diff options
author | Mark Michelson <mmichelson@digium.com> | 2012-02-02 18:55:05 +0000 |
---|---|---|
committer | Mark Michelson <mmichelson@digium.com> | 2012-02-02 18:55:05 +0000 |
commit | 0f4489dc0f76b92d95592cc0b726cb98f781881e (patch) | |
tree | 34f5a4cb79b7376abc97765dc09f019d2175031d /main/http.c | |
parent | 516419697278a9d029825b17f55a25302bf3fc0d (diff) |
Fix TLS port binding behavior as well as reload behavior:
* Removes references to tlsbindport from http.conf.sample and manager.conf.sample
* Properly bind to port specified in tlsbindaddr, using the default port if specified.
* On a reload, properly close socket if the service has been disabled.
A note has been added to UPGRADE.txt to indicate how ports must be set for TLS.
(closes issue ASTERISK-16959)
reported by Olaf Holthausen
(closes issue ASTERISK-19201)
reported by Chris Mylonas
(closes issue ASTERISK-19204)
reported by Chris Mylonas
Review: https://reviewboard.asterisk.org/r/1709
........
Merged revisions 353770 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 353820 from http://svn.asterisk.org/svn/asterisk/branches/10
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@353821 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'main/http.c')
-rw-r--r-- | main/http.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/main/http.c b/main/http.c index 724a58fdc..c7e3ceb15 100644 --- a/main/http.c +++ b/main/http.c @@ -1005,13 +1005,15 @@ static int __ast_http_load(int reload) uint32_t bindport = DEFAULT_PORT; struct ast_sockaddr *addrs = NULL; int num_addrs = 0; + int http_tls_was_enabled = 0; cfg = ast_config_load2("http.conf", "http", config_flags); if (cfg == CONFIG_STATUS_FILEMISSING || cfg == CONFIG_STATUS_FILEUNCHANGED || cfg == CONFIG_STATUS_FILEINVALID) { return 0; } - /* default values */ + http_tls_was_enabled = (reload && http_tls_cfg.enabled); + http_tls_cfg.enabled = 0; if (http_tls_cfg.certfile) { ast_free(http_tls_cfg.certfile); @@ -1034,6 +1036,8 @@ static int __ast_http_load(int reload) } AST_RWLIST_UNLOCK(&uri_redirects); + ast_sockaddr_setnull(&https_desc.local_address); + if (cfg) { v = ast_variable_browse(cfg, "general"); for (; v; v = v->next) { @@ -1113,8 +1117,9 @@ static int __ast_http_load(int reload) ast_sockaddr_set_port(&https_desc.local_address, DEFAULT_TLS_PORT); } } - - if (enabled && !ast_sockaddr_isnull(&https_desc.local_address)) { + if (http_tls_was_enabled && !http_tls_cfg.enabled) { + ast_tcptls_server_stop(&https_desc); + } else if (http_tls_cfg.enabled && !ast_sockaddr_isnull(&https_desc.local_address)) { /* We can get here either because a TLS-specific address was specified * or because we copied the non-TLS address here. In the case where * we read an explicit address from the config, there may have been |