diff options
author | Timo Teräs <timo.teras@iki.fi> | 2017-10-31 06:24:14 +0000 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2017-10-31 06:37:38 +0000 |
commit | af262bba6fbdd4dfc8b1a29ce325834781c9ef74 (patch) | |
tree | 0d79c75b18d4e9ed8175de9bf9ef23d58e347207 /main/asterisk | |
parent | 735b9096d28dbe3e41475cdc6aafb051c6ebf224 (diff) | |
download | aports-af262bba6fbdd4dfc8b1a29ce325834781c9ef74.tar.bz2 aports-af262bba6fbdd4dfc8b1a29ce325834781c9ef74.tar.xz |
main/asterisk: upgrade to 15.1.0
Diffstat (limited to 'main/asterisk')
-rw-r--r-- | main/asterisk/APKBUILD | 31 | ||||
-rw-r--r-- | main/asterisk/ASTERISK-24517.patch | 3546 | ||||
-rw-r--r-- | main/asterisk/restore-multihomed-module.patch | 116 |
3 files changed, 12 insertions, 3681 deletions
diff --git a/main/asterisk/APKBUILD b/main/asterisk/APKBUILD index eeca31dfba..70f074da24 100644 --- a/main/asterisk/APKBUILD +++ b/main/asterisk/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Timo Teras <timo.teras@iki.fi> # Maintainer: Timo Teras <timo.teras@iki.fi> pkgname=asterisk -pkgver=14.6.2 +pkgver=15.1.0 pkgrel=0 pkgdesc="Asterisk: A Module Open Source PBX System" pkgusers="asterisk" @@ -11,7 +11,8 @@ url="http://www.asterisk.org/" arch="all" license="GPL2" depends= -makedepends="autoconf automake libtool findutils tar wget bsd-compat-headers +options="!check" # Test suite is separate, and require separate build +makedepends="findutils tar wget bsd-compat-headers ncurses-dev popt-dev newt-dev zlib-dev libedit-dev tiff-dev curl-dev libressl-dev lua-dev libcap-dev jansson-dev util-linux-dev sqlite-dev postgresql-dev unixodbc-dev freetds-dev mariadb-dev @@ -28,9 +29,7 @@ subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc $pkgname-pgsql $pkgname-odbc _download="http://downloads.asterisk.org/pub/telephony/asterisk/releases" source="$_download/asterisk-$pkgver.tar.gz http://dev.alpinelinux.org/~tteras/asterisk-addon-mp3-r201.patch.gz - ASTERISK-24517.patch musl-mutex-init.patch - restore-multihomed-module.patch asterisk.initd asterisk.confd @@ -39,16 +38,12 @@ source="$_download/asterisk-$pkgver.tar.gz builddir="$srcdir/$pkgname-${pkgver/_/-}" prepare() { - default_prepare || return 1 + default_prepare + update_config_sub # asteriskssl does not have direct references to libssl, but looks up # symbols from it using dlsym(RTLD_NEXT), so use --no-as-needed for it. sed -i -e 's/ASTSSL_LIBS:=$(OPENSSL_LIB)/ASTSSL_LIBS:=-Wl,--no-as-needed $(OPENSSL_LIB) -Wl,--as-needed/g' main/Makefile - - sed -i -e 's:lua5.1/::' pbx/pbx_lua.c - sed -i -e 's/int foo = res_ninit(NULL);/res_ninit_is_not_really_here();/g' configure.ac - - ./bootstrap.sh } build() { @@ -78,13 +73,13 @@ build() { --with-speex \ --with-asound \ --without-x11 \ + --without-pjproject-bundled \ --with-spandsp \ --with-bluetooth \ --with-libcurl \ --with-libedit \ --with-srtp \ - --with-imap=system \ - || return 1 + --with-imap=system # get default modules to build rm -f menuselect.makeopts @@ -100,12 +95,12 @@ build() { menuselect.makeopts # build - make ASTCFLAGS="$CFLAGS" ASTLDFLAGS="$LDFLAGS" LDCONFIG= || return 1 + make ASTCFLAGS="$CFLAGS" ASTLDFLAGS="$LDFLAGS" LDCONFIG= } package() { cd "$builddir" - make -j1 DESTDIR="$pkgdir" LDCONFIG_FLAGS="-n" install || return 1 + make -j1 DESTDIR="$pkgdir" LDCONFIG_FLAGS="-n" install install -d "$pkgdir"/var/run/asterisk install -d "$pkgdir"/var/lib/asterisk @@ -132,7 +127,7 @@ _move_dir() { _find_and_move() { local pattern="$1" - cd "$pkgdir" || return 1 + cd "$pkgdir" find . -name "$pattern" -type f | while read f; do local dest="$subpkgdir/${f%/*}" mkdir -p "$dest" @@ -150,7 +145,7 @@ dev() { # move back the /usr/lib/libasteriskssl.so symlink, asterisk needs it # see http://bugs.alpinelinux.org/issues/6393 - mv "$subpkgdir"/usr/lib/libasteriskssl.so "$pkgdir"/usr/lib/libasteriskssl.so || return 1 + mv "$subpkgdir"/usr/lib/libasteriskssl.so "$pkgdir"/usr/lib/libasteriskssl.so } pgsql() { @@ -227,11 +222,9 @@ sound_en() { chown -R asterisk:asterisk "$subpkgdir"/var/*/asterisk } -sha512sums="31889a31779ffd9d7d30568ecb824f2f091b022c7e0e6229921acf7aa84efd80f3d9aaba7faff521064a1fce7509de0c3e149f04cc69941b2f68f62c0e9e8f9a asterisk-14.6.2.tar.gz +sha512sums="031d28e4f4d65f84c911d0cbc83858650878b7908ce6d5f4e3dbff84e6d1648fe39cebc327206cab403b4aaa0e892828b91a46d36cb73a284f0a5d61f24da9fd asterisk-15.1.0.tar.gz aacef3f4796fb1abd33266998b53909cb4b36e7cc5ad2f7bac68bdc43e9a9072d9a4e2e7e681bddfa31f3d04575eb248afe6ea95da780c67e4829c1e22adfe1b asterisk-addon-mp3-r201.patch.gz -9230141ea4690db30cc1825d67f495a7357f13ee11da7e5a7c6696f3ae9edd599214c2d6915f6ad64f2bc68c754cda140db3f570ba051399ff894ab26b5db31c ASTERISK-24517.patch f72c2e04de80d3ed9ce841308101383a1655e6da7a3c888ad31fffe63d1280993e08aefcf8e638316d439c68b38ee05362c87503fca1f36343976a01af9d6eb1 musl-mutex-init.patch -935c25c7b1cdbd376056e20232a0e8c38dd32c344f50306d99930bf7cb37685c31329ead273b08ac9ab76daa9386adfb05b57440e46a39cb80e5542d65e8e3ed restore-multihomed-module.patch 0044c5db468ec8f2385d18d476f89976f6d036448583a4ef8017ce7a6f8f72105337e6b20037ffe47f561d2877fc9c86720aef23ab037df89b36dc140a5924c4 asterisk.initd ab6b6f08ff43268cbb1abb7ed7d678949991ba495682a644bbaeb017d6adbff0a43297905fd73ae8db1786a28d5b5904f1bc253209a0e388c8a27f26c6ce14ed asterisk.confd 7591d2faf539d05d9ee4e431c78a5e20686721fd79221ad94dffeeaff9282220b09cb9aec214bd7a8d12affaec0276c9c91e6e21af8b6712c0a9502b60b02f2b asterisk.logrotate" diff --git a/main/asterisk/ASTERISK-24517.patch b/main/asterisk/ASTERISK-24517.patch deleted file mode 100644 index baf469497e..0000000000 --- a/main/asterisk/ASTERISK-24517.patch +++ /dev/null @@ -1,3546 +0,0 @@ -From c479abfc489c42923ca7bb9afad11ad5ba84793e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> -Date: Thu, 2 Jun 2016 22:10:06 +0300 -Subject: [PATCH] Implement internal abstraction for iostreams - -fopencookie/funclose is a non-standard API and should not be used -in portable software. Additionally, the way FILE's fd is used in -non-blocking mode is undefined behaviour and cannot be relied on. - -This introduces internal abstraction for io streams, that allows -implementing the desired virtualization of read/write operations -with necessary timeout handling. - -ASTERISK-24515 #close -ASTERISK-24517 #close - -Change-Id: Id916aef418b665ced6a7489aef74908b6e376e85 ---- - apps/app_externalivr.c | 119 ++++--- - channels/chan_sip.c | 61 ++-- - configure.ac | 4 - - include/asterisk/iostream.h | 118 +++++++ - include/asterisk/tcptls.h | 92 +----- - main/http.c | 109 ++----- - main/iostream.c | 553 ++++++++++++++++++++++++++++++++ - main/manager.c | 137 ++++---- - main/tcptls.c | 767 ++++++-------------------------------------- - main/utils.c | 68 ---- - res/res_http_post.c | 10 +- - res/res_http_websocket.c | 116 +++---- - res/res_phoneprov.c | 2 +- - 13 files changed, 993 insertions(+), 1163 deletions(-) - create mode 100644 include/asterisk/iostream.h - create mode 100644 main/iostream.c - -diff --git a/apps/app_externalivr.c b/apps/app_externalivr.c -index c824e91059..9848e5fb84 100644 ---- a/apps/app_externalivr.c -+++ b/apps/app_externalivr.c -@@ -152,10 +152,12 @@ struct gen_state { - }; - - static int eivr_comm(struct ast_channel *chan, struct ivr_localuser *u, -- int *eivr_events_fd, int *eivr_commands_fd, int *eivr_errors_fd, -+ struct ast_iostream *eivr_events, -+ struct ast_iostream *eivr_commands, -+ struct ast_iostream *eivr_errors, - const struct ast_str *args, const struct ast_flags flags); - --static void send_eivr_event(FILE *handle, const char event, const char *data, -+static void send_eivr_event(struct ast_iostream *stream, const char event, const char *data, - const struct ast_channel *chan) - { - struct ast_str *tmp = ast_str_create(12); -@@ -164,9 +166,11 @@ static void send_eivr_event(FILE *handle, const char event, const char *data, - if (data) { - ast_str_append(&tmp, 0, ",%s", data); - } -+ ast_str_append(&tmp, 0, "\n"); -+ ast_iostream_write(stream, ast_str_buffer(tmp), strlen(ast_str_buffer(tmp))); -+ ast_str_truncate(tmp, -1); - -- fprintf(handle, "%s\n", ast_str_buffer(tmp)); -- ast_debug(1, "sent '%s'\n", ast_str_buffer(tmp)); -+ ast_debug(1, "sent '%s'", ast_str_buffer(tmp)); - ast_free(tmp); - } - -@@ -395,6 +399,8 @@ static int app_exec(struct ast_channel *chan, const char *data) - int child_stdin[2] = { -1, -1 }; - int child_stdout[2] = { -1, -1 }; - int child_stderr[2] = { -1, -1 }; -+ struct ast_iostream *stream_stdin = NULL, *stream_stdout = NULL, -+ *stream_stderr = NULL; - int res = -1; - int pid; - -@@ -526,7 +532,7 @@ static int app_exec(struct ast_channel *chan, const char *data) - goto exit; - } - -- res = eivr_comm(chan, u, &ser->fd, &ser->fd, NULL, comma_delim_args, flags); -+ res = eivr_comm(chan, u, ser->stream, ser->stream, NULL, comma_delim_args, flags); - - } else { - if (pipe(child_stdin)) { -@@ -568,7 +574,12 @@ static int app_exec(struct ast_channel *chan, const char *data) - child_stdout[1] = -1; - close(child_stderr[1]); - child_stderr[1] = -1; -- res = eivr_comm(chan, u, &child_stdin[1], &child_stdout[0], &child_stderr[0], comma_delim_args, flags); -+ -+ stream_stdin = ast_iostream_from_fd(&child_stdin[1]); -+ stream_stdout = ast_iostream_from_fd(&child_stdout[0]); -+ stream_stderr = ast_iostream_from_fd(&child_stderr[0]); -+ -+ res = eivr_comm(chan, u, stream_stdin, stream_stdout, stream_stderr, comma_delim_args, flags); - } - } - -@@ -576,6 +587,15 @@ static int app_exec(struct ast_channel *chan, const char *data) - if (u->gen_active) { - ast_deactivate_generator(chan); - } -+ if (stream_stdin) { -+ ast_iostream_close(stream_stdin); -+ } -+ if (stream_stdout) { -+ ast_iostream_close(stream_stdout); -+ } -+ if (stream_stderr) { -+ ast_iostream_close(stream_stderr); -+ } - if (child_stdin[0] > -1) { - close(child_stdin[0]); - } -@@ -604,46 +624,25 @@ static int app_exec(struct ast_channel *chan, const char *data) - } - - static int eivr_comm(struct ast_channel *chan, struct ivr_localuser *u, -- int *eivr_events_fd, int *eivr_commands_fd, int *eivr_errors_fd, -- const struct ast_str *args, const struct ast_flags flags) -+ struct ast_iostream *eivr_events, -+ struct ast_iostream *eivr_commands, -+ struct ast_iostream *eivr_errors, -+ const struct ast_str *args, const struct ast_flags flags) - { -+ char input[1024]; - struct playlist_entry *entry; - struct ast_frame *f; - int ms; - int exception; - int ready_fd; -- int waitfds[2] = { *eivr_commands_fd, (eivr_errors_fd) ? *eivr_errors_fd : -1 }; -+ int waitfds[2]; -+ int r; - struct ast_channel *rchan; - int res = -1; -- int test_available_fd = -1; - int hangup_info_sent = 0; -- -- FILE *eivr_commands = NULL; -- FILE *eivr_errors = NULL; -- FILE *eivr_events = NULL; - -- if (!(eivr_events = fdopen(*eivr_events_fd, "w"))) { -- ast_chan_log(LOG_ERROR, chan, "Could not open stream to send events\n"); -- goto exit; -- } -- if (!(eivr_commands = fdopen(*eivr_commands_fd, "r"))) { -- ast_chan_log(LOG_ERROR, chan, "Could not open stream to receive commands\n"); -- goto exit; -- } -- if (eivr_errors_fd) { /* if opening a socket connection, error stream will not be used */ -- if (!(eivr_errors = fdopen(*eivr_errors_fd, "r"))) { -- ast_chan_log(LOG_ERROR, chan, "Could not open stream to receive errors\n"); -- goto exit; -- } -- } -- -- test_available_fd = open("/dev/null", O_RDONLY); -- -- setvbuf(eivr_events, NULL, _IONBF, 0); -- setvbuf(eivr_commands, NULL, _IONBF, 0); -- if (eivr_errors) { -- setvbuf(eivr_errors, NULL, _IONBF, 0); -- } -+ waitfds[0] = ast_iostream_get_fd(eivr_commands); -+ waitfds[1] = eivr_errors ? ast_iostream_get_fd(eivr_errors) : -1; - - while (1) { - if (ast_test_flag(ast_channel_flags(chan), AST_FLAG_ZOMBIE)) { -@@ -667,7 +666,7 @@ static int eivr_comm(struct ast_channel *chan, struct ivr_localuser *u, - errno = 0; - exception = 0; - -- rchan = ast_waitfor_nandfds(&chan, 1, waitfds, (eivr_errors_fd) ? 2 : 1, &exception, &ready_fd, &ms); -+ rchan = ast_waitfor_nandfds(&chan, 1, waitfds, (eivr_errors) ? 2 : 1, &exception, &ready_fd, &ms); - - if (ast_channel_state(chan) == AST_STATE_UP && !AST_LIST_EMPTY(&u->finishlist)) { - AST_LIST_LOCK(&u->finishlist); -@@ -715,15 +714,18 @@ static int eivr_comm(struct ast_channel *chan, struct ivr_localuser *u, - break; - } - ast_frfree(f); -- } else if (ready_fd == *eivr_commands_fd) { -- char input[1024]; -- -- if (exception || (dup2(*eivr_commands_fd, test_available_fd) == -1) || feof(eivr_commands)) { -+ } else if (ready_fd == waitfds[0]) { -+ if (exception) { - ast_chan_log(LOG_ERROR, chan, "Child process went away\n"); - break; - } - -- if (!fgets(input, sizeof(input), eivr_commands)) { -+ r = ast_iostream_gets(eivr_commands, input, sizeof(input)); -+ if (r <= 0) { -+ if (r == 0) { -+ ast_chan_log(LOG_ERROR, chan, "Child process went away\n"); -+ break; -+ } - continue; - } - -@@ -869,16 +871,19 @@ static int eivr_comm(struct ast_channel *chan, struct ivr_localuser *u, - else - ast_chan_log(LOG_WARNING, chan, "Unknown option requested: %s\n", &input[2]); - } -- } else if (eivr_errors_fd && (ready_fd == *eivr_errors_fd)) { -- char input[1024]; -- -- if (exception || feof(eivr_errors)) { -+ } else if (ready_fd == waitfds[1]) { -+ if (exception) { - ast_chan_log(LOG_ERROR, chan, "Child process went away\n"); - break; - } -- if (fgets(input, sizeof(input), eivr_errors)) { -+ -+ r = ast_iostream_gets(eivr_errors, input, sizeof(input)); -+ if (r > 0) { - ast_chan_log(LOG_NOTICE, chan, "stderr: %s\n", ast_strip(input)); -- } -+ } else if (r == 0) { -+ ast_chan_log(LOG_ERROR, chan, "Child process went away\n"); -+ break; -+ } - } else if ((ready_fd < 0) && ms) { - if (errno == 0 || errno == EINTR) - continue; -@@ -888,23 +893,7 @@ static int eivr_comm(struct ast_channel *chan, struct ivr_localuser *u, - } - } - -- exit: -- if (test_available_fd > -1) { -- close(test_available_fd); -- } -- if (eivr_events) { -- fclose(eivr_events); -- *eivr_events_fd = -1; -- } -- if (eivr_commands) { -- fclose(eivr_commands); -- *eivr_commands_fd = -1; -- } -- if (eivr_errors) { -- fclose(eivr_errors); -- *eivr_errors_fd = -1; -- } -- return res; -+ return res; - } - - static int unload_module(void) -diff --git a/channels/chan_sip.c b/channels/chan_sip.c -index 679cc3dfce..4c7b78b4aa 100644 ---- a/channels/chan_sip.c -+++ b/channels/chan_sip.c -@@ -2546,7 +2546,7 @@ static struct sip_threadinfo *sip_threadinfo_create(struct ast_tcptls_session_in - } - ao2_t_ref(tcptls_session, +1, "tcptls_session ref for sip_threadinfo object"); - th->tcptls_session = tcptls_session; -- th->type = transport ? transport : (tcptls_session->ssl ? AST_TRANSPORT_TLS: AST_TRANSPORT_TCP); -+ th->type = transport ? transport : (ast_iostream_get_ssl(tcptls_session->stream) ? AST_TRANSPORT_TLS: AST_TRANSPORT_TCP); - ao2_t_link(threadt, th, "Adding new tcptls helper thread"); - ao2_t_ref(th, -1, "Decrementing threadinfo ref from alloc, only table ref remains"); - return th; -@@ -2569,8 +2569,7 @@ static int sip_tcptls_write(struct ast_tcptls_session_instance *tcptls_session, - - ao2_lock(tcptls_session); - -- if ((tcptls_session->fd == -1) || -- !(th = ao2_t_find(threadt, &tmp, OBJ_POINTER, "ao2_find, getting sip_threadinfo in tcp helper thread")) || -+ if (!(th = ao2_t_find(threadt, &tmp, OBJ_POINTER, "ao2_find, getting sip_threadinfo in tcp helper thread")) || - !