ast_tls_read_conf() is a new api call for handling SSL/TLS options across all conf files. Before this change, SSL/TLS options were not consistent. http.conf and manager.conf required the 'ssl' prefix while sip.conf used options with the 'tls' prefix. While the options had different names in different conf files, they all did the exact same thing. Now, instead of mixing 'ssl' or 'tls' prefixes to do the same thing depending on what conf file you're in, all SSL/TLS options use the 'tls' prefix. For example. 'sslenable' in http.conf and manager.conf is now 'tlsenable' which matches what already existed in sip.conf. Since this has the potential to break backwards compatibility, previous options containing the 'ssl' prefix still work, but they are no longer documented in the sample.conf files. The change is noted in the CHANGES file though.
Review: http://reviewboard.digium.com/r/237/
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@191028 f38db490-d61c-443f-a65b-d21fe96a405b
Adds option to specify a private key .pem file when configuring TLS or SSL in AMI, HTTP, and SIP. Before this, the certificate file was used for both the public and private key. It is possible for this file to hold both, but most configurations allow for a separate private key file to be specified. Clarified in .conf files how these options are to be used. The current conf files do not explain how the private key is handled at all, so without knowledge of Asterisk's TLS implementation, it would be hard to know for sure what was going on or how to set it up.
Review: http://reviewboard.digium.com/r/234/
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@190545 f38db490-d61c-443f-a65b-d21fe96a405b
1) rename 'struct server_args' to 'struct ast_tcptls_session_args', to follow coding guidelines
2) make ast_make_file_from_fd() static and rename it to something that indicates what it really is for (again coding guidelines)
3) rename address variables inside 'struct ast_tcptls_session_args' to be more descriptive (dare i say it... coding guidelines)
4) change ast_tcptls_client_start() to use the new 'remote_address' field of the session args for the destination of the connection, and use the 'local_address' field to bind() the socket to the proper source address, if one is supplied
5) in chan_sip, ensure that we pass in the PP address we are bound to when creating outbound (client) connections, so that our connections will appear from the correct address
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@151101 f38db490-d61c-443f-a65b-d21fe96a405b
when a file is invalid from when a file is missing. This is most important when
we have two configuration files. Consider the following example:
Old system:
sip.conf users.conf Old result New result
======== ========== ========== ==========
Missing Missing SIP doesn't load SIP doesn't load
Missing OK SIP doesn't load SIP doesn't load
Missing Invalid SIP doesn't load SIP doesn't load
OK Missing SIP loads SIP loads
OK OK SIP loads SIP loads
OK Invalid SIP loads incompletely SIP doesn't load
Invalid Missing SIP doesn't load SIP doesn't load
Invalid OK SIP doesn't load SIP doesn't load
Invalid Invalid SIP doesn't load SIP doesn't load
So in the case when users.conf doesn't load because there's a typo that
disrupts the syntax, we may only partially load users, instead of failing with
an error, which may cause some calls not to get processed. Worse yet, the old
system would do this with no indication that anything was even wrong.
(closes issue #10690)
Reported by: dtyoo
Patches:
20080716__bug10690.diff.txt uploaded by Corydon76 (license 14)
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@142992 f38db490-d61c-443f-a65b-d21fe96a405b
ago (does not affect 1.4), where you would pass
a pointer to the end of a character array, and
ast_uri_decode would do no good.
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@133651 f38db490-d61c-443f-a65b-d21fe96a405b
them, and memory does not get free'd causing strange issues with SIP.
This code was originally written by russellb in the team/group/issue_11972/ branch.
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@123546 f38db490-d61c-443f-a65b-d21fe96a405b
requires manager authentication for any POST's being sent to the server as well to help secure uploads.
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@118161 f38db490-d61c-443f-a65b-d21fe96a405b
same name in http queries, which might confuse the manager.
Replace calls to ast_uri_decode() with a local function that also
replaces '+' with ' ', as this is the normal encoding for
spaces in http requests.
This allows passing cli commands to the manager through the
http interface.
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@117295 f38db490-d61c-443f-a65b-d21fe96a405b
https://origsvn.digium.com/svn/asterisk/branches/1.4
........
r114600 | russell | 2008-04-23 17:18:12 -0500 (Wed, 23 Apr 2008) | 6 lines
Improve some broken cookie parsing code. Previously, manager login over HTTP
would only work if the mansession_id cookie was first. Now, the code builds
a list of all of the cookies in the Cookie header. This fixes a problem
observed by users of the Asterisk GUI.
(closes AST-20)
........
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@114601 f38db490-d61c-443f-a65b-d21fe96a405b
This does introduce a dependency on the GMime library for handling HTTP POSTs, but it is available in most distros.
If the library is present, then the compile flag for ENABLE_UPLOADS is enabled by default in menuselect.
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@109229 f38db490-d61c-443f-a65b-d21fe96a405b
automatically generated file like it used to be. This still needs to be there
for modules that have to check it to compile against multiple asterisk versions.
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@104244 f38db490-d61c-443f-a65b-d21fe96a405b
This set of changes introduces TCP and TLS support for chan_sip. There are various
new options in configs/sip.conf.sample that are used to enable these features. Also,
there is a document, doc/siptls.txt that describes some things in more detail.
This code was implemented by Brett Bryant and James Golovich. It was reviewed
by Joshua Colp and myself. A number of other people participated in the testing
of this code, but since it was done outside of the bug tracker, I do not have their
names. If you were one of them, thanks a lot for the help!
(closes issue #4903, but with completely different code that what exists there.)
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@99085 f38db490-d61c-443f-a65b-d21fe96a405b
revision changed, every module that used the version was getting rebuilt after
every svn update. This severly annoyed me pretty quickly, so I have improved
the situation.
Now, instead of generating version.h, main/version.c is generated. version.c
includes the version information, as well as a couple of API calls for modules
to retrieve the version. So now, only version.c will get rebuilt, and the main
asterisk binary relinked, which is must faster than rebuilding http.c, manager.c,
asterisk.c, relinking the asterisk binary, chan_sip.c, func_version.c, res_agi ...
The only minor change in behavior here is that the version information reported by
chan_sip, for example, is the version of the Asterisk core, and not necessarily the
Asterisk version that the chan_sip module came from.
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@96717 f38db490-d61c-443f-a65b-d21fe96a405b
build times - tested, there is no measureable difference before and
after this commit.
In this change:
use asterisk/compat.h to include a small set of system headers:
inttypes.h, unistd.h, stddef.h, stddint.h, sys/types.h, stdarg.h,
stdlib.h, alloca.h, stdio.h
Where available, the inclusion is conditional on HAVE_FOO_H as determined
by autoconf.
Normally, source files should not include any of the above system headers,
and instead use either "asterisk.h" or "asterisk/compat.h" which does it
better.
For the time being I have left alone second-level directories
(main/db1-ast, etc.).
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@89333 f38db490-d61c-443f-a65b-d21fe96a405b
dvossel