diff options
| author | George Joseph <george.joseph@fairview5.com> | 2015-12-08 16:49:20 -0700 |
|---|---|---|
| committer | George Joseph <george.joseph@fairview5.com> | 2015-12-08 18:04:33 -0600 |
| commit | a9874345648dbcf66eefecc8fc2ccaba93fa216e (patch) | |
| tree | bf31fa3ebc0c77116c6fafce1e3ddca1f836c175 /main | |
| parent | 4cf470c70a7d6038355ce627918069f42a64fc22 (diff) | |
res_pjsip: Add existence and readablity checks for tls related files
Both transport and endpoint now check for the existence and readability
of tls certificate and key files before passing them on to pjproject.
This will cause the object to not load rather than waiting for pjproject
to discover that there's a problem when a session is attempted.
NOTE: chan_sip also uses ast_rtp_dtls_cfg_parse but it's located
in build_peer which is gigantic and I didn't want to disturb it.
Error messages will emit but it won't interrupt chan_sip loading.
ASTERISK-25618 #close
Change-Id: Ie43f2c1d653ac1fda6a6f6faecb7c2ebadaf47c9
Reported-by: George Joseph
Tested-by: George Joseph
Diffstat (limited to 'main')
| -rw-r--r-- | main/rtp_engine.c | 16 | ||||
| -rw-r--r-- | main/utils.c | 17 |
2 files changed, 33 insertions, 0 deletions
diff --git a/main/rtp_engine.c b/main/rtp_engine.c index 32909090f..24e56b49f 100644 --- a/main/rtp_engine.c +++ b/main/rtp_engine.c @@ -2118,18 +2118,34 @@ int ast_rtp_dtls_cfg_parse(struct ast_rtp_dtls_cfg *dtls_cfg, const char *name, } } else if (!strcasecmp(name, "dtlscertfile")) { ast_free(dtls_cfg->certfile); + if (!ast_file_is_readable(value)) { + ast_log(LOG_ERROR, "%s file %s does not exist or is not readable\n", name, value); + return -1; + } dtls_cfg->certfile = ast_strdup(value); } else if (!strcasecmp(name, "dtlsprivatekey")) { ast_free(dtls_cfg->pvtfile); + if (!ast_file_is_readable(value)) { + ast_log(LOG_ERROR, "%s file %s does not exist or is not readable\n", name, value); + return -1; + } dtls_cfg->pvtfile = ast_strdup(value); } else if (!strcasecmp(name, "dtlscipher")) { ast_free(dtls_cfg->cipher); dtls_cfg->cipher = ast_strdup(value); } else if (!strcasecmp(name, "dtlscafile")) { ast_free(dtls_cfg->cafile); + if (!ast_file_is_readable(value)) { + ast_log(LOG_ERROR, "%s file %s does not exist or is not readable\n", name, value); + return -1; + } dtls_cfg->cafile = ast_strdup(value); } else if (!strcasecmp(name, "dtlscapath") || !strcasecmp(name, "dtlscadir")) { ast_free(dtls_cfg->capath); + if (!ast_file_is_readable(value)) { + ast_log(LOG_ERROR, "%s file %s does not exist or is not readable\n", name, value); + return -1; + } dtls_cfg->capath = ast_strdup(value); } else if (!strcasecmp(name, "dtlssetup")) { if (!strcasecmp(value, "active")) { diff --git a/main/utils.c b/main/utils.c index ba1a07ca2..74932b8c2 100644 --- a/main/utils.c +++ b/main/utils.c @@ -2927,3 +2927,20 @@ int ast_eid_cmp(const struct ast_eid *eid1, const struct ast_eid *eid2) { return memcmp(eid1, eid2, sizeof(*eid1)); } + +int ast_file_is_readable(const char *filename) +{ +#if defined(HAVE_EACCESS) || defined(HAVE_EUIDACCESS) +#if defined(HAVE_EUIDACCESS) && !defined(HAVE_EACCESS) +#define eaccess euidaccess +#endif + return eaccess(filename, R_OK) == 0; +#else + int fd = open(filename, O_RDONLY | O_NONBLOCK); + if (fd < 0) { + return 0; + } + close(fd); + return 1; +#endif +} |