[Asterisk-code-review] http.c: Reload TLS even if http.conf hasn't changed (asterisk[13])

Sean Bright asteriskteam at digium.com
Wed Oct 3 08:30:24 CDT 2018 

Sean Bright has uploaded this change for review. ( https://gerrit.asterisk.org/10395


Change subject: http.c: Reload TLS even if http.conf hasn't changed
......................................................................

http.c: Reload TLS even if http.conf hasn't changed

There is currently no way to indicate to Asterisk that TLS certificates
and/or keys have been updated other than by modifying http.conf or
restarting Asterisk.

There is already code in main/tcptls.c that determines if a reload is
actually necessary based on the hashes of the certicate and dependent
files, so this change merely gives us a way to request a reload without
explicitly modifying http.conf.

Change-Id: Ie795420dcc7eb3d91336820688a29adbcc321276
---
M main/http.c
1 file changed, 9 insertions(+), 1 deletion(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/95/10395/1

diff --git a/main/http.c b/main/http.c
index 15c6da2..fec0ed8 100644
--- a/main/http.c
+++ b/main/http.c
@@ -2107,7 +2107,15 @@
 	int http_tls_was_enabled = 0;
 
 	cfg = ast_config_load2("http.conf", "http", config_flags);
-	if (!cfg || cfg == CONFIG_STATUS_FILEUNCHANGED || cfg == CONFIG_STATUS_FILEINVALID) {
+	if (!cfg || cfg == CONFIG_STATUS_FILEINVALID) {
+		return 0;
+	}
+
+	/* Even if the http.conf hasn't been updated, the TLS certs/keys may have been */
+	if (cfg == CONFIG_STATUS_FILEUNCHANGED && reload && http_tls_cfg.enabled) {
+		if (ast_ssl_setup(https_desc.tls_cfg)) {
+			ast_tcptls_server_start(&https_desc);
+		}
 		return 0;
 	}
 

-- 
To view, visit https://gerrit.asterisk.org/10395
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie795420dcc7eb3d91336820688a29adbcc321276
Gerrit-Change-Number: 10395
Gerrit-PatchSet: 1
Gerrit-Owner: Sean Bright <sean.bright at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20181003/8b64aa0d/attachment.html>

More information about the asterisk-code-review mailing list