diff options
| author | David Vossel <dvossel@digium.com> | 2009-04-29 14:39:48 +0000 |
|---|---|---|
| committer | David Vossel <dvossel@digium.com> | 2009-04-29 14:39:48 +0000 |
| commit | ca138fc807f587a0145f68ceac824652633cb853 (patch) | |
| tree | 622e972760e11646f05bdb377f471f42a6608dcc /main/tcptls.c | |
| parent | 77f08759b53eafc1f448c016c86d34dc58f51b76 (diff) | |
Consistent SSL/TLS options across conf files
ast_tls_read_conf() is a new api call for handling SSL/TLS options across all conf files. Before this change, SSL/TLS options were not consistent. http.conf and manager.conf required the 'ssl' prefix while sip.conf used options with the 'tls' prefix. While the options had different names in different conf files, they all did the exact same thing. Now, instead of mixing 'ssl' or 'tls' prefixes to do the same thing depending on what conf file you're in, all SSL/TLS options use the 'tls' prefix. For example. 'sslenable' in http.conf and manager.conf is now 'tlsenable' which matches what already existed in sip.conf. Since this has the potential to break backwards compatibility, previous options containing the 'ssl' prefix still work, but they are no longer documented in the sample.conf files. The change is noted in the CHANGES file though.
Review: http://reviewboard.digium.com/r/237/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@191028 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'main/tcptls.c')
| -rw-r--r-- | main/tcptls.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/main/tcptls.c b/main/tcptls.c index 5837668de..4609438f5 100644 --- a/main/tcptls.c +++ b/main/tcptls.c @@ -488,3 +488,39 @@ void ast_tcptls_server_stop(struct ast_tcptls_session_args *desc) desc->accept_fd = -1; ast_debug(2, "Stopped server :: %s\n", desc->name); } + +int ast_tls_read_conf(struct ast_tls_config *tls_cfg, struct ast_tcptls_session_args *tls_desc, const char *varname, const char *value) +{ + if (!strcasecmp(varname, "tlsenable") || !strcasecmp(varname, "sslenable")) { + tls_cfg->enabled = ast_true(value) ? 1 : 0; + tls_desc->local_address.sin_family = AF_INET; + } else if (!strcasecmp(varname, "tlscertfile") || !strcasecmp(varname, "sslcert")) { + ast_free(tls_cfg->certfile); + tls_cfg->certfile = ast_strdup(value); + } else if (!strcasecmp(varname, "tlsprivatekey") || !strcasecmp(varname, "sslprivatekey")) { + ast_free(tls_cfg->pvtfile); + tls_cfg->pvtfile = ast_strdup(value); + } else if (!strcasecmp(varname, "tlscipher") || !strcasecmp(varname, "sslcipher")) { + ast_free(tls_cfg->cipher); + tls_cfg->cipher = ast_strdup(value); + } else if (!strcasecmp(varname, "tlscafile")) { + ast_free(tls_cfg->cafile); + tls_cfg->cafile = ast_strdup(value); + } else if (!strcasecmp(varname, "tlscapath")) { + ast_free(tls_cfg->capath); + tls_cfg->capath = ast_strdup(value); + } else if (!strcasecmp(varname, "tlsverifyclient")) { + ast_set2_flag(&tls_cfg->flags, ast_true(value), AST_SSL_VERIFY_CLIENT); + } else if (!strcasecmp(varname, "tlsdontverifyserver")) { + ast_set2_flag(&tls_cfg->flags, ast_true(value), AST_SSL_DONT_VERIFY_SERVER); + } else if (!strcasecmp(varname, "tlsbindaddr") || !strcasecmp(varname, "sslbindaddr")) { + if (ast_parse_arg(value, PARSE_INADDR, &tls_desc->local_address)) + ast_log(LOG_WARNING, "Invalid %s '%s'\n", varname, value); + } else if (!strcasecmp(varname, "tlsbindport") || !strcasecmp(varname, "sslbindport")) { + tls_desc->local_address.sin_port = htons(atoi(value)); + } else { + return -1; + } + + return 0; +} |