Generic support for tcp/tls servers in Asterisk. More...
#include "asterisk/netsock2.h"
#include "asterisk/utils.h"
#include <openssl/ssl.h>
#include <openssl/err.h>
Go to the source code of this file.
Data Structures | |
struct | ast_tcptls_session_args |
arguments for the accepting thread More... | |
struct | ast_tcptls_session_instance |
struct | ast_tls_config |
Defines | |
#define | AST_CERTFILE "asterisk.pem" |
#define | DO_SSL |
#define | HOOK_T ssize_t |
#define | LEN_T size_t |
Enumerations | |
enum | ast_ssl_flags { AST_SSL_VERIFY_CLIENT = (1 << 0), AST_SSL_DONT_VERIFY_SERVER = (1 << 1), AST_SSL_IGNORE_COMMON_NAME = (1 << 2), AST_SSL_SSLV2_CLIENT = (1 << 3), AST_SSL_SSLV3_CLIENT = (1 << 4), AST_SSL_TLSV1_CLIENT = (1 << 5) } |
Functions | |
int | ast_ssl_setup (struct ast_tls_config *cfg) |
Set up an SSL server. | |
void | ast_ssl_teardown (struct ast_tls_config *cfg) |
free resources used by an SSL server | |
struct ast_tcptls_session_instance * | ast_tcptls_client_create (struct ast_tcptls_session_args *desc) |
struct ast_tcptls_session_instance * | ast_tcptls_client_start (struct ast_tcptls_session_instance *tcptls_session) |
attempts to connect and start tcptls session, on error the tcptls_session's ref count is decremented, fd and file are closed, and NULL is returned. | |
void | ast_tcptls_close_session_file (struct ast_tcptls_session_instance *tcptls_session) |
Closes a tcptls session instance's file and/or file descriptor. The tcptls_session will be set to NULL and it's file descriptor will be set to -1 by this function. | |
HOOK_T | ast_tcptls_server_read (struct ast_tcptls_session_instance *ser, void *buf, size_t count) |
void * | ast_tcptls_server_root (void *) |
void | ast_tcptls_server_start (struct ast_tcptls_session_args *desc) |
This is a generic (re)start routine for a TCP server, which does the socket/bind/listen and starts a thread for handling accept(). | |
void | ast_tcptls_server_stop (struct ast_tcptls_session_args *desc) |
Shutdown a running server if there is one. | |
HOOK_T | ast_tcptls_server_write (struct ast_tcptls_session_instance *ser, const void *buf, size_t count) |
void | ast_tcptls_stream_set_exclusive_input (struct ast_tcptls_stream *stream, int exclusive_input) |
Set the TCP/TLS stream I/O if it can exclusively depend upon the set timeouts. | |
void | ast_tcptls_stream_set_timeout_disable (struct ast_tcptls_stream *stream) |
Disable the TCP/TLS stream timeout timer. | |
void | ast_tcptls_stream_set_timeout_inactivity (struct ast_tcptls_stream *stream, int timeout) |
Set the TCP/TLS stream inactivity timeout timer. | |
void | ast_tcptls_stream_set_timeout_sequence (struct ast_tcptls_stream *stream, struct timeval start, int timeout) |
Set the TCP/TLS stream I/O sequence timeout timer. | |
int | ast_tls_read_conf (struct ast_tls_config *tls_cfg, struct ast_tcptls_session_args *tls_desc, const char *varname, const char *value) |
Used to parse conf files containing tls/ssl options. |
Generic support for tcp/tls servers in Asterisk.
TLS/SSL support is basically implemented by reading from a config file (currently http.conf and sip.conf) the names of the certificate and cipher to use, and then run ssl_setup() to create an appropriate SSL_CTX (ssl_ctx) If we support multiple domains, presumably we need to read multiple certificates.
When we are requested to open a TLS socket, we run make_file_from_fd() on the socket, to do the necessary setup. At the moment the context's name is hardwired in the function, but we can certainly make it into an extra parameter to the function.
We declare most of ssl support variables unconditionally, because their number is small and this simplifies the code.
Definition in file tcptls.h.
#define AST_CERTFILE "asterisk.pem" |
SSL support
Definition at line 68 of file tcptls.h.
