Fri Aug 17 00:17:49 2018

Asterisk developer's documentation


tcptls.h File Reference

Generic support for tcp/tls servers in Asterisk. More...

#include "asterisk/netsock2.h"
#include "asterisk/utils.h"
#include <openssl/ssl.h>
#include <openssl/err.h>

Go to the source code of this file.

Data Structures

struct  ast_tcptls_session_args
 arguments for the accepting thread More...
struct  ast_tcptls_session_instance
struct  ast_tls_config

Defines

#define AST_CERTFILE   "asterisk.pem"
#define DO_SSL
#define HOOK_T   ssize_t
#define LEN_T   size_t

Enumerations

enum  ast_ssl_flags {
  AST_SSL_VERIFY_CLIENT = (1 << 0), AST_SSL_DONT_VERIFY_SERVER = (1 << 1), AST_SSL_IGNORE_COMMON_NAME = (1 << 2), AST_SSL_SSLV2_CLIENT = (1 << 3),
  AST_SSL_SSLV3_CLIENT = (1 << 4), AST_SSL_TLSV1_CLIENT = (1 << 5)
}

Functions

int ast_ssl_setup (struct ast_tls_config *cfg)
 Set up an SSL server.
void ast_ssl_teardown (struct ast_tls_config *cfg)
 free resources used by an SSL server
struct
ast_tcptls_session_instance
ast_tcptls_client_create (struct ast_tcptls_session_args *desc)
struct
ast_tcptls_session_instance
ast_tcptls_client_start (struct ast_tcptls_session_instance *tcptls_session)
 attempts to connect and start tcptls session, on error the tcptls_session's ref count is decremented, fd and file are closed, and NULL is returned.
void ast_tcptls_close_session_file (struct ast_tcptls_session_instance *tcptls_session)
 Closes a tcptls session instance's file and/or file descriptor. The tcptls_session will be set to NULL and it's file descriptor will be set to -1 by this function.
HOOK_T ast_tcptls_server_read (struct ast_tcptls_session_instance *ser, void *buf, size_t count)
void * ast_tcptls_server_root (void *)
void ast_tcptls_server_start (struct ast_tcptls_session_args *desc)
 This is a generic (re)start routine for a TCP server, which does the socket/bind/listen and starts a thread for handling accept().
void ast_tcptls_server_stop (struct ast_tcptls_session_args *desc)
 Shutdown a running server if there is one.
HOOK_T ast_tcptls_server_write (struct ast_tcptls_session_instance *ser, const void *buf, size_t count)
void ast_tcptls_stream_set_exclusive_input (struct ast_tcptls_stream *stream, int exclusive_input)
 Set the TCP/TLS stream I/O if it can exclusively depend upon the set timeouts.
void ast_tcptls_stream_set_timeout_disable (struct ast_tcptls_stream *stream)
 Disable the TCP/TLS stream timeout timer.
void ast_tcptls_stream_set_timeout_inactivity (struct ast_tcptls_stream *stream, int timeout)
 Set the TCP/TLS stream inactivity timeout timer.
void ast_tcptls_stream_set_timeout_sequence (struct ast_tcptls_stream *stream, struct timeval start, int timeout)
 Set the TCP/TLS stream I/O sequence timeout timer.
int ast_tls_read_conf (struct ast_tls_config *tls_cfg, struct ast_tcptls_session_args *tls_desc, const char *varname, const char *value)
 Used to parse conf files containing tls/ssl options.

Detailed Description

Generic support for tcp/tls servers in Asterisk.

Note:
In order to have TLS/SSL support, we need the openssl libraries. Still we can decide whether or not to use them by commenting in or out the DO_SSL macro.

TLS/SSL support is basically implemented by reading from a config file (currently http.conf and sip.conf) the names of the certificate and cipher to use, and then run ssl_setup() to create an appropriate SSL_CTX (ssl_ctx) If we support multiple domains, presumably we need to read multiple certificates.

