kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-01 19:43:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

add a new http.conf option, sslbindaddr.

Browse Source 
Because https is more secure than http, it usually
makes sense to keep this service more open than the
one on the unencrypted port.



git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@48071 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Luigi Rizzo
2006-11-27 20:21:40 +00:00
parent 3637b60b19
commit 2e7fd7cbdb
2 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
configs/http.conf.sample
View File

@@ -28,10 +28,13 @@ bindaddr=127.0.0.1
; ;
;prefix=asterisk ;prefix=asterisk
; HTTPS support: you need to enable it, define the port to use, ; HTTPS support. In addition to enabled=yes, you need to
; explicitly enable ssl, define the port to use,
; and have a certificate somewhere. ; and have a certificate somewhere.
; sslenable=yes ; enable ssl - default no. ; sslenable=yes ; enable ssl - default no.
; sslbindport=4433 ; port to use - default is 8089 ; sslbindport=4433 ; port to use - default is 8089
; sslbindaddr=0.0.0.0 ; address to bind to - default is bindaddr.
;
; sslcert=/tmp/foo.pem ; path to the certificate ; sslcert=/tmp/foo.pem ; path to the certificate
; ;
; To produce a certificate you can e.g. use openssl ; To produce a certificate you can e.g. use openssl

13
main/http.c
View File

@@ -824,6 +824,7 @@ static int __ast_http_load(int reload)
struct hostent *hp; struct hostent *hp;
struct ast_hostent ahp; struct ast_hostent ahp;
char newprefix[MAX_PREFIX]; char newprefix[MAX_PREFIX];
int have_sslbindaddr = 0;
/* default values */ /* default values */
memset(&http_desc.sin, 0, sizeof(http_desc.sin)); memset(&http_desc.sin, 0, sizeof(http_desc.sin));
@@ -862,10 +863,16 @@ static int __ast_http_load(int reload)
newenablestatic = ast_true(v->value); newenablestatic = ast_true(v->value);
else if (!strcasecmp(v->name, "bindport")) else if (!strcasecmp(v->name, "bindport"))
http_desc.sin.sin_port = htons(atoi(v->value)); http_desc.sin.sin_port = htons(atoi(v->value));
else if (!strcasecmp(v->name, "bindaddr")) { else if (!strcasecmp(v->name, "sslbindaddr")) {
if ((hp = ast_gethostbyname(v->value, &ahp))) {
memcpy(&https_desc.sin.sin_addr, hp->h_addr, sizeof(https_desc.sin.sin_addr));
have_sslbindaddr = 1;
} else {
ast_log(LOG_WARNING, "Invalid bind address '%s'\n", v->value);
}
} else if (!strcasecmp(v->name, "bindaddr")) {
if ((hp = ast_gethostbyname(v->value, &ahp))) { if ((hp = ast_gethostbyname(v->value, &ahp))) {
memcpy(&http_desc.sin.sin_addr, hp->h_addr, sizeof(http_desc.sin.sin_addr)); memcpy(&http_desc.sin.sin_addr, hp->h_addr, sizeof(http_desc.sin.sin_addr));
memcpy(&https_desc.sin.sin_addr, hp->h_addr, sizeof(https_desc.sin.sin_addr));
} else { } else {
ast_log(LOG_WARNING, "Invalid bind address '%s'\n", v->value); ast_log(LOG_WARNING, "Invalid bind address '%s'\n", v->value);
} }
@@ -882,6 +889,8 @@ static int __ast_http_load(int reload)
} }
ast_config_destroy(cfg); ast_config_destroy(cfg);
} }
if (!have_sslbindaddr)
https_desc.sin.sin_addr = http_desc.sin.sin_addr;
if (enabled) if (enabled)
http_desc.sin.sin_family = https_desc.sin.sin_family = AF_INET; http_desc.sin.sin_family = https_desc.sin.sin_family = AF_INET;
if (strcmp(prefix, newprefix)) if (strcmp(prefix, newprefix))