diff options
| author | David Vossel <dvossel@digium.com> | 2009-04-24 21:22:31 +0000 |
|---|---|---|
| committer | David Vossel <dvossel@digium.com> | 2009-04-24 21:22:31 +0000 |
| commit | 8f0b88c8c86182565c7c6a20c1f0cb3df973474d (patch) | |
| tree | c2829c1079c16807c9e5e9958eb3fdf96d9a25f6 /main/tcptls.c | |
| parent | c95c0659030ba98dc2720df029f289ccdd545249 (diff) | |
TLS/SSL private key option
Adds option to specify a private key .pem file when configuring TLS or SSL in AMI, HTTP, and SIP. Before this, the certificate file was used for both the public and private key. It is possible for this file to hold both, but most configurations allow for a separate private key file to be specified. Clarified in .conf files how these options are to be used. The current conf files do not explain how the private key is handled at all, so without knowledge of Asterisk's TLS implementation, it would be hard to know for sure what was going on or how to set it up.
Review: http://reviewboard.digium.com/r/234/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@190545 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'main/tcptls.c')
| -rw-r--r-- | main/tcptls.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/main/tcptls.c b/main/tcptls.c index edf2fe97e..5837668de 100644 --- a/main/tcptls.c +++ b/main/tcptls.c @@ -289,12 +289,20 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client) return 0; } if (!ast_strlen_zero(cfg->certfile)) { - if (SSL_CTX_use_certificate_file(cfg->ssl_ctx, cfg->certfile, SSL_FILETYPE_PEM) == 0 || - SSL_CTX_use_PrivateKey_file(cfg->ssl_ctx, cfg->certfile, SSL_FILETYPE_PEM) == 0 || - SSL_CTX_check_private_key(cfg->ssl_ctx) == 0 ) { + char *tmpprivate = ast_strlen_zero(cfg->pvtfile) ? cfg->certfile : cfg->pvtfile; + if (SSL_CTX_use_certificate_file(cfg->ssl_ctx, cfg->certfile, SSL_FILETYPE_PEM) == 0) { if (!client) { /* Clients don't need a certificate, but if its setup we can use it */ - ast_verb(0, "SSL cert error <%s>", cfg->certfile); + ast_verb(0, "SSL error loading cert file. <%s>", cfg->certfile); + sleep(2); + cfg->enabled = 0; + return 0; + } + } + if ((SSL_CTX_use_PrivateKey_file(cfg->ssl_ctx, tmpprivate, SSL_FILETYPE_PEM) == 0) || (SSL_CTX_check_private_key(cfg->ssl_ctx) == 0 )) { + if (!client) { + /* Clients don't need a private key, but if its setup we can use it */ + ast_verb(0, "SSL error loading private key file. <%s>", tmpprivate); sleep(2); cfg->enabled = 0; return 0; |