@
result = server_software;
break;
default:
- if (IsSecure ()) {
- result = GetSslVariable (name);
- } else {
- result = base.GetServerVariable (name);
- }
+ result = base.GetServerVariable (name);
break;
}
@@ -685,63 +681,6 @@
{
return secure;
}
-
- // as we must have the client certificate (if provided) then we're able to avoid
- // pre-calculating some items (and cache them if we have to calculate)
- private string cert_cookie;
- private string cert_issuer;
- private string cert_serial;
- private string cert_subject;
-
- private string GetSslVariable (string name)
- {
- X509Certificate client = ClientCertificate;
- string result = null;
-
- switch (name) {
- case "CERT_COOKIE":
- if (cert_cookie == null) {
- if (client == null)
- cert_cookie = String.Empty;
- else
- cert_cookie = client.GetCertHashString ();
- }
- result = cert_cookie;
- break;
- case "CERT_ISSUER":
- if (cert_issuer == null) {
- if (client == null)
- cert_issuer = String.Empty;
- else
- cert_issuer = client.GetIssuerName ();
- }
- result = cert_issuer;
- break;
- case "CERT_SERIALNUMBER":
- if (cert_serial == null) {
- if (client == null)
- cert_serial = String.Empty;
- else
- cert_serial = client.GetSerialNumberString ();
- }
- result = cert_serial;
- break;
- case "CERT_SUBJECT":
- if (cert_subject == null) {
- if (client == null)
- cert_subject = String.Empty;
- else
- cert_subject = client.GetName ();
- }
- result = cert_subject;
- break;
- default:
- result = base.GetServerVariable (name);
- break;
- }
-
- return result;
- }
public override void SendResponseFromFile (IntPtr handle, long offset, long length)
{
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xsp-1.1.16.1/src/Mono.WebServer/xsp-2.pc.in new/xsp-1.1.17/src/Mono.WebServer/xsp-2.pc.in
--- old/xsp-1.1.16.1/src/Mono.WebServer/xsp-2.pc.in 2006-07-06 00:27:10.000000000 +0200
+++ new/xsp-1.1.17/src/Mono.WebServer/xsp-2.pc.in 2006-08-25 21:55:56.000000000 +0200
@@ -1,5 +1,5 @@
prefix=@prefix@
-assemblies_dir=${prefix}/lib/xsp/2.0
+assemblies_dir=${prefix}/lib/mono/2.0
Libraries=${assemblies_dir}/Mono.WebServer2.dll
Executable=${assemblies_dir}/xsp2.exe
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/xsp-1.1.16.1/src/Mono.WebServer/xsp.pc.in new/xsp-1.1.17/src/Mono.WebServer/xsp.pc.in
--- old/xsp-1.1.16.1/src/Mono.WebServer/xsp.pc.in 2006-07-06 00:27:10.000000000 +0200
+++ new/xsp-1.1.17/src/Mono.WebServer/xsp.pc.in 2006-08-25 21:55:56.000000000 +0200
@@ -1,5 +1,5 @@
prefix=@prefix@
-assemblies_dir=${prefix}/lib/xsp/1.0
+assemblies_dir=${prefix}/lib/mono/1.0
Libraries=${assemblies_dir}/Mono.WebServer.dll
Executable=${assemblies_dir}/xsp.exe
Binary files old/xsp-1.1.16.1/src/mono.pub and new/xsp-1.1.17/src/mono.pub differ
Binary files old/xsp-1.1.16.1/src/mono.snk and new/xsp-1.1.17/src/mono.snk differ
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org