Referenced by __ast_http_load(), manager_set_defaults(), and reload_config().
enum ast_ssl_flags |
AST_SSL_VERIFY_CLIENT |
Verify certificate when acting as server |
AST_SSL_DONT_VERIFY_SERVER |
Don't verify certificate when connecting to a server |
AST_SSL_IGNORE_COMMON_NAME |
Don't compare "Common Name" against IP or hostname |
AST_SSL_SSLV2_CLIENT |
Use SSLv2 for outgoing client connections |
AST_SSL_SSLV3_CLIENT |
Use SSLv3 for outgoing client connections |
AST_SSL_TLSV1_CLIENT |
Use TLSv1 for outgoing client connections |
Definition at line 70 of file tcptls.h.
00070 { 00071 /*! Verify certificate when acting as server */ 00072 AST_SSL_VERIFY_CLIENT = (1 << 0), 00073 /*! Don't verify certificate when connecting to a server */ 00074 AST_SSL_DONT_VERIFY_SERVER = (1 << 1), 00075 /*! Don't compare "Common Name" against IP or hostname */ 00076 AST_SSL_IGNORE_COMMON_NAME = (1 << 2), 00077 /*! Use SSLv2 for outgoing client connections */ 00078 AST_SSL_SSLV2_CLIENT = (1 << 3), 00079 /*! Use SSLv3 for outgoing client connections */ 00080 AST_SSL_SSLV3_CLIENT = (1 << 4), 00081 /*! Use TLSv1 for outgoing client connections */ 00082 AST_SSL_TLSV1_CLIENT = (1 << 5) 00083 };
int ast_ssl_setup | ( | struct ast_tls_config * | cfg | ) |
Set up an SSL server.
cfg | Configuration for the SSL server |
1 | Success | |
0 | Failure |
Definition at line 850 of file tcptls.c.
References __ssl_setup().
Referenced by __ast_http_load(), __init_manager(), and reload_config().
00851 { 00852 return __ssl_setup(cfg, 0); 00853 }
void ast_ssl_teardown | ( | struct ast_tls_config * | cfg | ) |
free resources used by an SSL server
cfg | Configuration for the SSL server |
Definition at line 855 of file tcptls.c.
References ast_tls_config::ssl_ctx.
Referenced by sip_tcptls_client_args_destructor(), and unload_module().
struct ast_tcptls_session_instance* ast_tcptls_client_create | ( | struct ast_tcptls_session_args * | desc | ) | [read] |
Definition at line 902 of file tcptls.c.
References ast_tcptls_session_args::accept_fd, ao2_alloc, ao2_ref, ast_bind(), ast_debug, ast_log(), ast_mutex_init, ast_sockaddr_cmp(), ast_sockaddr_copy(), ast_sockaddr_is_ipv6(), ast_sockaddr_isnull(), ast_sockaddr_setnull(), ast_sockaddr_stringify(), ast_str_create(), ast_tcptls_session_instance::client, errno, ast_tcptls_session_instance::fd, ast_tcptls_session_args::local_address, ast_tcptls_session_instance::lock, LOG_ERROR, LOG_WARNING, ast_tcptls_session_args::name, ast_tcptls_session_args::old_address, ast_tcptls_session_instance::overflow_buf, ast_tcptls_session_instance::parent, ast_tcptls_session_instance::remote_address, ast_tcptls_session_args::remote_address, session_instance_destructor(), and ast_tcptls_session_args::worker_fn.
Referenced by app_exec(), and sip_prepare_socket().
