Asterisk - The Open Source Telephony Project
21.4.1
|
Code to support TCP and TLS server/client. More...
#include "asterisk.h"
#include "asterisk/tcptls.h"
#include "asterisk/iostream.h"
#include <fcntl.h>
#include <netinet/in.h>
#include <openssl/asn1.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/opensslconf.h>
#include <openssl/opensslv.h>
#include <openssl/safestack.h>
#include <openssl/ssl.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/bio.h>
#include <openssl/dh.h>
#include <openssl/pem.h>
#include <openssl/ec.h>
#include <pthread.h>
#include <signal.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include "asterisk/app.h"
#include "asterisk/astobj2.h"
#include "asterisk/compat.h"
#include "asterisk/config.h"
#include "asterisk/io.h"
#include "asterisk/lock.h"
#include "asterisk/logger.h"
#include "asterisk/netsock2.h"
#include "asterisk/pbx.h"
#include "asterisk/utils.h"
Go to the source code of this file.
Macros | |
#define | SSL_CTRL_SET_ECDH_AUTO 94 |
Functions | |
static int | __ssl_setup (struct ast_tls_config *cfg, int client) |
static void | __ssl_setup_certs (struct ast_tls_config *cfg, const size_t cert_file_len, const char *key_type_extension, const char *key_type) |
int | ast_ssl_setup (struct ast_tls_config *cfg) |
Set up an SSL server. More... | |
void | ast_ssl_teardown (struct ast_tls_config *cfg) |
free resources used by an SSL server More... | |
struct ast_tcptls_session_instance * | ast_tcptls_client_create (struct ast_tcptls_session_args *desc) |
Creates a client connection's ast_tcptls_session_instance. | |
struct ast_tcptls_session_instance * | ast_tcptls_client_start (struct ast_tcptls_session_instance *tcptls_session) |
Attempt to connect and start a tcptls session. More... | |
struct ast_tcptls_session_instance * | ast_tcptls_client_start_timeout (struct ast_tcptls_session_instance *tcptls_session, int timeout) |
Attempt to connect and start a tcptls session within the given timeout. More... | |
void | ast_tcptls_close_session_file (struct ast_tcptls_session_instance *tcptls_session) |
Closes a tcptls session instance's file and/or file descriptor. The tcptls_session will be set to NULL and it's file descriptor will be set to -1 by this function. | |
void * | ast_tcptls_server_root (void *data) |
void | ast_tcptls_server_start (struct ast_tcptls_session_args *desc) |
This is a generic (re)start routine for a TCP server, which does the socket/bind/listen and starts a thread for handling accept(). More... | |
void | ast_tcptls_server_stop (struct ast_tcptls_session_args *desc) |
Shutdown a running server if there is one. More... | |
int | ast_tls_read_conf (struct ast_tls_config *tls_cfg, struct ast_tcptls_session_args *tls_desc, const char *varname, const char *value) |
Used to parse conf files containing tls/ssl options. | |
static int | check_tcptls_cert_name (ASN1_STRING *cert_str, const char *hostname, const char *desc) |
static void * | handle_tcptls_connection (void *data) |
creates a FILE * from the fd passed by the accept thread. This operation is potentially expensive (certificate verification), so we do it in the child thread context. More... | |
static void | session_instance_destructor (void *obj) |
static int | socket_connect (int sockfd, const struct ast_sockaddr *addr, int timeout) |
static void | write_openssl_error_to_log (void) |
Code to support TCP and TLS server/client.
Definition in file tcptls.c.
int ast_ssl_setup | ( | struct ast_tls_config * | cfg | ) |
void ast_ssl_teardown | ( | struct ast_tls_config * | cfg | ) |
free resources used by an SSL server
cfg | Configuration for the SSL server |
struct ast_tcptls_session_instance* ast_tcptls_client_start | ( | struct ast_tcptls_session_instance * | tcptls_session | ) |
Attempt to connect and start a tcptls session.
Blocks until a connection is established, or an error occurs.
tcptls_session | The session instance to connect and start |
Definition at line 673 of file tcptls.c.
References ast_tcptls_client_start_timeout().
struct ast_tcptls_session_instance* ast_tcptls_client_start_timeout | ( | struct ast_tcptls_session_instance * | tcptls_session, |
int | timeout | ||
) |
Attempt to connect and start a tcptls session within the given timeout.
tcptls_session | The session instance to connect and start |
timeout | How long (in milliseconds) to attempt to connect (-1 equals infinite) |
Definition at line 645 of file tcptls.c.
References ao2_ref, ast_fd_clear_flags, ast_sockaddr_stringify(), handle_tcptls_connection(), and ast_tcptls_session_args::tls_cfg.
Referenced by ast_tcptls_client_start().
void ast_tcptls_server_start | ( | struct ast_tcptls_session_args * | desc | ) |
This is a generic (re)start routine for a TCP server, which does the socket/bind/listen and starts a thread for handling accept().
Definition at line 760 of file tcptls.c.
References ast_tcptls_session_args::accept_fn, ast_bind(), ast_calloc, ast_debug, ast_read_textfile(), ast_sd_get_fd(), ast_sha1_hash(), ast_sockaddr_cmp(), ast_sockaddr_copy(), ast_sockaddr_is_ipv6(), ast_sockaddr_isnull(), ast_sockaddr_setnull(), ast_sockaddr_stringify(), ast_socket_nonblock, ast_strdup, ast_tcptls_session_args::master, ast_tcptls_session_args::old_address, ast_tcptls_session_args::old_tls_cfg, and ast_tcptls_session_args::tls_cfg.
void ast_tcptls_server_stop | ( | struct ast_tcptls_session_args * | desc | ) |
Shutdown a running server if there is one.
Definition at line 925 of file tcptls.c.
References ast_debug, ast_tcptls_session_args::master, and ast_tcptls_session_args::old_tls_cfg.
|
static |
creates a FILE * from the fd passed by the accept thread. This operation is potentially expensive (certificate verification), so we do it in the child thread context.
Definition at line 140 of file tcptls.c.
References ao2_ref, ast_iostream_get_ssl(), ast_iostream_start_tls(), ast_sockaddr_stringify(), AST_SSL_DONT_VERIFY_SERVER, AST_SSL_IGNORE_COMMON_NAME, AST_SSL_VERIFY_CLIENT, ast_tcptls_close_session_file(), ast_thread_inhibit_escalations(), ast_thread_user_interface_set(), ast_tcptls_session_args::hostname, ast_tcptls_session_instance::stream, ast_tcptls_session_args::tls_cfg, and ast_tcptls_session_args::worker_fn.
Referenced by ast_tcptls_client_start_timeout().