diff options
| author | David Vossel <dvossel@digium.com> | 2009-04-24 21:22:31 +0000 |
|---|---|---|
| committer | David Vossel <dvossel@digium.com> | 2009-04-24 21:22:31 +0000 |
| commit | 8f0b88c8c86182565c7c6a20c1f0cb3df973474d (patch) | |
| tree | c2829c1079c16807c9e5e9958eb3fdf96d9a25f6 /channels | |
| parent | c95c0659030ba98dc2720df029f289ccdd545249 (diff) | |
TLS/SSL private key option
Adds option to specify a private key .pem file when configuring TLS or SSL in AMI, HTTP, and SIP. Before this, the certificate file was used for both the public and private key. It is possible for this file to hold both, but most configurations allow for a separate private key file to be specified. Clarified in .conf files how these options are to be used. The current conf files do not explain how the private key is handled at all, so without knowledge of Asterisk's TLS implementation, it would be hard to know for sure what was going on or how to set it up.
Review: http://reviewboard.digium.com/r/234/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@190545 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'channels')
| -rw-r--r-- | channels/chan_sip.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/channels/chan_sip.c b/channels/chan_sip.c index c20ca70f5..e904b27cb 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -23785,7 +23785,6 @@ static int reload_config(enum channelreloadreason reason) /* iterator->call = sip_destroy(iterator->call); */ } ASTOBJ_UNLOCK(iterator); - } while(0)); /* Then, actually destroy users and registry */ @@ -23793,20 +23792,21 @@ static int reload_config(enum channelreloadreason reason) ast_debug(4, "--------------- Done destroying registry list\n"); ao2_t_callback(peers, OBJ_NODATA, peer_markall_func, NULL, "callback to mark all peers"); } - + /* Reset certificate handling for TLS sessions */ if (reason != CHANNEL_MODULE_LOAD) { ast_free(default_tls_cfg.certfile); + ast_free(default_tls_cfg.pvtfile); ast_free(default_tls_cfg.cipher); ast_free(default_tls_cfg.cafile); ast_free(default_tls_cfg.capath); } default_tls_cfg.certfile = ast_strdup(AST_CERTFILE); /*XXX Not sure if this is useful */ + default_tls_cfg.pvtfile = ast_strdup(""); default_tls_cfg.cipher = ast_strdup(""); default_tls_cfg.cafile = ast_strdup(""); default_tls_cfg.capath = ast_strdup(""); - /* Initialize copy of current global_regcontext for later use in removing stale contexts */ ast_copy_string(oldcontexts, global_regcontext, sizeof(oldcontexts)); oldregcontext = oldcontexts; @@ -24017,6 +24017,9 @@ static int reload_config(enum channelreloadreason reason) } else if (!strcasecmp(v->name, "tlscertfile")) { ast_free(default_tls_cfg.certfile); default_tls_cfg.certfile = ast_strdup(v->value); + } else if (!strcasecmp(v->name, "tlsprivatekey")) { + ast_free(default_tls_cfg.pvtfile); + default_tls_cfg.pvtfile = ast_strdup(v->value); } else if (!strcasecmp(v->name, "tlscipher")) { ast_free(default_tls_cfg.cipher); default_tls_cfg.cipher = ast_strdup(v->value); @@ -25367,6 +25370,8 @@ static int unload_module(void) if (default_tls_cfg.certfile) ast_free(default_tls_cfg.certfile); + if (default_tls_cfg.pvtfile) + ast_free(default_tls_cfg.pvtfile); if (default_tls_cfg.cipher) ast_free(default_tls_cfg.cipher); if (default_tls_cfg.cafile) |