diff --git a/conf/vanilla/sip_profiles/external.xml b/conf/vanilla/sip_profiles/external.xml
index 5070c87913..6edc878c06 100644
--- a/conf/vanilla/sip_profiles/external.xml
+++ b/conf/vanilla/sip_profiles/external.xml
@@ -78,7 +78,7 @@
-
+
diff --git a/conf/vanilla/sip_profiles/internal.xml b/conf/vanilla/sip_profiles/internal.xml
index 7beecbfeab..3665b91df0 100644
--- a/conf/vanilla/sip_profiles/internal.xml
+++ b/conf/vanilla/sip_profiles/internal.xml
@@ -188,7 +188,7 @@
-
+
diff --git a/conf/vanilla/vars.xml b/conf/vanilla/vars.xml
index 2792a567ce..c3f235bfe3 100644
--- a/conf/vanilla/vars.xml
+++ b/conf/vanilla/vars.xml
@@ -257,12 +257,12 @@
-
+
-
+
diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_tls.c b/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_tls.c
index cd2ac9a9b6..60be814834 100644
--- a/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_tls.c
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_tls.c
@@ -222,9 +222,13 @@ static int tport_tls_init_master(tport_primary_t *pri,
ti.configured = path != tbf;
ti.randFile = su_sprintf(autohome, "%s/%s", path, "tls_seed.dat");
ti.key = su_sprintf(autohome, "%s/%s", path, "agent.pem");
+ if (access(ti.key, R_OK) != 0) ti.key = NULL;
+ if (!ti.key) ti.key = su_sprintf(autohome, "%s/%s", path, "tls.pem");
ti.passphrase = su_strdup(autohome, passphrase);
ti.cert = ti.key;
ti.CAfile = su_sprintf(autohome, "%s/%s", path, "cafile.pem");
+ if (access(ti.CAfile, R_OK) != 0) ti.CAfile = NULL;
+ if (!ti.CAfile) ti.CAfile = su_sprintf(autohome, "%s/%s", path, "tls.pem");
ti.version = tls_version;
ti.timeout = tls_timeout;
ti.CApath = su_strdup(autohome, path);
diff --git a/src/mod/endpoints/mod_sofia/sofia.c b/src/mod/endpoints/mod_sofia/sofia.c
index c543bb8314..24f91ad51c 100644
--- a/src/mod/endpoints/mod_sofia/sofia.c
+++ b/src/mod/endpoints/mod_sofia/sofia.c
@@ -3643,6 +3643,7 @@ switch_status_t config_sofia(sofia_config_t reload, char *profile_name)
profile->mflags = MFLAG_REFER | MFLAG_REGISTER;
profile->server_rport_level = 1;
profile->client_rport_level = 1;
+ profile->tls_cert_dir = SWITCH_GLOBAL_dirs.certs_dir;
sofia_set_pflag(profile, PFLAG_DISABLE_100REL);
profile->auto_restart = 1;
sofia_set_media_flag(profile, SCMF_AUTOFIX_TIMING);
@@ -4503,13 +4504,13 @@ switch_status_t config_sofia(sofia_config_t reload, char *profile_name)
} else {
profile->tls_sip_port = (switch_port_t) atoi(val);
}
- } else if (!strcasecmp(var, "tls-cert-dir")) {
+ } else if (!strcasecmp(var, "tls-cert-dir") && !zstr(val)) {
profile->tls_cert_dir = switch_core_strdup(profile->pool, val);
- } else if (!strcasecmp(var, "tls-passphrase")) {
+ } else if (!strcasecmp(var, "tls-passphrase") && !zstr(val)) {
profile->tls_passphrase = switch_core_strdup(profile->pool, val);
- } else if (!strcasecmp(var, "tls-verify-in-subjects")) {
+ } else if (!strcasecmp(var, "tls-verify-in-subjects") && !zstr(val)) {
profile->tls_verify_in_subjects_str = switch_core_strdup(profile->pool, val);
- } else if (!strcasecmp(var, "tls-version")) {
+ } else if (!strcasecmp(var, "tls-version") && !zstr(val)) {
if (!strcasecmp(val, "tlsv1")) {
profile->tls_version = 1;
@@ -4671,10 +4672,33 @@ switch_status_t config_sofia(sofia_config_t reload, char *profile_name)
config_sofia_profile_urls(profile);
- if (!profile->tls_cert_dir) {
- profile->tls_cert_dir = switch_core_sprintf(profile->pool, "%s/ssl", SWITCH_GLOBAL_dirs.conf_dir);
+ if (profile->tls_cert_dir) {
+ if (profile->wss_ip) {
+ char *key, *cert;
+ key = switch_core_sprintf(profile->pool, "%s/%s", profile->tls_cert_dir, "wss.key");