When we are requested to open a TLS socket, we run make_file_from_fd() on the socket, to do the necessary setup. At the moment the context's name is hardwired in the function, but we can certainly make it into an extra parameter to the function.

We declare most of ssl support variables unconditionally, because their number is small and this simplifies the code.

Note:
The ssl-support variables (ssl_ctx, do_ssl, certfile, cipher) and their setup should be moved to a more central place, e.g. asterisk.conf and the source files that processes it. Similarly, ssl_setup() should be run earlier in the startup process so modules have it available.

Definition in file tcptls.h.


Define Documentation

#define AST_CERTFILE   "asterisk.pem"

SSL support

Definition at line 68 of file tcptls.h.

Referenced by __ast_http_load(), manager_set_defaults(), and reload_config().

#define DO_SSL

Definition at line 55 of file tcptls.h.

#define HOOK_T   ssize_t

Definition at line 225 of file tcptls.h.

#define LEN_T   size_t

Definition at line 226 of file tcptls.h.


Enumeration Type Documentation

Enumerator:
AST_SSL_VERIFY_CLIENT 

Verify certificate when acting as server

AST_SSL_DONT_VERIFY_SERVER 

Don't verify certificate when connecting to a server

AST_SSL_IGNORE_COMMON_NAME 

Don't compare "Common Name" against IP or hostname

AST_SSL_SSLV2_CLIENT 

Use SSLv2 for outgoing client connections

AST_SSL_SSLV3_CLIENT 

Use SSLv3 for outgoing client connections

AST_SSL_TLSV1_CLIENT 

Use TLSv1 for outgoing client connections

Definition at line 70 of file tcptls.h.

00070                    {
00071    /*! Verify certificate when acting as server */
00072    AST_SSL_VERIFY_CLIENT = (1 << 0),
00073    /*! Don't verify certificate when connecting to a server */
00074    AST_SSL_DONT_VERIFY_SERVER = (1 << 1),
00075    /*! Don't compare "Common Name" against IP or hostname */
00076    AST_SSL_IGNORE_COMMON_NAME = (1 << 2),
00077    /*! Use SSLv2 for outgoing client connections */
00078    AST_SSL_SSLV2_CLIENT = (1 << 3),
00079    /*! Use SSLv3 for outgoing client connections */
00080    AST_SSL_SSLV3_CLIENT = (1 << 4),
00081    /*! Use TLSv1 for outgoing client connections */
00082    AST_SSL_TLSV1_CLIENT = (1 << 5)
00083 };


Function Documentation

int ast_ssl_setup ( struct ast_tls_config cfg  ) 

Set up an SSL server.

Parameters:
cfg Configuration for the SSL server
Return values:
1 Success
0 Failure

Definition at line 850 of file tcptls.c.

References __ssl_setup().

Referenced by __ast_http_load(), __init_manager(), and reload_config().

00851 {
00852    return __ssl_setup(cfg, 0);
00853 }

void ast_ssl_teardown ( struct ast_tls_config cfg  ) 

free resources used by an SSL server

Note:
This only needs to be called if ast_ssl_setup() was directly called first.
Parameters:
cfg Configuration for the SSL server

Definition at line 855 of file tcptls.c.

References ast_tls_config::ssl_ctx.

Referenced by sip_tcptls_client_args_destructor(), and unload_module().

00856 {
00857 #ifdef DO_SSL
00858    if (cfg->ssl_ctx) {
00859       SSL_CTX_free(cfg->ssl_ctx);
00860       cfg->ssl_ctx = NULL;
00861    }
00862 #endif
00863 }

struct ast_tcptls_session_instance* ast_tcptls_client_create ( struct ast_tcptls_session_args desc  )  [read]

Definition at line 902 of file tcptls.c.

