summaryrefslogtreecommitdiff
path: root/main
diff options
context:
space:
mode:
Diffstat (limited to 'main')
-rw-r--r--main/http.c31
-rw-r--r--main/manager.c33
-rw-r--r--main/tcptls.c36
3 files changed, 52 insertions, 48 deletions
diff --git a/main/http.c b/main/http.c
index 595d6cbab..f99c03e91 100644
--- a/main/http.c
+++ b/main/http.c
@@ -983,7 +983,6 @@ static int __ast_http_load(int reload)
struct hostent *hp;
struct ast_hostent ahp;
char newprefix[MAX_PREFIX] = "";
- int have_sslbindaddr = 0;
struct http_uri_redirect *redirect;
struct ast_flags config_flags = { reload ? CONFIG_FLAG_FILEUNCHANGED : 0 };
@@ -1024,32 +1023,18 @@ static int __ast_http_load(int reload)
if (cfg) {
v = ast_variable_browse(cfg, "general");
for (; v; v = v->next) {
+
+ /* handle tls conf */
+ if (!ast_tls_read_conf(&http_tls_cfg, &https_desc, v->name, v->value)) {
+ continue;
+ }
+
if (!strcasecmp(v->name, "enabled")) {
enabled = ast_true(v->value);
- } else if (!strcasecmp(v->name, "sslenable")) {
- http_tls_cfg.enabled = ast_true(v->value);
- } else if (!strcasecmp(v->name, "sslbindport")) {
- https_desc.local_address.sin_port = htons(atoi(v->value));
- } else if (!strcasecmp(v->name, "sslcert")) {
- ast_free(http_tls_cfg.certfile);
- http_tls_cfg.certfile = ast_strdup(v->value);
- } else if (!strcasecmp(v->name, "sslprivatekey")) {
- ast_free(http_tls_cfg.pvtfile);
- http_tls_cfg.pvtfile = ast_strdup(v->value);
- } else if (!strcasecmp(v->name, "sslcipher")) {
- ast_free(http_tls_cfg.cipher);
- http_tls_cfg.cipher = ast_strdup(v->value);
} else if (!strcasecmp(v->name, "enablestatic")) {
newenablestatic = ast_true(v->value);
} else if (!strcasecmp(v->name, "bindport")) {
http_desc.local_address.sin_port = htons(atoi(v->value));
- } else if (!strcasecmp(v->name, "sslbindaddr")) {
- if ((hp = ast_gethostbyname(v->value, &ahp))) {
- memcpy(&https_desc.local_address.sin_addr, hp->h_addr, sizeof(https_desc.local_address.sin_addr));
- have_sslbindaddr = 1;
- } else {
- ast_log(LOG_WARNING, "Invalid bind address '%s'\n", v->value);
- }
} else if (!strcasecmp(v->name, "bindaddr")) {
if ((hp = ast_gethostbyname(v->value, &ahp))) {
memcpy(&http_desc.local_address.sin_addr, hp->h_addr, sizeof(http_desc.local_address.sin_addr));
@@ -1072,8 +1057,8 @@ static int __ast_http_load(int reload)
ast_config_destroy(cfg);
}
-
- if (!have_sslbindaddr) {
+ /* if the https addres has not been set, default is the same as non secure http */
+ if (!https_desc.local_address.sin_addr.s_addr) {
https_desc.local_address.sin_addr = http_desc.local_address.sin_addr;
}
if (enabled) {
diff --git a/main/manager.c b/main/manager.c
index a43f5518b..97d573c07 100644
--- a/main/manager.c
+++ b/main/manager.c
@@ -4719,9 +4719,6 @@ static int __init_manager(int reload)
const char *val;
char *cat = NULL;
int newhttptimeout = 60;
- int have_sslbindaddr = 0;
- struct hostent *hp;
- struct ast_hostent ahp;
struct ast_manager_user *user = NULL;
struct ast_variable *var;
struct ast_flags config_flags = { reload ? CONFIG_FLAG_FILEUNCHANGED : 0 };
@@ -4804,27 +4801,12 @@ static int __init_manager(int reload)
for (var = ast_variable_browse(cfg, "general"); var; var = var->next) {
val = var->value;
- if (!strcasecmp(var->name, "sslenable")) {
- ami_tls_cfg.enabled = ast_true(val);
- } else if (!strcasecmp(var->name, "sslbindport")) {
- amis_desc.local_address.sin_port = htons(atoi(val));
