From 16f7a4296839e63b977729b6e0732d63c598178f Mon Sep 17 00:00:00 2001
From: Georg Hopp <georg@steffers.org>
Date: Tue, 10 Sep 2013 16:52:27 +0100
Subject: [PATCH 1/2] checked SSL support, the only thing that was really
 broken was the error handling while reading data... well maybe writing has
 also bugs, but it works.

---
 src/server/run.c    | 16 +++++++--------
 src/server/server.c | 49 ++++++++++++++++++++++-----------------------
 src/stream/read.c   | 29 +++++++++++++++++++++++++++
 src/taskrambler.c   |  3 ++-
 4 files changed, 63 insertions(+), 34 deletions(-)

diff --git a/src/server/run.c b/src/server/run.c
index 52b0d65..03a5639 100644
--- a/src/server/run.c
+++ b/src/server/run.c
@@ -60,14 +60,14 @@ serverRun(Server this)
 			}
 		}
 
-		// /**
-		//  * handle accept SSL
-		//  */
-		// if (0 != ((this->fds)[1].revents & POLLIN)) {
-		// 	if (-1 == serverHandleAccept(this, 1)) {
-		// 		events--;
-		// 	}
-		// }
+		/**
+		 * handle accept SSL
+		 */
+		if (0 != ((this->fds)[1].revents & POLLIN)) {
+			if (-1 == serverHandleAccept(this, 1)) {
+				events--;
+			}
+		}
 
 		for (i=2; i < this->nfds; i++) {
 			/**
diff --git a/src/server/server.c b/src/server/server.c
index 11d6a67..be73f61 100644
--- a/src/server/server.c
+++ b/src/server/server.c
@@ -74,30 +74,30 @@ serverCtor(void * _this, va_list * params)
 	flags      = fcntl(this->sock->handle, F_GETFL, 0);
 	fcntl(this->sock->handle, F_SETFL, flags | O_NONBLOCK);
 
-	// this->sockSSL = new(Sock, this->logger, port+1);
-	// flags         = fcntl(this->sockSSL->handle, F_GETFL, 0);
-	// fcntl(this->sockSSL->handle, F_SETFL, flags | O_NONBLOCK);
-
-	// SSL_library_init();
-	// SSL_load_error_strings();
-	// this->ctx = SSL_CTX_new(SSLv23_server_method());
-	// SSL_CTX_use_certificate_file(
-	// 		this->ctx,
-	// 		"./certs/server.crt",
-	// 		SSL_FILETYPE_PEM);
-
-	// SSL_CTX_use_RSAPrivateKey_file(
-	// 		this->ctx,
-	// 		"./certs/server.key",
-	// 		SSL_FILETYPE_PEM);
+	this->sockSSL = new(Sock, this->logger, port+1);
+	flags         = fcntl(this->sockSSL->handle, F_GETFL, 0);
+	fcntl(this->sockSSL->handle, F_SETFL, flags | O_NONBLOCK);
+
+	SSL_library_init();
+	SSL_load_error_strings();
+	this->ctx = SSL_CTX_new(SSLv23_server_method());
+	SSL_CTX_use_certificate_file(
+			this->ctx,
+			"./certs/server.crt",
+			SSL_FILETYPE_PEM);
+
+	SSL_CTX_use_RSAPrivateKey_file(
+			this->ctx,
+			"./certs/server.key",
+			SSL_FILETYPE_PEM);
 
 	socketListen(this->sock, backlog);
-	// socketListen(this->sockSSL, backlog);
+	socketListen(this->sockSSL, backlog);
 
 	(this->fds)[0].fd     = this->sock->handle;
 	(this->fds)[0].events = POLLIN;
-	// (this->fds)[1].fd     = this->sockSSL->handle;
-	// (this->fds)[1].events = POLLIN;
+	(this->fds)[1].fd     = this->sockSSL->handle;
+	(this->fds)[1].events = POLLIN;
 	this->nfds = 2;
 
 	return 0;
@@ -111,9 +111,8 @@ serverDtor(void * _this)
     int    i;
 
     for (i=0; i<this->nfds; i++) {
-		//if (this->sock->handle != (this->fds)[i].fd &&
-		//		this->sockSSL->handle != (this->fds)[i].fd) {
-		if (this->sock->handle != (this->fds)[i].fd) {
+		if (this->sock->handle != (this->fds)[i].fd &&
+				this->sockSSL->handle != (this->fds)[i].fd) {
 			serverCloseConn(this, i);
 		}
     }
@@ -122,10 +121,10 @@ serverDtor(void * _this)
 	MEM_FREE(this->conns);
 
 	delete(this->sock);
-	// delete(this->sockSSL);
+	delete(this->sockSSL);
 
-	// SSL_CTX_free(this->ctx);
-	// ERR_free_strings();
+	SSL_CTX_free(this->ctx);
+	ERR_free_strings();
 }
 
 INIT_IFACE(Class, serverCtor, serverDtor, NULL);
diff --git a/src/stream/read.c b/src/stream/read.c
index 4e49bc9..2555655 100644
--- a/src/stream/read.c
+++ b/src/stream/read.c
@@ -24,7 +24,13 @@
 #include <unistd.h>
 #include <errno.h>
 
+#include <openssl/err.h>
+
 #include "stream.h"
+#include "logger.h"
+
+extern Logger logger;
+
 
 ssize_t
 streamRead(Stream this, void * buf, size_t count)
@@ -60,6 +66,29 @@ streamRead(Stream this, void * buf, size_t count)
 
 		case STREAM_SSL:
 			done = SSL_read((this->handle).ssl, buf, count);
+
+			if (0 > done) {
+				switch (SSL_get_error((this->handle).ssl, done)) {
+					case SSL_ERROR_SSL:
+					case SSL_ERROR_SYSCALL:
+						{
+							unsigned long err;
+
+							while (0 != (err = ERR_get_error())) {
+								loggerLog(
+										logger,
+										LOGGER_DEBUG,
+										ERR_error_string(err, NULL));
+							}
+						}
+						// DROP THROUGH
+
+					case SSL_ERROR_ZERO_RETURN:
+						done = -2;
+						break;
+				}
+			}
+
 			break;
 
 		default:
diff --git a/src/taskrambler.c b/src/taskrambler.c
index 79330e7..3eaf459 100644
--- a/src/taskrambler.c
+++ b/src/taskrambler.c
@@ -56,6 +56,8 @@ void nullhandler() {}
 
 void daemonize(void);
 
+Logger logger;
+
 int
 main()
 {
@@ -132,7 +134,6 @@ main()
 
 		default:
 			{
-				Logger     logger;
 				AuthLdap   auth;
 				HttpWorker worker;
 				Server     server;

From c338080e044e3010ebf64165b3b4d6f7b3d9c497 Mon Sep 17 00:00:00 2001
From: Georg Hopp <georg@steffers.org>
Date: Tue, 10 Sep 2013 16:54:12 +0100
Subject: [PATCH 2/2] removed SSL deactivation notice...

---
 README.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/README.md b/README.md
index 8d6399b..c89b86b 100644
--- a/README.md
+++ b/README.md
@@ -65,8 +65,6 @@ Currently this will stay in the foreground and does logging via syslog.
 The server will listen on port 11212 for HTTP requests and on port 11213
 for SSL requerst.
 
-Currently SSL request are broken and disabled completely.
-
 You can use telnet or simply start a browser and connect on localhost:11212.
 
 This should show up a very simplistic page.