diff options
| author | David Vossel <dvossel@digium.com> | 2009-04-29 14:39:48 +0000 |
|---|---|---|
| committer | David Vossel <dvossel@digium.com> | 2009-04-29 14:39:48 +0000 |
| commit | ca138fc807f587a0145f68ceac824652633cb853 (patch) | |
| tree | 622e972760e11646f05bdb377f471f42a6608dcc /main/http.c | |
| parent | 77f08759b53eafc1f448c016c86d34dc58f51b76 (diff) | |
Consistent SSL/TLS options across conf files
ast_tls_read_conf() is a new api call for handling SSL/TLS options across all conf files. Before this change, SSL/TLS options were not consistent. http.conf and manager.conf required the 'ssl' prefix while sip.conf used options with the 'tls' prefix. While the options had different names in different conf files, they all did the exact same thing. Now, instead of mixing 'ssl' or 'tls' prefixes to do the same thing depending on what conf file you're in, all SSL/TLS options use the 'tls' prefix. For example. 'sslenable' in http.conf and manager.conf is now 'tlsenable' which matches what already existed in sip.conf. Since this has the potential to break backwards compatibility, previous options containing the 'ssl' prefix still work, but they are no longer documented in the sample.conf files. The change is noted in the CHANGES file though.
Review: http://reviewboard.digium.com/r/237/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@191028 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'main/http.c')
| -rw-r--r-- | main/http.c | 31 |
1 files changed, 8 insertions, 23 deletions
diff --git a/main/http.c b/main/http.c index 595d6cbab..f99c03e91 100644 --- a/main/http.c +++ b/main/http.c @@ -983,7 +983,6 @@ static int __ast_http_load(int reload) struct hostent *hp; struct ast_hostent ahp; char newprefix[MAX_PREFIX] = ""; - int have_sslbindaddr = 0; struct http_uri_redirect *redirect; struct ast_flags config_flags = { reload ? CONFIG_FLAG_FILEUNCHANGED : 0 }; @@ -1024,32 +1023,18 @@ static int __ast_http_load(int reload) if (cfg) { v = ast_variable_browse(cfg, "general"); for (; v; v = v->next) { + + /* handle tls conf */ + if (!ast_tls_read_conf(&http_tls_cfg, &https_desc, v->name, v->value)) { + continue; + } + if (!strcasecmp(v->name, "enabled")) { enabled = ast_true(v->value); - } else if (!strcasecmp(v->name, "sslenable")) { - http_tls_cfg.enabled = ast_true(v->value); - } else if (!strcasecmp(v->name, "sslbindport")) { - https_desc.local_address.sin_port = htons(atoi(v->value)); - } else if (!strcasecmp(v->name, "sslcert")) { - ast_free(http_tls_cfg.certfile); - http_tls_cfg.certfile = ast_strdup(v->value); - } else if (!strcasecmp(v->name, "sslprivatekey")) { - ast_free(http_tls_cfg.pvtfile); - http_tls_cfg.pvtfile = ast_strdup(v->value); - } else if (!strcasecmp(v->name, "sslcipher")) { - ast_free(http_tls_cfg.cipher); - http_tls_cfg.cipher = ast_strdup(v->value); } else if (!strcasecmp(v->name, "enablestatic")) { newenablestatic = ast_true(v->value); } else if (!strcasecmp(v->name, "bindport")) { http_desc.local_address.sin_port = htons(atoi(v->value)); - } else if (!strcasecmp(v->name, "sslbindaddr")) { - if ((hp = ast_gethostbyname(v->value, &ahp))) { - memcpy(&https_desc.local_address.sin_addr, hp->h_addr, sizeof(https_desc.local_address.sin_addr)); - have_sslbindaddr = 1; - } else { - ast_log(LOG_WARNING, "Invalid bind address '%s'\n", v->value); - } } else if (!strcasecmp(v->name, "bindaddr")) { if ((hp = ast_gethostbyname(v->value, &ahp))) { memcpy(&http_desc.local_address.sin_addr, hp->h_addr, sizeof(http_desc.local_address.sin_addr)); @@ -1072,8 +1057,8 @@ static int __ast_http_load(int reload) ast_config_destroy(cfg); } - - if (!have_sslbindaddr) { + /* if the https addres has not been set, default is the same as non secure http */ + if (!https_desc.local_address.sin_addr.s_addr) { https_desc.local_address.sin_addr = http_desc.local_address.sin_addr; } if (enabled) { |