Fix a few issues in the previous (disabled) HTTPS code,

and support linux as well (using fopencookie(), which should be available in glibc). Update configure.ac to check for funopen (BSD) and fopencookie(glibc), and while we are at it also for gethostbyname_r (the generated files need to be updated, or you need to run bootstrap.sh yourself). Document the new options in http.conf.sample (names are only tentative, better ones are welcome). At this point we can safely enable the option. Anyone willing to try this on Sun and Apple platforms ? git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@45892 65c4cc65-6c06-0410-ace0-fbb531ad65f3
author: Luigi Rizzo <rizzo@icir.org> 2006-10-22 19:09:25 +0000
committer: Luigi Rizzo <rizzo@icir.org> 2006-10-22 19:09:25 +0000
commit: c15f7953c8192d09d5cdda7248a4366e66346212 (patch)
tree: f9e3708612b6c436093a561ee294e0e612003d24 /main
parent: e8a65b715575fa2695825dd3f3f50a2cddd3cc95 (diff)
2 files changed, 44 insertions, 21 deletions
diff --git a/main/Makefile b/main/Makefile
index 4a47104f2..3e631d769 100644
--- a/main/Makefile
+++ b/main/Makefile
@@ -37,6 +37,8 @@ OBJS+=stdtime/localtime.o
 # by a module.
 OBJS+=say.o
 
+AST_LIBS += $(SSL_LIB)
+
 ifeq ($(wildcard /usr/include/sys/poll.h),)
   OBJS+=poll.o
   ASTCFLAGS+=-DPOLLCOMPAT
diff --git a/main/http.c b/main/http.c
index 10b855700..8465323ff 100644
--- a/main/http.c
+++ b/main/http.c
@@ -64,8 +64,8 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
  * We declare most of ssl support variables unconditionally,
  * because their number is small and this simplifies the code.
  */
-#ifdef HAVE_OPENSSL
-// #define	DO_SSL	/* comment in/out if you want to support ssl */
+#if defined(HAVE_OPENSSL) && (defined(HAVE_FUNOPEN) || defined(HAVE_FOPENCOOKIE))
+#define	DO_SSL	/* comment in/out if you want to support ssl */
 #endif
 
 #ifdef DO_SSL
@@ -428,30 +428,36 @@ static char *handle_uri(struct sockaddr_in *sin, char *uri, int *status, char **
 }
 
 #ifdef DO_SSL
+#if defined(HAVE_FUNOPEN)
+#define HOOK_T int
+#define LEN_T int
+#else
+#define HOOK_T ssize_t
+#define LEN_T size_t
+#endif
 /*!
  * replacement read/write functions for SSL support.
  * We use wrappers rather than SSL_read/SSL_write directly so
  * we can put in some debugging.
  */
-static int ssl_read(void *cookie, char *buf, int len)
+static HOOK_T ssl_read(void *cookie, char *buf, LEN_T len)
 {
-	int i;
-	i = SSL_read(cookie, buf, len-1);
+	int i = SSL_read(cookie, buf, len-1);
 #if 0
 	if (i >= 0)
 		buf[i] = '\0';
-	ast_verbose("ssl read size %d returns %d <%s>\n", len, i, buf);
+	ast_verbose("ssl read size %d returns %d <%s>\n", (int)len, i, buf);
 #endif
 	return i;
 }
 
-static int ssl_write(void *cookie, const char *buf, int len)
+static HOOK_T ssl_write(void *cookie, const char *buf, LEN_T len)
 {
 #if 0
 	char *s = alloca(len+1);
 	strncpy(s, buf, len);
 	s[len] = '\0';
-	ast_verbose("ssl write size %d <%s>\n", len, s);
+	ast_verbose("ssl write size %d <%s>\n", (int)len, s);
 #endif
 	return SSL_write(cookie, buf, len);
 }
@@ -463,7 +469,7 @@ static int ssl_close(void *cookie)
 	SSL_free(cookie);
 	return 0;
 }
-#endif
+#endif	/* DO_SSL */
 
 static void *ast_httpd_helper_thread(void *data)
 {
@@ -474,24 +480,38 @@ static void *ast_httpd_helper_thread(void *data)
 	char *uri, *c, *title=NULL;
 	int status = 200, contentlength = 0;
 
+	/*
+	 * open a FILE * as appropriate.
+	 */
+	if (!ser->is_ssl)
+		ser->f = fdopen(ser->fd, "w+");
 #ifdef DO_SSL
-	if (ser->is_ssl) {
-		ser->ssl = SSL_new(ssl_ctx);
+	else if ( (ser->ssl = SSL_new(ssl_ctx)) ) {
 		SSL_set_fd(ser->ssl, ser->fd);
-		if (SSL_accept(ser->ssl) == 0) {
+		if (SSL_accept(ser->ssl) == 0)
 			ast_verbose(" error setting up ssl connection");
-			goto done;
-		}
-		ser->f = funopen(ser->ssl, ssl_read, ssl_write, NULL, ssl_close);
-	} else
+		else {
+#if defined(HAVE_FUNOPEN)	/* the BSD interface */
+			ser->f = funopen(ser->ssl, ssl_read, ssl_write, NULL, ssl_close);
+
+#elif defined(HAVE_FOPENCOOKIE)	/* the glibc/linux interface */
+			static const cookie_io_functions_t cookie_funcs = {
+				ssl_read, ssl_write, NULL, ssl_close
+			};
+			ser->f = fopencookie(ser->ssl, "w+", cookie_funcs);
+#else
+			/* could add other methods here */
 #endif
-	ser->f = fdopen(ser->fd, "w+");
+		}
+		if (!ser->f)	/* no success opening descriptor stacking */
+			SSL_free(ser->ssl);
+	}
+#endif /* DO_SSL */
 
 	if (!ser->f) {
-		ast_log(LOG_WARNING, "fdopen/funopen failed!\n");
 		close(ser->fd);
-		free(ser);
-		return NULL;
+		ast_log(LOG_WARNING, "FILE * open failed!\n");
+		goto done;
 	}
 
 	if (!fgets(buf, sizeof(buf), ser->f))
@@ -605,7 +625,8 @@ static void *ast_httpd_helper_thread(void *data)
 		free(title);
 
 done:
-	fclose(ser->f);
+	if (ser->f)
+		fclose(ser->f);
 	free(ser);
 	return NULL;
 }
author	Luigi Rizzo <rizzo@icir.org>	2006-10-22 19:09:25 +0000
committer	Luigi Rizzo <rizzo@icir.org>	2006-10-22 19:09:25 +0000
commit	c15f7953c8192d09d5cdda7248a4366e66346212 (patch)
tree	f9e3708612b6c436093a561ee294e0e612003d24 /main
parent	e8a65b715575fa2695825dd3f3f50a2cddd3cc95 (diff)