Fix TLS port binding behavior as well as reload behavior:

* Removes references to tlsbindport from http.conf.sample and manager.conf.sample * Properly bind to port specified in tlsbindaddr, using the default port if specified. * On a reload, properly close socket if the service has been disabled. A note has been added to UPGRADE.txt to indicate how ports must be set for TLS. (closes issue ASTERISK-16959) reported by Olaf Holthausen (closes issue ASTERISK-19201) reported by Chris Mylonas (closes issue ASTERISK-19204) reported by Chris Mylonas Review: https://reviewboard.asterisk.org/r/1709 git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@353770 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2025-11-02 11:58:40 +00:00 · 2012-02-02 16:58:44 +00:00
parent ad24624751
commit 47b3aa6362
6 changed files with 45 additions and 20 deletions
--- a/main/manager.c
+++ b/main/manager.c
@@ -6491,6 +6491,7 @@ static int __init_manager(int reload)
 	char a1_hash[256];
 	struct sockaddr_in ami_desc_local_address_tmp = { 0, };
 	struct sockaddr_in amis_desc_local_address_tmp = { 0, };
+	int tls_was_enabled = 0;

 	if (!registered) {
 		/* Register default actions */
@@ -6556,11 +6557,16 @@ static int __init_manager(int reload)

 	/* default values */
 	ast_copy_string(global_realm, S_OR(ast_config_AST_SYSTEM_NAME, DEFAULT_REALM), sizeof(global_realm));
-	memset(&ami_desc.local_address, 0, sizeof(struct sockaddr_in));
-	memset(&amis_desc.local_address, 0, sizeof(amis_desc.local_address));
-	amis_desc_local_address_tmp.sin_port = htons(5039);
+	ast_sockaddr_setnull(&ami_desc.local_address);
+	ast_sockaddr_setnull(&amis_desc.local_address);
+
+	ami_desc_local_address_tmp.sin_family = AF_INET;
+	amis_desc_local_address_tmp.sin_family = AF_INET;
+
 	ami_desc_local_address_tmp.sin_port = htons(DEFAULT_MANAGER_PORT);

+	tls_was_enabled = (reload && ami_tls_cfg.enabled);
+
 	ami_tls_cfg.enabled = 0;
 	if (ami_tls_cfg.certfile) {
 		ast_free(ami_tls_cfg.certfile);
@@ -6634,8 +6640,7 @@ static int __init_manager(int reload)
 		}
 	}

-	ami_desc_local_address_tmp.sin_family = AF_INET;
-	amis_desc_local_address_tmp.sin_family = AF_INET;
+	ast_sockaddr_to_sin(&amis_desc.local_address, &amis_desc_local_address_tmp);

 	/* if the amis address has not been set, default is the same as non secure ami */
 	if (!amis_desc_local_address_tmp.sin_addr.s_addr) {
@@ -6643,6 +6648,10 @@ static int __init_manager(int reload)
 		    ami_desc_local_address_tmp.sin_addr;
 	}

+	if (!amis_desc_local_address_tmp.sin_port) {
+		amis_desc_local_address_tmp.sin_port = htons(DEFAULT_MANAGER_TLS_PORT);
+	}
+
 	if (manager_enabled) {
 		ast_sockaddr_from_sin(&ami_desc.local_address, &ami_desc_local_address_tmp);
 		ast_sockaddr_from_sin(&amis_desc.local_address, &amis_desc_local_address_tmp);
@@ -6897,7 +6906,9 @@ static int __init_manager(int reload)
 	manager_event(EVENT_FLAG_SYSTEM, "Reload", "Module: Manager\r\nStatus: %s\r\nMessage: Manager reload Requested\r\n", manager_enabled ? "Enabled" : "Disabled");

 	ast_tcptls_server_start(&ami_desc);
-	if (ast_ssl_setup(amis_desc.tls_cfg)) {
+	if (tls_was_enabled && !ami_tls_cfg.enabled) {
+		ast_tcptls_server_stop(&amis_desc);
+	} else if (ast_ssl_setup(amis_desc.tls_cfg)) {
 		ast_tcptls_server_start(&amis_desc);
 	}
 	return 0;