diff options
| -rw-r--r-- | channels/chan_sip.c | 2 | ||||
| -rw-r--r-- | main/libasteriskssl.c | 9 | ||||
| -rw-r--r-- | main/tcptls.c | 13 |
3 files changed, 9 insertions, 15 deletions
diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 091d5d7ff..b5b7da6c8 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -2451,6 +2451,8 @@ static void sip_tcptls_client_args_destructor(void *obj) ast_free(args->tls_cfg->cipher); ast_free(args->tls_cfg->cafile); ast_free(args->tls_cfg->capath); + + ast_ssl_teardown(args->tls_cfg); } ast_free(args->tls_cfg); ast_free((char *) args->name); diff --git a/main/libasteriskssl.c b/main/libasteriskssl.c index 361875aa1..ca3fb569c 100644 --- a/main/libasteriskssl.c +++ b/main/libasteriskssl.c @@ -158,7 +158,6 @@ int ast_ssl_init(void) void (*real_CRYPTO_set_locking_callback)(void (*)(int, int, const char *, int)); void (*real_SSL_load_error_strings)(void); void (*real_ERR_load_SSL_strings)(void); - void (*real_ERR_load_crypto_strings)(void); void (*real_ERR_load_BIO_strings)(void); const char *errstr; @@ -220,17 +219,9 @@ int ast_ssl_init(void) get_OpenSSL_function(ERR_load_SSL_strings); real_ERR_load_SSL_strings(); - get_OpenSSL_function(ERR_load_crypto_strings); - real_ERR_load_crypto_strings(); - get_OpenSSL_function(ERR_load_BIO_strings); real_ERR_load_BIO_strings(); -#if 0 - /* currently this is just another call to SSL_library_init, so we don't call it */ - OpenSSL_add_all_algorithms(); -#endif - startup_complete = 1; #endif /* HAVE_OPENSSL */ diff --git a/main/tcptls.c b/main/tcptls.c index 2ad3a10e4..2e5cbf4c6 100644 --- a/main/tcptls.c +++ b/main/tcptls.c @@ -84,6 +84,7 @@ static int ssl_close(void *cookie) { int cookie_fd = SSL_get_fd(cookie); int ret; + if (cookie_fd > -1) { /* * According to the TLS standard, it is acceptable for an application to only send its shutdown @@ -93,6 +94,12 @@ static int ssl_close(void *cookie) if ((ret = SSL_shutdown(cookie)) < 0) { ast_log(LOG_ERROR, "SSL_shutdown() failed: %d\n", SSL_get_error(cookie, ret)); } + + if (!((SSL*)cookie)->server) { + /* For client threads, ensure that the error stack is cleared */ + ERR_remove_state(0); + } + SSL_free(cookie); /* adding shutdown(2) here has no added benefit */ if (close(cookie_fd)) { @@ -320,9 +327,6 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client) return 0; } - SSL_load_error_strings(); - SSLeay_add_ssl_algorithms(); - /* Get rid of an old SSL_CTX since we're about to * allocate a new one */ @@ -364,7 +368,6 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client) if (!client) { /* Clients don't need a certificate, but if its setup we can use it */ ast_verb(0, "SSL error loading cert file. <%s>\n", cfg->certfile); - sleep(2); cfg->enabled = 0; SSL_CTX_free(cfg->ssl_ctx); cfg->ssl_ctx = NULL; @@ -375,7 +378,6 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client) if (!client) { /* Clients don't need a private key, but if its setup we can use it */ ast_verb(0, "SSL error loading private key file. <%s>\n", tmpprivate); - sleep(2); cfg->enabled = 0; SSL_CTX_free(cfg->ssl_ctx); cfg->ssl_ctx = NULL; @@ -387,7 +389,6 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client) if (SSL_CTX_set_cipher_list(cfg->ssl_ctx, cfg->cipher) == 0 ) { if (!client) { ast_verb(0, "SSL cipher error <%s>\n", cfg->cipher); - sleep(2); cfg->enabled = 0; SSL_CTX_free(cfg->ssl_ctx); cfg->ssl_ctx = NULL; |