[Asterisk-code-review] tcptls: Use new certificate upon sip reload (asterisk[13])

[Michael Kuron]

Michael Kuron has posted comments on this change. ( https://gerrit.asterisk.org/4448 )

Change subject: tcptls: Use new certificate upon sip reload
......................................................................


Patch Set 2:

So I just put a sleep(120) into reload_config, right before the TCP and TLS server threads are re-started if settings have changed, and it turns out that Asterisk is unable to accept a call or registration while reload_config is sleeping; these just time out if the client doesn't have the patience to wait until the sleep time is up.
You are right though, I re-read the code and peers are not deleted up front. This means that there is something else stalling the SIP stack during reload.

So my pull request currently introduces one race condition (new TLS connections are rejected for a brief moment during reload), but there is a much larger race condition already present (chan_sip being unable to process requests at certain times while the reload is ongoing). I'm not going to be able to fix the latter, but I'm happy to discuss ideas to fix the former by doing more checking whether it is necessary to restart the TLS server socket. I guess this would amount to keeping a copy of sip_tls_desc.tls_cfg and comparing all member variables. If any have changed, or any of the files they reference (tlscertfile etc.) have changed, restart the TLS socket.

-- 
To view, visit https://gerrit.asterisk.org/4448
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I169e86cefc6dcd627c915134015a6a1ab1aadbe6
Gerrit-PatchSet: 2
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Owner: Michael Kuron <m.kuron at gmx.de>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Michael Kuron <m.kuron at gmx.de>
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
Gerrit-HasComments: No