[asterisk-commits] bbryant: branch bbryant/sip-tcptls r75522 - in /team/bbryant/sip-tcptls: chan...
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Tue Jul 17 17:40:09 CDT 2007
Author: bbryant
Date: Tue Jul 17 17:40:08 2007
New Revision: 75522
URL: http://svn.digium.com/view/asterisk?view=rev&rev=75522
Log:
* Changed tls_config to ast_tls_config
* Got TLS client/server working
* Fixed memory corruption problems
Modified:
team/bbryant/sip-tcptls/channels/chan_sip.c
team/bbryant/sip-tcptls/include/asterisk/server.h
team/bbryant/sip-tcptls/main/http.c
team/bbryant/sip-tcptls/main/manager.c
team/bbryant/sip-tcptls/main/server.c
Modified: team/bbryant/sip-tcptls/channels/chan_sip.c
URL: http://svn.digium.com/view/asterisk/team/bbryant/sip-tcptls/channels/chan_sip.c?view=diff&rev=75522&r1=75521&r2=75522
==============================================================================
--- team/bbryant/sip-tcptls/channels/chan_sip.c (original)
+++ team/bbryant/sip-tcptls/channels/chan_sip.c Tue Jul 17 17:40:08 2007
@@ -1317,7 +1317,7 @@
static int handle_request_do(struct sip_request *req, struct sockaddr_in *sin);
static int sip_standard_port(struct sip_socket s);
-static void sip_prepare_socket(struct sip_pvt *p);
+static int sip_prepare_socket(struct sip_pvt *p);
/*--- Transmitting responses and requests */
static int sipsock_read(int *id, int fd, short events, void *ignore);
@@ -1693,7 +1693,7 @@
static void *sip_tcp_worker_fn(void *);
-static struct tls_config sip_tls_cfg;
+static struct ast_tls_config sip_tls_cfg;
static struct server_args sip_tcp_desc = {
.accept_fd = -1,
@@ -2079,21 +2079,39 @@
return sip_debug_test_addr(sip_real_dst(p));
}
+static inline const char *get_transport(enum sip_transport t)
+{
+ switch (t) {
+ case SIP_TRANSPORT_UDP:
+ return "UDP";
+ case SIP_TRANSPORT_TCP:
+ return "TCP";
+ case SIP_TRANSPORT_TLS:
+ return "TLS";
+ }
+
+ return "UNKNOWN";
+}
+
+
/*! \brief Transmit SIP message */
static int __sip_xmit(struct sip_pvt *p, char *data, int len)
{
int res;
const struct sockaddr_in *dst = sip_real_dst(p);
- sip_prepare_socket(p);
-
- if (p->socket.fd == -1)
+ ast_log(LOG_NOTICE, "Trying to put '%.10s' onto %s socket...\n", data, get_transport(p->socket.type));
+
+ if (sip_prepare_socket(p) < 0)
return XMIT_ERROR;
if (p->socket.lock)
ast_mutex_lock(p->socket.lock);
- res = sendto(p->socket.fd, data, len, 0, (const struct sockaddr *)dst, sizeof(struct sockaddr_in));
+ if (p->socket.type & SIP_TRANSPORT_TLS)
+ res = fprintf(p->socket.ser->f, "%.*s", len, data);
+ else
+ res = sendto(p->socket.fd, data, len, 0, (const struct sockaddr *)dst, sizeof(struct sockaddr_in));
if (p->socket.lock)
ast_mutex_unlock(p->socket.lock);
@@ -2111,20 +2129,6 @@
ast_log(LOG_WARNING, "sip_xmit of %p (len %d) to %s:%d returned %d: %s\n", data, len, ast_inet_ntoa(dst->sin_addr), ntohs(dst->sin_port), res, strerror(errno));
return res;
-}
-
-static inline const char *get_transport(enum sip_transport t)
-{
- switch (t) {
- case SIP_TRANSPORT_UDP:
- return "UDP";
- case SIP_TRANSPORT_TCP:
- return "TCP";
- case SIP_TRANSPORT_TLS:
- return "TLS";
- }
-
- return "UNKNOWN";
}
/*! \brief Build a Via header for a request */
@@ -16156,28 +16160,32 @@
return s.port == STANDARD_SIP_PORT;
}
-static void sip_prepare_socket(struct sip_pvt *p)
+static int sip_prepare_socket(struct sip_pvt *p)
{
struct sip_socket *s = &p->socket;
- char name[] = "SIP socket";
