[svn-commits] file: branch file/sha256-a-harsh-reality r417140 - /team/file/sha256-a-harsh-...
SVN commits to the Digium repositories
svn-commits at lists.digium.com
Mon Jun 23 13:19:31 CDT 2014
Author: file
Date: Mon Jun 23 13:19:25 2014
New Revision: 417140
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=417140
Log:
Get hold/unhold working.
This change does two things:
1. The return value of SSL_read is used to determine when errors occur versus info callback
2. The SSL structures are cleared and setup on negotiation AND renegoation
Modified:
team/file/sha256-a-harsh-reality/res/res_rtp_asterisk.c
Modified: team/file/sha256-a-harsh-reality/res/res_rtp_asterisk.c
URL: http://svnview.digium.com/svn/asterisk/team/file/sha256-a-harsh-reality/res/res_rtp_asterisk.c?view=diff&rev=417140&r1=417139&r2=417140
==============================================================================
--- team/file/sha256-a-harsh-reality/res/res_rtp_asterisk.c (original)
+++ team/file/sha256-a-harsh-reality/res/res_rtp_asterisk.c Mon Jun 23 13:19:25 2014
@@ -295,7 +295,6 @@
enum ast_rtp_dtls_hash remote_hash; /*!< Remote hash used for the fingerprint */
unsigned char remote_fingerprint[EVP_MAX_MD_SIZE]; /*!< Fingerprint of the peer certificate */
enum ast_rtp_dtls_connection connection; /*!< Whether this is a new or existing connection */
- unsigned int dtls_failure:1; /*!< Failure occurred during DTLS negotiation */
unsigned int rekey; /*!< Interval at which to renegotiate and rekey */
int rekeyid; /*!< Scheduled item id for rekeying */
int dtlstimerid; /*!< Scheduled item id for DTLS retransmission for RTP */
@@ -794,18 +793,6 @@
#endif
#ifdef HAVE_OPENSSL_SRTP
-static void dtls_info_callback(const SSL *ssl, int where, int ret)
-{
- struct ast_rtp *rtp = SSL_get_ex_data(ssl, 0);
-
- /* We only care about alerts */
- if (!(where & SSL_CB_ALERT)) {
- return;
- }
-
- rtp->dtls_failure = 1;
-}
-
static int dtls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
{
/* We don't want to actually verify the certificate so just accept what they have provided */
@@ -828,9 +815,6 @@
goto error;
}
- SSL_set_ex_data(rtp->rtcp->ssl, 0, rtp);
- SSL_set_info_callback(rtp->rtcp->ssl, dtls_info_callback);
-
if (!(rtp->rtcp->read_bio = BIO_new(BIO_s_mem()))) {
ast_log(LOG_ERROR, "Failed to allocate memory for inbound SSL traffic on RTCP of RTP instance '%p'\n",
instance);
@@ -846,14 +830,6 @@
BIO_set_mem_eof_return(rtp->rtcp->write_bio, -1);
SSL_set_bio(rtp->rtcp->ssl, rtp->rtcp->read_bio, rtp->rtcp->write_bio);
-
- if (rtp->rtcp->dtls_setup == AST_RTP_DTLS_SETUP_PASSIVE) {
- SSL_set_accept_state(rtp->rtcp->ssl);
- } else {
- SSL_set_connect_state(rtp->rtcp->ssl);
- }
-
- rtp->rtcp->connection = AST_RTP_DTLS_CONNECTION_NEW;
return 0;
@@ -992,9 +968,6 @@
goto error;
}
- SSL_set_ex_data(rtp->ssl, 0, rtp);
- SSL_set_info_callback(rtp->ssl, dtls_info_callback);
-
if (!(rtp->read_bio = BIO_new(BIO_s_mem()))) {
ast_log(LOG_ERROR, "Failed to allocate memory for inbound SSL traffic on RTP instance '%p'\n",
instance);
@@ -1010,14 +983,6 @@
BIO_set_mem_eof_return(rtp->write_bio, -1);
SSL_set_bio(rtp->ssl, rtp->read_bio, rtp->write_bio);
-
- if (rtp->dtls_setup == AST_RTP_DTLS_SETUP_PASSIVE) {
- SSL_set_accept_state(rtp->ssl);
- } else {
- SSL_set_connect_state(rtp->ssl);
- }
-
- rtp->connection = AST_RTP_DTLS_CONNECTION_NEW;
return 0;
@@ -1249,11 +1214,25 @@
#ifdef HAVE_OPENSSL_SRTP
if (rtp->ssl) {
+ SSL_clear(rtp->ssl);
+ if (rtp->dtls_setup == AST_RTP_DTLS_SETUP_PASSIVE) {
+ SSL_set_accept_state(rtp->ssl);
+ } else {
+ SSL_set_connect_state(rtp->ssl);
+ }
+ rtp->connection = AST_RTP_DTLS_CONNECTION_NEW;
SSL_do_handshake(rtp->ssl);
dtls_srtp_check_pending(instance, rtp, 0);
}
if (rtp->rtcp && rtp->rtcp->ssl) {
+ SSL_clear(rtp->rtcp->ssl);
+ if (rtp->rtcp->dtls_setup == AST_RTP_DTLS_SETUP_PASSIVE) {
+ SSL_set_accept_state(rtp->rtcp->ssl);
+ } else {
+ SSL_set_connect_state(rtp->rtcp->ssl);
+ }
+ rtp->rtcp->connection = AST_RTP_DTLS_CONNECTION_NEW;
SSL_do_handshake(rtp->rtcp->ssl);
dtls_srtp_check_pending(instance, rtp, 1);
}
@@ -1742,13 +1721,13 @@
len = SSL_read(ssl, buf, len);
- dtls_srtp_check_pending(instance, rtp, rtcp);
-
- if (rtp->dtls_failure) {
+ if ((len < 0) && (SSL_get_error(ssl, len) == SSL_ERROR_SSL)) {
ast_log(LOG_ERROR, "DTLS failure occurred on RTP instance '%p', terminating\n",
instance);
return -1;
}
+
+ dtls_srtp_check_pending(instance, rtp, rtcp);
if (SSL_is_init_finished(ssl)) {
/* Any further connections will be existing since this is now established */
@@ -4636,10 +4615,24 @@
#endif
if (rtp->ssl) {
+ SSL_clear(rtp->ssl);
+ if (rtp->dtls_setup == AST_RTP_DTLS_SETUP_PASSIVE) {
+ SSL_set_accept_state(rtp->ssl);
+ } else {
+ SSL_set_connect_state(rtp->ssl);
+ }
+ rtp->connection = AST_RTP_DTLS_CONNECTION_NEW;
SSL_do_handshake(rtp->ssl);
dtls_srtp_check_pending(instance, rtp, 0);
}
if (rtp->rtcp && rtp->rtcp->ssl) {
+ SSL_clear(rtp->rtcp->ssl);
+ if (rtp->rtcp->dtls_setup == AST_RTP_DTLS_SETUP_PASSIVE) {
+ SSL_set_accept_state(rtp->rtcp->ssl);
+ } else {
+ SSL_set_connect_state(rtp->rtcp->ssl);
+ }
+ rtp->rtcp->connection = AST_RTP_DTLS_CONNECTION_NEW;
SSL_do_handshake(rtp->rtcp->ssl);
dtls_srtp_check_pending(instance, rtp, 1);
}
More information about the svn-commits
mailing list