- } else if (!strcasecmp(var->name, "sslbindaddr")) {
- if ((hp = ast_gethostbyname(val, &ahp))) {
- memcpy(&amis_desc.local_address.sin_addr, hp->h_addr, sizeof(amis_desc.local_address.sin_addr));
- have_sslbindaddr = 1;
- } else {
- ast_log(LOG_WARNING, "Invalid bind address '%s'\n", val);
- }
- } else if (!strcasecmp(var->name, "sslcert")) {
- ast_free(ami_tls_cfg.certfile);
- ami_tls_cfg.certfile = ast_strdup(val);
- } else if (!strcasecmp(var->name, "sslprivatekey")) {
- ast_free(ami_tls_cfg.pvtfile);
- ami_tls_cfg.pvtfile = ast_strdup(val);
- } else if (!strcasecmp(var->name, "sslcipher")) {
- ast_free(ami_tls_cfg.cipher);
- ami_tls_cfg.cipher = ast_strdup(val);
- } else if (!strcasecmp(var->name, "enabled")) {
+
+ if (!ast_tls_read_conf(&ami_tls_cfg, &amis_desc, var->name, val)) {
+ continue;
+ }
+
+ if (!strcasecmp(var->name, "enabled")) {
manager_enabled = ast_true(val);
} else if (!strcasecmp(var->name, "block-sockets")) {
block_sockets = ast_true(val);
@@ -4856,7 +4838,8 @@ static int __init_manager(int reload)
if (manager_enabled) {
ami_desc.local_address.sin_family = AF_INET;
}
- if (!have_sslbindaddr) {
+ /* if the amis address has not been set, default is the same as non secure ami */
+ if (!amis_desc.local_address.sin_addr.s_addr) {
amis_desc.local_address.sin_addr = ami_desc.local_address.sin_addr;
}
if (ami_tls_cfg.enabled) {
diff --git a/main/tcptls.c b/main/tcptls.c
index 5837668de..4609438f5 100644
--- a/main/tcptls.c
+++ b/main/tcptls.c
@@ -488,3 +488,39 @@ void ast_tcptls_server_stop(struct ast_tcptls_session_args *desc)
desc->accept_fd = -1;
ast_debug(2, "Stopped server :: %s\n", desc->name);
}
+
+int ast_tls_read_conf(struct ast_tls_config *tls_cfg, struct ast_tcptls_session_args *tls_desc, const char *varname, const char *value)
+{
+ if (!strcasecmp(varname, "tlsenable") || !strcasecmp(varname, "sslenable")) {
+ tls_cfg->enabled = ast_true(value) ? 1 : 0;
+ tls_desc->local_address.sin_family = AF_INET;
+ } else if (!strcasecmp(varname, "tlscertfile") || !strcasecmp(varname, "sslcert")) {
+ ast_free(tls_cfg->certfile);
+ tls_cfg->certfile = ast_strdup(value);
+ } else if (!strcasecmp(varname, "tlsprivatekey") || !strcasecmp(varname, "sslprivatekey")) {
+ ast_free(tls_cfg->pvtfile);
+ tls_cfg->pvtfile = ast_strdup(value);
+ } else if (!strcasecmp(varname, "tlscipher") || !strcasecmp(varname, "sslcipher")) {
+ ast_free(tls_cfg->cipher);
+ tls_cfg->cipher = ast_strdup(value);
+ } else if (!strcasecmp(varname, "tlscafile")) {
+ ast_free(tls_cfg->cafile);
+ tls_cfg->cafile = ast_strdup(value);
+ } else if (!strcasecmp(varname, "tlscapath")) {
+ ast_free(tls_cfg->capath);
+ tls_cfg->capath = ast_strdup(value);
+ } else if (!strcasecmp(varname, "tlsverifyclient")) {
+ ast_set2_flag(&tls_cfg->flags, ast_true(value), AST_SSL_VERIFY_CLIENT);
+ } else if (!strcasecmp(varname, "tlsdontverifyserver")) {
+ ast_set2_flag(&tls_cfg->flags, ast_true(value), AST_SSL_DONT_VERIFY_SERVER);
+ } else if (!strcasecmp(varname, "tlsbindaddr") || !strcasecmp(varname, "sslbindaddr")) {
+ if (ast_parse_arg(value, PARSE_INADDR, &tls_desc->local_address))
+ ast_log(LOG_WARNING, "Invalid %s '%s'\n", varname, value);
+ } else if (!strcasecmp(varname, "tlsbindport") || !strcasecmp(varname, "sslbindport")) {
+ tls_desc->local_address.sin_port = htons(atoi(value));
+ } else {
+ return -1;
+ }
+
+ return 0;
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-20 03:14:51 +0000