[asterisk-commits] file: branch file/netsock2 r97619 - /team/file/netsock2/main/netsock2.c
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Wed Jan 9 14:09:12 CST 2008
Author: file
Date: Wed Jan 9 14:09:12 2008
New Revision: 97619
URL: http://svn.digium.com/view/asterisk?view=rev&rev=97619
Log:
Handle scenario where certificate or cipher is not valid.
Modified:
team/file/netsock2/main/netsock2.c
Modified: team/file/netsock2/main/netsock2.c
URL: http://svn.digium.com/view/asterisk/team/file/netsock2/main/netsock2.c?view=diff&rev=97619&r1=97618&r2=97619
==============================================================================
--- team/file/netsock2/main/netsock2.c (original)
+++ team/file/netsock2/main/netsock2.c Wed Jan 9 14:09:12 2008
@@ -495,6 +495,7 @@
#ifdef HAVE_OPENSSL
/* Setup TLS and OpenSSL parameters */
if (transport == AST_NETSOCK2_TRANSPORT_TLS) {
+ int error = 0;
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
netsock2_socket->ssl_ctx = SSL_CTX_new(SSLv23_server_method());
@@ -503,11 +504,20 @@
(!SSL_CTX_use_certificate_file(netsock2_socket->ssl_ctx, certificate, SSL_FILETYPE_PEM) ||
!SSL_CTX_use_PrivateKey_file(netsock2_socket->ssl_ctx, certificate, SSL_FILETYPE_PEM) ||
!SSL_CTX_check_private_key(netsock2_socket->ssl_ctx))) {
- /* TODO: Handle scenario where certificate is a no go */
+ ast_log(LOG_ERROR, "Certificate '%s' did not pass checks.\n", certificate);
+ error = 1;
}
/* If a cipher was provided use it */
if (!ast_strlen_zero(cipher) && !SSL_CTX_set_cipher_list(netsock2_socket->ssl_ctx, cipher)) {
- /* TODO: Handle scenario where cipher is evil */
+ ast_log(LOG_ERROR, "Cipher list '%s' was not acceptable.\n", cipher);
+ error = 1;
+ }
+ /* If an error cropped up bail out */
+ if (error) {
+ SSL_CTX_free(netsock2_socket->ssl_ctx);
+ ast_free(netsock2_socket);
+ close(netsocket);
+ return -1;
}
}
#endif
More information about the asterisk-commits
mailing list