(packet = ao2_alloc(sizeof(*packet), tcptls_packet_destructor)) || - !(packet->data = ast_str_create(len))) { - goto tcptls_write_setup_error; -@@ -2883,7 +2882,7 @@ static int sip_tcptls_read(struct sip_request *req, struct ast_tcptls_session_in - } else { - timeout = -1; - } -- res = ast_wait_for_input(tcptls_session->fd, timeout); -+ res = ast_wait_for_input(ast_iostream_get_fd(tcptls_session->stream), timeout); - if (res < 0) { - ast_debug(2, "SIP TCP/TLS server :: ast_wait_for_input returned %d\n", res); - return -1; -@@ -2892,7 +2891,7 @@ static int sip_tcptls_read(struct sip_request *req, struct ast_tcptls_session_in - return -1; - } - -- res = ast_tcptls_server_read(tcptls_session, readbuf, sizeof(readbuf) - 1); -+ res = ast_iostream_read(tcptls_session->stream, readbuf, sizeof(readbuf) - 1); - if (res < 0) { - if (errno == EAGAIN || errno == EINTR) { - continue; -@@ -2953,18 +2952,8 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s - goto cleanup; - } - -- if ((flags = fcntl(tcptls_session->fd, F_GETFL)) == -1) { -- ast_log(LOG_ERROR, "error setting socket to non blocking mode, fcntl() failed: %s\n", strerror(errno)); -- goto cleanup; -- } -- -- flags |= O_NONBLOCK; -- if (fcntl(tcptls_session->fd, F_SETFL, flags) == -1) { -- ast_log(LOG_ERROR, "error setting socket to non blocking mode, fcntl() failed: %s\n", strerror(errno)); -- goto cleanup; -- } -- -- if (!(me = sip_threadinfo_create(tcptls_session, tcptls_session->ssl ? AST_TRANSPORT_TLS : AST_TRANSPORT_TCP))) { -+ ast_iostream_nonblock(tcptls_session->stream); -+ if (!(me = sip_threadinfo_create(tcptls_session, ast_iostream_get_ssl(tcptls_session->stream) ? AST_TRANSPORT_TLS : AST_TRANSPORT_TCP))) { - goto cleanup; - } - me->threadid = pthread_self(); -@@ -2987,15 +2976,15 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s - } - - flags = 1; -- if (setsockopt(tcptls_session->fd, SOL_SOCKET, SO_KEEPALIVE, &flags, sizeof(flags))) { -+ if (setsockopt(ast_iostream_get_fd(tcptls_session->stream), SOL_SOCKET, SO_KEEPALIVE, &flags, sizeof(flags))) { - ast_log(LOG_ERROR, "error enabling TCP keep-alives on sip socket: %s\n", strerror(errno)); - goto cleanup; - } - -- ast_debug(2, "Starting thread for %s server\n", tcptls_session->ssl ? "TLS" : "TCP"); -+ ast_debug(2, "Starting thread for %s server\n", ast_iostream_get_ssl(tcptls_session->stream) ? "TLS" : "TCP"); - - /* set up pollfd to watch for reads on both the socket and the alert_pipe */ -- fds[0].fd = tcptls_session->fd; -+ fds[0].fd = ast_iostream_get_fd(tcptls_session->stream); - fds[1].fd = me->alert_pipe[0]; - fds[0].events = fds[1].events = POLLIN | POLLPRI; - -@@ -3015,9 +3004,9 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s - * We cannot let the stream exclusively wait for data to arrive. - * We have to wake up the task to send outgoing messages. - */ -- ast_tcptls_stream_set_exclusive_input(tcptls_session->stream_cookie, 0); -+ ast_iostream_set_exclusive_input(tcptls_session->stream, 0); - -- ast_tcptls_stream_set_timeout_sequence(tcptls_session->stream_cookie, ast_tvnow(), -+ ast_iostream_set_timeout_sequence(tcptls_session->stream, ast_tvnow(), - tcptls_session->client ? -1 : (authtimeout * 1000)); - - for (;;) { -@@ -3025,7 +3014,7 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s - - if (!tcptls_session->client && req.authenticated && !authenticated) { - authenticated = 1; -- ast_tcptls_stream_set_timeout_disable(tcptls_session->stream_cookie); -+ ast_iostream_set_timeout_disable(tcptls_session->stream); - ast_atomic_fetchadd_int(&unauth_sessions, -1); - } - -@@ -3036,7 +3025,7 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s - } - - if (timeout == 0) { -- ast_debug(2, "SIP %s server timed out\n", tcptls_session->ssl ? "TLS": "TCP"); -+ ast_debug(2, "SIP %s server timed out\n", ast_iostream_get_ssl(tcptls_session->stream) ? "TLS": "TCP"); - goto cleanup; - } - } else { -@@ -3046,11 +3035,11 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s - if (ast_str_strlen(tcptls_session->overflow_buf) == 0) { - res = ast_poll(fds, 2, timeout); /* polls for both socket and alert_pipe */ - if (res < 0) { -- ast_debug(2, "SIP %s server :: ast_wait_for_input returned %d\n", tcptls_session->ssl ? "TLS": "TCP", res); -+ ast_debug(2, "SIP %s server :: ast_wait_for_input returned %d\n", ast_iostream_get_ssl(tcptls_session->stream) ? "TLS": "TCP", res); - goto cleanup; - } else if (res == 0) { - /* timeout */ -- ast_debug(2, "SIP %s server timed out\n", tcptls_session->ssl ? "TLS": "TCP"); -+ ast_debug(2, "SIP %s server timed out\n", ast_iostream_get_ssl(tcptls_session->stream) ? "TLS": "TCP"); - goto cleanup; - } - } -@@ -3075,14 +3064,14 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s - - memset(buf, 0, sizeof(buf)); - -- if (tcptls_session->ssl) { -+ if (ast_iostream_get_ssl(tcptls_session->stream)) { - set_socket_transport(&req.socket, AST_TRANSPORT_TLS); - req.socket.port = htons(ourport_tls); - } else { - set_socket_transport(&req.socket, AST_TRANSPORT_TCP); - req.socket.port = htons(ourport_tcp); - } -- req.socket.fd = tcptls_session->fd; -+ req.socket.fd = ast_iostream_get_fd(tcptls_session->stream); - - res = sip_tcptls_read(&req, tcptls_session, authenticated, start); - if (res < 0) { -@@ -3116,7 +3105,7 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s - ao2_unlock(me); - - if (packet) { -- if (ast_tcptls_server_write(tcptls_session, ast_str_buffer(packet->data), packet->len) == -1) { -+ if (ast_iostream_write(tcptls_session->stream, ast_str_buffer(packet->data), packet->len) == -1) { - ast_log(LOG_WARNING, "Failure to write to tcp/tls socket\n"); - } - ao2_t_ref(packet, -1, "tcptls packet sent, this is no longer needed"); -@@ -3128,7 +3117,7 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s - } - } - -- ast_debug(2, "Shutting down thread for %s server\n", tcptls_session->ssl ? "TLS" : "TCP"); -+ ast_debug(2, "Shutting down thread for %s server\n", ast_iostream_get_ssl(tcptls_session->stream) ? "TLS" : "TCP"); - - cleanup: - if (tcptls_session && !tcptls_session->client && !authenticated) { -@@ -29229,9 +29218,8 @@ static int sip_prepare_socket(struct sip_pvt *p) - return s->fd; - } - if ((s->type & (AST_TRANSPORT_TCP | AST_TRANSPORT_TLS)) && -- (s->tcptls_session) && -- (s->tcptls_session->fd != -1)) { -- return s->tcptls_session->fd; -+ s->tcptls_session) { -+ return ast_iostream_get_fd(s->tcptls_session->stream); - } - if ((s->type & (AST_TRANSPORT_WS | AST_TRANSPORT_WSS))) { - return s->ws_session ? ast_websocket_fd(s->ws_session) : -1; -@@ -29261,7 +29249,7 @@ static int sip_prepare_socket(struct sip_pvt *p) - /* 1. check for existing threads */ - ast_sockaddr_copy(&sa_tmp, sip_real_dst(p)); - if ((tcptls_session = sip_tcp_locate(&sa_tmp))) { -- s->fd = tcptls_session->fd; -+ s->fd = ast_iostream_get_fd(tcptls_session->stream); - if (s->tcptls_session) { - ao2_ref(s->tcptls_session, -1); - s->tcptls_session = NULL; -@@ -29319,7 +29307,7 @@ static int sip_prepare_socket(struct sip_pvt *p) - goto create_tcptls_session_fail; - } - -- s->fd = s->tcptls_session->fd; -+ s->fd = ast_iostream_get_fd(s->tcptls_session->stream); - - /* client connections need to have the sip_threadinfo object created before - * the thread is detached. This ensures the alert_pipe is up before it will -@@ -30121,8 +30109,7 @@ static int sip_send_keepalive(const void *data) - if ((peer->socket.fd != -1) && (peer->socket.type == AST_TRANSPORT_UDP)) { - res = ast_sendto(peer->socket.fd, keepalive, sizeof(keepalive), 0, &peer->addr); - } else if ((peer->socket.type & (AST_TRANSPORT_TCP | AST_TRANSPORT_TLS)) && -- (peer->socket.tcptls_session) && -- (peer->socket.tcptls_session->fd != -1)) { -+ peer->socket.tcptls_session) { - res = sip_tcptls_write(peer->socket.tcptls_session, keepalive, sizeof(keepalive)); - } else if (peer->socket.type == AST_TRANSPORT_UDP) { - res = ast_sendto(sipsock, keepalive, sizeof(keepalive), 0, &peer->addr); -diff --git a/configure.ac b/configure.ac -index ebf416cfca..cee352dac9 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -823,10 +823,6 @@ AC_ARG_ENABLE([asteriskssl], - esac], [AST_ASTERISKSSL=yes]) - AC_SUBST(AST_ASTERISKSSL) - --# https support (in main/http.c) uses funopen on BSD systems, --# fopencookie on linux --AC_CHECK_FUNCS([funopen fopencookie]) -- - AC_CHECK_FUNCS([inet_aton]) - - # check if we have IP_PKTINFO constant defined -diff --git a/include/asterisk/iostream.h b/include/asterisk/iostream.h -new file mode 100644 -index 0000000000..c641ffb373 ---- /dev/null -+++ b/include/asterisk/iostream.h -@@ -0,0 +1,118 @@ -+/* -+ * Asterisk -- An open source telephony toolkit. -+ * -+ * Copyright (C) 1999 - 2015, Digium, Inc. -+ * -+ * Timo Teräs <timo.teras@iki.fi> -+ * -+ * See http://www.asterisk.org for more information about -+ * the Asterisk project. Please do not directly contact -+ * any of the maintainers of this project for assistance; -+ * the project provides a web site, mailing lists and IRC -+ * channels for your use. -+ * -+ * This program is free software, distributed under the terms of -+ * the GNU General Public License Version 2. See the LICENSE file -+ * at the top of the source tree. -+ */ -+ -+#ifndef _ASTERISK_IOSTREAM_H -+#define _ASTERISK_IOSTREAM_H -+ -+/*! -+ * \file iostream.h -+ * -+ * \brief Generic abstraction for input/output streams. -+ */ -+ -+#if defined(HAVE_OPENSSL) -+#define DO_SSL /* comment in/out if you want to support ssl */ -+#endif -+ -+#ifdef DO_SSL -+#include <openssl/ssl.h> -+#include <openssl/err.h> -+#include <openssl/x509v3.h> -+#else -+/* declare dummy types so we can define a pointer to them */ -+typedef struct {} SSL; -+typedef struct {} SSL_CTX; -+#endif /* DO_SSL */ -+ -+struct ast_iostream; -+ -+/*! -+ * \brief Disable the iostream timeout timer. -+ * -+ * \param stream iostream control data. -+ * -+ * \return Nothing -+ */ -+void ast_iostream_set_timeout_disable(struct ast_iostream *stream); -+ -+/*! -+ * \brief Set the iostream inactivity timeout timer. -+ * -+ * \param stream iostream control data. -+ * \param timeout Number of milliseconds to wait for data transfer with the peer. -+ * -+ * \details This is basically how much time we are willing to spend -+ * in an I/O call before we declare the peer unresponsive. -+ * -+ * \note Setting timeout to -1 disables the timeout. -+ * \note Setting this timeout replaces the I/O sequence timeout timer. -+ * -+ * \return Nothing -+ */ -+void ast_iostream_set_timeout_inactivity(struct ast_iostream *stream, int timeout); -+ -+void ast_iostream_set_timeout_idle_inactivity(struct ast_iostream *stream, int timeout, int timeout_reset); -+ -+/*! -+ * \brief Set the iostream I/O sequence timeout timer. -+ * -+ * \param stream iostream control data. -+ * \param start Time the I/O sequence timer starts. -+ * \param timeout Number of milliseconds from the start time before timeout. -+ * -+ * \details This is how much time are we willing to allow the peer -+ * to complete an operation that can take several I/O calls. The -+ * main use is as an authentication timer with us. -+ * -+ * \note Setting timeout to -1 disables the timeout. -+ * \note Setting this timeout replaces the inactivity timeout timer. -+ * -+ * \return Nothing -+ */ -+void ast_iostream_set_timeout_sequence(struct ast_iostream *stream, struct timeval start, int timeout); -+ -+/*! -+ * \brief Set the iostream if it can exclusively depend upon the set timeouts. -+ * -+ * \param stream iostream control data. -+ * \param exclusive_input TRUE if stream can exclusively wait for fd input. -+ * Otherwise, the stream will not wait for fd input. It will wait while -+ * trying to send data. -+ * -+ * \note The stream timeouts still need to be set. -+ * -+ * \return Nothing -+ */ -+void ast_iostream_set_exclusive_input(struct ast_iostream *stream, int exclusive_input); -+ -+int ast_iostream_get_fd(struct ast_iostream *stream); -+void ast_iostream_nonblock(struct ast_iostream *stream); -+ -+SSL* ast_iostream_get_ssl(struct ast_iostream *stream); -+ -+ssize_t ast_iostream_read(struct ast_iostream *stream, void *buf, size_t count); -+ssize_t ast_iostream_gets(struct ast_iostream *stream, char *buf, size_t count); -+ssize_t ast_iostream_discard(struct ast_iostream *stream, size_t count); -+ssize_t ast_iostream_write(struct ast_iostream *stream, const void *buf, size_t count); -+ssize_t ast_iostream_printf(struct ast_iostream *stream, const void *fmt, ...); -+ -+struct ast_iostream* ast_iostream_from_fd(int *fd); -+int ast_iostream_start_tls(struct ast_iostream **stream, SSL_CTX *ctx, int client); -+int ast_iostream_close(struct ast_iostream *stream); -+ -+#endif /* _ASTERISK_IOSTREAM_H */ -diff --git a/include/asterisk/tcptls.h b/include/asterisk/tcptls.h -index d19ec529a9..1e3a7524bf 100644 ---- a/include/asterisk/tcptls.h -+++ b/include/asterisk/tcptls.h -@@ -57,20 +57,7 @@ - - #include "asterisk/netsock2.h" - #include "asterisk/utils.h" -- --#if defined(HAVE_OPENSSL) && (defined(HAVE_FUNOPEN) || defined(HAVE_FOPENCOOKIE)) --#define DO_SSL /* comment in/out if you want to support ssl */ --#endif -- --#ifdef DO_SSL --#include <openssl/ssl.h> --#include <openssl/err.h> --#include <openssl/x509v3.h> --#else --/* declare dummy types so we can define a pointer to them */ --typedef struct {} SSL; --typedef struct {} SSL_CTX; --#endif /* DO_SSL */ -+#include "asterisk/iostream.h" - - /*! SSL support */ - #define AST_CERTFILE "asterisk.pem" -@@ -157,72 +144,10 @@ struct ast_tcptls_session_args { - struct ast_tls_config *old_tls_cfg; /*!< copy of the SSL configuration to determine whether changes have been made */ - }; - --struct ast_tcptls_stream; -- --/*! -- * \brief Disable the TCP/TLS stream timeout timer. -- * -- * \param stream TCP/TLS stream control data. -- * -- * \return Nothing -- */ --void ast_tcptls_stream_set_timeout_disable(struct ast_tcptls_stream *stream); -- --/*! -- * \brief Set the TCP/TLS stream inactivity timeout timer. -- * -- * \param stream TCP/TLS stream control data. -- * \param timeout Number of milliseconds to wait for data transfer with the peer. -- * -- * \details This is basically how much time we are willing to spend -- * in an I/O call before we declare the peer unresponsive. -- * -- * \note Setting timeout to -1 disables the timeout. -- * \note Setting this timeout replaces the I/O sequence timeout timer. -- * -- * \return Nothing -- */ --void ast_tcptls_stream_set_timeout_inactivity(struct ast_tcptls_stream *stream, int timeout); -- --/*! -- * \brief Set the TCP/TLS stream I/O sequence timeout timer. -- * -- * \param stream TCP/TLS stream control data. -- * \param start Time the I/O sequence timer starts. -- * \param timeout Number of milliseconds from the start time before timeout. -- * -- * \details This is how much time are we willing to allow the peer -- * to complete an operation that can take several I/O calls. The -- * main use is as an authentication timer with us. -- * -- * \note Setting timeout to -1 disables the timeout. -- * \note Setting this timeout replaces the inactivity timeout timer. -- * -- * \return Nothing -- */ --void ast_tcptls_stream_set_timeout_sequence(struct ast_tcptls_stream *stream, struct timeval start, int timeout); -- --/*! -- * \brief Set the TCP/TLS stream I/O if it can exclusively depend upon the set timeouts. -- * -- * \param stream TCP/TLS stream control data. -- * \param exclusive_input TRUE if stream can exclusively wait for fd input. -- * Otherwise, the stream will not wait for fd input. It will wait while -- * trying to send data. -- * -- * \note The stream timeouts still need to be set. -- * -- * \return Nothing -- */ --void ast_tcptls_stream_set_exclusive_input(struct ast_tcptls_stream *stream, int exclusive_input); -- - /*! \brief - * describes a server instance - */ - struct ast_tcptls_session_instance { -- FILE *f; /*!