kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-10-12 15:45:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

res_pjsip: Add existence and readablity checks for tls related files

Browse Source 
Both transport and endpoint now check for the existence and readability
of tls certificate and key files before passing them on to pjproject.
This will cause the object to not load rather than waiting for pjproject
to discover that there's a problem when a session is attempted.

NOTE: chan_sip also uses ast_rtp_dtls_cfg_parse but it's located
in build_peer which is gigantic and I didn't want to disturb it.
Error messages will emit but it won't interrupt chan_sip loading.

ASTERISK-25618 #close

Change-Id: Ie43f2c1d653ac1fda6a6f6faecb7c2ebadaf47c9
Reported-by: George Joseph
Tested-by: George Joseph
This commit is contained in:
George Joseph
2015-12-08 16:49:20 -07:00
parent 246e513110
commit 21962dad93
5 changed files with 73 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
res/res_pjsip/config_transport.c
View File

@@ -27,6 +27,7 @@
#include "asterisk/astobj2.h"
#include "asterisk/sorcery.h"
#include "asterisk/acl.h"
#include "asterisk/utils.h"
#include "include/res_pjsip_private.h"
#include "asterisk/http_websocket.h"
@@ -224,8 +225,22 @@ static int transport_apply(const struct ast_sorcery *sorcery, void *obj)
ast_sorcery_object_get_id(obj));
return -1;
}
if (!ast_strlen_zero(transport->ca_list_file)) {
if (!ast_file_is_readable(transport->ca_list_file)) {
ast_log(LOG_ERROR, "Transport: %s: ca_list_file %s is either missing or not readable\n",
ast_sorcery_object_get_id(obj), transport->ca_list_file);
return -1;
}
}
transport->tls.ca_list_file = pj_str((char*)transport->ca_list_file);
#ifdef HAVE_PJ_SSL_CERT_LOAD_FROM_FILES2
if (!ast_strlen_zero(transport->ca_list_path)) {
if (!ast_file_is_readable(transport->ca_list_path)) {
ast_log(LOG_ERROR, "Transport: %s: ca_list_path %s is either missing or not readable\n",
ast_sorcery_object_get_id(obj), transport->ca_list_path);
return -1;
}
}
transport->tls.ca_list_path = pj_str((char*)transport->ca_list_path);
#else
if (!ast_strlen_zero(transport->ca_list_path)) {
@@ -233,7 +248,21 @@ static int transport_apply(const struct ast_sorcery *sorcery, void *obj)
"support the 'ca_list_path' option. Please upgrade to version 2.4 or later.\n");
}
#endif
if (!ast_strlen_zero(transport->cert_file)) {
if (!ast_file_is_readable(transport->cert_file)) {
ast_log(LOG_ERROR, "Transport: %s: cert_file %s is either missing or not readable\n",
ast_sorcery_object_get_id(obj), transport->cert_file);
return -1;
}
}
transport->tls.cert_file = pj_str((char*)transport->cert_file);
if (!ast_strlen_zero(transport->privkey_file)) {
if (!ast_file_is_readable(transport->privkey_file)) {
ast_log(LOG_ERROR, "Transport: %s: privkey_file %s is either missing or not readable\n",
ast_sorcery_object_get_id(obj), transport->privkey_file);
return -1;
}
}
transport->tls.privkey_file = pj_str((char*)transport->privkey_file);
transport->tls.password = pj_str((char*)transport->password);
set_qos(transport, &transport->tls.qos_params);