aboutsummaryrefslogtreecommitdiffstats
path: root/main/asterisk
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2017-10-31 06:24:14 +0000
committerTimo Teräs <timo.teras@iki.fi>2017-10-31 06:37:38 +0000
commitaf262bba6fbdd4dfc8b1a29ce325834781c9ef74 (patch)
tree0d79c75b18d4e9ed8175de9bf9ef23d58e347207 /main/asterisk
parent735b9096d28dbe3e41475cdc6aafb051c6ebf224 (diff)
downloadaports-af262bba6fbdd4dfc8b1a29ce325834781c9ef74.tar.bz2
aports-af262bba6fbdd4dfc8b1a29ce325834781c9ef74.tar.xz
main/asterisk: upgrade to 15.1.0
Diffstat (limited to 'main/asterisk')
-rw-r--r--main/asterisk/APKBUILD31
-rw-r--r--main/asterisk/ASTERISK-24517.patch3546
-rw-r--r--main/asterisk/restore-multihomed-module.patch116
3 files changed, 12 insertions, 3681 deletions
diff --git a/main/asterisk/APKBUILD b/main/asterisk/APKBUILD
index eeca31dfba..70f074da24 100644
--- a/main/asterisk/APKBUILD
+++ b/main/asterisk/APKBUILD
@@ -2,7 +2,7 @@
# Contributor: Timo Teras <timo.teras@iki.fi>
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=asterisk
-pkgver=14.6.2
+pkgver=15.1.0
pkgrel=0
pkgdesc="Asterisk: A Module Open Source PBX System"
pkgusers="asterisk"
@@ -11,7 +11,8 @@ url="http://www.asterisk.org/"
arch="all"
license="GPL2"
depends=
-makedepends="autoconf automake libtool findutils tar wget bsd-compat-headers
+options="!check" # Test suite is separate, and require separate build
+makedepends="findutils tar wget bsd-compat-headers
ncurses-dev popt-dev newt-dev zlib-dev libedit-dev tiff-dev curl-dev
libressl-dev lua-dev libcap-dev jansson-dev util-linux-dev
sqlite-dev postgresql-dev unixodbc-dev freetds-dev mariadb-dev
@@ -28,9 +29,7 @@ subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc $pkgname-pgsql $pkgname-odbc
_download="http://downloads.asterisk.org/pub/telephony/asterisk/releases"
source="$_download/asterisk-$pkgver.tar.gz
http://dev.alpinelinux.org/~tteras/asterisk-addon-mp3-r201.patch.gz
- ASTERISK-24517.patch
musl-mutex-init.patch
- restore-multihomed-module.patch
asterisk.initd
asterisk.confd
@@ -39,16 +38,12 @@ source="$_download/asterisk-$pkgver.tar.gz
builddir="$srcdir/$pkgname-${pkgver/_/-}"
