Halaman utama Jelajahi Bantuan
Masuk
Kamailio
/
kamailio
cermin dari https://github.com/kamailio/kamailio.git
2
0
Fork 0
Berkas Masalah 0 Wiki
Jelajahi Sumber

tls: added tls.options rpc

- fixed ca list string initializer
- removed fixups from read-only config variables
- added a new tls.options rpc that dumps the entire tls config.
 E.g.:
sercmd> tls.options
{
	force_run: 0
	method: TLSv1
	verify_certificate: 0
	verify_depth: 9
	require_certificate: 0
	private_key: /home/andrei/sr.git/modules/tls/sip-router-selfsigned.key
	ca_list:
	certificate: /home/andrei/sr.git/modules/tls/sip-router-selfsigned.pem
	cipher_list:
	session_cache: 0
	session_id: sip-router-tls-3.1
	config:
	log: 0
	connection_timeout: 600
	disable_compression: 1
	ssl_release_buffers: 0
	ssl_freelist_max: 0
	ssl_max_send_fragment: -1
	ssl_read_ahead: 1
	low_mem_threshold1: 15204352
	low_mem_threshold2: 7602176
}
Andrei Pelinescu-Onciul 15 tahun lalu
induk
e40e993ef9
melakukan
7ac98ae71a
2 mengubah file dengan 46 tambahan dan 5 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 9 5
      modules/tls/tls_cfg.c
  2. 37 0
      modules/tls/tls_rpc.c

+ 9 - 5
modules/tls/tls_cfg.c
Tampilan Berkas 

@@ -40,7 +40,11 @@ struct cfg_group_tls default_tls_cfg = {
 
 	9, /* verify_depth */
 
 	0, /* require_certificate */
 
 	STR_STATIC_INIT(TLS_PKEY_FILE), /* private_key */
 
+#if TLS_CA_FILE == 0
 
+	STR_NULL,
 
+#else
 
 	STR_STATIC_INIT(TLS_CA_FILE),   /* ca_list */
 
+#endif
 
 	STR_STATIC_INIT(TLS_CERT_FILE), /* certificate */
 
 	STR_NULL, /* cipher_list */
 
 	0, /* session_cache */
 
@@ -96,7 +100,7 @@ static int fix_rel_pathname(void* cfg_h, str* gname, str* name, void** val)
 
 	static char path_buf[MAX_PATH_SIZE];
 
 
 	f = *val;
 
-	if (f && f->s) {
 
+	if (f && f->s && f->len) {
 
 		new_f.s = get_abs_pathname(0, f);
 
 		if (new_f.s == 0)
 
 			return -1;
 
@@ -130,12 +134,12 @@ cfg_def_t	tls_cfg_def[] = {
 
 		" verification go in the search for a trusted CA" },
 
 	{"require_certificate", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0,
 
 		"if enabled a certificate will be required from clients" },
 
-	{"private_key", CFG_VAR_STR | CFG_READONLY, 0, 0, fix_rel_pathname, 0,
 
+	{"private_key", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
 
 		"name of the file containing the private key (pem format), if not"
 
 		" contained in the certificate file" },
 
-	{"ca_list", CFG_VAR_STR | CFG_READONLY, 0, 0, fix_rel_pathname, 0,
 
+	{"ca_list", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
 
 		"name of the file containing the trusted CA list (pem format)" },
 
-	{"certificate", CFG_VAR_STR | CFG_READONLY, 0, 0, fix_rel_pathname, 0,
 
+	{"certificate", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
 
 		"name of the file containing the certificate (pem format)" },
 
 	{"cipher_list", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
 
 		"list of the accepted ciphers (strings separated by colons)" },
 
@@ -180,7 +184,7 @@ cfg_def_t	tls_cfg_def[] = {
 
 static int fix_initial_pathname(str* path)
 
 {
 
 	str new_path;
 
-	if (path->s) {
 
+	if (path->s && path->len) {
 
 		new_path.s = get_abs_pathname(0, path);
 
 		if (new_path.s == 0) return -1;
 
 		new_path.len = strlen(new_path.s);

+ 37 - 0
modules/tls/tls_rpc.c
Tampilan Berkas 

@@ -161,10 +161,47 @@ static void tls_info(rpc_t* rpc, void* c)
 
 
 
 
+static const char* tls_options_doc[2] = {
 
+	"Dumps all the tls config options.",
 
+	0 };
 
+
 
+static void tls_options(rpc_t* rpc, void* c)
 
+{
 
+	void* handle;
 
+	rpc->add(c, "{", &handle);
 
+	rpc->struct_add(handle, "dSdddSSSSdSSddddddddd",
 
+		"force_run",	cfg_get(tls, tls_cfg, force_run),
 
+		"method",		&cfg_get(tls, tls_cfg, method),
 
+		"verify_certificate", cfg_get(tls, tls_cfg, verify_cert),
 
+
 
+		"verify_depth",		cfg_get(tls, tls_cfg, verify_depth),
 
+		"require_certificate",	cfg_get(tls, tls_cfg, require_cert),
 
+		"private_key",		&cfg_get(tls, tls_cfg, private_key),
 
+		"ca_list",			&cfg_get(tls, tls_cfg, ca_list),
 
+		"certificate",		&cfg_get(tls, tls_cfg, certificate),
 
+		"cipher_list",		&cfg_get(tls, tls_cfg, cipher_list),
 
+		"session_cache",	cfg_get(tls, tls_cfg, session_cache),
 
+		"session_id",		&cfg_get(tls, tls_cfg, session_id),
 
+		"config",			&cfg_get(tls, tls_cfg, config_file),
 
+		"log",				cfg_get(tls, tls_cfg, log),
 
+		"connection_timeout", TICKS_TO_S(cfg_get(tls, tls_cfg, con_lifetime)),
 
+		"disable_compression",	cfg_get(tls, tls_cfg, disable_compression),
 
+		"ssl_release_buffers",	cfg_get(tls, tls_cfg, ssl_release_buffers),
 
+		"ssl_freelist_max",		cfg_get(tls, tls_cfg, ssl_freelist_max),
 
+		"ssl_max_send_fragment", cfg_get(tls, tls_cfg, ssl_max_send_fragment),
 
+		"ssl_read_ahead",		cfg_get(tls, tls_cfg, ssl_read_ahead),
 
+		"low_mem_threshold1",	cfg_get(tls, tls_cfg, low_mem_threshold1),
 
+		"low_mem_threshold2",	cfg_get(tls, tls_cfg, low_mem_threshold2)
 
+		);
 
+}
 
+
 
+
 
+
 
 
 rpc_export_t tls_rpc[] = {
 
 	{"tls.reload", tls_reload, tls_reload_doc, 0},
 
 	{"tls.list",   tls_list,   tls_list_doc,   RET_ARRAY},
 
 	{"tls.info",   tls_info,   tls_info_doc, 0},
 
+	{"tls.options",tls_options, tls_options_doc, 0},
 
 	{0, 0, 0, 0}
 
 };