Roxen.git / server / modules / configuration / config_tags.pike

version» Context lines:

Roxen.git/server/modules/configuration/config_tags.pike:663:   {    if(!config)    error("No configuration specified!\n");       object(Configuration) conf = roxen->find_configuration(config);    if (!conf)    error("Unknown configuration %O\n", config);    return conf;   }    - string not_bound_warning() - { -  return LOCALE(300,"This port was requested, but binding it failed."); - } +    mapping get_port_map( object p )   { -  if (!p->ip||!has_value(p->ip, ":")) { -  // IPv4 -  return ([ +  mapping ret = ([    "port":p->get_key(), -  "warning":(p->bound?"":not_bound_warning()), -  "name":p->name+"://"+(p->ip||"*")+":"+p->port+"/", +  "info":"", +  "warning":"", +  "error":"",    ]); -  +  +  if (!p->bound) { +  ret->warning = +  LOCALE(300,"This port was requested, but binding it failed."); +  } +  +  if (!p->ip||!has_value(p->ip, ":")) { +  // IPv4 +  ret->name = p->name+"://"+(p->ip||"*")+":"+p->port+"/";    } else {    // IPv6 -  return ([ -  "port":p->get_key(), -  "warning":(p->bound?"":not_bound_warning()), +     /* RFC 3986 3.2.2. Host    *    * host = IP-literal / IPv4address / reg-name    * IP-literal = "[" ( IPv6address / IPvFuture ) "]"    * IPvFuture = "v" 1*HEXDIG "." 1*( unreserved / sub-delims / ":" )    *    * IPv6address is as in RFC 3513.    */ -  "name":p->name+"://["+p->ip+"]:"+p->port+"/", -  ]); +  ret->name = p->name+"://["+p->ip+"]:"+p->port+"/";    } -  +  +  array(int) keypair_ids = p->query("ssl_keys", 1); +  if (arrayp(keypair_ids)) { +  // SSL/TLS port. +  int suite_filter = p->query("ssl_suite_filter", 1); +  if (suite_filter && !(suite_filter & 4)) { +  ret->warning = LOCALE(1156, "RSA-encryption enabled.");    } -  +  foreach(keypair_ids, int keypair_id) { +  array(Crypto.Sign.State|array(string)) keypair = +  CertDB.get_keypair(keypair_id); +  if (!keypair) continue; +  [Crypto.Sign.State private_key, array(string) certs] = keypair;    -  +  Standards.X509.TBSCertificate tbs = +  Standards.X509.decode_certificate(certs[0]); +  +  array(string) res = ({}); +  +  if (!tbs) { +  ret->error = LOCALE(1130, "Invalid certificate"); +  continue; +  } +  +  if (tbs->issuer->get_der() == tbs->subject->get_der()) { +  ret->info = LOCALE(1152, "Self-signed certificate"); +  } +  +  if (tbs->not_after < time(1)) { +  // Already expired. +  ret->error = LOCALE(1153, "Expired certificate"); +  } else if (tbs->not_after < time(1) + (3600 * 24 * 30)) { +  // Expires within 30 days. +  ret->warning = LOCALE(1154, "Certificate expires soon"); +  } +  } +  } +  +  return ret; + } +    mapping get_url_map( string u, mapping ub )   {    if( ub[u] && ub[u]->conf )    return ([    "url": roxen.normalize_url (u),    "conf":replace(ub[u]->conf->name, " ", "-" ),    "confname":ub[u]->conf->query_name(),    ]);   }