00903 { 00904 int x = 1; 00905 struct ast_tcptls_session_instance *tcptls_session = NULL; 00906 00907 /* Do nothing if nothing has changed */ 00908 if (!ast_sockaddr_cmp(&desc->old_address, &desc->remote_address)) { 00909 ast_debug(1, "Nothing changed in %s\n", desc->name); 00910 return NULL; 00911 } 00912 00913 /* If we return early, there is no connection */ 00914 ast_sockaddr_setnull(&desc->old_address); 00915 00916 if (desc->accept_fd != -1) 00917 close(desc->accept_fd); 00918 00919 desc->accept_fd = socket(ast_sockaddr_is_ipv6(&desc->remote_address) ? 00920 AF_INET6 : AF_INET, SOCK_STREAM, IPPROTO_TCP); 00921 if (desc->accept_fd < 0) { 00922 ast_log(LOG_WARNING, "Unable to allocate socket for %s: %s\n", 00923 desc->name, strerror(errno)); 00924 return NULL; 00925 } 00926 00927 /* if a local address was specified, bind to it so the connection will 00928 originate from the desired address */ 00929 if (!ast_sockaddr_isnull(&desc->local_address)) { 00930 setsockopt(desc->accept_fd, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x)); 00931 if (ast_bind(desc->accept_fd, &desc->local_address)) { 00932 ast_log(LOG_ERROR, "Unable to bind %s to %s: %s\n", 00933 desc->name, 00934 ast_sockaddr_stringify(&desc->local_address), 00935 strerror(errno)); 00936 goto error; 00937 } 00938 } 00939 00940 if (!(tcptls_session = ao2_alloc(sizeof(*tcptls_session), session_instance_destructor))) 00941 goto error; 00942 00943 ast_mutex_init(&tcptls_session->lock); 00944 tcptls_session->overflow_buf = ast_str_create(128); 00945 tcptls_session->client = 1; 00946 tcptls_session->fd = desc->accept_fd; 00947 tcptls_session->parent = desc; 00948 tcptls_session->parent->worker_fn = NULL; 00949 ast_sockaddr_copy(&tcptls_session->remote_address, 00950 &desc->remote_address); 00951 00952 /* Set current info */ 00953 ast_sockaddr_copy(&desc->old_address, &desc->remote_address); 00954 return tcptls_session; 00955 00956 error: 00957 close(desc->accept_fd); 00958 desc->accept_fd = -1; 00959 if (tcptls_session) 00960 ao2_ref(tcptls_session, -1); 00961 return NULL; 00962 }
struct ast_tcptls_session_instance* ast_tcptls_client_start | ( | struct ast_tcptls_session_instance * | tcptls_session | ) | [read] |
attempts to connect and start tcptls session, on error the tcptls_session's ref count is decremented, fd and file are closed, and NULL is returned.
Definition at line 865 of file tcptls.c.
References __ssl_setup(), ast_tcptls_session_args::accept_fd, ao2_ref, ast_connect(), ast_log(), ast_sockaddr_stringify(), desc, ast_tls_config::enabled, errno, handle_tcptls_connection(), LOG_ERROR, ast_tcptls_session_args::name, ast_tcptls_session_instance::parent, ast_tcptls_session_args::remote_address, and ast_tcptls_session_args::tls_cfg.
Referenced by _sip_tcp_helper_thread(), and app_exec().
00866 { 00867 struct ast_tcptls_session_args *desc; 00868 int flags; 00869 00870 if (!(desc = tcptls_session->parent)) { 00871 goto client_start_error; 00872 } 00873 00874 if (ast_connect(desc->accept_fd, &desc->remote_address)) { 00875 ast_log(LOG_ERROR, "Unable to connect %s to %s: %s\n", 00876 desc->name, 00877 ast_sockaddr_stringify(&desc->remote_address), 00878 strerror(errno)); 00879 goto client_start_error; 00880 } 00881 00882 flags = fcntl(desc->accept_fd, F_GETFL); 00883 fcntl(desc->accept_fd, F_SETFL, flags & ~O_NONBLOCK); 00884 00885 if (desc->tls_cfg) { 00886 desc->tls_cfg->enabled = 1; 00887 __ssl_setup(desc->tls_cfg, 1); 00888 } 00889 00890 return handle_tcptls_connection(tcptls_session); 00891 00892 client_start_error: 00893 if (desc) { 00894 close(desc->accept_fd); 00895 desc->accept_fd = -1; 00896 } 00897 ao2_ref(tcptls_session, -1); 00898 return NULL; 00899 00900 }
void ast_tcptls_close_session_file | ( | struct ast_tcptls_session_instance * | tcptls_session | ) |
Closes a tcptls session instance's file and/or file descriptor. The tcptls_session will be set to NULL and it's file descriptor will be set to -1 by this function.
Definition at line 1033 of file tcptls.c.
References ast_log(), errno, ast_tcptls_session_instance::f, ast_tcptls_session_instance::fd, and LOG_ERROR.
Referenced by _sip_tcp_helper_thread(), ast_http_send(), ast_tcptls_server_root(), handle_tcptls_connection(), httpd_helper_thread(), and sip_prepare_socket().
