[asterisk-dev] tcptls: Use new certificate on reload
Joshua Colp
jcolp at digium.com
Tue Nov 29 05:34:45 CST 2016
On Sun, Nov 27, 2016, at 11:29 PM, Corey Farrell wrote:
> A review [1] has been posted to fix an issue where TLS servers would
> not be restarted unless the bind address was changed. This would
> prevent use of new certificates if available. Unfortunately this
> change does cause an ABI change. Fields are added to public
> structures 'struct ast_tls_config' and 'struct
> ast_tcptls_session_args'. Within Asterisk itself these structures are
> used by app_externalivr, chan_sip, res_http_websocket, http.c and
> manager.c.
>
> tcptls.h does not provide an allocation method for it's structures.
> These means it is impossible to add fields to these structures without
> breaking the ABI. How does everyone feel about moving forward with
> the fix as is?
When it comes to ABI compatibility I take what exactly is being changed
into account. In the case of the TCP/TLS code it's not something I'd see
outside code or developers using (the commercial modules certainly don't
use it) which is why I'm personally not opposed to accepting it.
Any other thoughts? Do we want to be strict and only allow on master?
--
Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - US
Check us out at: www.digium.com & www.asterisk.org
More information about the asterisk-dev
mailing list