diff --git a/defaults/freeworldKeystore b/defaults/freeworldKeystore new file mode 100644 index 000000000..c0f8470d4 Binary files /dev/null and b/defaults/freeworldKeystore differ diff --git a/defaults/yacy.init b/defaults/yacy.init index 3a5c4982a..a4a77f750 100644 --- a/defaults/yacy.init +++ b/defaults/yacy.init @@ -60,11 +60,16 @@ bindPort = # If the property keyStore is not specified, then a new keystore file # DATA/SETTINGS/myPeerKeystore will be created. -keyStore = -keyStorePassword = +keyStore=defaults/freeworldKeystore +keyStorePassword=freeworld pkcs12ImportFile = pkcs12ImportPwd = +# the keyStore is only used, if server.https is set to true +# if server.https=true, then the YaCy web interface is available at +# https://localhost:/ and not at http://localhost:/ +server.https=false + # property that collects the names of all servlets that had been used so far # that is used to track if the user has already done some configuration steps # if the used missed configuration steps that should be done, then a help system diff --git a/htroot/Status.java b/htroot/Status.java index 45c68ff77..a82005b47 100644 --- a/htroot/Status.java +++ b/htroot/Status.java @@ -194,7 +194,7 @@ public class Status prop.put("host", hostIP != null ? hostIP.getHostAddress() : "Unkown IP"); // ssl support - prop.put("sslSupport", sb.getConfig("keyStore", "").isEmpty() ? "0" : "1"); + prop.put("sslSupport", sb.getConfig("keyStore", "").isEmpty() || !sb.getConfigBool("server.https", false) ? 0 : 1); if ( sb.getConfigBool("remoteProxyUse", false) ) { prop.put("remoteProxy", "1"); diff --git a/source/net/yacy/server/serverCore.java b/source/net/yacy/server/serverCore.java index 0e351d122..c0a0ee0a0 100644 --- a/source/net/yacy/server/serverCore.java +++ b/source/net/yacy/server/serverCore.java @@ -207,7 +207,7 @@ public final class serverCore extends AbstractBusyThread implements BusyThread { } public boolean withSSL() { - return this.sslSocketFactory != null; + return this.sslSocketFactory != null && this.switchboard.getConfigBool("server.https", false); } public synchronized void init() { @@ -367,7 +367,7 @@ public final class serverCore extends AbstractBusyThread implements BusyThread { controlSocket.setSoTimeout(this.timeout); // wrap this socket - if (this.sslSocketFactory != null) { + if (withSSL()) { controlSocket = new serverCoreSocket(controlSocket); // if the current connection is SSL we need to do a handshake @@ -994,10 +994,19 @@ public final class serverCore extends AbstractBusyThread implements BusyThread { String keyStoreFileName = this.switchboard.getConfig("keyStore", "").trim(); // getting the keystore pwd - final String keyStorePwd = this.switchboard.getConfig("keyStorePassword", "").trim(); + String keyStorePwd = this.switchboard.getConfig("keyStorePassword", "").trim(); // take a look if we have something to import final String pkcs12ImportFile = this.switchboard.getConfig("pkcs12ImportFile", "").trim(); + + // if no keyStore and no import is defined, then set the default key + if (keyStoreFileName.isEmpty() && keyStorePwd.isEmpty() && pkcs12ImportFile.isEmpty()) { + keyStoreFileName = "defaults/freeworldKeystore"; + keyStorePwd = "freeworld"; + this.switchboard.setConfig("keyStore", keyStoreFileName); + this.switchboard.setConfig("keyStorePassword", keyStorePwd); + } + if (pkcs12ImportFile.length() > 0) { this.log.logInfo("Import certificates from import file '" + pkcs12ImportFile + "'."); @@ -1092,13 +1101,10 @@ public final class serverCore extends AbstractBusyThread implements BusyThread { @Override public void handshakeCompleted( final HandshakeCompletedEvent event) { - System.out.println("Handshake finished!"); - System.out.println( - "\t CipherSuite:" + event.getCipherSuite()); - System.out.println( - "\t SessionId " + event.getSession()); - System.out.println( - "\t PeerHost " + event.getSession().getPeerHost()); + //System.out.println("Handshake finished!"); + //System.out.println("\t CipherSuite:" + event.getCipherSuite()); + //System.out.println("\t SessionId " + event.getSession()); + //System.out.println("\t PeerHost " + event.getSession().getPeerHost()); } } );