< fopen/funopen result */ -- int fd; /*!< the socket returned by accept() */ -- SSL *ssl; /*!< ssl state */ - int client; - struct ast_sockaddr remote_address; - struct ast_tcptls_session_args *parent; -@@ -232,20 +157,12 @@ struct ast_tcptls_session_instance { - * extra data. - */ - struct ast_str *overflow_buf; -- /*! ao2 FILE stream cookie object associated with f. */ -- struct ast_tcptls_stream *stream_cookie; -+ /*! ao2 stream object associated with this session. */ -+ struct ast_iostream *stream; - /*! ao2 object private data of parent->worker_fn */ - void *private_data; - }; - --#if defined(HAVE_FUNOPEN) --#define HOOK_T int --#define LEN_T int --#else --#define HOOK_T ssize_t --#define LEN_T size_t --#endif -- - /*! - * \brief attempts to connect and start tcptls session, on error the tcptls_session's - * ref count is decremented, fd and file are closed, and NULL is returned. -@@ -301,7 +218,4 @@ void ast_ssl_teardown(struct ast_tls_config *cfg); - */ - int ast_tls_read_conf(struct ast_tls_config *tls_cfg, struct ast_tcptls_session_args *tls_desc, const char *varname, const char *value); - --HOOK_T ast_tcptls_server_read(struct ast_tcptls_session_instance *ser, void *buf, size_t count); --HOOK_T ast_tcptls_server_write(struct ast_tcptls_session_instance *ser, const void *buf, size_t count); -- - #endif /* _ASTERISK_TCPTLS_H */ -diff --git a/main/http.c b/main/http.c -index 907f10223b..7a61249114 100644 ---- a/main/http.c -+++ b/main/http.c -@@ -451,11 +451,13 @@ void ast_http_send(struct ast_tcptls_session_instance *ser, - struct timeval now = ast_tvnow(); - struct ast_tm tm; - char timebuf[80]; -+ char buf[256]; -+ int len; - int content_length = 0; - int close_connection; - struct ast_str *server_header_field = ast_str_create(MAX_SERVER_NAME_LENGTH); - -- if (!ser || !ser->f || !server_header_field) { -+ if (!ser || !server_header_field) { - /* The connection is not open. */ - ast_free(http_header); - ast_free(out); -@@ -505,7 +507,7 @@ void ast_http_send(struct ast_tcptls_session_instance *ser, - } - - /* send http header */ -- fprintf(ser->f, -+ ast_iostream_printf(ser->stream, - "HTTP/1.1 %d %s\r\n" - "%s" - "Date: %s\r\n" -@@ -526,26 +528,16 @@ void ast_http_send(struct ast_tcptls_session_instance *ser, - /* send content */ - if (method != AST_HTTP_HEAD || status_code >= 400) { - if (out && ast_str_strlen(out)) { -- /* -- * NOTE: Because ser->f is a non-standard FILE *, fwrite() will probably not -- * behave exactly as documented. -- */ -- if (fwrite(ast_str_buffer(out), ast_str_strlen(out), 1, ser->f) != 1) { -+ len = ast_str_strlen(out); -+ if (ast_iostream_write(ser->stream, ast_str_buffer(out), len) != len) { - ast_log(LOG_ERROR, "fwrite() failed: %s\n", strerror(errno)); - close_connection = 1; - } - } - - if (fd) { -- char buf[256]; -- int len; -- - while ((len = read(fd, buf, sizeof(buf))) > 0) { -- /* -- * NOTE: Because ser->f is a non-standard FILE *, fwrite() will probably not -- * behave exactly as documented. -- */ -- if (fwrite(buf, len, 1, ser->f) != 1) { -+ if (ast_iostream_write(ser->stream, buf, len) != len) { - ast_log(LOG_WARNING, "fwrite() failed: %s\n", strerror(errno)); - close_connection = 1; - break; -@@ -577,7 +569,7 @@ void ast_http_create_response(struct ast_tcptls_session_instance *ser, int statu - ast_free(http_header_data); - ast_free(server_address); - ast_free(out); -- if (ser && ser->f) { -+ if (ser) { - ast_debug(1, "HTTP closing session. OOM.\n"); - ast_tcptls_close_session_file(ser); - } -@@ -931,14 +923,9 @@ static int http_body_read_contents(struct ast_tcptls_session_instance *ser, char - { - int res; - -- /* -- * NOTE: Because ser->f is a non-standard FILE *, fread() does not behave as -- * documented. -- */ -- -- /* Stay in fread until get all the expected data or timeout. */ -- res = fread(buf, length, 1, ser->f); -- if (res < 1) { -+ /* Stream is in exclusive mode so we get it all if possible. */ -+ res = ast_iostream_read(ser->stream, buf, length); -+ if (res < length) { - ast_log(LOG_WARNING, "Short HTTP request %s (Wanted %d)\n", - what_getting, length); - return -1; -@@ -960,28 +947,12 @@ static int http_body_read_contents(struct ast_tcptls_session_instance *ser, char - */ - static int http_body_discard_contents(struct ast_tcptls_session_instance *ser, int length, const char *what_getting) - { -- int res; -- char buf[MAX_HTTP_LINE_LENGTH];/* Discard buffer */ -- -- /* -- * NOTE: Because ser->f is a non-standard FILE *, fread() does not behave as -- * documented. -- */ -+ ssize_t res; - -- /* Stay in fread until get all the expected data or timeout. */ -- while (sizeof(buf) < length) { -- res = fread(buf, sizeof(buf), 1, ser->f); -- if (res < 1) { -- ast_log(LOG_WARNING, "Short HTTP request %s (Wanted %zu of remaining %d)\n", -- what_getting, sizeof(buf), length); -- return -1; -- } -- length -= sizeof(buf); -- } -- res = fread(buf, length, 1, ser->f); -- if (res < 1) { -- ast_log(LOG_WARNING, "Short HTTP request %s (Wanted %d of remaining %d)\n", -- what_getting, length, length); -+ res = ast_iostream_discard(ser->stream, length); -+ if (res < length) { -+ ast_log(LOG_WARNING, "Short HTTP request %s (Wanted %d but got %zd)\n", -+ what_getting, length, res); - return -1; - } - return 0; -@@ -1057,7 +1028,7 @@ static int http_body_get_chunk_length(struct ast_tcptls_session_instance *ser) - char header_line[MAX_HTTP_LINE_LENGTH]; - - /* get the line of hexadecimal giving chunk-size w/ optional chunk-extension */ -- if (!fgets(header_line, sizeof(header_line), ser->f)) { -+ if (ast_iostream_gets(ser->stream, header_line, sizeof(header_line)) <= 0) { - ast_log(LOG_WARNING, "Short HTTP read of chunked header\n"); - return -1; - } -@@ -1090,8 +1061,8 @@ static int http_body_check_chunk_sync(struct ast_tcptls_session_instance *ser) - */ - - /* Stay in fread until get the expected CRLF or timeout. */ -- res = fread(chunk_sync, sizeof(chunk_sync), 1, ser->f); -- if (res < 1) { -+ res = ast_iostream_read(ser->stream, chunk_sync, sizeof(chunk_sync)); -+ if (res < sizeof(chunk_sync)) { - ast_log(LOG_WARNING, "Short HTTP chunk sync read (Wanted %zu)\n", - sizeof(chunk_sync)); - return -1; -@@ -1120,7 +1091,7 @@ static int http_body_discard_chunk_trailer_headers(struct ast_tcptls_session_ins - char header_line[MAX_HTTP_LINE_LENGTH]; - - for (;;) { -- if (!fgets(header_line, sizeof(header_line), ser->f)) { -+ if (ast_iostream_gets(ser->stream, header_line, sizeof(header_line)) <= 0) { - ast_log(LOG_WARNING, "Short HTTP read of chunked trailer header\n"); - return -1; - } -@@ -1783,7 +1754,7 @@ static int http_request_headers_get(struct ast_tcptls_session_instance *ser, str - char *name; - char *value; - -- if (!fgets(header_line, sizeof(header_line), ser->f)) { -+ if (ast_iostream_gets(ser->stream, header_line, sizeof(header_line)) <= 0) { - ast_http_error(ser, 400, "Bad Request", "Timeout"); - return -1; - } -@@ -1857,7 +1828,7 @@ static int httpd_process_request(struct ast_tcptls_session_instance *ser) - int res; - char request_line[MAX_HTTP_LINE_LENGTH]; - -- if (!fgets(request_line, sizeof(request_line), ser->f)) { -+ if (ast_iostream_gets(ser->stream, request_line, sizeof(request_line)) <= 0) { - return -1; - } - -@@ -1941,7 +1912,7 @@ static void *httpd_helper_thread(void *data) - int flags = 1; - int timeout; - -- if (!ser || !ser->f) { -+ if (!ser) { - ao2_cleanup(ser); - return NULL; - } -@@ -1958,14 +1929,11 @@ static void *httpd_helper_thread(void *data) - * This is necessary to prevent delays (caused by buffering) as we - * write to the socket in bits and pieces. - */ -- if (setsockopt(ser->fd, IPPROTO_TCP, TCP_NODELAY, (char *) &flags, sizeof(flags)) < 0) { -+ if (setsockopt(ast_iostream_get_fd(ser->stream), IPPROTO_TCP, TCP_NODELAY, (char *) &flags, sizeof(flags)) < 0) { - ast_log(LOG_WARNING, "Failed to set TCP_NODELAY on HTTP connection: %s\n", strerror(errno)); -+ ast_log(LOG_WARNING, "Some HTTP requests may be slow to respond.\n"); - } -- -- /* make sure socket is non-blocking */ -- flags = fcntl(ser->fd, F_GETFL); -- flags |= O_NONBLOCK; -- fcntl(ser->fd, F_SETFL, flags); -+ ast_iostream_nonblock(ser->stream); - - /* Setup HTTP worker private data to keep track of request body reading. */ - ao2_cleanup(ser->private_data); -@@ -1988,23 +1956,17 @@ static void *httpd_helper_thread(void *data) - } - - /* We can let the stream wait for data to arrive. */ -- ast_tcptls_stream_set_exclusive_input(ser->stream_cookie, 1); -+ ast_iostream_set_exclusive_input(ser->stream, 1); - - for (;;) { -- int ch; -- - /* Wait for next potential HTTP request message. */ -- ast_tcptls_stream_set_timeout_inactivity(ser->stream_cookie, timeout); -- ch = fgetc(ser->f); -- if (ch == EOF || ungetc(ch, ser->f) == EOF) { -- /* Between request idle timeout */ -- ast_debug(1, "HTTP idle timeout or peer closed connection.\n"); -+ ast_iostream_set_timeout_idle_inactivity(ser->stream, timeout, session_inactivity); -+ if (httpd_process_request(ser)) { -+ /* Break the connection or the connection closed */ - break; - } -- -- ast_tcptls_stream_set_timeout_inactivity(ser->stream_cookie, session_inactivity); -- if (httpd_process_request(ser) || !ser->f || feof(ser->f)) { -- /* Break the connection or the connection closed */ -+ if (!ser->stream) { -+ /* Web-socket or similar that took the connection */ - break; - } - -@@ -2018,10 +1980,9 @@ static void *httpd_helper_thread(void *data) - done: - ast_atomic_fetchadd_int(&session_count, -1); - -- if (ser->f) { -- ast_debug(1, "HTTP closing session. Top level\n"); -- ast_tcptls_close_session_file(ser); -- } -+ ast_debug(1, "HTTP closing session. Top level\n"); -+ ast_tcptls_close_session_file(ser); -+ - ao2_ref(ser, -1); - return NULL; - } -diff --git a/main/iostream.c b/main/iostream.c -new file mode 100644 -index 0000000000..46abc18a5c ---- /dev/null -+++ b/main/iostream.c -@@ -0,0 +1,553 @@ -+/* -+ * Asterisk -- An open source telephony toolkit. -+ * -+ * Copyright (C) 1999 - 2015, Digium, Inc. -+ * -+ * Timo Teräs <timo.teras@iki.fi> -+ * -+ * See http://www.asterisk.org for more information about -+ * the Asterisk project. Please do not directly contact -+ * any of the maintainers of this project for assistance; -+ * the project provides a web site, mailing lists and IRC -+ * channels for your use. -+ * -+ * This program is free software, distributed under the terms of -+ * the GNU General Public License Version 2. See the LICENSE file -+ * at the top of the source tree. -+ */ -+ -+#include <fcntl.h> -+#include <stdarg.h> -+ -+#include "asterisk.h" -+#include "asterisk/utils.h" -+#include "asterisk/astobj2.h" -+#include "asterisk/iostream.h" -+ -+struct ast_iostream { -+ SSL *ssl; -+ struct timeval start; -+ int fd; -+ int timeout; -+ int timeout_reset; -+ int exclusive_input; -+ int rbuflen; -+ char *rbufhead; -+ char rbuf[2048]; -+}; -+ -+int ast_iostream_get_fd(struct ast_iostream *stream) -+{ -+ return stream->fd; -+} -+ -+void ast_iostream_nonblock(struct ast_iostream *stream) -+{ -+ fcntl(stream->fd, F_SETFL, fcntl(stream->fd, F_GETFL) | O_NONBLOCK); -+} -+ -+SSL *ast_iostream_get_ssl(struct ast_iostream *stream) -+{ -+ return stream->ssl; -+} -+ -+void ast_iostream_set_timeout_disable(struct ast_iostream *stream) -+{ -+ ast_assert(stream != NULL); -+ -+ stream->timeout = -1; -+ stream->timeout_reset = -1; -+} -+ -+void ast_iostream_set_timeout_inactivity(struct ast_iostream *stream, int timeout) -+{ -+ ast_assert(stream != NULL); -+ -+ stream->start.tv_sec = 0; -+ stream->timeout = timeout; -+ stream->timeout_reset = timeout; -+} -+ -+void ast_iostream_set_timeout_idle_inactivity(struct ast_iostream *stream, int timeout, int timeout_reset) -+{ -+ ast_assert(stream != NULL); -+ -+ stream->start.tv_sec = 0; -+ stream->timeout = timeout; -+ stream->timeout_reset = timeout_reset; -+} -+ -+void ast_iostream_set_timeout_sequence(struct ast_iostream *stream, struct timeval start, int timeout) -+{ -+ ast_assert(stream != NULL); -+ -+ stream->start = start; -+ stream->timeout = timeout; -+ stream->timeout_reset = timeout; -+} -+ -+void ast_iostream_set_exclusive_input(struct ast_iostream *stream, int exclusive_input) -+{ -+ ast_assert(stream != NULL); -+ -+ stream->exclusive_input = exclusive_input; -+} -+ -+static ssize_t iostream_read(struct ast_iostream *stream, void *buf, size_t size) -+{ -+ struct timeval start; -+ int ms; -+ int res; -+ -+ if (stream->start.tv_sec) { -+ start = stream->start; -+ } else { -+ start = ast_tvnow(); -+ } -+ -+#if defined(DO_SSL) -+ if (stream->ssl) { -+ for (;;) { -+ res = SSL_read(stream->ssl, buf, size); -+ if (0 < res) { -+ /* We read some payload data. */ -+ stream->timeout = stream->timeout_reset; -+ return res; -+ } -+ switch (SSL_get_error(stream->ssl, res)) { -+ case SSL_ERROR_ZERO_RETURN: -+ /* Report EOF for a shutdown */ -+ ast_debug(1, "TLS clean shutdown alert reading data\n"); -+ return 0; -+ case SSL_ERROR_WANT_READ: -+ if (!stream->exclusive_input) { -+ /* We cannot wait for data now. */ -+ errno = EAGAIN; -+ return -1; -+ } -+ while ((ms = ast_remaining_ms(start, stream->timeout))) { -+ res = ast_wait_for_input(stream->fd, ms); -+ if (0 < res) { -+ /* Socket is ready to be read. */ -+ break; -+ } -+ if (res < 0) { -+ if (errno == EINTR || errno == EAGAIN) { -+ /* Try again. */ -+ continue; -+ } -+ ast_debug(1, "TLS socket error waiting for read data: %s\n", -+ strerror(errno)); -+ return -1; -+ } -+ } -+ break; -+ case SSL_ERROR_WANT_WRITE: -+ while ((ms = ast_remaining_ms(start, stream->timeout))) { -+ res = ast_wait_for_output(stream->fd, ms); -+ if (0 < res) { -+ /* Socket is ready to be written. */ -+ break; -+ } -+ if (res < 0) { -+ if (errno == EINTR || errno == EAGAIN) { -+ /* Try again. */ -+ continue; -+ } -+ ast_debug(1, "TLS socket error waiting for write space: %s\n", -+ strerror(errno)); -+ return -1; -+ } -+ } -+ break; -+ default: -+ /* Report EOF for an undecoded SSL or transport error. */ -+ ast_debug(1, "TLS transport or SSL error reading data\n"); -+ return 0; -+ } -+ if (!ms) { -+ /* Report EOF for a timeout */ -+ ast_debug(1, "TLS timeout reading data\n"); -+ return 0; -+ } -+ } -+ } -+#endif /* defined(DO_SSL) */ -+ -+ for (;;) { -+ res = read(stream->fd, buf, size); -+ if (0 <= res) { -+ /* Got data or we cannot wait for it. */ -+ stream->timeout = stream->timeout_reset; -+ return res; -+ } -+ if (!stream->exclusive_input) { -+ return res; -+ } -+ if (errno != EINTR && errno != EAGAIN) { -+ /* Not a retryable error. */ -+ ast_debug(1, "TCP socket error reading data: %s\n", -+ strerror(errno)); -+ return -1; -+ } -+ ms = ast_remaining_ms(start, stream->timeout); -+ if (!ms) { -+ /* Report EOF for a timeout */ -+ ast_debug(1, "TCP timeout reading data\n"); -+ return 0; -+ } -+ ast_wait_for_input(stream->fd, ms); -+ } -+} -+ -+ssize_t