[asterisk-commits] oej: branch oej/juniper-tls-settings-1.8 r412063 - in /team/oej/juniper-tls-s...

Thu Apr 10 03:20:00 CDT 2014

Author: oej
Date: Thu Apr 10 03:19:53 2014
New Revision: 412063

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=412063
Log:
Initialize automatic merging in the juniper-tls-settings-1.8 branch...

Modified:
    team/oej/juniper-tls-settings-1.8/   (props changed)
    team/oej/juniper-tls-settings-1.8/include/asterisk/tcptls.h
    team/oej/juniper-tls-settings-1.8/main/asterisk.c
    team/oej/juniper-tls-settings-1.8/main/tcptls.c

Propchange: team/oej/juniper-tls-settings-1.8/
------------------------------------------------------------------------------

--- automerge (original)
+++ automerge Thu Apr 10 03:19:53 2014
@@ -1,1 +1,1 @@
-*
+Working, working, working. When is it hacking time?

Propchange: team/oej/juniper-tls-settings-1.8/
------------------------------------------------------------------------------
--- svnmerge-integrated (original)
+++ svnmerge-integrated Thu Apr 10 03:19:53 2014
@@ -1,1 +1,1 @@
-/branches/1.8:1-411993
+/branches/1.8:1-411785

Modified: team/oej/juniper-tls-settings-1.8/include/asterisk/tcptls.h
URL: http://svnview.digium.com/svn/asterisk/team/oej/juniper-tls-settings-1.8/include/asterisk/tcptls.h?view=diff&rev=412063&r1=412062&r2=412063
==============================================================================
--- team/oej/juniper-tls-settings-1.8/include/asterisk/tcptls.h (original)
+++ team/oej/juniper-tls-settings-1.8/include/asterisk/tcptls.h Thu Apr 10 03:19:53 2014
@@ -58,6 +58,7 @@
 #ifdef DO_SSL
 #include <openssl/ssl.h>
 #include <openssl/err.h>
+#include <openssl/opensslv.h>
 #else
 /* declare dummy types so we can define a pointer to them */
 typedef struct {} SSL;
@@ -79,7 +80,11 @@
 	/*! Use SSLv3 for outgoing client connections */
 	AST_SSL_SSLV3_CLIENT = (1 << 4),
 	/*! Use TLSv1 for outgoing client connections */
-	AST_SSL_TLSV1_CLIENT = (1 << 5)
+	AST_SSL_TLSV1_CLIENT = (1 << 5),
+	/*! Use TLSv1.1 for outgoing client connections */
+	AST_SSL_TLSV11_CLIENT = (1 << 6),
+	/*! Use TLSv1.2 for outgoing client connections */
+	AST_SSL_TLSV12_CLIENT = (1 << 7),
 };
 
 struct ast_tls_config {
@@ -216,9 +221,25 @@
 void ast_ssl_teardown(struct ast_tls_config *cfg);
 
 /*!
+ * \brief get current ciphers for a session
+ */
+int ast_ssl_get_session_cipher(ast_tcptls_session_instance, char *buf, size_t buflen);
+
+/*!
+ * \brief get current ciphers for a server socket
+ */
+int ast_ssl_get_server_cipher(ast_tcptls_session_instance, char *buf, size_t buflen);
+
+/*!
  * \brief Used to parse conf files containing tls/ssl options.
  */
 int ast_tls_read_conf(struct ast_tls_config *tls_cfg, struct ast_tcptls_session_args *tls_desc, const char *varname, const char *value);
+
+/*
+ * \brief Get the TLS/SSL library name and version
+ */
+char *tls_library_version( void );
+
 
 HOOK_T ast_tcptls_server_read(struct ast_tcptls_session_instance *ser, void *buf, size_t count);
 HOOK_T ast_tcptls_server_write(struct ast_tcptls_session_instance *ser, const void *buf, size_t count);

Modified: team/oej/juniper-tls-settings-1.8/main/asterisk.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/juniper-tls-settings-1.8/main/asterisk.c?view=diff&rev=412063&r1=412062&r2=412063
==============================================================================
--- team/oej/juniper-tls-settings-1.8/main/asterisk.c (original)
+++ team/oej/juniper-tls-settings-1.8/main/asterisk.c Thu Apr 10 03:19:53 2014
@@ -493,6 +493,11 @@
 	ast_cli(a->fd, "  Web Manager (AMI/HTTP):      %s\n", check_webmanager_enabled() ? "Enabled" : "Disabled");
 	ast_cli(a->fd, "  Call data records:           %s\n", check_cdr_enabled() ? "Enabled" : "Disabled");
 	ast_cli(a->fd, "  Realtime Architecture (ARA): %s\n", ast_realtime_enabled() ? "Enabled" : "Disabled");
+#ifdef DO_SSL
+	ast_cli(a->fd, "  TLS support:                 %s\n", tls_library_version());
+#else
+	ast_cli(a->fd, "  TLS support:                 No\n");
+#endif
 