01034 { 01035 if (tcptls_session->f) { 01036 fflush(tcptls_session->f); 01037 if (fclose(tcptls_session->f)) { 01038 ast_log(LOG_ERROR, "fclose() failed: %s\n", strerror(errno)); 01039 } 01040 tcptls_session->f = NULL; 01041 tcptls_session->fd = -1; 01042 } else if (tcptls_session->fd != -1) { 01043 /* 01044 * Issuing shutdown() is necessary here to avoid a race 01045 * condition where the last data written may not appear 01046 * in the TCP stream. See ASTERISK-23548 01047 */ 01048 shutdown(tcptls_session->fd, SHUT_RDWR); 01049 if (close(tcptls_session->fd)) { 01050 ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno)); 01051 } 01052 tcptls_session->fd = -1; 01053 } else { 01054 ast_log(LOG_ERROR, "ast_tcptls_close_session_file invoked on session instance without file or file descriptor\n"); 01055 } 01056 }
HOOK_T ast_tcptls_server_read | ( | struct ast_tcptls_session_instance * | ser, | |
void * | buf, | |||
size_t | count | |||
) |
Definition at line 519 of file tcptls.c.
References ast_log(), errno, ast_tcptls_stream::fd, LOG_ERROR, ast_tcptls_session_instance::stream_cookie, and tcptls_stream_read().
Referenced by sip_tcptls_read().
00520 { 00521 if (!tcptls_session->stream_cookie || tcptls_session->stream_cookie->fd == -1) { 00522 ast_log(LOG_ERROR, "TCP/TLS read called on invalid stream.\n"); 00523 errno = EIO; 00524 return -1; 00525 } 00526 00527 return tcptls_stream_read(tcptls_session->stream_cookie, buf, count); 00528 }
void* ast_tcptls_server_root | ( | void * | ) |
Definition at line 693 of file tcptls.c.
References ast_tcptls_session_args::accept_fd, ao2_alloc, ao2_ref, ast_accept(), ast_log(), ast_mutex_init, ast_pthread_create_detached_background, ast_sockaddr_copy(), ast_str_create(), ast_tcptls_close_session_file(), ast_wait_for_input(), ast_tcptls_session_instance::client, desc, errno, ast_tcptls_session_instance::fd, handle_tcptls_connection(), ast_tcptls_session_instance::lock, LOG_ERROR, LOG_WARNING, ast_tcptls_session_instance::overflow_buf, ast_tcptls_session_instance::parent, ast_tcptls_session_args::periodic_fn, ast_tcptls_session_args::poll_timeout, ast_tcptls_session_instance::remote_address, and session_instance_destructor().
00694 { 00695 struct ast_tcptls_session_args *desc = data; 00696 int fd; 00697 struct ast_sockaddr addr; 00698 struct ast_tcptls_session_instance *tcptls_session; 00699 pthread_t launched; 00700 00701 for (;;) { 00702 int i, flags; 00703 00704 if (desc->periodic_fn) 00705 desc->periodic_fn(desc); 00706 i = ast_wait_for_input(desc->accept_fd, desc->poll_timeout); 00707 if (i <= 0) 00708 continue; 00709 fd = ast_accept(desc->accept_fd, &addr); 00710 if (fd < 0) { 00711 if ((errno != EAGAIN) && (errno != EINTR)) 00712 ast_log(LOG_WARNING, "Accept failed: %s\n", strerror(errno)); 00713 continue; 00714 } 00715 tcptls_session = ao2_alloc(sizeof(*tcptls_session), session_instance_destructor); 00716 if (!tcptls_session) { 00717 ast_log(LOG_WARNING, "No memory for new session: %s\n", strerror(errno)); 00718 if (close(fd)) { 00719 ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno)); 00720 } 00721 continue; 00722 } 00723 00724 ast_mutex_init(&tcptls_session->lock); 00725 tcptls_session->overflow_buf = ast_str_create(128); 00726 00727 flags = fcntl(fd, F_GETFL); 00728 fcntl(fd, F_SETFL, flags & ~O_NONBLOCK); 00729 tcptls_session->fd = fd; 00730 tcptls_session->parent = desc; 00731 ast_sockaddr_copy(&tcptls_session->remote_address, &addr); 00732 00733 tcptls_session->client = 0; 00734 00735 /* This thread is now the only place that controls the single ref to tcptls_session */ 00736 if (ast_pthread_create_detached_background(&launched, NULL, handle_tcptls_connection, tcptls_session)) { 00737 ast_log(LOG_WARNING, "Unable to launch helper thread: %s\n", strerror(errno)); 00738 ast_tcptls_close_session_file(tcptls_session); 00739 ao2_ref(tcptls_session, -1); 00740 } 00741 } 00742 return NULL; 00743 }
void ast_tcptls_server_start | ( | struct ast_tcptls_session_args * | desc | ) |
This is a generic (re)start routine for a TCP server, which does the socket/bind/listen and starts a thread for handling accept().