ast_iostream_read(struct ast_iostream *stream, void *buf, size_t size) -+{ -+ if (!size) { -+ /* You asked for no data you got no data. */ -+ return 0; -+ } -+ -+ if (!stream || stream->fd == -1) { -+ errno = EBADF; -+ return -1; -+ } -+ -+ /* Get any remains from the read buffer */ -+ if (stream->rbuflen) { -+ size_t r = size; -+ if (r > stream->rbuflen) { -+ r = stream->rbuflen; -+ } -+ memcpy(buf, stream->rbufhead, r); -+ stream->rbuflen -= r; -+ stream->rbufhead += r; -+ return r; -+ } -+ -+ return iostream_read(stream, buf, size); -+} -+ -+ssize_t ast_iostream_gets(struct ast_iostream *stream, char *buf, size_t count) -+{ -+ ssize_t r; -+ char *newline; -+ -+ do { -+ /* Search for newline */ -+ newline = memchr(stream->rbufhead, '\n', stream->rbuflen); -+ if (newline) { -+ r = newline - stream->rbufhead + 1; -+ if (r > count-1) { -+ r = count-1; -+ } -+ break; -+ } -+ -+ /* Enough data? */ -+ if (stream->rbuflen >= count - 1) { -+ r = count - 1; -+ break; -+ } -+ -+ /* Try to fill in line buffer */ -+ if (stream->rbuflen && stream->rbuf != stream->rbufhead) { -+ memmove(&stream->rbuf, stream->rbufhead, stream->rbuflen); -+ } -+ stream->rbufhead = stream->rbuf; -+ -+ r = iostream_read(stream, stream->rbufhead + stream->rbuflen, sizeof(stream->rbuf) - stream->rbuflen); -+ if (r <= 0) { -+ return r; -+ } -+ stream->rbuflen += r; -+ } while (1); -+ -+ /* Return r bytes with termination byte */ -+ memcpy(buf, stream->rbufhead, r); -+ buf[r] = 0; -+ stream->rbuflen -= r; -+ stream->rbufhead += r; -+ -+ return r; -+} -+ -+ssize_t ast_iostream_discard(struct ast_iostream *stream, size_t size) -+{ -+ char buf[1024]; -+ size_t remaining = size; -+ ssize_t ret; -+ -+ while (remaining) { -+ ret = ast_iostream_read(stream, buf, remaining > sizeof(buf) ? sizeof(buf) : remaining); -+ if (ret < 0) { -+ return ret; -+ } -+ remaining -= ret; -+ } -+ -+ return size; -+} -+ -+ssize_t ast_iostream_write(struct ast_iostream *stream, const void *buf, size_t size) -+{ -+ struct timeval start; -+ int ms; -+ int res; -+ int written; -+ int remaining; -+ -+ if (!size) { -+ /* You asked to write no data you wrote no data. */ -+ return 0; -+ } -+ -+ if (!stream || stream->fd == -1) { -+ errno = EBADF; -+ return -1; -+ } -+ -+ if (stream->start.tv_sec) { -+ start = stream->start; -+ } else { -+ start = ast_tvnow(); -+ } -+ -+#if defined(DO_SSL) -+ if (stream->ssl) { -+ written = 0; -+ remaining = size; -+ for (;;) { -+ res = SSL_write(stream->ssl, buf + written, remaining); -+ if (res == remaining) { -+ /* Everything was written. */ -+ return size; -+ } -+ if (0 < res) { -+ /* Successfully wrote part of the buffer. Try to write the rest. */ -+ written += res; -+ remaining -= res; -+ continue; -+ } -+ switch (SSL_get_error(stream->ssl, res)) { -+ case SSL_ERROR_ZERO_RETURN: -+ ast_debug(1, "TLS clean shutdown alert writing data\n"); -+ if (written) { -+ /* Report partial write. */ -+ return written; -+ } -+ errno = EBADF; -+ return -1; -+ case SSL_ERROR_WANT_READ: -+ ms = ast_remaining_ms(start, stream->timeout); -+ if (!ms) { -+ /* Report partial write. */ -+ ast_debug(1, "TLS timeout writing data (want read)\n"); -+ return written; -+ } -+ ast_wait_for_input(stream->fd, ms); -+ break; -+ case SSL_ERROR_WANT_WRITE: -+ ms = ast_remaining_ms(start, stream->timeout); -+ if (!ms) { -+ /* Report partial write. */ -+ ast_debug(1, "TLS timeout writing data (want write)\n"); -+ return written; -+ } -+ ast_wait_for_output(stream->fd, ms); -+ break; -+ default: -+ /* Undecoded SSL or transport error. */ -+ ast_debug(1, "TLS transport or SSL error writing data\n"); -+ if (written) { -+ /* Report partial write. */ -+ return written; -+ } -+ errno = EBADF; -+ return -1; -+ } -+ } -+ } -+#endif /* defined(DO_SSL) */ -+ -+ written = 0; -+ remaining = size; -+ for (;;) { -+ res = write(stream->fd, buf + written, remaining); -+ if (res == remaining) { -+ /* Yay everything was written. */ -+ return size; -+ } -+ if (0 < res) { -+ /* Successfully wrote part of the buffer. Try to write the rest. */ -+ written += res; -+ remaining -= res; -+ continue; -+ } -+ if (errno != EINTR && errno != EAGAIN) { -+ /* Not a retryable error. */ -+ ast_debug(1, "TCP socket error writing: %s\n", strerror(errno)); -+ if (written) { -+ return written; -+ } -+ return -1; -+ } -+ ms = ast_remaining_ms(start, stream->timeout); -+ if (!ms) { -+ /* Report partial write. */ -+ ast_debug(1, "TCP timeout writing data\n"); -+ return written; -+ } -+ ast_wait_for_output(stream->fd, ms); -+ } -+} -+ -+ssize_t ast_iostream_printf(struct ast_iostream *stream, const void *fmt, ...) -+{ -+ char sbuf[256], *buf = sbuf; -+ int len, len2, ret = -1; -+ va_list va; -+ -+ va_start(va, fmt); -+ len = vsnprintf(buf, sizeof(sbuf), fmt, va); -+ va_end(va); -+ -+ if (len > sizeof(sbuf)) { -+ buf = ast_malloc(len); -+ if (!buf) { -+ return -1; -+ } -+ va_start(va, fmt); -+ len2 = vsnprintf(buf, len, fmt, va); -+ va_end(va); -+ if (len2 > len) { -+ goto error; -+ } -+ } -+ -+ if (ast_iostream_write(stream, buf, len) == len) -+ ret = len; -+ -+error: -+ if (buf != sbuf) { -+ ast_free(buf); -+ } -+ -+ return ret; -+} -+ -+int ast_iostream_close(struct ast_iostream *stream) -+{ -+ if (!stream) { -+ errno = EBADF; -+ return -1; -+ } -+ -+ if (stream->fd != -1) { -+#if defined(DO_SSL) -+ if (stream->ssl) { -+ int res; -+ -+ /* -+ * According to the TLS standard, it is acceptable for an -+ * application to only send its shutdown alert and then -+ * close the underlying connection without waiting for -+ * the peer's response (this way resources can be saved, -+ * as the process can already terminate or serve another -+ * connection). -+ */ -+ res = SSL_shutdown(stream->ssl); -+ if (res < 0) { -+ ast_log(LOG_ERROR, "SSL_shutdown() failed: %d\n", -+ SSL_get_error(stream->ssl, res)); -+ } -+ -+ if (!stream->ssl->server) { -+ /* For client threads, ensure that the error stack is cleared */ -+ ERR_remove_state(0); -+ } -+ -+ SSL_free(stream->ssl); -+ stream->ssl = NULL; -+ } -+#endif /* defined(DO_SSL) */ -+ -+ /* -+ * Issuing shutdown() is necessary here to avoid a race -+ * condition where the last data written may not appear -+ * in the TCP stream. See ASTERISK-23548 -+ */ -+ shutdown(stream->fd, SHUT_RDWR); -+ if (close(stream->fd)) { -+ ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno)); -+ } -+ stream->fd = -1; -+ } -+ ao2_t_ref(stream, -1, "Closed ast_iostream"); -+ -+ return 0; -+} -+ -+static void iostream_dtor(void *cookie) -+{ -+#ifdef AST_DEVMODE -+ /* Since the ast_assert below is the only one using stream, -+ * and ast_assert is only available with AST_DEVMODE, we -+ * put this in a conditional to avoid compiler warnings. */ -+ struct ast_iostream *stream = cookie; -+#endif -+ -+ ast_assert(stream->fd == -1); -+} -+ -+struct ast_iostream *ast_iostream_from_fd(int *fd) -+{ -+ struct ast_iostream *stream; -+ -+ stream = ao2_alloc_options(sizeof(*stream), iostream_dtor, -+ AO2_ALLOC_OPT_LOCK_NOLOCK); -+ if (stream) { -+ stream->timeout = -1; -+ stream->timeout_reset = -1; -+ stream->fd = *fd; -+ *fd = -1; -+ } -+ -+ return stream; -+} -+ -+int ast_iostream_start_tls(struct ast_iostream **pstream, SSL_CTX *ssl_ctx, int client) -+{ -+#ifdef DO_SSL -+ struct ast_iostream *stream = *pstream; -+ int (*ssl_setup)(SSL *) = client ? SSL_connect : SSL_accept; -+ char err[256]; -+ -+ stream->ssl = SSL_new(ssl_ctx); -+ if (!stream->ssl) { -+ ast_log(LOG_ERROR, "Unable to create new SSL connection\n"); -+ errno = ENOMEM; -+ return -1; -+ } -+ -+ /* -+ * This function takes struct ast_iostream **, so it can chain -+ * SSL over any ast_iostream. For now we assume it's a file descriptor. -+ * But later this should instead use BIO wrapper to tie SSL to another -+ * ast_iostream. -+ */ -+ SSL_set_fd(stream->ssl, stream->fd); -+ -+ if (ssl_setup(stream->ssl) <= 0) { -+ ast_log(LOG_ERROR, "Problem setting up ssl connection: %s\n", -+ ERR_error_string(ERR_get_error(), err)); -+ errno = EIO; -+ return -1; -+ } -+ -+ return 0; -+#else -+ ast_log(LOG_ERROR, "SSL not enabled in this build\n"); -+ errno = ENOTSUP; -+ return -1; -+#endif -+} -diff --git a/main/manager.c b/main/manager.c -index 80d9659ef8..4d864235bb 100644 ---- a/main/manager.c -+++ b/main/manager.c -@@ -1551,8 +1551,7 @@ static void acl_change_stasis_unsubscribe(void) - struct mansession_session { - /*! \todo XXX need to document which fields it is protecting */ - struct ast_sockaddr addr; /*!< address we are connecting from */ -- FILE *f; /*!< fdopen() on the underlying fd */ -- int fd; /*!< descriptor used for output. Either the socket (AMI) or a temporary file (HTTP) */ -+ struct ast_iostream *stream; /*!< AMI stream */ - int inuse; /*!< number of HTTP sessions using this entry */ - int needdestroy; /*!< Whether an HTTP session should be destroyed */ - pthread_t waiting_thread; /*!< Sleeping thread using this descriptor */ -@@ -1594,9 +1593,8 @@ enum mansession_message_parsing { - */ - struct mansession { - struct mansession_session *session; -+ struct ast_iostream *stream; - struct ast_tcptls_session_instance *tcptls_session; -- FILE *f; -- int fd; - enum mansession_message_parsing parsing; - int write_error:1; - struct manager_custom_hook *hook; -@@ -2168,10 +2166,6 @@ static void session_destructor(void *obj) - ast_datastore_free(datastore); - } - -- if (session->f != NULL) { -- fflush(session->f); -- fclose(session->f); -- } - if (eqe) { - ast_atomic_fetchadd_int(&eqe->usecount, -1); - } -@@ -2206,7 +2200,6 @@ static struct mansession_session *build_mansession(const struct ast_sockaddr *ad - return NULL; - } - -- newsession->fd = -1; - newsession->waiting_thread = AST_PTHREADT_NULL; - newsession->writetimeout = 100; - newsession->send_events = -1; -@@ -2619,7 +2612,7 @@ static char *handle_showmanconn(struct ast_cli_entry *e, int cmd, struct ast_cli - ast_sockaddr_stringify_addr(&session->addr), - (int) (session->sessionstart), - (int) (now - session->sessionstart), -- session->fd, -+ session->stream ? ast_iostream_get_fd(session->stream) : -1, - session->inuse, - session->readperm, - session->writeperm); -@@ -2891,7 +2884,6 @@ int ast_hook_send_action(struct manager_custom_hook *hook, const char *msg) - * This is necessary to meet the previous design of manager.c - */ - s.hook = hook; -- s.f = (void*)1; /* set this to something so our request will make it through all functions that test it*/ - - ao2_lock(act_found); - if (act_found->registered && act_found->func) { -@@ -2922,9 +2914,8 @@ int ast_hook_send_action(struct manager_custom_hook *hook, const char *msg) - */ - static int send_string(struct mansession *s, char *string) - { -- int res; -- FILE *f = s->f ? s->f : s->session->f; -- int fd = s->f ? s->fd : s->session->fd; -+ struct ast_iostream *stream = s->stream ? s->stream : s->session->stream; -+ int len, res; - - /* It's a result from one of the hook's action invocation */ - if (s->hook) { -@@ -2936,7 +2927,12 @@ static int send_string(struct mansession *s, char *string) - return 0; - } - -- if ((res = ast_careful_fwrite(f, fd, string, strlen(string), s->session->writetimeout))) { -+ len = strlen(string); -+ ast_iostream_set_timeout_inactivity(stream, s->session->writetimeout); -+ res = ast_iostream_write(stream, string, len); -+ ast_iostream_set_timeout_disable(stream); -+ -+ if (res < len) { - s->write_error = 1; - } - -@@ -2977,10 +2973,10 @@ void astman_append(struct mansession *s, const char *fmt, ...) - return; - } - -- if (s->f != NULL || s->session->f != NULL) { -+ if (s->tcptls_session != NULL && s->tcptls_session->stream != NULL) { - send_string(s, ast_str_buffer(buf)); - } else { -- ast_verbose("fd == -1 in astman_append, should not happen\n"); -+ ast_verbose("No connection stream in astman_append, should not happen\n"); - } - } - -@@ -4121,7 +4117,7 @@ static int action_waitevent(struct mansession *s, const struct message *m) - break; - } - if (s->session->managerid == 0) { /* AMI session */ -- if (ast_wait_for_input(s->session->fd, 1000)) { -+ if (ast_wait_for_input(ast_iostream_get_fd(s->session->stream), 1000)) { - break; - } - } else { /* HTTP session */ -@@ -5936,7 +5932,7 @@ static int process_events(struct mansession *s) - int ret = 0; - - ao2_lock(s->session); -- if (s->session->f != NULL) { -+ if (s->session->stream != NULL) { - struct eventqent *eqe = s->session->last_ev; - - while ((eqe = advance_event(eqe))) { -@@ -6478,7 +6474,7 @@ static int get_input(struct mansession *s, char *output) - s->session->waiting_thread = pthread_self(); - ao2_unlock(s->session); - -- res = ast_wait_for_input(s->session->fd, timeout); -+ res = ast_wait_for_input(ast_iostream_get_fd(s->session->stream), timeout); - - ao2_lock(s->session); - s->session->waiting_thread = AST_PTHREADT_NULL; -@@ -6496,13 +6492,7 @@ static int get_input(struct mansession *s, char *output) - } - - ao2_lock(s->session); -- /* -- * It is worth noting here that you can all but ignore fread()'s documentation -- * for the purposes of this call. The FILE * we are working with here was created -- * as a result of a call to fopencookie() (or equivalent) in tcptls.c, and as such -- * the behavior of fread() is not as documented. Frankly, I think this is gross. -- */ -- res = fread(src + s->session->inlen, 1, maxlen - s->session->inlen, s->session->f); -+ res = ast_iostream_read(s->session->stream, src + s->session->inlen, maxlen - s->session->inlen); - if (res < 1) { - res = -1; /* error return */ - } else { -@@ -6640,7 +6630,7 @@ static void *session_do(void *data) - struct ast_sockaddr ser_remote_address_tmp; - - if (ast_atomic_fetchadd_int(&unauth_sessions, +1) >= authlimit) { -- fclose(ser->f); -+ ast_iostream_close(ser->stream); - ast_atomic_fetchadd_int(&unauth_sessions, -1); - goto done; - } -@@ -6649,7 +6639,7 @@ static void *session_do(void *data) - session = build_mansession(&ser_remote_address_tmp); - - if (session == NULL) { -- fclose(ser->f); -+ ast_iostream_close(ser->stream); - ast_atomic_fetchadd_int(&unauth_sessions, -1); - goto done; - } -@@ -6657,14 +6647,10 @@ static void *session_do(void *data) - /* here we set TCP_NODELAY on the socket to disable Nagle's algorithm. - * This is necessary to prevent delays (caused by buffering) as we - * write to the socket in bits and pieces. */ -- if (setsockopt(ser->fd, IPPROTO_TCP, TCP_NODELAY, (char *) &flags, sizeof(flags)) < 0) { -+ if (setsockopt(ast_iostream_get_fd(ser->stream), IPPROTO_TCP, TCP_NODELAY, (char *) &flags, sizeof(flags)) < 0) { - ast_log(LOG_WARNING, "Failed to set TCP_NODELAY on manager connection: %s\n", strerror(errno)); - } -- -- /* make sure socket is non-blocking */ -- flags = fcntl(ser->fd, F_GETFL); -- flags |= O_NONBLOCK; -- fcntl(ser->fd, F_SETFL, flags); -+ ast_iostream_nonblock(ser->stream); - - ao2_lock(session); - /* Hook to the tail of the event queue */ -@@ -6673,8 +6659,7 @@ static void *session_do(void *data) - ast_mutex_init(&s.lock); - - /* these fields duplicate those in the 'ser' structure */ -- session->fd = s.fd = ser->fd; -- session->f = s.f = ser->f; -+ session->stream = s.stream = ser->stream; - ast_sockaddr_copy(&session->addr, &ser_remote_address_tmp); - s.session = session; - -@@ -6693,9 +6678,9 @@ static void *session_do(void *data) - * We cannot let the stream exclusively wait for data to arrive. - * We have to wake up the task to send async events. - */ -- ast_tcptls_stream_set_exclusive_input(ser->stream_cookie, 0); -+ ast_iostream_set_exclusive_input(ser->stream, 0); - -- ast_tcptls_stream_set_timeout_sequence(ser->stream_cookie, -+ ast_iostream_set_timeout_sequence(ser->stream, - ast_tvnow(), authtimeout * 1000); - - astman_append(&s, "Asterisk Call Manager/%s\r\n", AMI_VERSION); /* welcome prompt */ -@@ -6704,7 +6689,7 @@ static void *session_do(void *data) - break; - } - if (session->authenticated) { -- ast_tcptls_stream_set_timeout_disable(ser->stream_cookie); -+ ast_iostream_set_timeout_disable(ser->stream); - } - } - /* session is over, explain why and terminate */ -@@ -7564,23 +7549,9 @@ static void xml_translate(struct ast_str **out, char *in, struct ast_variable *g - - static void close_mansession_file(struct mansession *s) - { -- if (s->f) { -- if (fclose(s->f)) { -- ast_log(LOG_ERROR, "fclose() failed: %s\n", strerror(errno)); -- } -- s->f = NULL; -- s->fd = -1; -- } else if (s->fd != -1) { -- /* -- * Issuing shutdown() is necessary here to avoid a race -- * condition where the last data written may not appear -- * in the TCP stream. See ASTERISK-23548 -- */ -- shutdown(s->fd, SHUT_RDWR); -- if (close(s->fd)) { -- ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno)); -- } -- s->fd = -1; -+ if (s->stream) { -+ ast_iostream_close(s->stream); -+ s->stream = NULL; - } else { - ast_log(LOG_ERROR, "Attempted to close file/file descriptor on mansession without a valid file or file descriptor.