[asterisk-commits] http: Ensure capath is defined on all http creations (asterisk[master])
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Thu Feb 16 10:40:11 CST 2017
Joshua Colp has submitted this change and it was merged. ( https://gerrit.asterisk.org/4963 )
Change subject: http: Ensure capath is defined on all http creations
......................................................................
http: Ensure capath is defined on all http creations
ASTERISK-26794 #close
Change-Id: I9cbc3b6b6a8aab590f5ccde9c262a98e4d5253a1
---
M main/http.c
1 file changed, 8 insertions(+), 9 deletions(-)
Approvals:
Anonymous Coward #1000019: Verified
Sean Bright: Looks good to me, but someone else must approve
Joshua Colp: Looks good to me, approved
diff --git a/main/http.c b/main/http.c
index 5f57b1e..0db6ee7 100644
--- a/main/http.c
+++ b/main/http.c
@@ -2056,22 +2056,20 @@
http_tls_was_enabled = (reload && http_tls_cfg.enabled);
http_tls_cfg.enabled = 0;
- if (http_tls_cfg.certfile) {
- ast_free(http_tls_cfg.certfile);
- }
+
+ ast_free(http_tls_cfg.certfile);
http_tls_cfg.certfile = ast_strdup(AST_CERTFILE);
- if (http_tls_cfg.pvtfile) {
- ast_free(http_tls_cfg.pvtfile);
- }
+ ast_free(http_tls_cfg.capath);
+ http_tls_cfg.capath = ast_strdup("");
+
+ ast_free(http_tls_cfg.pvtfile);
http_tls_cfg.pvtfile = ast_strdup("");
/* Apply modern intermediate settings according to the Mozilla OpSec team as of July 30th, 2015 but disable TLSv1 */
ast_set_flag(&http_tls_cfg.flags, AST_SSL_DISABLE_TLSV1 | AST_SSL_SERVER_CIPHER_ORDER);
- if (http_tls_cfg.cipher) {
- ast_free(http_tls_cfg.cipher);
- }
+ ast_free(http_tls_cfg.cipher);
http_tls_cfg.cipher = ast_strdup("ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA");
AST_RWLIST_WRLOCK(&uri_redirects);
@@ -2285,6 +2283,7 @@
ast_tcptls_server_stop(&https_desc);
}
ast_free(http_tls_cfg.certfile);
+ ast_free(http_tls_cfg.capath);
ast_free(http_tls_cfg.pvtfile);
ast_free(http_tls_cfg.cipher);
--
To view, visit https://gerrit.asterisk.org/4963
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I9cbc3b6b6a8aab590f5ccde9c262a98e4d5253a1
Gerrit-PatchSet: 4
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Owner: Joshua Elson <joshelson at gmail.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
Gerrit-Reviewer: Sean Bright <sean.bright at gmail.com>
More information about the asterisk-commits
mailing list