 	/*! \todo we could check musiconhold, voicemail, smdi, adsi, queues  */
 

Modified: team/oej/juniper-tls-settings-1.8/main/tcptls.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/juniper-tls-settings-1.8/main/tcptls.c?view=diff&rev=412063&r1=412062&r2=412063
==============================================================================
--- team/oej/juniper-tls-settings-1.8/main/tcptls.c (original)
+++ team/oej/juniper-tls-settings-1.8/main/tcptls.c Thu Apr 10 03:19:53 2014
@@ -15,6 +15,12 @@
  * This program is free software, distributed under the terms of
  * the GNU General Public License Version 2. See the LICENSE file
  * at the top of the source tree.
+ */
+
+/*! \todo
+ * - Get the Openssl version number from autoconfig
+ * 0x1000100fL and higher support TLS v 1.1
+ * 0x1000105fL and higher support TLS v 1.2
  */
 
 /*!
@@ -665,6 +671,16 @@
 	return 1;
 }
 
+int ast_ssl_get_cipher(struct ast_tls_config *cfg, char *buf, size_t buflen)
+{
+	char *tls_info;
+	if (!SSL_get_current_cipher(cfg->ssl_ctx)) {
+		return 0; 	/* False */
+	}
+	tls_info = SSL_CIPHER_description(SSL_get_current_cipher(cfg->ssl), buf, buflen);
+	return 1;
+}
+
 int ast_tls_read_conf(struct ast_tls_config *tls_cfg, struct ast_tcptls_session_args *tls_desc, const char *varname, const char *value)
 {
 	if (!strcasecmp(varname, "tlsenable") || !strcasecmp(varname, "sslenable")) {
@@ -714,16 +730,32 @@
 	} else if (!strcasecmp(varname, "tlsclientmethod") || !strcasecmp(varname, "sslclientmethod")) {
 		if (!strcasecmp(value, "tlsv1")) {
 			ast_set_flag(&tls_cfg->flags, AST_SSL_TLSV1_CLIENT);
+			ast_clear_flag(&tls_cfg->flags, AST_SSL_TLSV11_CLIENT);
+			ast_clear_flag(&tls_cfg->flags, AST_SSL_TLSV12_CLIENT);
+			ast_clear_flag(&tls_cfg->flags, AST_SSL_SSLV3_CLIENT);
+			ast_clear_flag(&tls_cfg->flags, AST_SSL_SSLV2_CLIENT);
+		} else if (!strcasecmp(value, "tlsv11")) {
+			ast_set_flag(&tls_cfg->flags, AST_SSL_TLSV11_CLIENT);
+			ast_clear_flag(&tls_cfg->flags, AST_SSL_SSLV3_CLIENT);
+			ast_clear_flag(&tls_cfg->flags, AST_SSL_SSLV2_CLIENT);
+		} else if (!strcasecmp(value, "tlsv12")) {
+			ast_set_flag(&tls_cfg->flags, AST_SSL_TLSV12_CLIENT);
+			ast_set_flag(&tls_cfg->flags, AST_SSL_TLSV11_CLIENT);
+			ast_clear_flag(&tls_cfg->flags, AST_SSL_TLSV12_CLIENT);
 			ast_clear_flag(&tls_cfg->flags, AST_SSL_SSLV3_CLIENT);
 			ast_clear_flag(&tls_cfg->flags, AST_SSL_SSLV2_CLIENT);
 		} else if (!strcasecmp(value, "sslv3")) {
 			ast_set_flag(&tls_cfg->flags, AST_SSL_SSLV3_CLIENT);
 			ast_clear_flag(&tls_cfg->flags, AST_SSL_SSLV2_CLIENT);
 			ast_clear_flag(&tls_cfg->flags, AST_SSL_TLSV1_CLIENT);
+			ast_clear_flag(&tls_cfg->flags, AST_SSL_TLSV11_CLIENT);
+			ast_clear_flag(&tls_cfg->flags, AST_SSL_TLSV12_CLIENT);
 		} else if (!strcasecmp(value, "sslv2")) {
 			ast_log(LOG_WARNING, "SSL v2 is considered insecure. Please upgrade to TLSv1\n");
 			ast_set_flag(&tls_cfg->flags, AST_SSL_SSLV2_CLIENT);
 			ast_clear_flag(&tls_cfg->flags, AST_SSL_TLSV1_CLIENT);
+			ast_clear_flag(&tls_cfg->flags, AST_SSL_TLSV11_CLIENT);
+			ast_clear_flag(&tls_cfg->flags, AST_SSL_TLSV12_CLIENT);
 			ast_clear_flag(&tls_cfg->flags, AST_SSL_SSLV3_CLIENT);
 		}
 	} else {
@@ -732,3 +764,9 @@
 
 	return 0;
 }
+
+
+char *tls_library_version( void )
+{
+	return OPENSSL_VERSION_TEXT;
+}


