diff options
| author | Joshua Colp <jcolp@digium.com> | 2016-12-02 07:56:51 -0600 |
|---|---|---|
| committer | Gerrit Code Review <gerrit2@gerrit.digium.api> | 2016-12-02 07:56:51 -0600 |
| commit | 8d56016ae475f90b3a5745cfcaa604089e1db659 (patch) | |
| tree | 08cb0cd0ad5de0a76a8f057295a1563ae407a361 /main/tcptls.c | |
| parent | 28b76ed66701cf28467e7a91e1451428402814c4 (diff) | |
| parent | 8e77d6f52039e3ba20374c8a0083ad73bcce9e98 (diff) | |
Merge "tcptls: Use new certificate upon sip reload" into 13
Diffstat (limited to 'main/tcptls.c')
| -rw-r--r-- | main/tcptls.c | 86 |
1 files changed, 85 insertions, 1 deletions
diff --git a/main/tcptls.c b/main/tcptls.c index 8ca89c8bd..21abd26b6 100644 --- a/main/tcptls.c +++ b/main/tcptls.c @@ -39,6 +39,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$") #include <signal.h> #include <sys/signal.h> +#include <sys/stat.h> #include "asterisk/compat.h" #include "asterisk/tcptls.h" @@ -49,6 +50,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$") #include "asterisk/manager.h" #include "asterisk/astobj2.h" #include "asterisk/pbx.h" +#include "asterisk/app.h" /*! ao2 object used for the FILE stream fopencookie()/funopen() cookie. */ struct ast_tcptls_stream { @@ -1082,9 +1084,64 @@ void ast_tcptls_server_start(struct ast_tcptls_session_args *desc) { int flags; int x = 1; + int tls_changed = 0; + + if (desc->tls_cfg) { + char hash[41]; + char *str = NULL; + struct stat st; + + /* Store the hashes of the TLS certificate etc. */ + if (stat(desc->tls_cfg->certfile, &st) || NULL == (str = ast_read_textfile(desc->tls_cfg->certfile))) { + memset(hash, 0, 41); + } else { + ast_sha1_hash(hash, str); + } + ast_free(str); + str = NULL; + memcpy(desc->tls_cfg->certhash, hash, 41); + if (stat(desc->tls_cfg->pvtfile, &st) || NULL == (str = ast_read_textfile(desc->tls_cfg->pvtfile))) { + memset(hash, 0, 41); + } else { + ast_sha1_hash(hash, str); + } + ast_free(str); + str = NULL; + memcpy(desc->tls_cfg->pvthash, hash, 41); + if (stat(desc->tls_cfg->cafile, &st) || NULL == (str = ast_read_textfile(desc->tls_cfg->cafile))) { + memset(hash, 0, 41); + } else { + ast_sha1_hash(hash, str); + } + ast_free(str); + str = NULL; + memcpy(desc->tls_cfg->cahash, hash, 41); + + /* Check whether TLS configuration has changed */ + if (!desc->old_tls_cfg) { /* No previous configuration */ + tls_changed = 1; + desc->old_tls_cfg = ast_calloc(1, sizeof(*desc->old_tls_cfg)); + } else if (memcmp(desc->tls_cfg->certhash, desc->old_tls_cfg->certhash, 41)) { + tls_changed = 1; + } else if (memcmp(desc->tls_cfg->pvthash, desc->old_tls_cfg->pvthash, 41)) { + tls_changed = 1; + } else if (strcmp(desc->tls_cfg->cipher, desc->old_tls_cfg->cipher)) { + tls_changed = 1; + } else if (memcmp(desc->tls_cfg->cahash, desc->old_tls_cfg->cahash, 41)) { + tls_changed = 1; + } else if (strcmp(desc->tls_cfg->capath, desc->old_tls_cfg->capath)) { + tls_changed = 1; + } else if (memcmp(&desc->tls_cfg->flags, &desc->old_tls_cfg->flags, sizeof(desc->tls_cfg->flags))) { + tls_changed = 1; + } + + if (tls_changed) { + ast_debug(1, "Changed parameters for %s found\n", desc->name); + } + } /* Do nothing if nothing has changed */ - if (!ast_sockaddr_cmp(&desc->old_address, &desc->local_address)) { + if (!tls_changed && !ast_sockaddr_cmp(&desc->old_address, &desc->local_address)) { ast_debug(1, "Nothing changed in %s\n", desc->name); return; } @@ -1140,6 +1197,22 @@ void ast_tcptls_server_start(struct ast_tcptls_session_args *desc) /* Set current info */ ast_sockaddr_copy(&desc->old_address, &desc->local_address); + if (desc->old_tls_cfg) { + ast_free(desc->old_tls_cfg->certfile); + ast_free(desc->old_tls_cfg->pvtfile); + ast_free(desc->old_tls_cfg->cipher); + ast_free(desc->old_tls_cfg->cafile); + ast_free(desc->old_tls_cfg->capath); + desc->old_tls_cfg->certfile = ast_strdup(desc->tls_cfg->certfile); + desc->old_tls_cfg->pvtfile = ast_strdup(desc->tls_cfg->pvtfile); + desc->old_tls_cfg->cipher = ast_strdup(desc->tls_cfg->cipher); + desc->old_tls_cfg->cafile = ast_strdup(desc->tls_cfg->cafile); + desc->old_tls_cfg->capath = ast_strdup(desc->tls_cfg->capath); + memcpy(desc->old_tls_cfg->certhash, desc->tls_cfg->certhash, 41); + memcpy(desc->old_tls_cfg->pvthash, desc->tls_cfg->pvthash, 41); + memcpy(desc->old_tls_cfg->cahash, desc->tls_cfg->cahash, 41); + memcpy(&desc->old_tls_cfg->flags, &desc->tls_cfg->flags, sizeof(desc->old_tls_cfg->flags)); + } return; @@ -1185,6 +1258,17 @@ void ast_tcptls_server_stop(struct ast_tcptls_session_args *desc) close(desc->accept_fd); } desc->accept_fd = -1; + + if (desc->old_tls_cfg) { + ast_free(desc->old_tls_cfg->certfile); + ast_free(desc->old_tls_cfg->pvtfile); + ast_free(desc->old_tls_cfg->cipher); + ast_free(desc->old_tls_cfg->cafile); + ast_free(desc->old_tls_cfg->capath); + ast_free(desc->old_tls_cfg); + desc->old_tls_cfg = NULL; + } + ast_debug(2, "Stopped server :: %s\n", desc->name); } |