\n"); - } -@@ -7589,17 +7560,20 @@ static void close_mansession_file(struct mansession *s) - static void process_output(struct mansession *s, struct ast_str **out, struct ast_variable *params, enum output_format format) - { - char *buf; -- size_t l; -+ off_t l; -+ int fd; - -- if (!s->f) -+ if (!s->stream) - return; - - /* Ensure buffer is NULL-terminated */ -- fprintf(s->f, "%c", 0); -- fflush(s->f); -+ ast_iostream_write(s->stream, "", 1); -+ -+ fd = ast_iostream_get_fd(s->stream); - -- if ((l = ftell(s->f)) > 0) { -- if (MAP_FAILED == (buf = mmap(NULL, l, PROT_READ | PROT_WRITE, MAP_PRIVATE, s->fd, 0))) { -+ l = lseek(fd, SEEK_CUR, 0); -+ if (l > 0) { -+ if (MAP_FAILED == (buf = mmap(NULL, l, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0))) { - ast_log(LOG_WARNING, "mmap failed. Manager output was not processed\n"); - } else { - if (format == FORMAT_XML || format == FORMAT_HTML) { -@@ -7626,6 +7600,7 @@ static int generic_http_callback(struct ast_tcptls_session_instance *ser, - struct mansession s = { .session = NULL, .tcptls_session = ser }; - struct mansession_session *session = NULL; - uint32_t ident; -+ int fd; - int blastaway = 0; - struct ast_variable *v; - struct ast_variable *params = get_params; -@@ -7681,17 +7656,17 @@ static int generic_http_callback(struct ast_tcptls_session_instance *ser, - } - - s.session = session; -- s.fd = mkstemp(template); /* create a temporary file for command output */ -+ fd = mkstemp(template); /* create a temporary file for command output */ - unlink(template); -- if (s.fd <= -1) { -+ if (fd <= -1) { - ast_http_error(ser, 500, "Server Error", "Internal Server Error (mkstemp failed)"); - goto generic_callback_out; - } -- s.f = fdopen(s.fd, "w+"); -- if (!s.f) { -+ s.stream = ast_iostream_from_fd(&fd); -+ if (!s.stream) { - ast_log(LOG_WARNING, "HTTP Manager, fdopen failed: %s!\n", strerror(errno)); - ast_http_error(ser, 500, "Server Error", "Internal Server Error (fdopen failed)"); -- close(s.fd); -+ close(fd); - goto generic_callback_out; - } - -@@ -7831,9 +7806,9 @@ generic_callback_out: - if (blastaway) { - session_destroy(session); - } else { -- if (session->f) { -- fclose(session->f); -- session->f = NULL; -+ if (session->stream) { -+ ast_iostream_close(session->stream); -+ session->stream = NULL; - } - unref_mansession(session); - } -@@ -7858,6 +7833,7 @@ static int auth_http_callback(struct ast_tcptls_session_instance *ser, - struct message m = { 0 }; - unsigned int idx; - size_t hdrlen; -+ int fd; - - time_t time_now = time(NULL); - unsigned long nonce = 0, nc; -@@ -8036,17 +8012,17 @@ static int auth_http_callback(struct ast_tcptls_session_instance *ser, - - ast_mutex_init(&s.lock); - s.session = session; -- s.fd = mkstemp(template); /* create a temporary file for command output */ -+ fd = mkstemp(template); /* create a temporary file for command output */ - unlink(template); -- if (s.fd <= -1) { -+ if (fd <= -1) { - ast_http_error(ser, 500, "Server Error", "Internal Server Error (mkstemp failed)"); - goto auth_callback_out; - } -- s.f = fdopen(s.fd, "w+"); -- if (!s.f) { -+ s.stream = ast_iostream_from_fd(&fd); -+ if (!s.stream) { - ast_log(LOG_WARNING, "HTTP Manager, fdopen failed: %s!\n", strerror(errno)); - ast_http_error(ser, 500, "Server Error", "Internal Server Error (fdopen failed)"); -- close(s.fd); -+ close(fd); - goto auth_callback_out; - } - -@@ -8097,7 +8073,7 @@ static int auth_http_callback(struct ast_tcptls_session_instance *ser, - m.headers[idx] = NULL; - } - -- result_size = ftell(s.f); /* Calculate approx. size of result */ -+ result_size = lseek(ast_iostream_get_fd(s.stream), SEEK_CUR, 0); /* Calculate approx. size of result */ - - http_header = ast_str_create(80); - out = ast_str_create(result_size * 2 + 512); -@@ -8149,11 +8125,10 @@ auth_callback_out: - ast_free(out); - - ao2_lock(session); -- if (session->f) { -- fclose(session->f); -+ if (session->stream) { -+ ast_iostream_close(session->stream); -+ session->stream = NULL; - } -- session->f = NULL; -- session->fd = -1; - ao2_unlock(session); - - if (session->needdestroy) { -diff --git a/main/tcptls.c b/main/tcptls.c -index 8e50a0c8e9..ca9a447868 100644 ---- a/main/tcptls.c -+++ b/main/tcptls.c -@@ -51,559 +51,13 @@ ASTERISK_REGISTER_FILE() - #include "asterisk/pbx.h" - #include "asterisk/app.h" - --/*! ao2 object used for the FILE stream fopencookie()/funopen() cookie. */ --struct ast_tcptls_stream { -- /*! SSL state if not NULL */ -- SSL *ssl; -- /*! -- * \brief Start time from when an I/O sequence must complete -- * by struct ast_tcptls_stream.timeout. -- * -- * \note If struct ast_tcptls_stream.start.tv_sec is zero then -- * start time is the current I/O request. -- */ -- struct timeval start; -- /*! -- * \brief The socket returned by accept(). -- * -- * \note Set to -1 if the stream is closed. -- */ -- int fd; -- /*! -- * \brief Timeout in ms relative to struct ast_tcptls_stream.start -- * to wait for an event on struct ast_tcptls_stream.fd. -- * -- * \note Set to -1 to disable timeout. -- * \note The socket needs to be set to non-blocking for the timeout -- * feature to work correctly. -- */ -- int timeout; -- /*! TRUE if stream can exclusively wait for fd input. */ -- int exclusive_input; --}; -- --#if defined(DO_SSL) --AST_THREADSTORAGE(err2str_threadbuf); --#define ERR2STR_BUFSIZE 128 -- --static const char *ssl_error_to_string(int sslerr, int ret) --{ -- switch (sslerr) { -- case SSL_ERROR_SSL: -- return "Internal SSL error"; -- case SSL_ERROR_SYSCALL: -- if (!ret) { -- return "System call EOF"; -- } else if (ret == -1) { -- char *buf; -- -- buf = ast_threadstorage_get(&err2str_threadbuf, ERR2STR_BUFSIZE); -- if (!buf) { -- return "Unknown"; -- } -- -- snprintf(buf, ERR2STR_BUFSIZE, "Underlying BIO error: %s", strerror(errno)); -- return buf; -- } else { -- return "System call other"; -- } -- default: -- break; -- } -- -- return "Unknown"; --} --#endif -- --void ast_tcptls_stream_set_timeout_disable(struct ast_tcptls_stream *stream) --{ -- ast_assert(stream != NULL); -- -- stream->timeout = -1; --} -- --void ast_tcptls_stream_set_timeout_inactivity(struct ast_tcptls_stream *stream, int timeout) --{ -- ast_assert(stream != NULL); -- -- stream->start.tv_sec = 0; -- stream->timeout = timeout; --} -- --void ast_tcptls_stream_set_timeout_sequence(struct ast_tcptls_stream *stream, struct timeval start, int timeout) --{ -- ast_assert(stream != NULL); -- -- stream->start = start; -- stream->timeout = timeout; --} -- --void ast_tcptls_stream_set_exclusive_input(struct ast_tcptls_stream *stream, int exclusive_input) --{ -- ast_assert(stream != NULL); -- -- stream->exclusive_input = exclusive_input; --} -- --/*! -- * \internal -- * \brief fopencookie()/funopen() stream read function. -- * -- * \param cookie Stream control data. -- * \param buf Where to put read data. -- * \param size Size of the buffer. -- * -- * \retval number of bytes put into buf. -- * \retval 0 on end of file. -- * \retval -1 on error. -- */ --static HOOK_T tcptls_stream_read(void *cookie, char *buf, LEN_T size) --{ -- struct ast_tcptls_stream *stream = cookie; -- struct timeval start; -- int ms; -- int res; -- -- if (!size) { -- /* You asked for no data you got no data. */ -- return 0; -- } -- -- if (!stream || stream->fd == -1) { -- errno = EBADF; -- return -1; -- } -- -- if (stream->start.tv_sec) { -- start = stream->start; -- } else { -- start = ast_tvnow(); -- } -- --#if defined(DO_SSL) -- if (stream->ssl) { -- for (;;) { -- int sslerr; -- char err[256]; -- -- res = SSL_read(stream->ssl, buf, size); -- if (0 < res) { -- /* We read some payload data. */ -- return res; -- } -- -- sslerr = SSL_get_error(stream->ssl, res); -- switch (sslerr) { -- case SSL_ERROR_ZERO_RETURN: -- /* Report EOF for a shutdown */ -- ast_debug(1, "TLS clean shutdown alert reading data\n"); -- return 0; -- case SSL_ERROR_WANT_READ: -- if (!stream->exclusive_input) { -- /* We cannot wait for data now. */ -- errno = EAGAIN; -- return -1; -- } -- while ((ms = ast_remaining_ms(start, stream->timeout))) { -- res = ast_wait_for_input(stream->fd, ms); -- if (0 < res) { -- /* Socket is ready to be read. */ -- break; -- } -- if (res < 0) { -- if (errno == EINTR || errno == EAGAIN) { -- /* Try again. */ -- continue; -- } -- ast_debug(1, "TLS socket error waiting for read data: %s\n", -- strerror(errno)); -- return -1; -- } -- } -- break; -- case SSL_ERROR_WANT_WRITE: -- while ((ms = ast_remaining_ms(start, stream->timeout))) { -- res = ast_wait_for_output(stream->fd, ms); -- if (0 < res) { -- /* Socket is ready to be written. */ -- break; -- } -- if (res < 0) { -- if (errno == EINTR || errno == EAGAIN) { -- /* Try again. */ -- continue; -- } -- ast_debug(1, "TLS socket error waiting for write space: %s\n", -- strerror(errno)); -- return -1; -- } -- } -- break; -- default: -- /* Report EOF for an undecoded SSL or transport error. */ -- ast_debug(1, "TLS transport or SSL error reading data: %s, %s\n", ERR_error_string(sslerr, err), -- ssl_error_to_string(sslerr, res)); -- return 0; -- } -- if (!ms) { -- /* Report EOF for a timeout */ -- ast_debug(1, "TLS timeout reading data\n"); -- return 0; -- } -- } -- } --#endif /* defined(DO_SSL) */ -- -- for (;;) { -- res = read(stream->fd, buf, size); -- if (0 <= res || !stream->exclusive_input) { -- /* Got data or we cannot wait for it. */ -- return res; -- } -- if (errno != EINTR && errno != EAGAIN) { -- /* Not a retryable error. */ -- ast_debug(1, "TCP socket error reading data: %s\n", -- strerror(errno)); -- return -1; -- } -- ms = ast_remaining_ms(start, stream->timeout); -- if (!ms) { -- /* Report EOF for a timeout */ -- ast_debug(1, "TCP timeout reading data\n"); -- return 0; -- } -- ast_wait_for_input(stream->fd, ms); -- } --} -- --/*! -- * \internal -- * \brief fopencookie()/funopen() stream write function. -- * -- * \param cookie Stream control data. -- * \param buf Where to get data to write. -- * \param size Size of the buffer. -- * -- * \retval number of bytes written from buf. -- * \retval -1 on error. -- */ --static HOOK_T tcptls_stream_write(void *cookie, const char *buf, LEN_T size) --{ -- struct ast_tcptls_stream *stream = cookie; -- struct timeval start; -- int ms; -- int res; -- int written; -- int remaining; -- -- if (!size) { -- /* You asked to write no data you wrote no data. */ -- return 0; -- } -- -- if (!stream || stream->fd == -1) { -- errno = EBADF; -- return -1; -- } -- -- if (stream->start.tv_sec) { -- start = stream->start; -- } else { -- start = ast_tvnow(); -- } -- --#if defined(DO_SSL) -- if (stream->ssl) { -- written = 0; -- remaining = size; -- for (;;) { -- int sslerr; -- char err[256]; -- -- res = SSL_write(stream->ssl, buf + written, remaining); -- if (res == remaining) { -- /* Everything was written. */ -- return size; -- } -- if (0 < res) { -- /* Successfully wrote part of the buffer. Try to write the rest. */ -- written += res; -- remaining -= res; -- continue; -- } -- sslerr = SSL_get_error(stream->ssl, res); -- switch (sslerr) { -- case SSL_ERROR_ZERO_RETURN: -- ast_debug(1, "TLS clean shutdown alert writing data\n"); -- if (written) { -- /* Report partial write. */ -- return written; -- } -- errno = EBADF; -- return -1; -- case SSL_ERROR_WANT_READ: -- ms = ast_remaining_ms(start, stream->timeout); -- if (!ms) { -- /* Report partial write. */ -- ast_debug(1, "TLS timeout writing data (want read)\n"); -- return written; -- } -- ast_wait_for_input(stream->fd, ms); -- break; -- case SSL_ERROR_WANT_WRITE: -- ms = ast_remaining_ms(start, stream->timeout); -- if (!ms) { -- /* Report partial write. */ -- ast_debug(1, "TLS timeout writing data (want write)\n"); -- return written; -- } -- ast_wait_for_output(stream->fd, ms); -- break; -- default: -- /* Undecoded SSL or transport error. */ -- ast_debug(1, "TLS transport or SSL error writing data: %s, %s\n", ERR_error_string(sslerr, err), -- ssl_error_to_string(sslerr, res)); -- if (written) { -- /* Report partial write. */ -- return written; -- } -- errno = EBADF; -- return -1; -- } -- } -- } --#endif /* defined(DO_SSL) */ -- -- written = 0; -- remaining = size; -- for (;;) { -- res = write(stream->fd, buf + written, remaining); -- if (res == remaining) { -- /* Yay everything was written. */ -- return size; -- } -- if (0 < res) { -- /* Successfully wrote part of the buffer. Try to write the rest. */ -- written += res; -- remaining -= res; -- continue; -- } -- if (errno != EINTR && errno != EAGAIN) { -- /* Not a retryable error. */ -- ast_debug(1, "TCP socket error writing: %s\n", strerror(errno)); -- if (written) { -- return written; -- } -- return -1; -- } -- ms = ast_remaining_ms(start, stream->timeout); -- if (!ms) { -- /* Report partial write. */ -- ast_debug(1, "TCP timeout writing data\n"); -- return written; -- } -- ast_wait_for_output(stream->fd, ms); -- } --} -- --/*! -- * \internal -- * \brief fopencookie()/funopen() stream close function. -- * -- * \param cookie Stream control data. -- * -- * \retval 0 on success. -- * \retval -1 on error. -- */ --static int tcptls_stream_close(void *cookie) --{ -- struct ast_tcptls_stream *stream = cookie; -- -- if (!stream) { -- errno = EBADF; -- return -1; -- } -- -- if (stream->fd != -1) { --#if defined(DO_SSL) -- if (stream->ssl) { -- int res; -- -- /* -- * According to the TLS standard, it is acceptable for an -- * application to only send its shutdown alert and then -- * close the underlying connection without waiting for -- * the peer's response (this way resources can be saved, -- * as the process can already terminate or serve another -- * connection). -- */ -- res = SSL_shutdown(stream->ssl); -- if (res < 0) { -- int sslerr = SSL_get_error(stream->ssl, res); -- char err[256]; -- -- ast_log(LOG_ERROR, "SSL_shutdown() failed: %s, %s\n", -- ERR_error_string(sslerr, err), ssl_error_to_string(sslerr, res)); -- } -- --#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) -- if (!SSL_is_server(stream->ssl)) { --#else -- if (!stream->ssl->server) { --#endif -- /* For client threads, ensure that the error stack is cleared */ --#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) --#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER >= 0x10000000L -- ERR_remove_thread_state(NULL); --#else -- ERR_remove_state(0); --#endif /* openssl = 1.0 */ --#endif /* openssl < 1.1 */ -- } -- -- SSL_free(stream->ssl); -- stream->ssl = NULL; -- } --#endif /* defined(DO_SSL) */ -- -- /* -- * Issuing shutdown() is necessary here to avoid a race -- * condition where the last data written may not appear -- * in the TCP stream. See ASTERISK-23548 -- */ -- shutdown(stream->fd, SHUT_RDWR); -- if (close(stream->fd)) { -- ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno)); -- } -- stream->fd = -1; -- } -- ao2_t_ref(stream, -1, "Closed tcptls stream cookie"); -- -- return 0; --} -- --/*! -- * \internal -- * \brief fopencookie()/funopen() stream destructor function. -- * -- * \param cookie Stream control data. -- * -- * \return Nothing -- */ --static void tcptls_stream_dtor(void *cookie) --{ --#ifdef AST_DEVMODE -- /* Since the ast_assert below is the only one using stream, -- * and ast_assert is only available with AST_DEVMODE, we -- * put this in a conditional to avoid compiler warnings. */ -- struct ast_tcptls_stream *stream = cookie; --#endif -- -- ast_assert(stream->fd == -1); --} -- --/*! -- * \internal -- * \brief fopencookie()/funopen() stream allocation function. -- * -- * \retval stream_cookie on success. -- * \retval NULL on error. -- */ --static struct ast_tcptls_stream *tcptls_stream_alloc(void) --{ -- struct ast_tcptls_stream *stream; -- -- stream = ao2_alloc_options(sizeof(*stream), tcptls_stream_dtor, -- AO2_ALLOC_OPT_LOCK_NOLOCK); -- if (stream) { -- stream->fd = -1; -- stream->timeout = -1; -- } -- return stream; --} -- --/*! -- * \internal -- * \brief Open a custom FILE stream for tcptls. -- * -- * \param stream Stream cookie control data. -- * \param ssl SSL state if not NULL. -- * \param fd Socket file descriptor. -- * \param timeout ms to wait for an event on fd. -1 if timeout disabled. -- * -- * \retval fp on success. -- * \retval NULL on error. -- */ --static FILE *tcptls_stream_fopen(struct ast_tcptls_stream *stream, SSL *ssl, int fd, int timeout) --{ -- FILE *fp; -- --#if defined(HAVE_FOPENCOOKIE) /* the glibc/linux interface */ -- static const cookie_io_functions_t cookie_funcs = { -- tcptls_stream_read, -- tcptls_stream_write, -- NULL, -- tcptls_stream_close -- }; --#endif /* defined(HAVE_FOPENCOOKIE) */ -- -- if (fd == -1) { -- /* Socket not open. */ -- return NULL; -- } -- -- stream->ssl = ssl; -- stream->fd = fd; -- stream->timeout = timeout; -- ao2_t_ref(stream, +1, "Opening tcptls stream cookie"); -- --#if defined(HAVE_FUNOPEN) /* the BSD interface */ -- fp = funopen(stream, tcptls_stream_read, tcptls_stream_write, NULL, -- tcptls_stream_close); --#elif defined(HAVE_FOPENCOOKIE) /* the glibc/linux interface */ -- fp = fopencookie(stream, "w+", cookie_funcs); --#else -- /* could add other methods here */ -- ast_debug(2, "No stream FILE methods attempted!\n"); -- fp = NULL; --#endif -- -- if (!fp) { -- stream->fd = -1; -- ao2_t_ref(stream, -1, "Failed to open tcptls stream cookie"); -- } -- return fp; --} -- --HOOK_T ast_tcptls_server_read(struct ast_tcptls_session_instance *tcptls_session, void *buf, size_t count) --{ -- if (!tcptls_session->stream_cookie || tcptls_session->stream_cookie->fd == -1) { -- ast_log(LOG_ERROR, "TCP/TLS read called on invalid stream.\n"); -- errno = EIO; -- return -1; -- } -- -- return tcptls_stream_read(tcptls_session->stream_cookie, buf, count); --} -- --HOOK_T ast_tcptls_server_write(struct ast_tcptls_session_instance *tcptls_session, const void *buf, size_t count) --{ -- if (!tcptls_session->stream_cookie || tcptls_session->stream_cookie->fd == -1) { -- ast_log(LOG_ERROR, "TCP/TLS write called on invalid stream.\n"); -- errno = EIO; -- return -1; -- } -- -- return tcptls_stream_write(tcptls_session->stream_cookie, buf, count); --} -- - static void session_instance_destructor(void *obj) - { - struct ast_tcptls_session_instance *i = obj; - -- if (i->stream_cookie) { -- ao2_t_ref(i->stream_cookie, -1, "Destroying tcptls session instance"); -- i->stream_cookie = NULL; -+ if (i->stream) { -+ ast_iostream_close(i->stream); -+ i->stream = NULL; - } - ast_free(i->overflow_buf); - ao2_cleanup(i->private_data); -@@ -649,8 +103,7 @@ static void *handle_tcptls_connection(void *data) - { - struct ast_tcptls_session_instance *tcptls_session = data; - #ifdef DO_SSL -- int (*ssl_setup)(SSL *) = (tcptls_session->client) ? SSL_connect : SSL_accept; -- int ret; -+ SSL *ssl; - #endif - - /* TCP/TLS connections are associated with external protocols, and -@@ -665,127 +118,94 @@ static void *handle_tcptls_connection(void *data) - return NULL; - } - -- tcptls_session->stream_cookie = tcptls_stream_alloc(); -- if (!tcptls_session->stream_cookie) { -- ast_tcptls_close_session_file(tcptls_session); -- ao2_ref(tcptls_session, -1); -- return NULL; -- } -+ if (tcptls_session->parent->tls_cfg) { -+#ifdef DO_SSL -+ if (ast_iostream_start_tls(&tcptls_session->stream, tcptls_session->parent->tls_cfg->ssl_ctx, tcptls_session->client) < 0) { -+ ast_tcptls_close_session_file(tcptls_session); -+ ao2_ref(tcptls_session, -1); -+ return NULL; -+ } - -- /* -- * open a FILE * as appropriate. -- */ -- if (!tcptls_session->parent->tls_cfg) { -- tcptls_session->f = tcptls_stream_fopen(tcptls_session->stream_cookie, NULL, -- tcptls_session->fd, -1); -- if (tcptls_session->f) { -- if (setvbuf(tcptls_session->f, NULL, _IONBF, 0)) { -+ ssl = ast_iostream_get_ssl(tcptls_session->stream); -+ if ((tcptls_session->client && !ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_DONT_VERIFY_SERVER)) -+ || (!tcptls_session->client && ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_VERIFY_CLIENT))) { -+ X509 *peer; -+ long res; -+ peer = SSL_get_peer_certificate(ssl); -+ if (!peer) { -+ ast_log(LOG_ERROR, "No peer SSL certificate to verify\n"); - ast_tcptls_close_session_file(tcptls_session); -+ ao2_ref(tcptls_session, -1); -+ return NULL; - } -- } -- } --#ifdef DO_SSL -- else if ( (tcptls_session->ssl = SSL_new(tcptls_session->parent->tls_cfg->ssl_ctx)) ) { -- SSL_set_fd(tcptls_session->ssl, tcptls_session->fd); -- if ((ret = ssl_setup(tcptls_session->ssl)) <= 0) { -- char err[256]; -- int sslerr = SSL_get_error(tcptls_session->ssl, ret); -- -- ast_log(LOG_ERROR, "Problem setting up ssl connection: %s, %s\n", ERR_error_string(sslerr, err), -- ssl_error_to_string(sslerr, ret)); -- } else if ((tcptls_session->f = tcptls_stream_fopen(tcptls_session->stream_cookie, -- tcptls_session->ssl, tcptls_session->fd, -1))) { -- if ((tcptls_session->client && !ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_DONT_VERIFY_SERVER)) -- || (!tcptls_session->client && ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_VERIFY_CLIENT))) { -- X509 *peer; -- long res; -- peer = SSL_get_peer_certificate(tcptls_session->ssl); -- if (!peer) { -- ast_log(LOG_ERROR, "No peer SSL certificate to verify\n"); -- ast_tcptls_close_session_file(tcptls_session); -- ao2_ref(tcptls_session, -1); -- return NULL; -- } -- -- res = SSL_get_verify_result(tcptls_session->ssl); -- if (res != X509_V_OK) { -- ast_log(LOG_ERROR, "Certificate did not verify: %s\n", X509_verify_cert_error_string(res)); -- X509_free(peer); -- ast_tcptls_close_session_file(tcptls_session); -- ao2_ref(tcptls_session, -1); -- return NULL; -- } -- if (!ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_IGNORE_COMMON_NAME)) { -- ASN1_STRING *str; -- X509_NAME *name = X509_get_subject_name(peer); -- STACK_OF(GENERAL_NAME) *alt_names; -- int pos = -1; -- int found = 0; -- -- for (;;) { -- /* Walk the certificate to check all available "Common Name" */ -- /* XXX Probably should do a gethostbyname on the hostname and compare that as well */ -- pos = X509_NAME_get_index_by_NID(name, NID_commonName, pos); -- if (pos < 0) { -- break; -- } - -- str = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, pos)); -- if (!check_tcptls_cert_name(str, tcptls_session->parent->hostname, "common name")) { -- found = 1; -- break; -- } -+ res = SSL_get_verify_result(ssl); -+ if (res != X509_V_OK) { -+ ast_log(LOG_ERROR, "Certificate did not verify: %s\n", X509_verify_cert_error_string(res)); -+ X509_free(peer); -+ ast_tcptls_close_session_file(tcptls_session); -+ ao2_ref(tcptls_session, -1); -+ return NULL; -+ } -+ if (!ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_IGNORE_COMMON_NAME)) { -+ ASN1_STRING *str; -+ X509_NAME *name = X509_get_subject_name(peer); -+ STACK_OF(GENERAL_NAME) *alt_names; -+ int pos = -1; -+ int found = 0; -+ -+ for (;;) { -+ /* Walk the certificate to check all available "Common Name" */ -+ /* XXX Probably should do a gethostbyname on the hostname and compare that as well */ -+ pos = X509_NAME_get_index_by_NID(name, NID_commonName, pos); -+ if (pos < 0) { -+ break; - } -+ str = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, pos)); -+ if (!check_tcptls_cert_name(str, tcptls_session->parent->hostname, "common name")) { -+ found = 1; -+ break; -+ } -+ } - -- if (!found) { -- alt_names = X509_get_ext_d2i(peer, NID_subject_alt_name, NULL, NULL); -- if (alt_names != NULL) { -- int alt_names_count = sk_GENERAL_NAME_num(alt_names); -- -- for (pos = 0; pos < alt_names_count; pos++) { -- const GENERAL_NAME *alt_name = sk_GENERAL_NAME_value(alt_names, pos); -+ if (!found) { -+ alt_names = X509_get_ext_d2i(peer, NID_subject_alt_name, NULL, NULL); -+ if (alt_names != NULL) { -+ int alt_names_count = sk_GENERAL_NAME_num(alt_names); - -- if (alt_name->type != GEN_DNS) { -- continue; -- } -+ for (pos = 0; pos < alt_names_count; pos++) { -+ const GENERAL_NAME *alt_name = sk_GENERAL_NAME_value(alt_names, pos); - -- if (!check_tcptls_cert_name(alt_name->d.dNSName, tcptls_session->parent->hostname, "alt name")) { -- found = 1; -- break; -- } -+ if (alt_name->type != GEN_DNS) { -+ continue; - } - -- sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free); -+ if (!check_tcptls_cert_name(alt_name->d.dNSName, tcptls_session->parent->hostname, "alt name")) { -+ found = 1; -+ break; -+ } - } -- } - -- if (!found) { -- ast_log(LOG_ERROR, "Certificate common name did not match (%s)\n", tcptls_session->parent->hostname); -- X509_free(peer); -- ast_tcptls_close_session_file(tcptls_session); -- ao2_ref(tcptls_session, -1); -- return NULL; -+ sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free); - } - } -- X509_free(peer); -+ -+ if (!found) { -+ ast_log(LOG_ERROR, "Certificate common name did not match (%s)\n", tcptls_session->parent->hostname); -+ X509_free(peer); -+ ast_tcptls_close_session_file(tcptls_session); -+ ao2_ref(tcptls_session, -1); -+ return NULL; -+ } - } -+ X509_free(peer); - } -- if (!tcptls_session->f) { /* no success opening descriptor stacking */ -- SSL_free(tcptls_session->ssl); -- } -- } --#endif /* DO_SSL */ -- -- if (!tcptls_session->f) { -+#else -+ ast_log(LOG_ERROR, "Attempted a TLS connection without OpenSSL support. This will not work!\n"); - ast_tcptls_close_session_file(tcptls_session); -- ast_log(LOG_WARNING, "FILE * open failed!\n"); --#ifndef DO_SSL -- if (tcptls_session->parent->tls_cfg) { -- ast_log(LOG_ERROR, "Attempted a TLS connection without OpenSSL support. This will not work!\n"); -- } --#endif - ao2_ref(tcptls_session, -1); - return NULL; -+#endif /* DO_SSL */ - } - - if (tcptls_session->parent->worker_fn) { -@@ -844,7 +264,13 @@ void *ast_tcptls_server_root(void *data) - } - flags = fcntl(fd, F_GETFL); - fcntl(fd, F_SETFL, flags & ~O_NONBLOCK); -- tcptls_session->fd = fd; -+ -+ tcptls_session->stream = ast_iostream_from_fd(&fd); -+ if (!tcptls_session->stream) { -+ ast_log(LOG_WARNING, "No memory for new session iostream\n"); -+ continue; -+ } -+ - tcptls_session->parent = desc; - ast_sockaddr_copy(&tcptls_session->remote_address, &addr); - -@@ -1122,7 +548,7 @@ client_start_error: - - struct ast_tcptls_session_instance *ast_tcptls_client_create(struct ast_tcptls_session_args *desc) - { -- int x = 1; -+ int fd, x = 1; - struct ast_tcptls_session_instance *tcptls_session = NULL; - - /* Do nothing if nothing has changed */ -@@ -1138,8 +564,8 @@ struct ast_tcptls_session_instance *ast_tcptls_client_create(struct ast_tcptls_s - close(desc->accept_fd); - } - -- desc->accept_fd = socket(ast_sockaddr_is_ipv6(&desc->remote_address) ? -- AF_INET6 : AF_INET, SOCK_STREAM, IPPROTO_TCP); -+ fd = desc->accept_fd = socket(ast_sockaddr_is_ipv6(&desc->remote_address) ? -+ AF_INET6 : AF_INET, SOCK_STREAM, IPPROTO_TCP); - if (desc->accept_fd < 0) { - ast_log(LOG_ERROR, "Unable to allocate socket for %s: %s\n", - desc->name, strerror(errno)); -@@ -1169,7 +595,11 @@ struct ast_tcptls_session_instance *ast_tcptls_client_create(struct ast_tcptls_s - goto error; - } - tcptls_session->client = 1; -- tcptls_session->fd = desc->accept_fd; -+ tcptls_session->stream = ast_iostream_from_fd(&fd); -+ if (!tcptls_session->stream) { -+ goto error; -+ } -+ - tcptls_session->parent = desc; - tcptls_session->parent->worker_fn = NULL; - ast_sockaddr_copy(&tcptls_session->remote_address, -@@ -1329,24 +759,9 @@ error: - - void ast_tcptls_close_session_file(struct ast_tcptls_session_instance *tcptls_session) - { -- if (tcptls_session->f) { -- fflush(tcptls_session->f); -- if (fclose(tcptls_session->f)) { -- ast_log(LOG_ERROR, "fclose() failed: %s\n", strerror(errno)); -- } -- tcptls_session->f = NULL; -- tcptls_session->fd = -1; -- } else if (tcptls_session->fd != -1) { -- /* -- * Issuing shutdown() is necessary here to avoid a race -- * condition where the last data written may not appear -- * in the TCP stream. See ASTERISK-23548 -- */ -- shutdown(tcptls_session->fd, SHUT_RDWR); -- if (close(tcptls_session->fd)) { -- ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno)); -- } -- tcptls_session->fd = -1; -+ if (tcptls_session->stream) { -+ ast_iostream_close(tcptls_session->stream); -+ tcptls_session->stream = NULL; - } else { - ast_log(LOG_ERROR, "ast_tcptls_close_session_file invoked on session instance without file or file descriptor\n"); - } -diff --git a/main/utils.c b/main/utils.c -index cfe2e4c427..12aaf68094 100644 ---- a/main/utils.c -+++ b/main/utils.c -@@ -1432,74 +1432,6 @@ int ast_carefulwrite(int fd, char *s, int len, int timeoutms) - return res; - } - --int ast_careful_fwrite(FILE *f, int fd, const char *src, size_t len, int timeoutms) --{ -- struct timeval start = ast_tvnow(); -- int n = 0; -- int elapsed = 0; -- -- while (len) { -- if (wait_for_output(fd, timeoutms - elapsed)) { -- /* poll returned a fatal error, so bail out immediately. */ -- return -1; -- } -- -- /* Clear any errors from a previous write */ -- clearerr(f); -- -- n = fwrite(src, 1, len, f); -- -- if (ferror(f) && errno != EINTR && errno != EAGAIN) { -- /* fatal error from fwrite() */ -- if (errno == EPIPE) { -- ast_debug(1, "fwrite() failed due to reading end being closed: EPIPE\n"); -- } else if (!feof(f)) { -- /* Don't spam the logs if it was just that the connection is closed. */ -- ast_log(LOG_ERROR, "fwrite() returned error: %s\n", strerror(errno)); -- } -- n = -1; -- break; -- } -- -- /* Update for data already written to the socket */ -- len -= n; -- src += n; -- -- elapsed = ast_tvdiff_ms(ast_tvnow(), start); -- if (elapsed >= timeoutms) { -- /* We've taken too long to write -- * This is only an error condition if we haven't finished writing. */ -- n = len ? -1 : 0; -- break; -- } -- } -- -- errno = 0; -- while (fflush(f)) { -- if (errno == EAGAIN || errno == EINTR) { -- /* fflush() does not appear to reset errno if it flushes -- * and reaches EOF at the same time. It returns EOF with -- * the last seen value of errno, causing a possible loop. -- * Also usleep() to reduce CPU eating if it does loop */ -- errno = 0; -- usleep(1); -- continue; -- } -- if (errno && !feof(f)) { -- if (errno == EPIPE) { -- ast_debug(1, "fflush() failed due to reading end being closed: EPIPE\n"); -- } else { -- /* Don't spam the logs if it was just that the connection is closed. */ -- ast_log(LOG_ERROR, "fflush() returned error: %s\n", strerror(errno)); -- } -- } -- n = -1; -- break; -- } -- -- return n < 0 ? -1 : 0; --} -- - char *ast_strip_quoted(char *s, const char *beg_quotes, const char *end_quotes) - { - char *e; -diff --git a/res/res_http_post.c b/res/res_http_post.c -index 37fc4fa091..907ee56fbd 100644 ---- a/res/res_http_post.c -+++ b/res/res_http_post.c -@@ -213,7 +213,7 @@ static int find_sequence(char * inbuf, int inlen, char * matchbuf, int matchlen) - * This function has two modes. The first to find a boundary marker. The - * second is to find the filename immediately after the boundary. - */ --static int readmimefile(FILE *fin, FILE *fout, char *boundary, int contentlen) -+static int readmimefile(struct ast_iostream *in, FILE *fout, char *boundary, int contentlen) - { - int find_filename = 0; - char buf[4096]; -@@ -224,7 +224,7 @@ static int readmimefile(FILE *fin, FILE *fout, char *boundary, int contentlen) - int boundary_len; - char * path_end, * path_start, * filespec; - -- if (NULL == fin || NULL == fout || NULL == boundary || 0 >= contentlen) { -+ if (NULL == in || NULL == fout || NULL == boundary || 0 >= contentlen) { - return -1; - } - -@@ -238,8 +238,8 @@ static int readmimefile(FILE *fin, FILE *fout, char *boundary, int contentlen) - } - - if (0 < num_to_read) { -- if (fread(&(buf[char_in_buf]), 1, num_to_read, fin) < num_to_read) { -- ast_log(LOG_WARNING, "fread() failed: %s\n", strerror(errno)); -+ if (ast_iostream_read(in, &(buf[char_in_buf]), num_to_read) < num_to_read) { -+ ast_log(LOG_WARNING, "read failed: %s\n", strerror(errno)); - num_to_read = 0; - } - contentlen -= num_to_read; -@@ -380,7 +380,7 @@ static int http_post_callback(struct ast_tcptls_session_instance *ser, const str - */ - ast_http_body_read_status(ser, 0); - -- if (0 > readmimefile(ser->f, f, boundary_marker, content_len)) { -+ if (0 > readmimefile(ser->stream, f, boundary_marker, content_len)) { - ast_debug(1, "Cannot find boundary marker in POST request.\n"); - fclose(f); - ast_http_error(ser, 400, "Bad Request", "Cannot find boundary marker in POST request."); -diff --git a/res/res_http_websocket.c b/res/res_http_websocket.c -index 9f5d931d6a..5f59c2c8cb 100644 ---- a/res/res_http_websocket.c -+++ b/res/res_http_websocket.c -@@ -88,8 +88,7 @@ ASTERISK_REGISTER_FILE() - - /*! \brief Structure definition for session */ - struct ast_websocket { -- FILE *f; /*!< Pointer to the file instance used for writing and reading */ -- int fd; /*!< File descriptor for the session, only used for polling */ -+ struct ast_iostream *stream; /*!< iostream of the connection */ - struct ast_sockaddr address; /*!< Address of the remote client */ - enum ast_websocket_opcode opcode; /*!< Cached opcode for multi-frame messages */ - size_t payload_len; /*!< Length of the payload */ -@@ -180,10 +179,11 @@ static void session_destroy_fn(void *obj) - { - struct ast_websocket *session = obj; - -- if (session->f) { -+ if (session->stream) { - ast_websocket_close(session, 0); -- if (session->f) { -- fclose(session->f); -+ if (session->stream) { -+ ast_iostream_close(session->stream); -+ session->stream = NULL; - ast_verb(2, "WebSocket connection %s '%s' closed\n", session->client ? "to" : "from", - ast_sockaddr_stringify(&session->address)); - } -@@ -309,20 +309,22 @@ int AST_OPTIONAL_API_NAME(ast_websocket_close)(struct ast_websocket *session, ui - session->close_sent = 1; - - ao2_lock(session); -- res = ast_careful_fwrite(session->f, session->fd, frame, 4, session->timeout); -+ ast_iostream_set_timeout_inactivity(session->stream, session->timeout); -+ res = ast_iostream_write(session->stream, frame, sizeof(frame)); -+ ast_iostream_set_timeout_disable(session->stream); - - /* If an error occurred when trying to close this connection explicitly terminate it now. - * Doing so will cause the thread polling on it to wake up and terminate. - */ -- if (res) { -- fclose(session->f); -- session->f = NULL; -+ if (res != sizeof(frame)) { -+ ast_iostream_close(session->stream); -+ session->stream = NULL; - ast_verb(2, "WebSocket connection %s '%s' forcefully closed due to fatal write error\n", - session->client ? "to" : "from", ast_sockaddr_stringify(&session->address)); - } - - ao2_unlock(session); -- return res; -+ return res == sizeof(frame); - } - - static const char *opcode_map[] = { -@@ -390,7 +392,8 @@ int AST_OPTIONAL_API_NAME(ast_websocket_write)(struct ast_websocket *session, en - return -1; - } - -- if (ast_careful_fwrite(session->f, session->fd, frame, frame_size, session->timeout)) { -+ ast_iostream_set_timeout_sequence(session->stream, ast_tvnow(), session->timeout); -+ if (ast_iostream_write(session->stream, frame, frame_size) != frame_size) { - ao2_unlock(session); - /* 1011 - server terminating connection due to not being able to fulfill the request */ - ast_debug(1, "Closing WS with 1011 because we can't fulfill a write request\n"); -@@ -398,7 +401,7 @@ int AST_OPTIONAL_API_NAME(ast_websocket_write)(struct ast_websocket *session, en - return -1; - } - -- fflush(session->f); -+ ast_iostream_set_timeout_disable(session->stream); - ao2_unlock(session); - - return 0; -@@ -426,7 +429,7 @@ void AST_OPTIONAL_API_NAME(ast_websocket_unref)(struct ast_websocket *session) - - int AST_OPTIONAL_API_NAME(ast_websocket_fd)(struct ast_websocket *session) - { -- return session->closing ? -1 : session->fd; -+ return session->closing ? -1 : ast_iostream_get_fd(session->stream); - } - - struct ast_sockaddr * AST_OPTIONAL_API_NAME(ast_websocket_remote_address)(struct ast_websocket *session) -@@ -441,18 +444,8 @@ int AST_OPTIONAL_API_NAME(ast_websocket_is_secure)(struct ast_websocket *session - - int AST_OPTIONAL_API_NAME(ast_websocket_set_nonblock)(struct ast_websocket *session) - { -- int flags; -- -- if ((flags = fcntl(session->fd, F_GETFL)) == -1) { -- return -1; -- } -- -- flags |= O_NONBLOCK; -- -- if ((flags = fcntl(session->fd, F_SETFL, flags)) == -1) { -- return -1; -- } -- -+ ast_iostream_nonblock(session->stream); -+ ast_iostream_set_exclusive_input(session->stream, 0); - return 0; - } - -@@ -505,17 +498,16 @@ static inline int ws_safe_read(struct ast_websocket *session, char *buf, int len - int sanity = 10; - - ao2_lock(session); -- if (!session->f) { -+ if (!session->stream) { - ao2_unlock(session); - errno = ECONNABORTED; - return -1; - } - - for (;;) { -- clearerr(session->f); -- rlen = fread(rbuf, 1, xlen, session->f); -- if (!rlen) { -- if (feof(session->f)) { -+ rlen = ast_iostream_read(session->stream, rbuf, xlen); -+ if (rlen != xlen) { -+ if (rlen == 0) { - ast_log(LOG_WARNING, "Web socket closed abruptly\n"); - *opcode = AST_WEBSOCKET_OPCODE_CLOSE; - session->closing = 1; -@@ -523,7 +515,7 @@ static inline int ws_safe_read(struct ast_websocket *session, char *buf, int len - return -1; - } - -- if (ferror(session->f) && errno != EAGAIN) { -+ if (rlen < 0 && errno != EAGAIN) { - ast_log(LOG_ERROR, "Error reading from web socket: %s\n", strerror(errno)); - *opcode = AST_WEBSOCKET_OPCODE_CLOSE; - session->closing = 1; -@@ -544,7 +536,7 @@ static inline int ws_safe_read(struct ast_websocket *session, char *buf, int len - if (!xlen) { - break; - } -- if (ast_wait_for_input(session->fd, 1000) < 0) { -+ if (ast_wait_for_input(ast_iostream_get_fd(session->stream), 1000) < 0) { - ast_log(LOG_ERROR, "ast_wait_for_input returned err: %s\n", strerror(errno)); - *opcode = AST_WEBSOCKET_OPCODE_CLOSE; - session->closing = 1; -@@ -839,7 +831,7 @@ int AST_OPTIONAL_API_NAME(ast_websocket_uri_cb)(struct ast_tcptls_session_instan - ao2_ref(protocol_handler, -1); - return 0; - } -- session->timeout = AST_DEFAULT_WEBSOCKET_WRITE_TIMEOUT; -+ session->timeout = AST_DEFAULT_WEBSOCKET_WRITE_TIMEOUT; - - /* Generate the session id */ - if (!ast_uuid_generate_str(session->session_id, sizeof(session->session_id))) { -@@ -869,7 +861,8 @@ int AST_OPTIONAL_API_NAME(ast_websocket_uri_cb)(struct ast_tcptls_session_instan - * Connection_. - */ - if (protocol) { -- fprintf(ser->f, "HTTP/1.1 101 Switching Protocols\r\n" -+ ast_iostream_printf(ser->stream, -+ "HTTP/1.1 101 Switching Protocols\r\n" - "Upgrade: %s\r\n" - "Connection: Upgrade\r\n" - "Sec-WebSocket-Accept: %s\r\n" -@@ -878,15 +871,14 @@ int AST_OPTIONAL_API_NAME(ast_websocket_uri_cb)(struct ast_tcptls_session_instan - websocket_combine_key(key, base64, sizeof(base64)), - protocol); - } else { -- fprintf(ser->f, "HTTP/1.1 101 Switching Protocols\r\n" -+ ast_iostream_printf(ser->stream, -+ "HTTP/1.1 101 Switching Protocols\r\n" - "Upgrade: %s\r\n" - "Connection: Upgrade\r\n" - "Sec-WebSocket-Accept: %s\r\n\r\n", - upgrade, - websocket_combine_key(key, base64, sizeof(base64))); - } -- -- fflush(ser->f); - } else { - - /* Specification defined in http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-75 or completely unknown */ -@@ -898,7 +890,7 @@ int AST_OPTIONAL_API_NAME(ast_websocket_uri_cb)(struct ast_tcptls_session_instan - } - - /* Enable keepalive on all sessions so the underlying user does not have to */ -- if (setsockopt(ser->fd, SOL_SOCKET, SO_KEEPALIVE, &flags, sizeof(flags))) { -+ if (setsockopt(ast_iostream_get_fd(ser->stream), SOL_SOCKET, SO_KEEPALIVE, &flags, sizeof(flags))) { - ast_log(LOG_WARNING, "WebSocket connection from '%s' could not be accepted - failed to enable keepalive\n", - ast_sockaddr_stringify(&ser->remote_address)); - websocket_bad_request(ser); -@@ -910,25 +902,23 @@ int AST_OPTIONAL_API_NAME(ast_websocket_uri_cb)(struct ast_tcptls_session_instan - ast_verb(2, "WebSocket connection from '%s' for protocol '%s' accepted using version '%d'\n", ast_sockaddr_stringify(&ser->remote_address), protocol ? : "", version); - - /* Populate the session with all the needed details */ -- session->f = ser->f; -- session->fd = ser->fd; -+ session->stream = ser->stream; - ast_sockaddr_copy(&session->address, &ser->remote_address); - session->opcode = -1; - session->reconstruct = DEFAULT_RECONSTRUCTION_CEILING; -- session->secure = ser->ssl ? 1 : 0; -+ session->secure = ast_iostream_get_ssl(ser->stream) ? 1 : 0; - - /* Give up ownership of the socket and pass it to the protocol handler */ -- ast_tcptls_stream_set_exclusive_input(ser->stream_cookie, 0); -+ ast_iostream_set_exclusive_input(session->stream, 0); - protocol_handler->session_established(session, get_vars, headers); - ao2_ref(protocol_handler, -1); - - /* -- * By dropping the FILE* and fd from the session the connection -+ * By dropping the stream from the session the connection - * won't get closed when the HTTP server cleans up because we - * passed the connection to the protocol handler. - */ -- ser->f = NULL; -- ser->fd = -1; -+ ser->stream = NULL; - - return 0; - } -@@ -1262,7 +1252,7 @@ static enum ast_websocket_result websocket_client_handshake_get_response( - int has_accept = 0; - int has_protocol = 0; - -- if (!fgets(buf, sizeof(buf), client->ser->f)) { -+ if (ast_iostream_gets(client->ser->stream, buf, sizeof(buf)) <= 0) { - ast_log(LOG_ERROR, "Unable to retrieve HTTP status line."); - return WS_BAD_STATUS; - } -@@ -1275,7 +1265,7 @@ static enum ast_websocket_result websocket_client_handshake_get_response( - - /* Ignoring line folding - assuming header field values are contained - within a single line */ -- while (fgets(buf, sizeof(buf), client->ser->f)) { -+ while (ast_iostream_gets(client->ser->stream, buf, sizeof(buf)) > 0) { - char *name, *value; - int parsed = ast_http_header_parse(buf, &name, &value); - -@@ -1328,19 +1318,19 @@ static enum ast_websocket_result websocket_client_handshake( - client->protocols); - } - -- if (fprintf(client->ser->f, -- "GET /%s HTTP/1.1\r\n" -- "Sec-WebSocket-Version: %d\r\n" -- "Upgrade: websocket\r\n" -- "Connection: Upgrade\r\n" -- "Host: %s\r\n" -- "Sec-WebSocket-Key: %s\r\n" -- "%s\r\n", -- client->resource_name ? ast_str_buffer(client->resource_name) : "", -- client->version, -- client->host, -- client->key, -- protocols) < 0) { -+ if (ast_iostream_printf(client->ser->stream, -+ "GET /%s HTTP/1.1\r\n" -+ "Sec-WebSocket-Version: %d\r\n" -+ "Upgrade: websocket\r\n" -+ "Connection: Upgrade\r\n" -+ "Host: %s\r\n" -+ "Sec-WebSocket-Key: %s\r\n" -+ "%s\r\n", -+ client->resource_name ? ast_str_buffer(client->resource_name) : "", -+ client->version, -+ client->host, -+ client->key, -+ protocols) < 0) { - ast_log(LOG_ERROR, "Failed to send handshake.\n"); - return WS_WRITE_ERROR; - } -@@ -1364,9 +1354,9 @@ static enum ast_websocket_result websocket_client_connect(struct ast_websocket * - return res; - } - -- ws->f = ws->client->ser->f; -- ws->fd = ws->client->ser->fd; -- ws->secure = ws->client->ser->ssl ? 1 : 0; -+ ws->stream = ws->client->ser->stream; -+ ws->secure = ast_iostream_get_ssl(ws->stream) ? 1 : 0; -+ ws->client->ser->stream = NULL; - ast_sockaddr_copy(&ws->address, &ws->client->ser->remote_address); - return WS_OK; - } -diff --git a/res/res_phoneprov.c b/res/res_phoneprov.c -index 2e4f873623..1b77b9f48b 100644 ---- a/res/res_phoneprov.c -+++ b/res/res_phoneprov.c -@@ -950,7 +950,7 @@ static int phoneprov_callback(struct ast_tcptls_session_instance *ser, const str - socklen_t namelen = sizeof(name.sa); - int res; - -- if ((res = getsockname(ser->fd, &name.sa, &namelen))) { -+ if ((res = getsockname(ast_iostream_get_fd(ser->stream), &name.sa, &namelen))) { - ast_log(LOG_WARNING, "Could not get server IP, breakage likely.\n"); - } else { - struct extension *exten_iter; --- -2.13.2 - - -From 0a8fd8b669c3cf7d004cbdaff43294152b0f384c Mon Sep 17 00:00:00 2001 -From: Joshua Colp <jcolp@digium.com> -Date: Mon, 28 Nov 2016 13:36:18 +0000 -Subject: [PATCH] iostream: Move include of asterisk.h - -The asterisk.h header file needs to be included first or else -some things go awry, such as: - -implicit declaration of function 'vasprintf' - -Change-Id: I981dc2a77a1ba791888e4f1726644d4656c0407c ---- - main/iostream.