Definition at line 964 of file tcptls.c.
References ast_tcptls_session_args::accept_fd, ast_tcptls_session_args::accept_fn, ast_bind(), ast_debug, ast_log(), ast_pthread_create_background, AST_PTHREADT_NULL, ast_sockaddr_cmp(), ast_sockaddr_copy(), ast_sockaddr_is_ipv6(), ast_sockaddr_isnull(), ast_sockaddr_setnull(), ast_sockaddr_stringify(), errno, ast_tcptls_session_args::local_address, LOG_ERROR, ast_tcptls_session_args::master, ast_tcptls_session_args::name, and ast_tcptls_session_args::old_address.
Referenced by __ast_http_load(), __init_manager(), and reload_config().
00965 { 00966 int flags; 00967 int x = 1; 00968 00969 /* Do nothing if nothing has changed */ 00970 if (!ast_sockaddr_cmp(&desc->old_address, &desc->local_address)) { 00971 ast_debug(1, "Nothing changed in %s\n", desc->name); 00972 return; 00973 } 00974 00975 /* If we return early, there is no one listening */ 00976 ast_sockaddr_setnull(&desc->old_address); 00977 00978 /* Shutdown a running server if there is one */ 00979 if (desc->master != AST_PTHREADT_NULL) { 00980 pthread_cancel(desc->master); 00981 pthread_kill(desc->master, SIGURG); 00982 pthread_join(desc->master, NULL); 00983 } 00984 00985 if (desc->accept_fd != -1) 00986 close(desc->accept_fd); 00987 00988 /* If there's no new server, stop here */ 00989 if (ast_sockaddr_isnull(&desc->local_address)) { 00990 ast_debug(2, "Server disabled: %s\n", desc->name); 00991 return; 00992 } 00993 00994 desc->accept_fd = socket(ast_sockaddr_is_ipv6(&desc->local_address) ? 00995 AF_INET6 : AF_INET, SOCK_STREAM, 0); 00996 if (desc->accept_fd < 0) { 00997 ast_log(LOG_ERROR, "Unable to allocate socket for %s: %s\n", desc->name, strerror(errno)); 00998 return; 00999 } 01000 01001 setsockopt(desc->accept_fd, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x)); 01002 if (ast_bind(desc->accept_fd, &desc->local_address)) { 01003 ast_log(LOG_ERROR, "Unable to bind %s to %s: %s\n", 01004 desc->name, 01005 ast_sockaddr_stringify(&desc->local_address), 01006 strerror(errno)); 01007 goto error; 01008 } 01009 if (listen(desc->accept_fd, 10)) { 01010 ast_log(LOG_ERROR, "Unable to listen for %s!\n", desc->name); 01011 goto error; 01012 } 01013 flags = fcntl(desc->accept_fd, F_GETFL); 01014 fcntl(desc->accept_fd, F_SETFL, flags | O_NONBLOCK); 01015 if (ast_pthread_create_background(&desc->master, NULL, desc->accept_fn, desc)) { 01016 ast_log(LOG_ERROR, "Unable to launch thread for %s on %s: %s\n", 01017 desc->name, 01018 ast_sockaddr_stringify(&desc->local_address), 01019 strerror(errno)); 01020 goto error; 01021 } 01022 01023 /* Set current info */ 01024 ast_sockaddr_copy(&desc->old_address, &desc->local_address); 01025 01026 return; 01027 01028 error: 01029 close(desc->accept_fd); 01030 desc->accept_fd = -1; 01031 }
void ast_tcptls_server_stop | ( | struct ast_tcptls_session_args * | desc | ) |
Shutdown a running server if there is one.
Definition at line 1058 of file tcptls.c.
References ast_tcptls_session_args::accept_fd, ast_debug, AST_PTHREADT_NULL, ast_tcptls_session_args::master, and ast_tcptls_session_args::name.
Referenced by __ast_http_load(), __init_manager(), http_shutdown(), manager_shutdown(), and unload_module().