- struct server_args ca;
+ static const char name[] = "SIP socket";
+ struct server_args ca = {
+ .name = name,
+ .accept_fd = -1,
+ };
if (s->fd != -1)
- return;
+ return s->fd;
if (s->type & SIP_TRANSPORT_UDP) {
s->fd = sipsock;
- return;
- }
-
- ca.name = name;
- ca.accept_fd = -1;
+ return s->fd;
+ }
+
ca.tls_cfg = (s->ser) ? s->ser->parent->tls_cfg : NULL;
ca.sin = *(sip_real_dst(p));
+ if (!ca.tls_cfg && s->type & SIP_TRANSPORT_TLS &&
+ !(ca.tls_cfg = ast_calloc(1, sizeof(*ca.tls_cfg))))
+ return -1;
s->ser = (!s->ser) ? client_start(&ca) : s->ser;
if (!s->ser)
- return;
+ return -1;
s->fd = ca.accept_fd;
@@ -16186,6 +16194,8 @@
close(ca.accept_fd);
s->fd = ca.accept_fd = -1;
}
+
+ return s->fd;
}
/*! \brief Send message waiting indication to alert peer that they've got voicemail */
@@ -17671,7 +17681,7 @@
ast_log(LOG_WARNING, "Invalid port number '%s' at line %d of %s\n", v->value, v->lineno, config);
}
} else if (!strcasecmp(v->name, "tlsenable")) {
- sip_tls_desc.tls_cfg->enabled = TRUE;
+ sip_tls_desc.tls_cfg->enabled = ast_true(v->value) ? TRUE : FALSE;
sip_tls_desc.sin.sin_family = AF_INET;
} else if (!strcasecmp(v->name, "tlscertfile")) {
ast_free(sip_tls_desc.tls_cfg->certfile);
Modified: team/bbryant/sip-tcptls/include/asterisk/server.h
URL: http://svn.digium.com/view/asterisk/team/bbryant/sip-tcptls/include/asterisk/server.h?view=diff&rev=75522&r1=75521&r2=75522
==============================================================================
--- team/bbryant/sip-tcptls/include/asterisk/server.h (original)
+++ team/bbryant/sip-tcptls/include/asterisk/server.h Tue Jul 17 17:40:08 2007
@@ -62,7 +62,7 @@
/*! SSL support */
#define AST_CERTFILE "asterisk.pem"
-struct tls_config {
+struct ast_tls_config {
int enabled;
char *certfile;
char *cipher;
@@ -106,7 +106,8 @@
FILE *f; /* fopen/funopen result */
int fd; /* the socket returned by accept() */
SSL *ssl; /* ssl state */
- int (*ssl_setup)(SSL *);
+// iint (*ssl_setup)(SSL *);
+ int client;
struct sockaddr_in requestor;
struct server_args *parent;
};
@@ -117,7 +118,7 @@
struct server_args {
struct sockaddr_in sin;
struct sockaddr_in oldsin;
- struct tls_config *tls_cfg; /* points to the SSL configuration if any */
+ struct ast_tls_config *tls_cfg; /* points to the SSL configuration if any */
int accept_fd;
int poll_timeout;
pthread_t master;
@@ -131,7 +132,7 @@
void *server_root(void *);
void server_start(struct server_args *desc);
-int ssl_setup(struct tls_config *cfg);
+int ssl_setup(struct ast_tls_config *cfg);
void *ast_make_file_from_fd(void *data);
Modified: team/bbryant/sip-tcptls/main/http.c
URL: http://svn.digium.com/view/asterisk/team/bbryant/sip-tcptls/main/http.c?view=diff&rev=75522&r1=75521&r2=75522
==============================================================================
--- team/bbryant/sip-tcptls/main/http.c (original)
+++ team/bbryant/sip-tcptls/main/http.c Tue Jul 17 17:40:08 2007
@@ -69,7 +69,7 @@
#define DO_SSL /* comment in/out if you want to support ssl */
#endif
-static struct tls_config http_tls_cfg;
+static struct ast_tls_config http_tls_cfg;
static void *httpd_helper_thread(void *arg);
Modified: team/bbryant/sip-tcptls/main/manager.c
URL: http://svn.digium.com/view/asterisk/team/bbryant/sip-tcptls/main/manager.c?view=diff&rev=75522&r1=75521&r2=75522
==============================================================================
