diff options
| author | Michael Meeks <michael.meeks@collabora.com> | 2020-04-29 20:24:33 +0100 |
|---|---|---|
| committer | Michael Meeks <michael.meeks@collabora.com> | 2020-04-30 14:53:25 +0200 |
| commit | f9f392ab5cdcde96e6eace26c90a7482952735f1 (patch) | |
| tree | f6ee144f85c7a541a5fb56d2d2a0f0a3538a7e28 /wsd | |
| parent | ba727f44ddeba6765b67b07843ca89d58146146b (diff) | |
Storage: add as_scheme to allow auto-determination of whether to use SSL.
This is the new default - do as we're told by the client.
The old setting is left to allow users to force SSL if they are
concerned that they may receive unhelpful URLs.
Change-Id: Idea83aacea6826a8f37264e34d49c7550efe6d27
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/93179
Tested-by: Michael Meeks <michael.meeks@collabora.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Diffstat (limited to 'wsd')
| -rw-r--r-- | wsd/Storage.cpp | 33 | ||||
| -rw-r--r-- | wsd/Storage.hpp | 3 |
2 files changed, 29 insertions, 7 deletions
diff --git a/wsd/Storage.cpp b/wsd/Storage.cpp index ad4249f4c..f010894c4 100644 --- a/wsd/Storage.cpp +++ b/wsd/Storage.cpp @@ -55,7 +55,8 @@ using std::size_t; bool StorageBase::FilesystemEnabled; bool StorageBase::WopiEnabled; -bool StorageBase::SSLEnabled; +bool StorageBase::SSLAsScheme = true; +bool StorageBase::SSLEnabled = false; Util::RegexListMatcher StorageBase::WopiHosts; #if !MOBILEAPP @@ -126,6 +127,10 @@ void StorageBase::initialize() // Init client Poco::Net::Context::Params sslClientParams; + // false default for upgrade to preserve legacy configuration + // in-config-file defaults are true. + SSLAsScheme = LOOLWSD::getConfigValue<bool>("storage.ssl.as_scheme", false); + // Fallback to ssl.enable if not set - for back compatibility & simplicity. SSLEnabled = LOOLWSD::getConfigValue<bool>( "storage.ssl.enable", LOOLWSD::getConfigValue<bool>("ssl.enable", true)); @@ -398,15 +403,29 @@ LocalStorage::saveLocalFileToStorage(const Authorization& /*auth*/, const std::s #if !MOBILEAPP Poco::Net::HTTPClientSession* StorageBase::getHTTPClientSession(const Poco::URI& uri) - { +{ + bool useSSL = false; + if (SSLAsScheme) + { + // the WOPI URI itself should control whether we use SSL or not + // for whether we verify vs. certificates, cf. above + useSSL = uri.getScheme() != "http"; + } + else + { + // We decoupled the Wopi communication from client communication because + // the Wopi communication must have an independent policy. + // So, we will use here only Storage settings. + useSSL = SSLEnabled || LOOLWSD::isSSLTermination(); + } // We decoupled the Wopi communication from client communication because // the Wopi communication must have an independent policy. // So, we will use here only Storage settings. - return (SSLEnabled || LOOLWSD::isSSLTermination()) - ? new Poco::Net::HTTPSClientSession(uri.getHost(), uri.getPort(), - Poco::Net::SSLManager::instance().defaultClientContext()) - : new Poco::Net::HTTPClientSession(uri.getHost(), uri.getPort()); - } + return useSSL + ? new Poco::Net::HTTPSClientSession(uri.getHost(), uri.getPort(), + Poco::Net::SSLManager::instance().defaultClientContext()) + : new Poco::Net::HTTPClientSession(uri.getHost(), uri.getPort()); +} namespace { diff --git a/wsd/Storage.hpp b/wsd/Storage.hpp index 78eab6434..e5ea41101 100644 --- a/wsd/Storage.hpp +++ b/wsd/Storage.hpp @@ -279,6 +279,9 @@ private: static bool FilesystemEnabled; static bool WopiEnabled; + /// If true, use only the WOPI URL for whether to use SSL to talk to storage server + static bool SSLAsScheme; + /// If true, force SSL communication with storage server static bool SSLEnabled; /// Allowed/denied WOPI hosts, if any and if WOPI is enabled. static Util::RegexListMatcher WopiHosts; |