Asterisk - The Open Source Telephony Project
21.4.1
|
Generic support for tcp/tls servers in Asterisk. More...
#include <pthread.h>
#include <sys/param.h>
#include "asterisk/iostream.h"
#include "asterisk/netsock2.h"
#include "asterisk/utils.h"
Go to the source code of this file.
Data Structures | |
struct | ast_tcptls_session_args |
arguments for the accepting thread More... | |
struct | ast_tcptls_session_instance |
describes a server instance More... | |
struct | ast_tls_config |
Macros | |
#define | AST_CERTFILE "asterisk.pem" |
Enumerations | |
enum | ast_ssl_flags { AST_SSL_VERIFY_CLIENT = (1 << 0), AST_SSL_DONT_VERIFY_SERVER = (1 << 1), AST_SSL_IGNORE_COMMON_NAME = (1 << 2), AST_SSL_SSLV2_CLIENT = (1 << 3), AST_SSL_SSLV3_CLIENT = (1 << 4), AST_SSL_TLSV1_CLIENT = (1 << 5), AST_SSL_SERVER_CIPHER_ORDER = (1 << 6), AST_SSL_DISABLE_TLSV1 = (1 << 7), AST_SSL_DISABLE_TLSV11 = (1 << 8), AST_SSL_DISABLE_TLSV12 = (1 << 9) } |
Functions | |
int | ast_ssl_setup (struct ast_tls_config *cfg) |
Set up an SSL server. More... | |
void | ast_ssl_teardown (struct ast_tls_config *cfg) |
free resources used by an SSL server More... | |
struct ast_tcptls_session_instance * | ast_tcptls_client_create (struct ast_tcptls_session_args *desc) |
Creates a client connection's ast_tcptls_session_instance. | |
struct ast_tcptls_session_instance * | ast_tcptls_client_start (struct ast_tcptls_session_instance *tcptls_session) |
Attempt to connect and start a tcptls session. More... | |
struct ast_tcptls_session_instance * | ast_tcptls_client_start_timeout (struct ast_tcptls_session_instance *tcptls_session, int timeout) |
Attempt to connect and start a tcptls session within the given timeout. More... | |
void | ast_tcptls_close_session_file (struct ast_tcptls_session_instance *tcptls_session) |
Closes a tcptls session instance's file and/or file descriptor. The tcptls_session will be set to NULL and it's file descriptor will be set to -1 by this function. | |
void * | ast_tcptls_server_root (void *) |
void | ast_tcptls_server_start (struct ast_tcptls_session_args *desc) |
This is a generic (re)start routine for a TCP server, which does the socket/bind/listen and starts a thread for handling accept(). More... | |
void | ast_tcptls_server_stop (struct ast_tcptls_session_args *desc) |
Shutdown a running server if there is one. More... | |
int | ast_tls_read_conf (struct ast_tls_config *tls_cfg, struct ast_tcptls_session_args *tls_desc, const char *varname, const char *value) |
Used to parse conf files containing tls/ssl options. | |
Generic support for tcp/tls servers in Asterisk.
TLS/SSL support is basically implemented by reading from a config file (currently manager.conf, http.conf and pjsip.conf) the names of the certificate files and cipher to use, and then run ssl_setup() to create an appropriate data structure named ssl_ctx.
If we support multiple domains, presumably we need to read multiple certificates.
When we are requested to open a TLS socket, we run make_file_from_fd() on the socket, to do the necessary setup. At the moment the context's name is hardwired in the function, but we can certainly make it into an extra parameter to the function.
We declare most of ssl support variables unconditionally, because their number is small and this simplifies the code.
Definition in file tcptls.h.
enum ast_ssl_flags |
Definition at line 65 of file tcptls.h.
int ast_ssl_setup | ( | struct ast_tls_config * | cfg | ) |
void ast_ssl_teardown | ( | struct ast_tls_config * | cfg | ) |
free resources used by an SSL server
cfg | Configuration for the SSL server |
struct ast_tcptls_session_instance* ast_tcptls_client_start | ( | struct ast_tcptls_session_instance * | tcptls_session | ) |
Attempt to connect and start a tcptls session.
Blocks until a connection is established, or an error occurs.
tcptls_session | The session instance to connect and start |
Definition at line 673 of file tcptls.c.
References ast_tcptls_client_start_timeout().
struct ast_tcptls_session_instance* ast_tcptls_client_start_timeout | ( | struct ast_tcptls_session_instance * | tcptls_session, |
int | timeout | ||
) |
Attempt to connect and start a tcptls session within the given timeout.
tcptls_session | The session instance to connect and start |
timeout | How long (in milliseconds) to attempt to connect (-1 equals infinite) |
Definition at line 645 of file tcptls.c.
References ao2_ref, ast_fd_clear_flags, ast_sockaddr_stringify(), handle_tcptls_connection(), and ast_tcptls_session_args::tls_cfg.
Referenced by ast_tcptls_client_start().
void ast_tcptls_server_start | ( | struct ast_tcptls_session_args * | desc | ) |
This is a generic (re)start routine for a TCP server, which does the socket/bind/listen and starts a thread for handling accept().
Definition at line 760 of file tcptls.c.
References ast_tcptls_session_args::accept_fn, ast_bind(), ast_calloc, ast_debug, ast_read_textfile(), ast_sd_get_fd(), ast_sha1_hash(), ast_sockaddr_cmp(), ast_sockaddr_copy(), ast_sockaddr_is_ipv6(), ast_sockaddr_isnull(), ast_sockaddr_setnull(), ast_sockaddr_stringify(), ast_socket_nonblock, ast_strdup, ast_tcptls_session_args::master, ast_tcptls_session_args::old_address, ast_tcptls_session_args::old_tls_cfg, and ast_tcptls_session_args::tls_cfg.
void ast_tcptls_server_stop | ( | struct ast_tcptls_session_args * | desc | ) |
Shutdown a running server if there is one.
Definition at line 925 of file tcptls.c.
References ast_debug, ast_tcptls_session_args::master, and ast_tcptls_session_args::old_tls_cfg.