References ast_tcptls_session_args::accept_fd, ao2_alloc, ao2_ref, ast_bind(), ast_debug, ast_log(), ast_mutex_init, ast_sockaddr_cmp(), ast_sockaddr_copy(), ast_sockaddr_is_ipv6(), ast_sockaddr_isnull(), ast_sockaddr_setnull(), ast_sockaddr_stringify(), ast_str_create(), ast_tcptls_session_instance::client, errno, ast_tcptls_session_instance::fd, ast_tcptls_session_args::local_address, ast_tcptls_session_instance::lock, LOG_ERROR, LOG_WARNING, ast_tcptls_session_args::name, ast_tcptls_session_args::old_address, ast_tcptls_session_instance::overflow_buf, ast_tcptls_session_instance::parent, ast_tcptls_session_instance::remote_address, ast_tcptls_session_args::remote_address, session_instance_destructor(), and ast_tcptls_session_args::worker_fn.

Referenced by app_exec(), and sip_prepare_socket().

00903 {
00904    int x = 1;
00905    struct ast_tcptls_session_instance *tcptls_session = NULL;
00906 
00907    /* Do nothing if nothing has changed */
00908    if (!ast_sockaddr_cmp(&desc->old_address, &desc->remote_address)) {
00909       ast_debug(1, "Nothing changed in %s\n", desc->name);
00910       return NULL;
00911    }
00912 
00913    /* If we return early, there is no connection */
00914    ast_sockaddr_setnull(&desc->old_address);
00915 
00916    if (desc->accept_fd != -1)
00917       close(desc->accept_fd);
00918 
00919    desc->accept_fd = socket(ast_sockaddr_is_ipv6(&desc->remote_address) ?
00920              AF_INET6 : AF_INET, SOCK_STREAM, IPPROTO_TCP);
00921    if (desc->accept_fd < 0) {
00922       ast_log(LOG_WARNING, "Unable to allocate socket for %s: %s\n",
00923          desc->name, strerror(errno));
00924       return NULL;
00925    }
00926 
00927    /* if a local address was specified, bind to it so the connection will
00928       originate from the desired address */
00929    if (!ast_sockaddr_isnull(&desc->local_address)) {
00930       setsockopt(desc->accept_fd, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x));
00931       if (ast_bind(desc->accept_fd, &desc->local_address)) {
00932          ast_log(LOG_ERROR, "Unable to bind %s to %s: %s\n",
00933             desc->name,
00934             ast_sockaddr_stringify(&desc->local_address),
00935             strerror(errno));
00936          goto error;
00937       }
00938    }
00939 
00940    if (!(tcptls_session = ao2_alloc(sizeof(*tcptls_session), session_instance_destructor)))
00941       goto error;
00942 
00943    ast_mutex_init(&tcptls_session->lock);
00944    tcptls_session->overflow_buf = ast_str_create(128);
00945    tcptls_session->client = 1;
00946    tcptls_session->fd = desc->accept_fd;
00947    tcptls_session->parent = desc;
00948    tcptls_session->parent->worker_fn = NULL;
00949    ast_sockaddr_copy(&tcptls_session->remote_address,
00950            &desc->remote_address);
00951 
00952    /* Set current info */
00953    ast_sockaddr_copy(&desc->old_address, &desc->remote_address);
00954    return tcptls_session;
00955 
00956 error:
00957    close(desc->accept_fd);
00958    desc->accept_fd = -1;
00959    if (tcptls_session)
00960       ao2_ref(tcptls_session, -1);
00961    return NULL;
00962 }

struct ast_tcptls_session_instance* ast_tcptls_client_start ( struct ast_tcptls_session_instance tcptls_session  )  [read]

attempts to connect and start tcptls session, on error the tcptls_session's ref count is decremented, fd and file are closed, and NULL is returned.

Definition at line 865 of file tcptls.c.

References __ssl_setup(), ast_tcptls_session_args::accept_fd, ao2_ref, ast_connect(), ast_log(), ast_sockaddr_stringify(), desc, ast_tls_config::enabled, errno, handle_tcptls_connection(), LOG_ERROR, ast_tcptls_session_args::name, ast_tcptls_session_instance::parent, ast_tcptls_session_args::remote_address, and ast_tcptls_session_args::tls_cfg.

Referenced by _sip_tcp_helper_thread(), and app_exec().

