From 437f4288cd35705ba0b8b0651fde4ca2c7f441dc Mon Sep 17 00:00:00 2001 From: Luigi Rizzo Date: Thu, 7 Dec 2006 16:42:29 +0000 Subject: - Generalize the function ssl_setup() so that the certificate info are passed as an argument. - Update the code in main/http.c to use the new interface (the diff is large but mostly mechanical, due to the name change of several variables); - And since now it is trivial, implement "AMI over TLS", and document the possible options in manager.conf - And since the test client (openssl s_client -connect host:port ) does not generate \r\n as a line terminator, make get_input() also accept just a \n as a line terminator (Mac users: do you also need the \r-only version ?) The option parsing in manager.conf is not very efficient, and needs to be cleaned up and made similar to what we have in http.conf git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@48351 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- include/asterisk/http.h | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/asterisk/http.h b/include/asterisk/http.h index f14edd883..bfd39c039 100644 --- a/include/asterisk/http.h +++ b/include/asterisk/http.h @@ -60,9 +60,21 @@ #include #include #else -typedef struct {} SSL; /* so we can define a pointer to it */ +/* declare dummy types so we can define a pointer to them */ +typedef struct {} SSL; +typedef struct {} SSL_CTX; #endif /* DO_SSL */ +/* SSL support */ +#define AST_CERTFILE "asterisk.pem" + +struct tls_config { + int enabled; + char *certfile; + char *cipher; + SSL_CTX *ssl_ctx; +}; + /*! * The following code implements a generic mechanism for starting * services on a TCP or TLS socket. @@ -111,7 +123,7 @@ struct server_instance { struct server_args { struct sockaddr_in sin; struct sockaddr_in oldsin; - int is_ssl; /* is this an SSL accept ? */ + struct tls_config *tls_cfg; /* points to the SSL configuration if any */ int accept_fd; int poll_timeout; pthread_t master; @@ -123,7 +135,7 @@ struct server_args { void *server_root(void *); void server_start(struct server_args *desc); -int ssl_setup(void); +int ssl_setup(struct tls_config *cfg); /*! \brief HTTP Callbacks take the socket, the method and the path as arguments and should return the content, allocated with malloc(). Status should be changed to reflect -- cgit v1.2.3