Prequisites for ARI Outbound Websockets

stasis:
* Added stasis_app_is_registered().
* Added stasis_app_control_mark_failed().
* Added stasis_app_control_is_failed().
* Fixed res_stasis_device_state so unsubscribe all works properly.
* Modified stasis_app_unregister() to unsubscribe from all event sources.
* Modified stasis_app_exec to return -1 if stasis_app_control_is_failed()
  returns true.

http:
* Added ast_http_create_basic_auth_header().

md5:
* Added define for MD5_DIGEST_LENGTH.

tcptls:
* Added flag to ast_tcptls_session_args to suppress connection log messages
  to give callers more control over logging.

http_websocket:
* Add flag to ast_websocket_client_options to suppress connection log messages
  to give callers more control over logging.
* Added username and password to ast_websocket_client_options to support
  outbound basic authentication.
* Added ast_websocket_result_to_str().

main/http.c

@@ -1667,6 +1667,50 @@ struct ast_http_auth *ast_http_get_auth(struct ast_variable *headers)
 	return NULL;
 }
 
+struct ast_variable *ast_http_create_basic_auth_header(const char *userid,
+	const char *password)
+{
+	int encoded_size = 0;
+	int userinfo_len = 0;
+	RAII_VAR(char *, userinfo, NULL, ast_free);
+	char *encoded_userinfo = NULL;
+	struct ast_variable *auth_header = NULL;
+
+	if (ast_strlen_zero(userid)) {
+		return NULL;
+	}
+
+	if (strchr(userid, ':')) {
+		userinfo = ast_strdup(userid);
+		userinfo_len = strlen(userinfo);
+	} else {
+		if (ast_strlen_zero(password)) {
+			return NULL;
+		}
+		userinfo_len = ast_asprintf(&userinfo, "%s:%s", userid, password);
+	}
+	if (!userinfo) {
+		return NULL;
+	}
+
+	/*
+	 * The header value is "Basic " + base64(userinfo).
+	 * Doubling the userinfo length then adding the length
+	 * of the "Basic " prefix is a conservative estimate of the
+	 * final encoded size.
+	 */
+	encoded_size = userinfo_len * 2 * sizeof(char) + 1 + BASIC_LEN;
+	encoded_userinfo = ast_alloca(encoded_size);
+	strcpy(encoded_userinfo, BASIC_PREFIX); /* Safe */
+	ast_base64encode(encoded_userinfo + BASIC_LEN, (unsigned char *)userinfo,
+		userinfo_len, encoded_size - BASIC_LEN);
+
+	auth_header = ast_variable_new("Authorization",
+		encoded_userinfo, "");
+
+	return auth_header;
+}
+
 int ast_http_response_status_line(const char *buf, const char *version, int code)
 {
 	int status_code;

main/md5.c

@@ -117,7 +117,7 @@ void MD5Update(struct MD5Context *ctx, unsigned char const *buf, unsigned len)
  * Final wrapup - pad to 64-byte boundary with the bit pattern
  * 1 0* (64-bit count of bits processed, MSB-first)
  */
-void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
+void MD5Final(unsigned char digest[MD5_DIGEST_LENGTH], struct MD5Context *ctx)
 {
 	unsigned count;
 	unsigned char *p;

main/tcptls.c

@@ -379,7 +379,8 @@ static void __ssl_setup_certs(struct ast_tls_config *cfg, const size_t cert_file
 }
 #endif
 
-static int __ssl_setup(struct ast_tls_config *cfg, int client)
+static int __ssl_setup(struct ast_tls_config *cfg, int client,
+	int suppress_progress_msgs)
 {
 #ifndef DO_SSL
 	if (cfg->enabled) {
@@ -534,7 +535,9 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client)
 				if (SSL_CTX_set_tmp_dh(cfg->ssl_ctx, dh)) {
 					long options = SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_SINGLE_DH_USE | SSL_OP_SINGLE_ECDH_USE;
 					options = SSL_CTX_set_options(cfg->ssl_ctx, options);
-					ast_verb(2, "TLS/SSL DH initialized, PFS cipher-suites enabled\n");
+					if (!suppress_progress_msgs) {
+						ast_verb(2, "TLS/SSL DH initialized, PFS cipher-suites enabled\n");
+					}
 				}
 				DH_free(dh);
 			}
@@ -548,7 +551,9 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client)
 	#endif
 	/* SSL_CTX_set_ecdh_auto(cfg->ssl_ctx, on); requires OpenSSL 1.0.2 which wraps: */
 	if (SSL_CTX_ctrl(cfg->ssl_ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL)) {
-		ast_verb(2, "TLS/SSL ECDH initialized (automatic), faster PFS ciphers enabled\n");
+		if (!suppress_progress_msgs) {
+			ast_verb(2, "TLS/SSL ECDH initialized (automatic), faster PFS ciphers enabled\n");
+		}
 #if !defined(OPENSSL_NO_ECDH) && (OPENSSL_VERSION_NUMBER >= 0x10000000L) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
 	} else {
 		/* enables AES-128 ciphers, to get AES-256 use NID_secp384r1 */
@@ -562,14 +567,16 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client)
 #endif
 	}
 
-	ast_verb(2, "TLS/SSL certificate ok\n");	/* We should log which one that is ok. This message doesn't really make sense in production use */
+	if (!suppress_progress_msgs) {
+		ast_verb(2, "TLS/SSL certificate ok\n");	/* We should log which one that is ok. This message doesn't really make sense in production use */
+	}
 	return 1;
 #endif
 }
 
 int ast_ssl_setup(struct ast_tls_config *cfg)
 {
-	return __ssl_setup(cfg, 0);
+	return __ssl_setup(cfg, 0, 0);
 }
 
 void ast_ssl_teardown(struct ast_tls_config *cfg)
@@ -653,8 +660,10 @@ struct ast_tcptls_session_instance *ast_tcptls_client_start_timeout(
 	}
 
 	if (socket_connect(desc->accept_fd, &desc->remote_address, timeout)) {
-		ast_log(LOG_WARNING, "Unable to connect %s to %s: %s\n", desc->name,
-				ast_sockaddr_stringify(&desc->remote_address), strerror(errno));
+		if (!desc->suppress_connection_msgs) {
+			ast_log(LOG_WARNING, "Unable to connect %s to %s: %s\n", desc->name,
+					ast_sockaddr_stringify(&desc->remote_address), strerror(errno));
+		}
 
 		ao2_ref(tcptls_session, -1);
 		return NULL;
@@ -663,8 +672,7 @@ struct ast_tcptls_session_instance *ast_tcptls_client_start_timeout(
 	ast_fd_clear_flags(desc->accept_fd, O_NONBLOCK);
 
 	if (desc->tls_cfg) {
-		desc->tls_cfg->enabled = 1;
-		__ssl_setup(desc->tls_cfg, 1);
+		__ssl_setup(desc->tls_cfg, 1, desc->suppress_connection_msgs);
 	}
 
 	return handle_tcptls_connection(tcptls_session);