00866 {
00867    struct ast_tcptls_session_args *desc;
00868    int flags;
00869 
00870    if (!(desc = tcptls_session->parent)) {
00871       goto client_start_error;
00872    }
00873 
00874    if (ast_connect(desc->accept_fd, &desc->remote_address)) {
00875       ast_log(LOG_ERROR, "Unable to connect %s to %s: %s\n",
00876          desc->name,
00877          ast_sockaddr_stringify(&desc->remote_address),
00878          strerror(errno));
00879       goto client_start_error;
00880    }
00881 
00882    flags = fcntl(desc->accept_fd, F_GETFL);
00883    fcntl(desc->accept_fd, F_SETFL, flags & ~O_NONBLOCK);
00884 
00885    if (desc->tls_cfg) {
00886       desc->tls_cfg->enabled = 1;
00887       __ssl_setup(desc->tls_cfg, 1);
00888    }
00889 
00890    return handle_tcptls_connection(tcptls_session);
00891 
00892 client_start_error:
00893    if (desc) {
00894       close(desc->accept_fd);
00895       desc->accept_fd = -1;
00896    }
00897    ao2_ref(tcptls_session, -1);
00898    return NULL;
00899 
00900 }

void ast_tcptls_close_session_file ( struct ast_tcptls_session_instance tcptls_session  ) 

Closes a tcptls session instance's file and/or file descriptor. The tcptls_session will be set to NULL and it's file descriptor will be set to -1 by this function.

Definition at line 1033 of file tcptls.c.

References ast_log(), errno, ast_tcptls_session_instance::f, ast_tcptls_session_instance::fd, and LOG_ERROR.

Referenced by _sip_tcp_helper_thread(), ast_http_send(), ast_tcptls_server_root(), handle_tcptls_connection(), httpd_helper_thread(), and sip_prepare_socket().

01034 {
01035    if (tcptls_session->f) {
01036       fflush(tcptls_session->f);
01037       if (fclose(tcptls_session->f)) {
01038          ast_log(LOG_ERROR, "fclose() failed: %s\n", strerror(errno));
01039       }
01040       tcptls_session->f = NULL;
01041       tcptls_session->fd = -1;
01042    } else if (tcptls_session->fd != -1) {
01043       /*
01044        * Issuing shutdown() is necessary here to avoid a race
01045        * condition where the last data written may not appear
01046        * in the TCP stream.  See ASTERISK-23548
01047        */
01048       shutdown(tcptls_session->fd, SHUT_RDWR);
01049       if (close(tcptls_session->fd)) {
01050          ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno));
01051       }
01052       tcptls_session->fd = -1;
01053    } else {
01054       ast_log(LOG_ERROR, "ast_tcptls_close_session_file invoked on session instance without file or file descriptor\n");
01055    }
01056 }

HOOK_T ast_tcptls_server_read ( struct ast_tcptls_session_instance ser,
void *  buf,
size_t  count 
)

Definition at line 519 of file tcptls.c.

References ast_log(), errno, ast_tcptls_stream::fd, LOG_ERROR, ast_tcptls_session_instance::stream_cookie, and tcptls_stream_read().

Referenced by sip_tcptls_read().

00520 {
00521    if (!tcptls_session->stream_cookie || tcptls_session->stream_cookie->fd == -1) {
00522       ast_log(LOG_ERROR, "TCP/TLS read called on invalid stream.\n");
00523       errno = EIO;
00524       return -1;
00525    }
00526 
00527    return tcptls_stream_read(tcptls_session->stream_cookie, buf, count);
00528 }

void* ast_tcptls_server_root ( void *   ) 

Definition at line 693 of file tcptls.c.

