tcptls: Use new certificate upon sip reload

Previously, a TLS server socket would only be restarted upon sip reload if the bind address had changed. This commit adds checking for changes to TLS parameters like certificate, ciphers, etc. so they get picked up without requiring a reload of the entire chan_sip module. This does not affect open connections in any way, but new connections will use the new TLS parameters. The changes also apply to HTTP and Manager. ASTERISK-26604 #close Change-Id: I169e86cefc6dcd627c915134015a6a1ab1aadbe6
author: Michael Kuron <m.kuron@gmx.de> 2016-11-15 20:44:13 +0100
committer: Michael Kuron <m.kuron@gmx.de> 2016-11-22 14:21:28 -0500
commit: 635b0a0a550a191727e4162a453560903e76b233 (patch)
tree: bd64e6905f03aab28172a419524b72d1aa52cf1b /include/asterisk
parent: 038158bf7b5d450c5d712248a334c596b723ff3f (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/include/asterisk/tcptls.h b/include/asterisk/tcptls.h
index 883cb9229..1e3a7524b 100644
--- a/include/asterisk/tcptls.h
+++ b/include/asterisk/tcptls.h
@@ -94,6 +94,9 @@ struct ast_tls_config {
 	char *capath;
 	struct ast_flags flags;
 	SSL_CTX *ssl_ctx;
+	char certhash[41];
+	char pvthash[41];
+	char cahash[41];
 };
 
 /*! \page AstTlsOverview TLS Implementation Overview
@@ -138,6 +141,7 @@ struct ast_tcptls_session_args {
 	void (*periodic_fn)(void *);/*!< something we may want to run before after select on the accept socket */
 	void *(*worker_fn)(void *); /*!< the function in charge of doing the actual work */
 	const char *name;
+	struct ast_tls_config *old_tls_cfg; /*!< copy of the SSL configuration to determine whether changes have been made */
 };
 
 /*! \brief
author	Michael Kuron <m.kuron@gmx.de>	2016-11-15 20:44:13 +0100
committer	Michael Kuron <m.kuron@gmx.de>	2016-11-22 14:21:28 -0500
commit	635b0a0a550a191727e4162a453560903e76b233 (patch)
tree	bd64e6905f03aab28172a419524b72d1aa52cf1b /include/asterisk
parent	038158bf7b5d450c5d712248a334c596b723ff3f (diff)