01059 { 01060 if (desc->master != AST_PTHREADT_NULL) { 01061 pthread_cancel(desc->master); 01062 pthread_kill(desc->master, SIGURG); 01063 pthread_join(desc->master, NULL); 01064 desc->master = AST_PTHREADT_NULL; 01065 } 01066 if (desc->accept_fd != -1) 01067 close(desc->accept_fd); 01068 desc->accept_fd = -1; 01069 ast_debug(2, "Stopped server :: %s\n", desc->name); 01070 }
HOOK_T ast_tcptls_server_write | ( | struct ast_tcptls_session_instance * | ser, | |
const void * | buf, | |||
size_t | count | |||
) |
Definition at line 530 of file tcptls.c.
References ast_log(), errno, ast_tcptls_stream::fd, LOG_ERROR, ast_tcptls_session_instance::stream_cookie, and tcptls_stream_write().
Referenced by _sip_tcp_helper_thread().
00531 { 00532 if (!tcptls_session->stream_cookie || tcptls_session->stream_cookie->fd == -1) { 00533 ast_log(LOG_ERROR, "TCP/TLS write called on invalid stream.\n"); 00534 errno = EIO; 00535 return -1; 00536 } 00537 00538 return tcptls_stream_write(tcptls_session->stream_cookie, buf, count); 00539 }
void ast_tcptls_stream_set_exclusive_input | ( | struct ast_tcptls_stream * | stream, | |
int | exclusive_input | |||
) |
Set the TCP/TLS stream I/O if it can exclusively depend upon the set timeouts.
stream | TCP/TLS stream control data. | |
exclusive_input | TRUE if stream can exclusively wait for fd input. Otherwise, the stream will not wait for fd input. It will wait while trying to send data. |
Definition at line 107 of file tcptls.c.
References ast_assert, and ast_tcptls_stream::exclusive_input.
Referenced by _sip_tcp_helper_thread(), httpd_helper_thread(), and session_do().
00108 { 00109 ast_assert(stream != NULL); 00110 00111 stream->exclusive_input = exclusive_input; 00112 }
void ast_tcptls_stream_set_timeout_disable | ( | struct ast_tcptls_stream * | stream | ) |
Disable the TCP/TLS stream timeout timer.
stream | TCP/TLS stream control data. |
Definition at line 84 of file tcptls.c.
References ast_assert, and ast_tcptls_stream::timeout.
Referenced by _sip_tcp_helper_thread(), and session_do().
00085 { 00086 ast_assert(stream != NULL); 00087 00088 stream->timeout = -1; 00089 }
void ast_tcptls_stream_set_timeout_inactivity | ( | struct ast_tcptls_stream * | stream, | |
int | timeout | |||
) |
Set the TCP/TLS stream inactivity timeout timer.
stream | TCP/TLS stream control data. | |
timeout | Number of milliseconds to wait for data transfer with the peer. |
This is basically how much time we are willing to spend in an I/O call before we declare the peer unresponsive.
Definition at line 91 of file tcptls.c.
References ast_assert, ast_tcptls_stream::start, and ast_tcptls_stream::timeout.
Referenced by httpd_helper_thread().
00092 { 00093 ast_assert(stream != NULL); 00094 00095 stream->start.tv_sec = 0; 00096 stream->timeout = timeout; 00097 }
void ast_tcptls_stream_set_timeout_sequence | ( | struct ast_tcptls_stream * | stream, | |
struct timeval | start, | |||
int | timeout | |||
) |
Set the TCP/TLS stream I/O sequence timeout timer.
stream | TCP/TLS stream control data. | |
start | Time the I/O sequence timer starts. | |
timeout | Number of milliseconds from the start time before timeout. |
This is how much time are we willing to allow the peer to complete an operation that can take several I/O calls. The main use is as an authentication timer with us.
Definition at line 99 of file tcptls.c.
References ast_assert, ast_tcptls_stream::start, and ast_tcptls_stream::timeout.
Referenced by _sip_tcp_helper_thread(), and session_do().
00100 { 00101 ast_assert(stream != NULL); 00102 00103 stream->start = start; 00104 stream->timeout = timeout; 00105 }
int ast_tls_read_conf | ( | struct ast_tls_config * | tls_cfg, | |
struct ast_tcptls_session_args * | tls_desc, | |||
const char * | varname, | |||
const char * | value | |||
) |
Used to parse conf files containing tls/ssl options.