--- team/bbryant/sip-tcptls/main/manager.c (original)
+++ team/bbryant/sip-tcptls/main/manager.c Tue Jul 17 17:40:08 2007
@@ -3232,7 +3232,7 @@
purge_events();
}
-struct tls_config ami_tls_cfg;
+struct ast_tls_config ami_tls_cfg;
static struct server_args ami_desc = {
.accept_fd = -1,
.master = AST_PTHREADT_NULL,
Modified: team/bbryant/sip-tcptls/main/server.c
URL: http://svn.digium.com/view/asterisk/team/bbryant/sip-tcptls/main/server.c?view=diff&rev=75522&r1=75521&r2=75522
==============================================================================
--- team/bbryant/sip-tcptls/main/server.c (original)
+++ team/bbryant/sip-tcptls/main/server.c Tue Jul 17 17:40:08 2007
@@ -110,7 +110,7 @@
ser->parent = desc;
memcpy(&ser->requestor, &sin, sizeof(ser->requestor));
- ser->ssl_setup = SSL_accept;
+ ser->client = 0;
if (ast_pthread_create_detached_background(&launched, NULL, ast_make_file_from_fd, ser)) {
ast_log(LOG_WARNING, "Unable to launch helper thread: %s\n", strerror(errno));
@@ -121,7 +121,9 @@
return NULL;
}
-int ssl_setup(struct tls_config *cfg)
+int client_setup(struct ast_tls_config *);
+
+int ssl_setup(struct ast_tls_config *cfg)
{
#ifndef DO_SSL
cfg->enabled = 0;
@@ -129,9 +131,15 @@
#else
if (!cfg->enabled)
return 0;
+
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
- cfg->ssl_ctx = SSL_CTX_new( SSLv23_server_method() );
+
+ if (!(cfg->ssl_ctx = SSL_CTX_new( SSLv23_server_method() ))) {
+ ast_log(LOG_DEBUG, "Sorry, SSL_CTX_new call returned null...\n");
+ cfg->enabled = 0;
+ return 0;
+ }
if (!ast_strlen_zero(cfg->certfile)) {
if (SSL_CTX_use_certificate_file(cfg->ssl_ctx, cfg->certfile, SSL_FILETYPE_PEM) == 0 ||
SSL_CTX_use_PrivateKey_file(cfg->ssl_ctx, cfg->certfile, SSL_FILETYPE_PEM) == 0 ||
@@ -155,6 +163,24 @@
#endif
}
+int client_setup(struct ast_tls_config *cfg)
+{
+#ifndef DO_SSL
+ cfg->enabled = 0;
+ return 0;
+#else
+ if (!cfg->enabled)
+ return 0;
+
+ SSL_load_error_strings();
+ SSLeay_add_ssl_algorithms();
+
+ cfg->ssl_ctx = SSL_CTX_new( SSLv23_client_method() );
+
+ return 1;
+#endif
+}
+
/*! A generic client routine for a TCP client
* and starts a thread for handling accept()
*/
@@ -201,8 +227,15 @@
ser->parent->worker_fn = NULL;
memcpy(&ser->requestor, &desc->sin, sizeof(ser->requestor));
- ser->ssl_setup = SSL_connect;
- ast_make_file_from_fd(ser);
+ ser->client = 1;
+
+ if (desc->tls_cfg) {
+ desc->tls_cfg->enabled = 1;
+ client_setup(desc->tls_cfg);
+ }
+
+ if(!ast_make_file_from_fd(ser))
+ goto error;
return ser;
@@ -289,6 +322,7 @@
void *ast_make_file_from_fd(void *data)
{
struct server_instance *ser = data;
+ int (*ssl_setup)(SSL *) = (ser->client) ? SSL_connect : SSL_accept;
int ret;
char err[256];
@@ -300,7 +334,7 @@
#ifdef DO_SSL
else if ( (ser->ssl = SSL_new(ser->parent->tls_cfg->ssl_ctx)) ) {
SSL_set_fd(ser->ssl, ser->fd);
- if ((ret = ser->ssl_setup(ser->ssl)) <= 0) {
+ if ((ret = ssl_setup(ser->ssl)) <= 0) {
if(option_verbose > 1)
ast_verbose(VERBOSE_PREFIX_2 "Problem setting up ssl connection: %s\n", ERR_error_string(ERR_get_error(), err));
} else {
@@ -322,15 +356,15 @@
}
#endif /* DO_SSL */
- if (!ser->f) {
+ if (!ser->f) {
close(ser->fd);
ast_log(LOG_WARNING, "FILE * open failed!\n");
ast_free(ser);
return NULL;
- }
-
- if (ser->parent->worker_fn)
+ }
+
+ if (ser && ser->parent->worker_fn)
return ser->parent->worker_fn(ser);
else
- return NULL;
-}
+ return ser;
+}
More information about the asterisk-commits
mailing list