diff --git a/Makefile.am b/Makefile.am index 9772f03df..315ab91d7 100644 --- a/Makefile.am +++ b/Makefile.am @@ -24,8 +24,19 @@ include_paths = -I${top_srcdir}/common -I${top_srcdir}/net -I${top_srcdir}/wsd - AM_CPPFLAGS = -pthread -DLOOLWSD_DATADIR='"@LOOLWSD_DATADIR@"' -DLOOLWSD_CONFIGDIR='"@LOOLWSD_CONFIGDIR@"' ${include_paths} AM_LDFLAGS = -pthread -Wl,-E loolforkit_LDFLAGS = -pthread -Wl,-E,-rpath,/snap/loolwsd/current/usr/lib +loolforkit_nocaps_LDFLAGS = -pthread -Wl,-E,-rpath,/snap/loolwsd/current/usr/lib loolmount_LDFLAGS = -pthread -Wl,-E,-rpath,/snap/loolwsd/current/usr/lib -loolnb_LDFLAGS = -pthread -Wl,-E,-rpath,/snap/loolwsd/current/usr/lib -lssl -lcrypto +loolnb_LDFLAGS = -pthread -Wl,-E,-rpath,/snap/loolwsd/current/usr/lib +loolwsd_LDFLAGS = -pthread -Wl,-E,-rpath,/snap/loolwsd/current/usr/lib +loolwsd_fuzzer_LDFLAGS = -pthread -Wl,-E,-rpath,/snap/loolwsd/current/usr/lib + +if ENABLE_SSL +loolforkit_LDFLAGS += -lssl -lcrypto +loolforkit_nocaps_LDFLAGS += -lssl -lcrypto +loolnb_LDFLAGS += -lssl -lcrypto +loolwsd_LDFLAGS += -lssl -lcrypto +loolwsd_fuzzer_LDFLAGS += -lssl -lcrypto +endif loolwsd_fuzzer_CPPFLAGS = -DKIT_IN_PROCESS=1 -DFUZZER=1 -DTDOC=\"$(abs_top_srcdir)/test/data\" $(AM_CPPFLAGS) @@ -43,8 +54,11 @@ shared_sources = common/FileUtil.cpp \ common/Unit.cpp \ common/UnitHTTP.cpp \ common/Util.cpp \ - tools/Replay.hpp \ - net/WebSocketHandler.cpp + tools/Replay.hpp + +if ENABLE_SSL +shared_sources += net/Ssl.cpp +endif loolwsd_sources = wsd/Admin.cpp \ wsd/AdminModel.cpp \ @@ -90,10 +104,11 @@ loolwsd_fuzzer_SOURCES = $(loolwsd_sources) \ kit/DummyLibreOfficeKit.cpp loolnb_SOURCES = net/loolnb.cpp \ - net/Ssl.cpp \ - net/WebSocketHandler.cpp \ common/Log.cpp \ common/Util.cpp +if ENABLE_SSL +loolnb_SOURCES += net/Ssl.cpp +endif clientnb_SOURCES = net/clientnb.cpp \ common/Log.cpp \ @@ -145,7 +160,13 @@ shared_headers = common/Common.hpp \ common/Rectangle.hpp \ common/SigUtil.hpp \ common/security.h \ - common/SpookyV2.h + common/SpookyV2.h \ + net/Socket.hpp \ + net/WebSocketHandler.hpp +if ENABLE_SSL +shared_headers += net/Ssl.hpp \ + net/SslSocket.hpp +endif kit_headers = kit/ChildSession.hpp \ kit/DummyLibreOfficeKit.hpp \ diff --git a/net/loolnb.cpp b/net/loolnb.cpp index eac40cde4..8ac112ec1 100644 --- a/net/loolnb.cpp +++ b/net/loolnb.cpp @@ -28,7 +28,9 @@ #include "Socket.hpp" #include "ServerSocket.hpp" +#if ENABLE_SSL #include "SslSocket.hpp" +#endif #include "WebSocketHandler.hpp" using Poco::MemoryInputStream; @@ -157,10 +159,12 @@ public: Log::initialize("loolnb", logLevel ? logLevel : "", false, false, props); +#if ENABLE_SSL // TODO: These would normally come from config. SslContext::initialize("/etc/loolwsd/cert.pem", "/etc/loolwsd/key.pem", "/etc/loolwsd/ca-chain.cert.pem"); +#endif // Used to poll client sockets. SocketPoll poller; @@ -182,6 +186,7 @@ public: } }; +#if ENABLE_SSL class SslSocketFactory : public SocketFactory { std::shared_ptr create(const int fd) override @@ -190,18 +195,22 @@ public: } }; - // Start the server. if (args.back() == "ssl") server(addrSsl, poller, std::unique_ptr{new SslSocketFactory}); else +#endif server(addrHttp, poller, std::unique_ptr{new PlainSocketFactory}); std::cout << "Shutting down server." << std::endl; threadPoll.stop(); +#if ENABLE_SSL SslContext::uninitialize(); +#endif + + (void)args; return 0; } }; diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp index 03f812031..a1ef1635a 100644 --- a/wsd/LOOLWSD.cpp +++ b/wsd/LOOLWSD.cpp @@ -109,7 +109,9 @@ #include "Protocol.hpp" #include "ServerSocket.hpp" #include "Session.hpp" -//#include "SslSocket.hp" // Conflicts with Poco SSL. +#if ENABLE_SSL +#include "SslSocket.hpp" +#endif #include "Storage.hpp" #include "TraceFile.hpp" #include "Unit.hpp" @@ -2016,6 +2018,13 @@ void LOOLWSD::initializeSSL() const auto ssl_ca_file_path = getPathFromConfig("ssl.ca_file_path"); LOG_INF("SSL CA file: " << ssl_ca_file_path); +#if ENABLE_SSL + // Initialize the non-blocking socket SSL. + SslContext::initialize(ssl_cert_file_path, + ssl_key_file_path, + ssl_ca_file_path); +#endif + Poco::Crypto::initializeCrypto(); Poco::Net::initializeSSL(); @@ -3025,14 +3034,15 @@ class PlainSocketFactory : public SocketFactory } }; +#if ENABLE_SSL class SslSocketFactory : public SocketFactory { std::shared_ptr create(const int fd) override { - // FIXME: SslStreamSocket it should be, but conflicts with Poco SSL; need to remove that first. - return StreamSocket::create(fd, std::unique_ptr{ new ClientRequestDispatcher }); + return StreamSocket::create(fd, std::unique_ptr{ new ClientRequestDispatcher }); } }; +#endif /// The main server thread. /// @@ -3059,8 +3069,10 @@ public: void start(const Poco::Net::SocketAddress& addr) { std::shared_ptr serverSocket = std::make_shared(_documentPoll, - LOOLWSD::isSSLEnabled()? std::unique_ptr{new SslSocketFactory()}: - std::unique_ptr{new PlainSocketFactory()}); +#if ENABLE_SSL + LOOLWSD::isSSLEnabled() ? std::unique_ptr{ new SslSocketFactory() } : +#endif + std::unique_ptr{ new PlainSocketFactory() }); if (!serverSocket->bind(addr)) { @@ -3410,6 +3422,9 @@ int LOOLWSD::main(const std::vector& /*args*/) { Poco::Net::uninitializeSSL(); Poco::Crypto::uninitializeCrypto(); +#if ENABLE_SSL + SslContext::uninitialize(); +#endif } int returnValue = Application::EXIT_OK;