diff options
author | Mark Michelson <mmichelson@digium.com> | 2012-05-18 17:24:57 +0000 |
---|---|---|
committer | Mark Michelson <mmichelson@digium.com> | 2012-05-18 17:24:57 +0000 |
commit | 5c576aa3c2bfd5b8cb13edff88692c7274d906af (patch) | |
tree | f95e9318040f6a432be1f9065071f7ccd066a1f5 /include/asterisk/tcptls.h | |
parent | 6eb4e81033e61d161558fd7cdb015d54e5ac5501 (diff) |
Fix memory leak of SSL_CTX structures in TLS core.
SSL_CTX structures were allocated but never freed. This was a bigger
issue for clients than servers since new SSL_CTX structures could be
allocated for each connection. Servers, on the other hand, typically
set up a single SSL_CTX for their lifetime.
This is solved in two ways:
1. In __ssl_setup(), if a tcptls_cfg has an ssl_ctx on it, it is
freed so that a new one can take its place.
2. A companion to ast_ssl_setup() called ast_ssl_teardown() has
been added so that servers can properly free their SSL_CTXs.
(issue ASTERISK-19278)
........
Merged revisions 367002 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 367003 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@367010 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'include/asterisk/tcptls.h')
-rw-r--r-- | include/asterisk/tcptls.h | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/include/asterisk/tcptls.h b/include/asterisk/tcptls.h index ba6ac12d9..6d8d14993 100644 --- a/include/asterisk/tcptls.h +++ b/include/asterisk/tcptls.h @@ -196,9 +196,26 @@ void ast_tcptls_server_start(struct ast_tcptls_session_args *desc); * \version 1.6.1 changed desc parameter to be of ast_tcptls_session_args type */ void ast_tcptls_server_stop(struct ast_tcptls_session_args *desc); + +/*! + * \brief Set up an SSL server + * + * \param cfg Configuration for the SSL server + * \retval 1 Success + * \retval 0 Failure + */ int ast_ssl_setup(struct ast_tls_config *cfg); /*! + * \brief free resources used by an SSL server + * + * \note This only needs to be called if ast_ssl_setup() was + * directly called first. + * \param cfg Configuration for the SSL server + */ +void ast_ssl_teardown(struct ast_tls_config *cfg); + +/*! * \brief Used to parse conf files containing tls/ssl options. */ int ast_tls_read_conf(struct ast_tls_config *tls_cfg, struct ast_tcptls_session_args *tls_desc, const char *varname, const char *value); |