References ast_tcptls_session_args::accept_fd, ao2_alloc, ao2_ref, ast_accept(), ast_log(), ast_mutex_init, ast_pthread_create_detached_background, ast_sockaddr_copy(), ast_str_create(), ast_tcptls_close_session_file(), ast_wait_for_input(), ast_tcptls_session_instance::client, desc, errno, ast_tcptls_session_instance::fd, handle_tcptls_connection(), ast_tcptls_session_instance::lock, LOG_ERROR, LOG_WARNING, ast_tcptls_session_instance::overflow_buf, ast_tcptls_session_instance::parent, ast_tcptls_session_args::periodic_fn, ast_tcptls_session_args::poll_timeout, ast_tcptls_session_instance::remote_address, and session_instance_destructor().

00694 {
00695    struct ast_tcptls_session_args *desc = data;
00696    int fd;
00697    struct ast_sockaddr addr;
00698    struct ast_tcptls_session_instance *tcptls_session;
00699    pthread_t launched;
00700 
00701    for (;;) {
00702       int i, flags;
00703 
00704       if (desc->periodic_fn)
00705          desc->periodic_fn(desc);
00706       i = ast_wait_for_input(desc->accept_fd, desc->poll_timeout);
00707       if (i <= 0)
00708          continue;
00709       fd = ast_accept(desc->accept_fd, &addr);
00710       if (fd < 0) {
00711          if ((errno != EAGAIN) && (errno != EINTR))
00712             ast_log(LOG_WARNING, "Accept failed: %s\n", strerror(errno));
00713          continue;
00714       }
00715       tcptls_session = ao2_alloc(sizeof(*tcptls_session), session_instance_destructor);
00716       if (!tcptls_session) {
00717          ast_log(LOG_WARNING, "No memory for new session: %s\n", strerror(errno));
00718          if (close(fd)) {
00719             ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno));
00720          }
00721          continue;
00722       }
00723 
00724       ast_mutex_init(&tcptls_session->lock);
00725       tcptls_session->overflow_buf = ast_str_create(128);
00726 
00727       flags = fcntl(fd, F_GETFL);
00728       fcntl(fd, F_SETFL, flags & ~O_NONBLOCK);
00729       tcptls_session->fd = fd;
00730       tcptls_session->parent = desc;
00731       ast_sockaddr_copy(&tcptls_session->remote_address, &addr);
00732 
00733       tcptls_session->client = 0;
00734 
00735       /* This thread is now the only place that controls the single ref to tcptls_session */
00736       if (ast_pthread_create_detached_background(&launched, NULL, handle_tcptls_connection, tcptls_session)) {
00737          ast_log(LOG_WARNING, "Unable to launch helper thread: %s\n", strerror(errno));
00738          ast_tcptls_close_session_file(tcptls_session);
00739          ao2_ref(tcptls_session, -1);
00740       }
00741    }
00742    return NULL;
00743 }

void ast_tcptls_server_start ( struct ast_tcptls_session_args desc  ) 

This is a generic (re)start routine for a TCP server, which does the socket/bind/listen and starts a thread for handling accept().

Version:
1.6.1 changed desc parameter to be of ast_tcptls_session_args type

Definition at line 964 of file tcptls.c.

References ast_tcptls_session_args::accept_fd, ast_tcptls_session_args::accept_fn, ast_bind(), ast_debug, ast_log(), ast_pthread_create_background, AST_PTHREADT_NULL, ast_sockaddr_cmp(), ast_sockaddr_copy(), ast_sockaddr_is_ipv6(), ast_sockaddr_isnull(), ast_sockaddr_setnull(), ast_sockaddr_stringify(), errno, ast_tcptls_session_args::local_address, LOG_ERROR, ast_tcptls_session_args::master, ast_tcptls_session_args::name, and ast_tcptls_session_args::old_address.

Referenced by __ast_http_load(), __init_manager(), and reload_config().

