Fix TLS port binding behavior as well as reload behavior:

* Removes references to tlsbindport from http.conf.sample and manager.conf.sample * Properly bind to port specified in tlsbindaddr, using the default port if specified. * On a reload, properly close socket if the service has been disabled. A note has been added to UPGRADE.txt to indicate how ports must be set for TLS. (closes issue ASTERISK-16959) reported by Olaf Holthausen (closes issue ASTERISK-19201) reported by Chris Mylonas (closes issue ASTERISK-19204) reported by Chris Mylonas Review: https://reviewboard.asterisk.org/r/1709 ........ Merged revisions 353770 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 353820 from http://svn.asterisk.org/svn/asterisk/branches/10 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@353821 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2025-09-04 20:04:50 +00:00 · 2012-02-02 18:55:05 +00:00
parent 5164196972
commit 0f4489dc0f
5 changed files with 28 additions and 13 deletions
--- a/main/http.c
+++ b/main/http.c
@@ -1005,13 +1005,15 @@ static int __ast_http_load(int reload)
 	uint32_t bindport = DEFAULT_PORT;
 	struct ast_sockaddr *addrs = NULL;
 	int num_addrs = 0;
+	int http_tls_was_enabled = 0;

 	cfg = ast_config_load2("http.conf", "http", config_flags);
 	if (cfg == CONFIG_STATUS_FILEMISSING || cfg == CONFIG_STATUS_FILEUNCHANGED || cfg == CONFIG_STATUS_FILEINVALID) {
 		return 0;
 	}

-	/* default values */
+	http_tls_was_enabled = (reload && http_tls_cfg.enabled);
+
 	http_tls_cfg.enabled = 0;
 	if (http_tls_cfg.certfile) {
 		ast_free(http_tls_cfg.certfile);
@@ -1034,6 +1036,8 @@ static int __ast_http_load(int reload)
 	}
 	AST_RWLIST_UNLOCK(&uri_redirects);

+	ast_sockaddr_setnull(&https_desc.local_address);
+
 	if (cfg) {
 		v = ast_variable_browse(cfg, "general");
 		for (; v; v = v->next) {
@@ -1113,8 +1117,9 @@ static int __ast_http_load(int reload)
 			ast_sockaddr_set_port(&https_desc.local_address, DEFAULT_TLS_PORT);
 		}
 	}
-
-	if (enabled && !ast_sockaddr_isnull(&https_desc.local_address)) {
+	if (http_tls_was_enabled && !http_tls_cfg.enabled) {
+		ast_tcptls_server_stop(&https_desc);
+	} else if (http_tls_cfg.enabled && !ast_sockaddr_isnull(&https_desc.local_address)) {
 		/* We can get here either because a TLS-specific address was specified
 		 * or because we copied the non-TLS address here. In the case where
 		 * we read an explicit address from the config, there may have been