kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-02 19:16:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge "tcptls: Use new certificate upon sip reload"

Browse Source
This commit is contained in:
Joshua Colp
2016-12-02 07:15:07 -06:00
committed by Gerrit Code Review
parent 197e408395 635b0a0a55
commit cd5d9d1d69
2 changed files with 89 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
include/asterisk/tcptls.h
View File

@@ -94,6 +94,9 @@ struct ast_tls_config {
char *capath;
struct ast_flags flags;
SSL_CTX *ssl_ctx;
char certhash[41];
char pvthash[41];
char cahash[41];
};
/*! \page AstTlsOverview TLS Implementation Overview
@@ -138,6 +141,7 @@ struct ast_tcptls_session_args {
void (*periodic_fn)(void *);/*!< something we may want to run before after select on the accept socket */
void *(*worker_fn)(void *); /*!< the function in charge of doing the actual work */
const char *name;
struct ast_tls_config *old_tls_cfg; /*!< copy of the SSL configuration to determine whether changes have been made */
};
/*! \brief

86
main/tcptls.c
View File

@@ -36,6 +36,7 @@
#endif
#include <signal.h>
#include <sys/stat.h>
#include "asterisk/compat.h"
#include "asterisk/tcptls.h"
@@ -46,6 +47,7 @@
#include "asterisk/manager.h"
#include "asterisk/astobj2.h"
#include "asterisk/pbx.h"
#include "asterisk/app.h"
static void session_instance_destructor(void *obj)
{
@@ -588,9 +590,64 @@ void ast_tcptls_server_start(struct ast_tcptls_session_args *desc)
{
int flags;
int x = 1;
int tls_changed = 0;
if (desc->tls_cfg) {
char hash[41];
char *str = NULL;
struct stat st;
/* Store the hashes of the TLS certificate etc. */
if (stat(desc->tls_cfg->certfile, &st) || NULL == (str = ast_read_textfile(desc->tls_cfg->certfile))) {
memset(hash, 0, 41);
} else {
ast_sha1_hash(hash, str);
}
ast_free(str);
str = NULL;
memcpy(desc->tls_cfg->certhash, hash, 41);
if (stat(desc->tls_cfg->pvtfile, &st) || NULL == (str = ast_read_textfile(desc->tls_cfg->pvtfile))) {
memset(hash, 0, 41);
} else {
ast_sha1_hash(hash, str);
}
ast_free(str);
str = NULL;
memcpy(desc->tls_cfg->pvthash, hash, 41);
if (stat(desc->tls_cfg->cafile, &st) || NULL == (str = ast_read_textfile(desc->tls_cfg->cafile))) {
memset(hash, 0, 41);
} else {
ast_sha1_hash(hash, str);
}
ast_free(str);
str = NULL;
memcpy(desc->tls_cfg->cahash, hash, 41);
/* Check whether TLS configuration has changed */
if (!desc->old_tls_cfg) { /* No previous configuration */
tls_changed = 1;
desc->old_tls_cfg = ast_calloc(1, sizeof(*desc->old_tls_cfg));
} else if (memcmp(desc->tls_cfg->certhash, desc->old_tls_cfg->certhash, 41)) {
tls_changed = 1;
} else if (memcmp(desc->tls_cfg->pvthash, desc->old_tls_cfg->pvthash, 41)) {
tls_changed = 1;
} else if (strcmp(desc->tls_cfg->cipher, desc->old_tls_cfg->cipher)) {
tls_changed = 1;
} else if (memcmp(desc->tls_cfg->cahash, desc->old_tls_cfg->cahash, 41)) {
tls_changed = 1;
} else if (strcmp(desc->tls_cfg->capath, desc->old_tls_cfg->capath)) {
tls_changed = 1;
} else if (memcmp(&desc->tls_cfg->flags, &desc->old_tls_cfg->flags, sizeof(desc->tls_cfg->flags))) {
tls_changed = 1;
}
if (tls_changed) {
ast_debug(1, "Changed parameters for %s found\n", desc->name);
}
}
/* Do nothing if nothing has changed */
if (!ast_sockaddr_cmp(&desc->old_address, &desc->local_address)) {
if (!tls_changed && !ast_sockaddr_cmp(&desc->old_address, &desc->local_address)) {
ast_debug(1, "Nothing changed in %s\n", desc->name);
return;
}
@@ -646,6 +703,22 @@ void ast_tcptls_server_start(struct ast_tcptls_session_args *desc)
/* Set current info */
ast_sockaddr_copy(&desc->old_address, &desc->local_address);
if (desc->old_tls_cfg) {
ast_free(desc->old_tls_cfg->certfile);
ast_free(desc->old_tls_cfg->pvtfile);
ast_free(desc->old_tls_cfg->cipher);
ast_free(desc->old_tls_cfg->cafile);
ast_free(desc->old_tls_cfg->capath);
desc->old_tls_cfg->certfile = ast_strdup(desc->tls_cfg->certfile);
desc->old_tls_cfg->pvtfile = ast_strdup(desc->tls_cfg->pvtfile);
desc->old_tls_cfg->cipher = ast_strdup(desc->tls_cfg->cipher);
desc->old_tls_cfg->cafile = ast_strdup(desc->tls_cfg->cafile);
desc->old_tls_cfg->capath = ast_strdup(desc->tls_cfg->capath);
memcpy(desc->old_tls_cfg->certhash, desc->tls_cfg->certhash, 41);
memcpy(desc->old_tls_cfg->pvthash, desc->tls_cfg->pvthash, 41);
memcpy(desc->old_tls_cfg->cahash, desc->tls_cfg->cahash, 41);
memcpy(&desc->old_tls_cfg->flags, &desc->tls_cfg->flags, sizeof(desc->old_tls_cfg->flags));
}
return;
@@ -676,6 +749,17 @@ void ast_tcptls_server_stop(struct ast_tcptls_session_args *desc)
close(desc->accept_fd);
}
desc->accept_fd = -1;
if (desc->old_tls_cfg) {
ast_free(desc->old_tls_cfg->certfile);
ast_free(desc->old_tls_cfg->pvtfile);
ast_free(desc->old_tls_cfg->cipher);
ast_free(desc->old_tls_cfg->cafile);
ast_free(desc->old_tls_cfg->capath);
ast_free(desc->old_tls_cfg);
desc->old_tls_cfg = NULL;
}
ast_debug(2, "Stopped server :: %s\n", desc->name);
}