00965 {
00966    int flags;
00967    int x = 1;
00968 
00969    /* Do nothing if nothing has changed */
00970    if (!ast_sockaddr_cmp(&desc->old_address, &desc->local_address)) {
00971       ast_debug(1, "Nothing changed in %s\n", desc->name);
00972       return;
00973    }
00974 
00975    /* If we return early, there is no one listening */
00976    ast_sockaddr_setnull(&desc->old_address);
00977 
00978    /* Shutdown a running server if there is one */
00979    if (desc->master != AST_PTHREADT_NULL) {
00980       pthread_cancel(desc->master);
00981       pthread_kill(desc->master, SIGURG);
00982       pthread_join(desc->master, NULL);
00983    }
00984 
00985    if (desc->accept_fd != -1)
00986       close(desc->accept_fd);
00987 
00988    /* If there's no new server, stop here */
00989    if (ast_sockaddr_isnull(&desc->local_address)) {
00990       ast_debug(2, "Server disabled:  %s\n", desc->name);
00991       return;
00992    }
00993 
00994    desc->accept_fd = socket(ast_sockaddr_is_ipv6(&desc->local_address) ?
00995              AF_INET6 : AF_INET, SOCK_STREAM, 0);
00996    if (desc->accept_fd < 0) {
00997       ast_log(LOG_ERROR, "Unable to allocate socket for %s: %s\n", desc->name, strerror(errno));
00998       return;
00999    }
01000 
01001    setsockopt(desc->accept_fd, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x));
01002    if (ast_bind(desc->accept_fd, &desc->local_address)) {
01003       ast_log(LOG_ERROR, "Unable to bind %s to %s: %s\n",
01004          desc->name,
01005          ast_sockaddr_stringify(&desc->local_address),
01006          strerror(errno));
01007       goto error;
01008    }
01009    if (listen(desc->accept_fd, 10)) {
01010       ast_log(LOG_ERROR, "Unable to listen for %s!\n", desc->name);
01011       goto error;
01012    }
01013    flags = fcntl(desc->accept_fd, F_GETFL);
01014    fcntl(desc->accept_fd, F_SETFL, flags | O_NONBLOCK);
01015    if (ast_pthread_create_background(&desc->master, NULL, desc->accept_fn, desc)) {
01016       ast_log(LOG_ERROR, "Unable to launch thread for %s on %s: %s\n",
01017          desc->name,
01018          ast_sockaddr_stringify(&desc->local_address),
01019          strerror(errno));
01020       goto error;
01021    }
01022 
01023    /* Set current info */
01024    ast_sockaddr_copy(&desc->old_address, &desc->local_address);
01025 
01026    return;
01027 
01028 error:
01029    close(desc->accept_fd);
01030    desc->accept_fd = -1;
01031 }

void ast_tcptls_server_stop ( struct ast_tcptls_session_args desc  ) 

Shutdown a running server if there is one.

Version:
1.6.1 changed desc parameter to be of ast_tcptls_session_args type

Definition at line 1058 of file tcptls.c.

References ast_tcptls_session_args::accept_fd, ast_debug, AST_PTHREADT_NULL, ast_tcptls_session_args::master, and ast_tcptls_session_args::name.

Referenced by __ast_http_load(), __init_manager(), http_shutdown(), manager_shutdown(), and unload_module().

01059 {
01060    if (desc->master != AST_PTHREADT_NULL) {
01061       pthread_cancel(desc->master);
01062       pthread_kill(desc->master, SIGURG);
01063       pthread_join(desc->master, NULL);
01064       desc->master = AST_PTHREADT_NULL;
01065    }
01066    if (desc->accept_fd != -1)
01067       close(desc->accept_fd);
01068    desc->accept_fd = -1;
01069    ast_debug(2, "Stopped server :: %s\n", desc->name);
01070 }

HOOK_T ast_tcptls_server_write ( struct ast_tcptls_session_instance ser,
const void *  buf,
size_t  count 
)

Definition at line 530 of file tcptls.c.

References ast_log(), errno, ast_tcptls_stream::fd, LOG_ERROR, ast_tcptls_session_instance::stream_cookie, and tcptls_stream_write().

Referenced by _sip_tcp_helper_thread().

