<html>
<body>
<div style="font-family: Verdana, Arial, Helvetica, Sans-Serif;">
<table bgcolor="#f9f3c9" width="100%" cellpadding="8" style="border: 1px #c9c399 solid;">
<tr>
<td>
This is an automatically generated e-mail. To reply, visit:
<a href="https://reviewboard.asterisk.org/r/1709/">https://reviewboard.asterisk.org/r/1709/</a>
</td>
</tr>
</table>
<br />
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<p style="margin-top: 0;">On February 2nd, 2012, 10:06 a.m., <b>Paul Belanger</b> wrote:</p>
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<table width="100%" border="0" bgcolor="white" style="border: 1px solid #C0C0C0; border-collapse: collapse; margin: 2px padding: 2px;">
<thead>
<tr>
<th colspan="4" bgcolor="#F0F0F0" style="border-bottom: 1px solid #C0C0C0; font-size: 9pt; padding: 4px 8px; text-align: left;">
<a href="https://reviewboard.asterisk.org/r/1709/diff/1/?file=23870#file23870line57" style="color: black; font-weight: bold; text-decoration: underline;">/branches/1.8/configs/http.conf.sample</a>
<span style="font-weight: normal;">
(Diff revision 1)
</span>
</th>
</tr>
</thead>
<tbody style="background-color: #e4d9cb; padding: 4px 8px; text-align: center;">
<tr>
<td colspan="4"><pre style="font-size: 8pt; line-height: 140%; margin: 0; "></pre></td>
</tr>
</tbody>
<tbody>
<tr>
<th bgcolor="#e9eaa8" style="border-right: 1px solid #C0C0C0;" align="right"><font size="2">57</font></th>
<td bgcolor="#fdfebc" width="50%"><pre style="font-size: 8pt; line-height: 140%; margin: 0; ">;tlsbindport=4433 ; port to use - default is 8089</pre></td>
<th bgcolor="#e9eaa8" style="border-left: 1px solid #C0C0C0; border-right: 1px solid #C0C0C0;" align="right"><font size="2">57</font></th>
<td bgcolor="#fdfebc" width="50%"><pre style="font-size: 8pt; line-height: 140%; margin: 0; ">;tlsbindaddr=0.0.0.0:8089 ; address and port to bind to - default is bindaddr and port 8089.</pre></td>
</tr>
</tbody>
<tbody>
<tr>
<th bgcolor="#ebb1ba" style="border-right: 1px solid #C0C0C0;" align="right"><font size="2">58</font></th>
<td bgcolor="#ffc5ce" width="50%"><pre style="font-size: 8pt; line-height: 140%; margin: 0; ">;tlsbindaddr=0.0.0.0 ; address to bind to - default is bindaddr.</pre></td>
<th bgcolor="#ebb1ba" style="border-left: 1px solid #C0C0C0; border-right: 1px solid #C0C0C0;" align="right"><font size="2"></font></th>
<td bgcolor="#ffc5ce" width="50%"><pre style="font-size: 8pt; line-height: 140%; margin: 0; "></pre></td>
</tr>
</tbody>
</table>
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">might be worth adding a note in CHANGES or UPGRADE.txt that this setting was removed / never worked.</pre>
</blockquote>
<p>On February 2nd, 2012, 10:14 a.m., <b>Mark Michelson</b> wrote:</p>
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">Yeah I had thought about this, but it's a bit of a weird situation since tlsbindport was never actually in an Asterisk release. It was added and removed prior to the release of 1.8.0. So it doesn't really belong in UPGRADE.txt since it has nothing to do with previous releases. On the other hand, a note in UPGRADE.txt indicating that preferred port must now be specified as part of the tlsbindaddr makes sense though. Do you think that's enough?</pre>
</blockquote>
</blockquote>
<pre style="margin-left: 1em; white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">I've added the following text to UPGRADE.txt:
* When using TLS with Manager or the HTTP server, the desired port
must be specified in the "tlsbindaddr" setting. If no port is specified,
then the default port will be used. See the sample config file to know
the default ports. Settings like "sslbindport" and "tlsbindport" have
no effect.</pre>
<br />
<p>- Mark</p>
<br />
<p>On February 2nd, 2012, 9:57 a.m., Mark Michelson wrote:</p>
<table bgcolor="#fefadf" width="100%" cellspacing="0" cellpadding="8" style="background-image: url('https://reviewboard.asterisk.org/media/rb/images/review_request_box_top_bg.png'); background-position: left top; background-repeat: repeat-x; border: 1px black solid;">
<tr>
<td>
<div>Review request for Asterisk Developers.</div>
<div>By Mark Michelson.</div>
<p style="color: grey;"><i>Updated Feb. 2, 2012, 9:57 a.m.</i></p>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Description </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: 1px solid #b8b5a0">
<tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">During the formative stages of Asterisk 1.8, a common set of TLS settings was added to the TCP/TLS API, with the function ast_tls_read_conf() used to set common attributes. When this API was added, a "tlsbindport" option was present, and its presence was made known in http.conf.sample and manager.conf.sample.