Definition at line 1072 of file tcptls.c.
References ast_clear_flag, ast_free, ast_log(), ast_parse_arg(), ast_set2_flag, ast_set_flag, AST_SSL_DONT_VERIFY_SERVER, AST_SSL_SSLV2_CLIENT, AST_SSL_SSLV3_CLIENT, AST_SSL_TLSV1_CLIENT, AST_SSL_VERIFY_CLIENT, ast_strdup, ast_true(), ast_tls_config::cafile, ast_tls_config::capath, ast_tls_config::certfile, ast_tls_config::cipher, ast_tls_config::enabled, ast_tls_config::flags, ast_tcptls_session_args::local_address, LOG_WARNING, PARSE_ADDR, and ast_tls_config::pvtfile.
Referenced by __ast_http_load(), __init_manager(), and reload_config().
01073 { 01074 if (!strcasecmp(varname, "tlsenable") || !strcasecmp(varname, "sslenable")) { 01075 tls_cfg->enabled = ast_true(value) ? 1 : 0; 01076 } else if (!strcasecmp(varname, "tlscertfile") || !strcasecmp(varname, "sslcert") || !strcasecmp(varname, "tlscert")) { 01077 ast_free(tls_cfg->certfile); 01078 tls_cfg->certfile = ast_strdup(value); 01079 } else if (!strcasecmp(varname, "tlsprivatekey") || !strcasecmp(varname, "sslprivatekey")) { 01080 ast_free(tls_cfg->pvtfile); 01081 tls_cfg->pvtfile = ast_strdup(value); 01082 } else if (!strcasecmp(varname, "tlscipher") || !strcasecmp(varname, "sslcipher")) { 01083 ast_free(tls_cfg->cipher); 01084 tls_cfg->cipher = ast_strdup(value); 01085 } else if (!strcasecmp(varname, "tlscafile")) { 01086 ast_free(tls_cfg->cafile); 01087 tls_cfg->cafile = ast_strdup(value); 01088 } else if (!strcasecmp(varname, "tlscapath") || !strcasecmp(varname, "tlscadir")) { 01089 ast_free(tls_cfg->capath); 01090 tls_cfg->capath = ast_strdup(value); 01091 } else if (!strcasecmp(varname, "tlsverifyclient")) { 01092 ast_set2_flag(&tls_cfg->flags, ast_true(value), AST_SSL_VERIFY_CLIENT); 01093 } else if (!strcasecmp(varname, "tlsdontverifyserver")) { 01094 ast_set2_flag(&tls_cfg->flags, ast_true(value), AST_SSL_DONT_VERIFY_SERVER); 01095 } else if (!strcasecmp(varname, "tlsbindaddr") || !strcasecmp(varname, "sslbindaddr")) { 01096 if (ast_parse_arg(value, PARSE_ADDR, &tls_desc->local_address)) 01097 ast_log(LOG_WARNING, "Invalid %s '%s'\n", varname, value); 01098 } else if (!strcasecmp(varname, "tlsclientmethod") || !strcasecmp(varname, "sslclientmethod")) { 01099 if (!strcasecmp(value, "tlsv1")) { 01100 ast_set_flag(&tls_cfg->flags, AST_SSL_TLSV1_CLIENT); 01101 ast_clear_flag(&tls_cfg->flags, AST_SSL_SSLV3_CLIENT); 01102 ast_clear_flag(&tls_cfg->flags, AST_SSL_SSLV2_CLIENT); 01103 } else if (!strcasecmp(value, "sslv3")) { 01104 ast_set_flag(&tls_cfg->flags, AST_SSL_SSLV3_CLIENT); 01105 ast_clear_flag(&tls_cfg->flags, AST_SSL_SSLV2_CLIENT); 01106 ast_clear_flag(&tls_cfg->flags, AST_SSL_TLSV1_CLIENT); 01107 } else if (!strcasecmp(value, "sslv2")) { 01108 ast_set_flag(&tls_cfg->flags, AST_SSL_SSLV2_CLIENT); 01109 ast_clear_flag(&tls_cfg->flags, AST_SSL_TLSV1_CLIENT); 01110 ast_clear_flag(&tls_cfg->flags, AST_SSL_SSLV3_CLIENT); 01111 } 01112 } else { 01113 return -1; 01114 } 01115 01116 return 0; 01117 }