+ if (switch_file_exists(key, profile->pool) != SWITCH_STATUS_SUCCESS) key = NULL;
+ cert = switch_core_sprintf(profile->pool, "%s/%s", profile->tls_cert_dir, "wss.crt");
+ if (switch_file_exists(cert, profile->pool) != SWITCH_STATUS_SUCCESS) cert = NULL;
+ if ( !key || !cert) {
+ key = switch_core_sprintf(profile->pool, "%s/%s", profile->tls_cert_dir, "wss.pem");
+ if ( switch_file_exists(key, profile->pool) != SWITCH_STATUS_SUCCESS ) {
+ switch_core_gen_certs(key);
+ }
+ }
+ }
+ if (sofia_test_pflag(profile, PFLAG_TLS)) {
+ char *key = switch_core_sprintf(profile->pool, "%s/%s", profile->tls_cert_dir, "agent.pem");
+ char *ca = switch_core_sprintf(profile->pool, "%s/%s", profile->tls_cert_dir, "cafile.pem");;
+ if (switch_file_exists(key, profile->pool) != SWITCH_STATUS_SUCCESS) key = NULL;
+ if (switch_file_exists(ca, profile->pool) != SWITCH_STATUS_SUCCESS) ca = NULL;
+ if ( !key || !ca ) {
+ key = switch_core_sprintf(profile->pool, "%s/%s", profile->tls_cert_dir, "tls.pem");
+ if ( switch_file_exists(key, profile->pool) != SWITCH_STATUS_SUCCESS ) {
+ switch_core_gen_certs(key);
+ }
+ }
+ }
}
-
}
if (profile) {
diff --git a/src/switch_core_cert.c b/src/switch_core_cert.c
index 4f52384e94..5a56746fa1 100644
--- a/src/switch_core_cert.c
+++ b/src/switch_core_cert.c
@@ -214,12 +214,31 @@ SWITCH_DECLARE(int) switch_core_gen_certs(const char *prefix)
EVP_PKEY *pkey = NULL;
char *rsa = NULL, *pvt = NULL;
FILE *fp;
+ char *pem = NULL;
- pvt = switch_mprintf("%s%s%s.key", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix);
- rsa = switch_mprintf("%s%s%s.crt", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix);
+ if (switch_stristr(".pem", prefix)) {
- if (switch_file_exists(pvt, NULL) == SWITCH_STATUS_SUCCESS || switch_file_exists(rsa, NULL) == SWITCH_STATUS_SUCCESS) {
- goto end;
+ if (switch_is_file_path(prefix)) {
+ pem = strdup(prefix);
+ } else {
+ pem = switch_mprintf("%s%s%s", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix);
+ }
+
+ if (switch_file_exists(pem, NULL) == SWITCH_STATUS_SUCCESS) {
+ goto end;
+ }
+ } else {
+ if (switch_is_file_path(prefix)) {
+ pvt = switch_mprintf("%s.key", prefix);
+ rsa = switch_mprintf("%s.crt", prefix);
+ } else {
+ pvt = switch_mprintf("%s%s%s.key", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix);
+ rsa = switch_mprintf("%s%s%s.crt", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix);
+ }
+
+ if (switch_file_exists(pvt, NULL) == SWITCH_STATUS_SUCCESS || switch_file_exists(rsa, NULL) == SWITCH_STATUS_SUCCESS) {
+ goto end;
+ }
}
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
@@ -231,18 +250,26 @@ SWITCH_DECLARE(int) switch_core_gen_certs(const char *prefix)
//RSA_print_fp(stdout, pkey->pkey.rsa, 0);
//X509_print_fp(stdout, x509);
+ if (pem) {
+ if ((fp = fopen(pem, "w"))) {
+ PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
+ PEM_write_X509(fp, x509);
+ fclose(fp);
+ }
- if ((fp = fopen(pvt, "w"))) {
- PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
- }
+ } else {
+ if ((fp = fopen(pvt, "w"))) {
+ PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
+ }
- fclose(fp);
+ fclose(fp);
- if ((fp = fopen(rsa, "w"))) {
- PEM_write_X509(fp, x509);
- }
+ if ((fp = fopen(rsa, "w"))) {
+ PEM_write_X509(fp, x509);
+ }
- fclose(fp);
+ fclose(fp);
+ }
X509_free(x509);
EVP_PKEY_free(pkey);
@@ -260,6 +287,7 @@ SWITCH_DECLARE(int) switch_core_gen_certs(const char *prefix)
switch_safe_free(pvt);
switch_safe_free(rsa);
+ switch_safe_free(pem);
return(0);
}