00531 {
00532    if (!tcptls_session->stream_cookie || tcptls_session->stream_cookie->fd == -1) {
00533       ast_log(LOG_ERROR, "TCP/TLS write called on invalid stream.\n");
00534       errno = EIO;
00535       return -1;
00536    }
00537 
00538    return tcptls_stream_write(tcptls_session->stream_cookie, buf, count);
00539 }

void ast_tcptls_stream_set_exclusive_input ( struct ast_tcptls_stream stream,
int  exclusive_input 
)

Set the TCP/TLS stream I/O if it can exclusively depend upon the set timeouts.

Parameters:
stream TCP/TLS stream control data.
exclusive_input TRUE if stream can exclusively wait for fd input. Otherwise, the stream will not wait for fd input. It will wait while trying to send data.
Note:
The stream timeouts still need to be set.
Returns:
Nothing

Definition at line 107 of file tcptls.c.

References ast_assert, and ast_tcptls_stream::exclusive_input.

Referenced by _sip_tcp_helper_thread(), httpd_helper_thread(), and session_do().

00108 {
00109    ast_assert(stream != NULL);
00110 
00111    stream->exclusive_input = exclusive_input;
00112 }

void ast_tcptls_stream_set_timeout_disable ( struct ast_tcptls_stream stream  ) 

Disable the TCP/TLS stream timeout timer.

Parameters:
stream TCP/TLS stream control data.
Returns:
Nothing

Definition at line 84 of file tcptls.c.

References ast_assert, and ast_tcptls_stream::timeout.

Referenced by _sip_tcp_helper_thread(), and session_do().

00085 {
00086    ast_assert(stream != NULL);
00087 
00088    stream->timeout = -1;
00089 }

void ast_tcptls_stream_set_timeout_inactivity ( struct ast_tcptls_stream stream,
int  timeout 
)

Set the TCP/TLS stream inactivity timeout timer.

Parameters:
stream TCP/TLS stream control data.
timeout Number of milliseconds to wait for data transfer with the peer.

This is basically how much time we are willing to spend in an I/O call before we declare the peer unresponsive.

Note:
Setting timeout to -1 disables the timeout.
Setting this timeout replaces the I/O sequence timeout timer.
Returns:
Nothing

Definition at line 91 of file tcptls.c.

References ast_assert, ast_tcptls_stream::start, and ast_tcptls_stream::timeout.

Referenced by httpd_helper_thread().

00092 {
00093    ast_assert(stream != NULL);
00094 
00095    stream->start.tv_sec = 0;
00096    stream->timeout = timeout;
00097 }

void ast_tcptls_stream_set_timeout_sequence ( struct ast_tcptls_stream stream,
struct timeval  start,
int  timeout 
)

Set the TCP/TLS stream I/O sequence timeout timer.

Parameters:
stream TCP/TLS stream control data.
start Time the I/O sequence timer starts.
timeout Number of milliseconds from the start time before timeout.

This is how much time are we willing to allow the peer to complete an operation that can take several I/O calls. The main use is as an authentication timer with us.

Note:
Setting timeout to -1 disables the timeout.
Setting this timeout replaces the inactivity timeout timer.
Returns:
Nothing

Definition at line 99 of file tcptls.c.

References ast_assert, ast_tcptls_stream::start, and ast_tcptls_stream::timeout.

Referenced by _sip_tcp_helper_thread(), and session_do().

00100 {
00101    ast_assert(stream != NULL);
00102 
00103    stream->start = start;
00104    stream->timeout = timeout;
00105 }

int ast_tls_read_conf ( struct ast_tls_config tls_cfg,
struct ast_tcptls_session_args tls_desc,
const char *  varname,
const char *  value 
)

Used to parse conf files containing tls/ssl options.

Definition at line 1072 of file tcptls.c.

References ast_clear_flag, ast_free, ast_log(), ast_parse_arg(), ast_set2_flag, ast_set_flag, AST_SSL_DONT_VERIFY_SERVER, AST_SSL_SSLV2_CLIENT, AST_SSL_SSLV3_CLIENT, AST_SSL_TLSV1_CLIENT, AST_SSL_VERIFY_CLIENT, ast_strdup, ast_true(), ast_tls_config::cafile, ast_tls_config::capath, ast_tls_config::certfile, ast_tls_config::cipher, ast_tls_config::enabled, ast_tls_config::flags, ast_tcptls_session_args::local_address, LOG_WARNING, PARSE_ADDR, and ast_tls_config::pvtfile.