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/main/iostream.c b/main/iostream.c -index 46abc18a5c..008888142b 100644 ---- a/main/iostream.c -+++ b/main/iostream.c -@@ -16,10 +16,11 @@ - * at the top of the source tree. - */ - -+#include "asterisk.h" -+ - #include <fcntl.h> - #include <stdarg.h> - --#include "asterisk.h" - #include "asterisk/utils.h" - #include "asterisk/astobj2.h" - #include "asterisk/iostream.h" --- -2.13.2 - - -From 4e8deff7298a73e6552bcdbe1ef7406806b70d20 Mon Sep 17 00:00:00 2001 -From: Mark Michelson <mmichelson@digium.com> -Date: Tue, 6 Dec 2016 10:56:06 -0600 -Subject: [PATCH] Iostreams: Correct off-by-one error. - -ast_iostream_printf() attempts first to use a fixed-size buffer to -perform its printf-like operation. If the fixed-size buffer is too -small, then a heap allocation is used instead. The heap allocation in -this case was exactly the length of the string to print. The issue here -is that the ensuing call to vsnprintf() will print a NULL byte in the -final space of the string. This meant that the final character was being -chopped off the string and replaced with a NULL byte. For HTTP in -particular, this caused problems because HTTP publishes the expected -Contact-Length. This meant HTTP was publishing a length one character -larger than what was actually present in the message. - -This patch corrects the issue by adding one to the allocation length. - -ASTERISK-26629 -Reported by Joshua Colp - -Change-Id: Ib3c5f41e96833d0415cf000656ac368168add639 ---- - main/iostream.c | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - -diff --git a/main/iostream.c b/main/iostream.c -index 008888142b..9fa39cce59 100644 ---- a/main/iostream.c -+++ b/main/iostream.c -@@ -404,7 +404,7 @@ ssize_t ast_iostream_write(struct ast_iostream *stream, const void *buf, size_t - - ssize_t ast_iostream_printf(struct ast_iostream *stream, const void *fmt, ...) - { -- char sbuf[256], *buf = sbuf; -+ char sbuf[512], *buf = sbuf; - int len, len2, ret = -1; - va_list va; - -@@ -412,15 +412,18 @@ ssize_t ast_iostream_printf(struct ast_iostream *stream, const void *fmt, ...) - len = vsnprintf(buf, sizeof(sbuf), fmt, va); - va_end(va); - -- if (len > sizeof(sbuf)) { -- buf = ast_malloc(len); -+ if (len > sizeof(sbuf) - 1) { -+ /* Add one to the string length to accommodate the NULL byte */ -+ size_t buf_len = len + 1; -+ -+ buf = ast_malloc(buf_len); - if (!buf) { - return -1; - } - va_start(va, fmt); -- len2 = vsnprintf(buf, len, fmt, va); -+ len2 = vsnprintf(buf, buf_len, fmt, va); - va_end(va); -- if (len2 > len) { -+ if (len2 != len) { - goto error; - } - } --- -2.13.2 - - -From 318f540321dc7b4788f01a100440559f7f5c9792 Mon Sep 17 00:00:00 2001 -From: Mark Michelson <mmichelson@digium.com> -Date: Thu, 1 Dec 2016 16:49:03 -0600 -Subject: [PATCH] http: Send headers and body in one write. - -This is a semi-regression caused by the iostreams change. Prior to -iostreams, HTTP headers were written to a FILE handle using fprintf. -Then the body was written using a call to fwrite(). Because of internal -buffering, the result was that the HTTP headers and body would be sent -out in a single write to the socket. - -With the change to iostreams, the HTTP headers are written using -ast_iostream_printf(), which under the hood calls write(). The HTTP body -calls ast_iostream_write(), which also calls write() under the hood. -This results in two separate writes to the socket. - -Most HTTP client libraries out there will handle this change just fine. -However, a few of our testsuite tests started failing because of the -change. As a result, in order to reduce frustration for users, this -change alters the HTTP code to write the headers and body in a single -write operation. - -ASTERISK-26629 #close -Reported by Joshua Colp - -Change-Id: Idc2d2fb3d9b3db14b8631a1e302244fa18b0e518 ---- - main/http.c | 29 ++++++++++++----------------- - 1 file changed, 12 insertions(+), 17 deletions(-) - -diff --git a/main/http.c b/main/http.c -index 7a61249114..ddae0df2b7 100644 ---- a/main/http.c -+++ b/main/http.c -@@ -456,6 +456,7 @@ void ast_http_send(struct ast_tcptls_session_instance *ser, - int content_length = 0; - int close_connection; - struct ast_str *server_header_field = ast_str_create(MAX_SERVER_NAME_LENGTH); -+ int send_content; - - if (!ser || !server_header_field) { - /* The connection is not open. */ -@@ -506,6 +507,8 @@ void ast_http_send(struct ast_tcptls_session_instance *ser, - lseek(fd, 0, SEEK_SET); - } - -+ send_content = method != AST_HTTP_HEAD || status_code >= 400; -+ - /* send http header */ - ast_iostream_printf(ser->stream, - "HTTP/1.1 %d %s\r\n" -@@ -515,33 +518,25 @@ void ast_http_send(struct ast_tcptls_session_instance *ser, - "%s" - "%s" - "Content-Length: %d\r\n" -- "\r\n", -+ "\r\n" -+ "%s", - status_code, status_title ? status_title : "OK", - ast_str_buffer(server_header_field), - timebuf, - close_connection ? "Connection: close\r\n" : "", - static_content ? "" : "Cache-Control: no-cache, no-store\r\n", - http_header ? ast_str_buffer(http_header) : "", -- content_length -+ content_length, -+ send_content && out && ast_str_strlen(out) ? ast_str_buffer(out) : "" - ); - - /* send content */ -- if (method != AST_HTTP_HEAD || status_code >= 400) { -- if (out && ast_str_strlen(out)) { -- len = ast_str_strlen(out); -- if (ast_iostream_write(ser->stream, ast_str_buffer(out), len) != len) { -- ast_log(LOG_ERROR, "fwrite() failed: %s\n", strerror(errno)); -+ if (send_content && fd) { -+ while ((len = read(fd, buf, sizeof(buf))) > 0) { -+ if (ast_iostream_write(ser->stream, buf, len) != len) { -+ ast_log(LOG_WARNING, "fwrite() failed: %s\n", strerror(errno)); - close_connection = 1; -- } -- } -- -- if (fd) { -- while ((len = read(fd, buf, sizeof(buf))) > 0) { -- if (ast_iostream_write(ser->stream, buf, len) != len) { -- ast_log(LOG_WARNING, "fwrite() failed: %s\n", strerror(errno)); -- close_connection = 1; -- break; -- } -+ break; - } - } - } --- -2.13.2 - - -From c17d3c0a7d79a3d81c727c437e52aa15c1e3db8e Mon Sep 17 00:00:00 2001 -From: Badalyan Vyacheslav <v.badalyan@open-bs.ru> -Date: Thu, 8 Dec 2016 18:34:28 +0000 -Subject: [PATCH] Fix IO conversion bug - -Expression 'rlen < 0' is always false. -Unsigned type value is never < 0. - -Change-Id: Id9f393ff25b009a6c4a6e40b95f561a9369e4585 ---- - res/res_http_websocket.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/res/res_http_websocket.c b/res/res_http_websocket.c -index 5f59c2c8cb..293685205f 100644 ---- a/res/res_http_websocket.c -+++ b/res/res_http_websocket.c -@@ -492,7 +492,7 @@ const char * AST_OPTIONAL_API_NAME(ast_websocket_session_id)(struct ast_websocke - */ - static inline int ws_safe_read(struct ast_websocket *session, char *buf, int len, enum ast_websocket_opcode *opcode) - { -- size_t rlen; -+ ssize_t rlen; - int xlen = len; - char *rbuf = buf; - int sanity = 10; --- -2.13.2 - - -From cd1a94e58075f23ba98315765d7f71dd5509a4aa Mon Sep 17 00:00:00 2001 -From: Joshua Colp <jcolp@digium.com> -Date: Tue, 9 May 2017 15:34:49 +0000 -Subject: [PATCH] tcptls: Improve error messages for TLS connections. - -This change uses the functions provided by OpenSSL to query -and better construct error messages for situations where -the connection encounters a problem. - -ASTERISK-26606 - -Change-Id: I7ae40ce88c0dc4e185c4df1ceb3a6ccc198f075b ---- - main/iostream.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++--------- - 1 file changed, 57 insertions(+), 10 deletions(-) - -diff --git a/main/iostream.c b/main/iostream.c -index 9fa39cce59..1013c6d9b9 100644 ---- a/main/iostream.c -+++ b/main/iostream.c -@@ -37,6 +37,39 @@ struct ast_iostream { - char rbuf[2048]; - }; - -+#if defined(DO_SSL) -+AST_THREADSTORAGE(err2str_threadbuf); -+#define ERR2STR_BUFSIZE 128 -+ -+static const char *ssl_error_to_string(int sslerr, int ret) -+{ -+ switch (sslerr) { -+ case SSL_ERROR_SSL: -+ return "Internal SSL error"; -+ case SSL_ERROR_SYSCALL: -+ if (!ret) { -+ return "System call EOF"; -+ } else if (ret == -1) { -+ char *buf; -+ -+ buf = ast_threadstorage_get(&err2str_threadbuf, ERR2STR_BUFSIZE); -+ if (!buf) { -+ return "Unknown"; -+ } -+ -+ snprintf(buf, ERR2STR_BUFSIZE, "Underlying BIO error: %s", strerror(errno)); -+ return buf; -+ } else { -+ return "System call other"; -+ } -+ default: -+ break; -+ } -+ -+ return "Unknown"; -+} -+#endif -+ - int ast_iostream_get_fd(struct ast_iostream *stream) - { - return stream->fd; -@@ -109,13 +142,16 @@ static ssize_t iostream_read(struct ast_iostream *stream, void *buf, size_t size - #if defined(DO_SSL) - if (stream->ssl) { - for (;;) { -+ int sslerr; -+ char err[256]; - res = SSL_read(stream->ssl, buf, size); - if (0 < res) { - /* We read some payload data. */ - stream->timeout = stream->timeout_reset; - return res; - } -- switch (SSL_get_error(stream->ssl, res)) { -+ sslerr = SSL_get_error(stream->ssl, res); -+ switch (sslerr) { - case SSL_ERROR_ZERO_RETURN: - /* Report EOF for a shutdown */ - ast_debug(1, "TLS clean shutdown alert reading data\n"); -@@ -163,7 +199,8 @@ static ssize_t iostream_read(struct ast_iostream *stream, void *buf, size_t size - break; - default: - /* Report EOF for an undecoded SSL or transport error. */ -- ast_debug(1, "TLS transport or SSL error reading data\n"); -+ ast_debug(1, "TLS transport or SSL error reading data: %s, %s\n", ERR_error_string(sslerr, err), -+ ssl_error_to_string(sslerr, res)); - return 0; - } - if (!ms) { -@@ -318,6 +355,8 @@ ssize_t ast_iostream_write(struct ast_iostream *stream, const void *buf, size_t - written = 0; - remaining = size; - for (;;) { -+ int sslerr; -+ char err[256]; - res = SSL_write(stream->ssl, buf + written, remaining); - if (res == remaining) { - /* Everything was written. */ -@@ -329,7 +368,8 @@ ssize_t ast_iostream_write(struct ast_iostream *stream, const void *buf, size_t - remaining -= res; - continue; - } -- switch (SSL_get_error(stream->ssl, res)) { -+ sslerr = SSL_get_error(stream->ssl, res); -+ switch (sslerr) { - case SSL_ERROR_ZERO_RETURN: - ast_debug(1, "TLS clean shutdown alert writing data\n"); - if (written) { -@@ -358,7 +398,8 @@ ssize_t ast_iostream_write(struct ast_iostream *stream, const void *buf, size_t - break; - default: - /* Undecoded SSL or transport error. */ -- ast_debug(1, "TLS transport or SSL error writing data\n"); -+ ast_debug(1, "TLS transport or SSL error writing data: %s, %s\n", ERR_error_string(sslerr, err), -+ ssl_error_to_string(sslerr, res)); - if (written) { - /* Report partial write. */ - return written; -@@ -461,8 +502,10 @@ int ast_iostream_close(struct ast_iostream *stream) - */ - res = SSL_shutdown(stream->ssl); - if (res < 0) { -- ast_log(LOG_ERROR, "SSL_shutdown() failed: %d\n", -- SSL_get_error(stream->ssl, res)); -+ int sslerr = SSL_get_error(stream->ssl, res); -+ char err[256]; -+ ast_log(LOG_ERROR, "SSL_shutdown() failed: %s, %s\n", -+ ERR_error_string(sslerr, err), ssl_error_to_string(sslerr, res)); - } - - if (!stream->ssl->server) { -@@ -524,7 +567,7 @@ int ast_iostream_start_tls(struct ast_iostream **pstream, SSL_CTX *ssl_ctx, int - #ifdef DO_SSL - struct ast_iostream *stream = *pstream; - int (*ssl_setup)(SSL *) = client ? SSL_connect : SSL_accept; -- char err[256]; -+ int res; - - stream->ssl = SSL_new(ssl_ctx); - if (!stream->ssl) { -@@ -541,9 +584,13 @@ int ast_iostream_start_tls(struct ast_iostream **pstream, SSL_CTX *ssl_ctx, int - */ - SSL_set_fd(stream->ssl, stream->fd); - -- if (ssl_setup(stream->ssl) <= 0) { -- ast_log(LOG_ERROR, "Problem setting up ssl connection: %s\n", -- ERR_error_string(ERR_get_error(), err)); -+ res = ssl_setup(stream->ssl); -+ if (res <= 0) { -+ int sslerr = SSL_get_error(stream->ssl, res); -+ char err[256]; -+ -+ ast_log(LOG_ERROR, "Problem setting up ssl connection: %s, %s\n", -+ ERR_error_string(sslerr, err), ssl_error_to_string(sslerr, res)); - errno = EIO; - return -1; - } --- -2.13.2 - diff --git a/main/asterisk/restore-multihomed-module.patch b/main/asterisk/restore-multihomed-module.patch deleted file mode 100644 index 0a30e1b731..0000000000 --- a/main/asterisk/restore-multihomed-module.patch +++ /dev/null @@ -1,116 +0,0 @@ -https://issues.asterisk.org/jira/browse/ASTERISK-26518 - -commit 500470607eae4144b44ed4f188cfff437d56f0e7 -Author: Alex Hermann <alex@hexla.nl> -Date: Fri Jan 20 11:09:01 2017 +0100 - - pjsip: Restore multihomed module - - Since the automatic dual stack commit, the multihome module has become - part of the pjsip core module. This caused a circular dependency loop - preventing the pjsip module from loading. By putting the logic back into - its own module, things can be loaded again. - -diff --git a/res/res_pjsip.c b/res/res_pjsip.c -index dd4a619d2a..6e9523d76b 100644 ---- a/res/res_pjsip.c -+++ b/res/res_pjsip.c -@@ -4317,6 +4317,5 @@ static int unload_pjsip(void *data) - if (ast_pjsip_endpoint && serializer_pool[0]) { - ast_res_pjsip_cleanup_options_handling(); -- ast_res_pjsip_cleanup_message_ip_updater(); - ast_sip_destroy_distributor(); - ast_res_pjsip_destroy_configuration(); - ast_sip_destroy_system(); -@@ -4488,11 +4487,6 @@ static int load_module(void) - - ast_res_pjsip_init_options_handling(0); - -- if (ast_res_pjsip_init_message_ip_updater()) { -- ast_log(LOG_ERROR, "Failed to initialize message IP updating. Aborting load\n"); -- goto error; -- } -- - ast_cli_register_multiple(cli_commands, ARRAY_LEN(cli_commands)); - - AST_TEST_REGISTER(xml_sanitization_end_null); -diff --git a/res/res_pjsip/pjsip_message_ip_updater.c b/res/res_pjsip_multihomed.c -similarity index 94% -rename from res/res_pjsip/pjsip_message_ip_updater.c -rename to res/res_pjsip_multihomed.c -index 7671ad0a75..3a29255973 100644 ---- a/res/res_pjsip/pjsip_message_ip_updater.c -+++ b/res/res_pjsip_multihomed.c -@@ -16,6 +16,12 @@ - * at the top of the source tree. - */ - -+/*** MODULEINFO -+ <depend>pjproject</depend> -+ <depend>res_pjsip</depend> -+ <support_level>core</support_level> -+ ***/ -+ - #include "asterisk.h" - - #include <pjsip.h> -@@ -23,7 +29,8 @@ - - #include "asterisk/res_pjsip.h" - #include "asterisk/res_pjsip_session.h" --#include "include/res_pjsip_private.h" -+#include "res_pjsip/include/res_pjsip_private.h" -+#include "asterisk/module.h" - - #define MOD_DATA_RESTRICTIONS "restrictions" - -@@ -273,31 +280,41 @@ static pj_status_t multihomed_on_tx_message(pjsip_tx_data *tdata) - return PJ_SUCCESS; - } - --void ast_res_pjsip_cleanup_message_ip_updater(void) -+static int unload_module(void) - { - ast_sip_unregister_service(&multihomed_module); - ast_sip_unregister_supplement(&multihomed_supplement); - ast_sip_session_unregister_supplement(&multihomed_session_supplement); -+ return 0; - } - --int ast_res_pjsip_init_message_ip_updater(void) -+static int load_module(void) - { -+ CHECK_PJSIP_MODULE_LOADED(); -+ - if (ast_sip_session_register_supplement(&multihomed_session_supplement)) { - ast_log(LOG_ERROR, "Could not register multihomed session supplement for outgoing requests\n"); -- return -1; -+ return AST_MODULE_LOAD_FAILURE; - } - - if (ast_sip_register_supplement(&multihomed_supplement)) { - ast_log(LOG_ERROR, "Could not register multihomed supplement for outgoing requests\n"); -- ast_res_pjsip_cleanup_message_ip_updater(); -- return -1; -+ unload_module(); -+ return AST_MODULE_LOAD_FAILURE; - } - - if (ast_sip_register_service(&multihomed_module)) { - ast_log(LOG_ERROR, "Could not register multihomed module for incoming and outgoing requests\n"); -- ast_res_pjsip_cleanup_message_ip_updater(); -- return -1; -+ unload_module(); -+ return AST_MODULE_LOAD_FAILURE; - } - -- return 0; -+ return AST_MODULE_LOAD_SUCCESS; - } -+ -+AST_MODULE_INFO(ASTERISK_GPL_KEY, AST_MODFLAG_LOAD_ORDER, "PJSIP Multihomed Routing Support", -+ .support_level = AST_MODULE_SUPPORT_CORE, -+ .load = load_module, -+ .unload = unload_module, -+ .load_pri = AST_MODPRI_CHANNEL_DEPEND, -+); |