[asterisk-commits] rizzo: trunk r48071 - in /trunk: configs/http.conf.sample main/http.c

asterisk-commits at lists.digium.com asterisk-commits at lists.digium.com
Mon Nov 27 13:21:41 MST 2006


Author: rizzo
Date: Mon Nov 27 14:21:40 2006
New Revision: 48071

URL: http://svn.digium.com/view/asterisk?view=rev&rev=48071
Log:
add a new http.conf option, sslbindaddr.
Because https is more secure than http, it usually
makes sense to keep this service more open than the
one on the unencrypted port.


Modified:
    trunk/configs/http.conf.sample
    trunk/main/http.c

Modified: trunk/configs/http.conf.sample
URL: http://svn.digium.com/view/asterisk/trunk/configs/http.conf.sample?view=diff&rev=48071&r1=48070&r2=48071
==============================================================================
--- trunk/configs/http.conf.sample (original)
+++ trunk/configs/http.conf.sample Mon Nov 27 14:21:40 2006
@@ -28,10 +28,13 @@
 ;
 ;prefix=asterisk
 
-; HTTPS support: you need to enable it, define the port to use,
+; HTTPS support. In addition to enabled=yes, you need to
+; explicitly enable ssl, define the port to use,
 ; and have a certificate somewhere.
 ; sslenable=yes		; enable ssl - default no.
 ; sslbindport=4433	; port to use - default is 8089
+; sslbindaddr=0.0.0.0	; address to bind to - default is bindaddr.
+;
 ; sslcert=/tmp/foo.pem	; path to the certificate
 ;
 ; To produce a certificate you can e.g. use openssl

Modified: trunk/main/http.c
URL: http://svn.digium.com/view/asterisk/trunk/main/http.c?view=diff&rev=48071&r1=48070&r2=48071
==============================================================================
--- trunk/main/http.c (original)
+++ trunk/main/http.c Mon Nov 27 14:21:40 2006
@@ -824,6 +824,7 @@
 	struct hostent *hp;
 	struct ast_hostent ahp;
 	char newprefix[MAX_PREFIX];
+	int have_sslbindaddr = 0;
 
 	/* default values */
 	memset(&http_desc.sin, 0, sizeof(http_desc.sin));
@@ -862,10 +863,16 @@
 				newenablestatic = ast_true(v->value);
 			else if (!strcasecmp(v->name, "bindport"))
 				http_desc.sin.sin_port = htons(atoi(v->value));
-			else if (!strcasecmp(v->name, "bindaddr")) {
+			else if (!strcasecmp(v->name, "sslbindaddr")) {
+				if ((hp = ast_gethostbyname(v->value, &ahp))) {
+					memcpy(&https_desc.sin.sin_addr, hp->h_addr, sizeof(https_desc.sin.sin_addr));
+					have_sslbindaddr = 1;
+				} else {
+					ast_log(LOG_WARNING, "Invalid bind address '%s'\n", v->value);
+				}
+			} else if (!strcasecmp(v->name, "bindaddr")) {
 				if ((hp = ast_gethostbyname(v->value, &ahp))) {
 					memcpy(&http_desc.sin.sin_addr, hp->h_addr, sizeof(http_desc.sin.sin_addr));
-					memcpy(&https_desc.sin.sin_addr, hp->h_addr, sizeof(https_desc.sin.sin_addr));
 				} else {
 					ast_log(LOG_WARNING, "Invalid bind address '%s'\n", v->value);
 				}
@@ -882,6 +889,8 @@
 		}
 		ast_config_destroy(cfg);
 	}
+	if (!have_sslbindaddr)
+		https_desc.sin.sin_addr = http_desc.sin.sin_addr;
 	if (enabled)
 		http_desc.sin.sin_family = https_desc.sin.sin_family = AF_INET;
 	if (strcmp(prefix, newprefix))



More information about the asterisk-commits mailing list