[Asterisk-code-review] tcptls: Use new certificate upon sip reload (asterisk[13])
Michael Kuron
asteriskteam at digium.com
Tue Nov 15 13:51:30 CST 2016
Michael Kuron has uploaded a new change for review. ( https://gerrit.asterisk.org/4448 )
Change subject: tcptls: Use new certificate upon sip reload
......................................................................
tcptls: Use new certificate upon sip reload
Previously, a TLS server socket would only be restarted upon sip reload
if the bind address had changed. This commit makes the restart
unconditional so that changes to TLS parameters like certificate, ciphers,
etc. also get picked up without requiring a reload of the entire chan_sip
module. This does not affect open connections in any way, but new
connections will use the new TLS parameters.
Change-Id: I169e86cefc6dcd627c915134015a6a1ab1aadbe6
---
M main/tcptls.c
1 file changed, 3 insertions(+), 2 deletions(-)
git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/48/4448/1
diff --git a/main/tcptls.c b/main/tcptls.c
index 34baf9a..a716be0 100644
--- a/main/tcptls.c
+++ b/main/tcptls.c
@@ -1038,8 +1038,9 @@
int flags;
int x = 1;
- /* Do nothing if nothing has changed */
- if (!ast_sockaddr_cmp(&desc->old_address, &desc->local_address)) {
+ /* For TCP, do nothing if nothing has changed. For TLS, reload unconditionally
+ because the certificate or cipher settings may have changed. */
+ if (!desc->tls_cfg && !ast_sockaddr_cmp(&desc->old_address, &desc->local_address)) {
ast_debug(1, "Nothing changed in %s\n", desc->name);
return;
}
--
To view, visit https://gerrit.asterisk.org/4448
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I169e86cefc6dcd627c915134015a6a1ab1aadbe6
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Owner: Michael Kuron <m.kuron at gmx.de>
More information about the asterisk-code-review
mailing list