Later, IPv6 support was added, and as part of it, the "tlsbindport" setting was removed from the common set of TLS settings. It was removed in favor of setting the port as part of the "tlsbindaddr" setting. Unfortunately, there were two problems. Firstly, the sample config files were not updated to indicate this setting had been removed. Secondly, the IPv6 merge introduced some screwy logic that caused the port to not get set to the proper default when not specified.
This patch has three fixes:
1. http.conf.sample and manager.conf.sample no longer reference the tlsbindport option, instead indicating to set the port in the tlsbindaddr setting instead.
2. Both manager.c and http.c will set the port to the proper default if none is specified. The code was previously attempting to pre-seed the default port into the settings. The problem is that this was being overwritten later in the config. The fix is to set the default port later, and only do so if no port was specified in the config file.
3. Based on notes from ASTERISK-19204, I also fixed behavior when TLS is initially enabled, Asterisk is started, then TLS is disabled in the config file, and either manager or http is reloaded. Previously, we would not actually close the TCP socket. Now we do!</pre>
</td>
</tr>
</table>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Testing </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: 1px solid #b8b5a0">
<tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">Ran manager and http through their paces. For each, I did the following:
1. Started Asterisk with TLS disabled. Verified that we did not start TLS service.
2. Started Asterisk with TLS enabled and no tlsbindaddr. Verified that service was started on the same address as non-TLS service and used the default TLS port.
3. Started Asterisk with TLS enabled and a tlsbindaddr with no port. Verified that service was started on the specified tlsbindaddr and on default TLS port.
4. Started Asterisk with TLS enabled and a tlsbindaddr with port. Verified that service was started on the specified tlsbindaddr and port.
5. Did step 4. Changed config file to not indicate a port in tlsbindaddr. Reloaded service. Verified that previous socket was closed and that service was restarted on default port.
5. Did step 4. Changed config file so TLS was disabled. Reloaded service. Verified that previous socket was closed and no new TLS service was started.</pre>
</td>
</tr>
</table>
<div style="margin-top: 1.5em;">
<b style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Bugs: </b>
<a href="https://issues.asterisk.org/jira/browse/ASTERISK-16959">ASTERISK-16959</a>,
<a href="https://issues.asterisk.org/jira/browse/ASTERISK-19201">ASTERISK-19201</a>,
<a href="https://issues.asterisk.org/jira/browse/ASTERISK-19204">ASTERISK-19204</a>
</div>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Diffs</b> </h1>
<ul style="margin-left: 3em; padding-left: 0;">
<li>/branches/1.8/configs/http.conf.sample <span style="color: grey">(352913)</span></li>
<li>/branches/1.8/configs/manager.conf.sample <span style="color: grey">(352913)</span></li>
<li>/branches/1.8/include/asterisk/manager.h <span style="color: grey">(352913)</span></li>
<li>/branches/1.8/main/http.c <span style="color: grey">(352913)</span></li>
<li>/branches/1.8/main/manager.c <span style="color: grey">(352913)</span></li>
</ul>
<p><a href="https://reviewboard.asterisk.org/r/1709/diff/" style="margin-left: 3em;">View Diff</a></p>
</td>
</tr>
</table>
</div>
</body>
</html>