diff options
author | Kinsey Moore <kmoore@digium.com> | 2013-03-15 12:53:03 +0000 |
---|---|---|
committer | Kinsey Moore <kmoore@digium.com> | 2013-03-15 12:53:03 +0000 |
commit | ad5f3a5759a6e86e364811198432dcc7597f6109 (patch) | |
tree | 5a5415e74d28c7b64af35964795e9e18d5b14b72 /main/manager.c | |
parent | cacc356bbe211d04a9fea57b6433e0ffa52369df (diff) |
tcptls: Prevent unsupported options from being set
AMI, HTTP, and chan_sip all support TLS in some way, but none of them
support all the options that Asterisk's TLS core is capable of
interpreting. This prevents consumers of the TLS/SSL layer from setting
TLS/SSL options that they do not support.
This also gets tlsverifyclient closer to a working state by requesting
the client certificate when tlsverifyclient is set. Currently, there is
no consumer of main/tcptls.c in Asterisk that supports this feature and
so it can not be properly tested.
Review: https://reviewboard.asterisk.org/r/2370/
Reported-by: John Bigelow
Patch-by: Kinsey Moore
(closes issue AST-1093)
........
Merged revisions 383165 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 383166 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383167 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'main/manager.c')
-rw-r--r-- | main/manager.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/main/manager.c b/main/manager.c index 10a3a3397..d5d5ccc26 100644 --- a/main/manager.c +++ b/main/manager.c @@ -7795,7 +7795,15 @@ static int __init_manager(int reload, int by_external_config) for (var = ast_variable_browse(cfg, "general"); var; var = var->next) { val = var->value; - if (!ast_tls_read_conf(&ami_tls_cfg, &amis_desc, var->name, val)) { + /* read tls config options while preventing unsupported options from being set */ + if (strcasecmp(var->name, "tlscafile") + && strcasecmp(var->name, "tlscapath") + && strcasecmp(var->name, "tlscadir") + && strcasecmp(var->name, "tlsverifyclient") + && strcasecmp(var->name, "tlsdontverifyserver") + && strcasecmp(var->name, "tlsclientmethod") + && strcasecmp(var->name, "sslclientmethod") + && !ast_tls_read_conf(&ami_tls_cfg, &amis_desc, var->name, val)) { continue; } |