Referenced by __ast_http_load(), __init_manager(), and reload_config().

01073 {
01074    if (!strcasecmp(varname, "tlsenable") || !strcasecmp(varname, "sslenable")) {
01075       tls_cfg->enabled = ast_true(value) ? 1 : 0;
01076    } else if (!strcasecmp(varname, "tlscertfile") || !strcasecmp(varname, "sslcert") || !strcasecmp(varname, "tlscert")) {
01077       ast_free(tls_cfg->certfile);
01078       tls_cfg->certfile = ast_strdup(value);
01079    } else if (!strcasecmp(varname, "tlsprivatekey") || !strcasecmp(varname, "sslprivatekey")) {
01080       ast_free(tls_cfg->pvtfile);
01081       tls_cfg->pvtfile = ast_strdup(value);
01082    } else if (!strcasecmp(varname, "tlscipher") || !strcasecmp(varname, "sslcipher")) {
01083       ast_free(tls_cfg->cipher);
01084       tls_cfg->cipher = ast_strdup(value);
01085    } else if (!strcasecmp(varname, "tlscafile")) {
01086       ast_free(tls_cfg->cafile);
01087       tls_cfg->cafile = ast_strdup(value);
01088    } else if (!strcasecmp(varname, "tlscapath") || !strcasecmp(varname, "tlscadir")) {
01089       ast_free(tls_cfg->capath);
01090       tls_cfg->capath = ast_strdup(value);
01091    } else if (!strcasecmp(varname, "tlsverifyclient")) {
01092       ast_set2_flag(&tls_cfg->flags, ast_true(value), AST_SSL_VERIFY_CLIENT);
01093    } else if (!strcasecmp(varname, "tlsdontverifyserver")) {
01094       ast_set2_flag(&tls_cfg->flags, ast_true(value), AST_SSL_DONT_VERIFY_SERVER);
01095    } else if (!strcasecmp(varname, "tlsbindaddr") || !strcasecmp(varname, "sslbindaddr")) {
01096       if (ast_parse_arg(value, PARSE_ADDR, &tls_desc->local_address))
01097          ast_log(LOG_WARNING, "Invalid %s '%s'\n", varname, value);
01098    } else if (!strcasecmp(varname, "tlsclientmethod") || !strcasecmp(varname, "sslclientmethod")) {
01099       if (!strcasecmp(value, "tlsv1")) {
01100          ast_set_flag(&tls_cfg->flags, AST_SSL_TLSV1_CLIENT);
01101          ast_clear_flag(&tls_cfg->flags, AST_SSL_SSLV3_CLIENT);
01102          ast_clear_flag(&tls_cfg->flags, AST_SSL_SSLV2_CLIENT);
01103       } else if (!strcasecmp(value, "sslv3")) {
01104          ast_set_flag(&tls_cfg->flags, AST_SSL_SSLV3_CLIENT);
01105          ast_clear_flag(&tls_cfg->flags, AST_SSL_SSLV2_CLIENT);
01106          ast_clear_flag(&tls_cfg->flags, AST_SSL_TLSV1_CLIENT);
01107       } else if (!strcasecmp(value, "sslv2")) {
01108          ast_set_flag(&tls_cfg->flags, AST_SSL_SSLV2_CLIENT);
01109          ast_clear_flag(&tls_cfg->flags, AST_SSL_TLSV1_CLIENT);
01110          ast_clear_flag(&tls_cfg->flags, AST_SSL_SSLV3_CLIENT);
01111       }
01112    } else {
01113       return -1;
01114    }
01115 
01116    return 0;
01117 }


Generated on 17 Aug 2018 for Asterisk - The Open Source Telephony Project by  doxygen 1.6.1