prepare() {
- default_prepare || return 1
+ default_prepare
+ update_config_sub
# asteriskssl does not have direct references to libssl, but looks up
# symbols from it using dlsym(RTLD_NEXT), so use --no-as-needed for it.
sed -i -e 's/ASTSSL_LIBS:=$(OPENSSL_LIB)/ASTSSL_LIBS:=-Wl,--no-as-needed $(OPENSSL_LIB) -Wl,--as-needed/g' main/Makefile
-
- sed -i -e 's:lua5.1/::' pbx/pbx_lua.c
- sed -i -e 's/int foo = res_ninit(NULL);/res_ninit_is_not_really_here();/g' configure.ac
-
- ./bootstrap.sh
}
build() {
@@ -78,13 +73,13 @@ build() {
--with-speex \
--with-asound \
--without-x11 \
+ --without-pjproject-bundled \
--with-spandsp \
--with-bluetooth \
--with-libcurl \
--with-libedit \
--with-srtp \
- --with-imap=system \
- || return 1
+ --with-imap=system
# get default modules to build
rm -f menuselect.makeopts
@@ -100,12 +95,12 @@ build() {
menuselect.makeopts
# build
- make ASTCFLAGS="$CFLAGS" ASTLDFLAGS="$LDFLAGS" LDCONFIG= || return 1
+ make ASTCFLAGS="$CFLAGS" ASTLDFLAGS="$LDFLAGS" LDCONFIG=
}
package() {
cd "$builddir"
- make -j1 DESTDIR="$pkgdir" LDCONFIG_FLAGS="-n" install || return 1
+ make -j1 DESTDIR="$pkgdir" LDCONFIG_FLAGS="-n" install
install -d "$pkgdir"/var/run/asterisk
install -d "$pkgdir"/var/lib/asterisk
@@ -132,7 +127,7 @@ _move_dir() {
_find_and_move() {
local pattern="$1"
- cd "$pkgdir" || return 1
+ cd "$pkgdir"
find . -name "$pattern" -type f | while read f; do
local dest="$subpkgdir/${f%/*}"
mkdir -p "$dest"
@@ -150,7 +145,7 @@ dev() {
# move back the /usr/lib/libasteriskssl.so symlink, asterisk needs it
# see http://bugs.alpinelinux.org/issues/6393
- mv "$subpkgdir"/usr/lib/libasteriskssl.so "$pkgdir"/usr/lib/libasteriskssl.so || return 1
+ mv "$subpkgdir"/usr/lib/libasteriskssl.so "$pkgdir"/usr/lib/libasteriskssl.so
}
pgsql() {
@@ -227,11 +222,9 @@ sound_en() {
chown -R asterisk:asterisk "$subpkgdir"/var/*/asterisk
}
-sha512sums="31889a31779ffd9d7d30568ecb824f2f091b022c7e0e6229921acf7aa84efd80f3d9aaba7faff521064a1fce7509de0c3e149f04cc69941b2f68f62c0e9e8f9a asterisk-14.6.2.tar.gz
+sha512sums="031d28e4f4d65f84c911d0cbc83858650878b7908ce6d5f4e3dbff84e6d1648fe39cebc327206cab403b4aaa0e892828b91a46d36cb73a284f0a5d61f24da9fd asterisk-15.1.0.tar.gz
aacef3f4796fb1abd33266998b53909cb4b36e7cc5ad2f7bac68bdc43e9a9072d9a4e2e7e681bddfa31f3d04575eb248afe6ea95da780c67e4829c1e22adfe1b asterisk-addon-mp3-r201.patch.gz
-9230141ea4690db30cc1825d67f495a7357f13ee11da7e5a7c6696f3ae9edd599214c2d6915f6ad64f2bc68c754cda140db3f570ba051399ff894ab26b5db31c ASTERISK-24517.patch
f72c2e04de80d3ed9ce841308101383a1655e6da7a3c888ad31fffe63d1280993e08aefcf8e638316d439c68b38ee05362c87503fca1f36343976a01af9d6eb1 musl-mutex-init.patch
-935c25c7b1cdbd376056e20232a0e8c38dd32c344f50306d99930bf7cb37685c31329ead273b08ac9ab76daa9386adfb05b57440e46a39cb80e5542d65e8e3ed restore-multihomed-module.patch
0044c5db468ec8f2385d18d476f89976f6d036448583a4ef8017ce7a6f8f72105337e6b20037ffe47f561d2877fc9c86720aef23ab037df89b36dc140a5924c4 asterisk.initd
ab6b6f08ff43268cbb1abb7ed7d678949991ba495682a644bbaeb017d6adbff0a43297905fd73ae8db1786a28d5b5904f1bc253209a0e388c8a27f26c6ce14ed asterisk.confd
7591d2faf539d05d9ee4e431c78a5e20686721fd79221ad94dffeeaff9282220b09cb9aec214bd7a8d12affaec0276c9c91e6e21af8b6712c0a9502b60b02f2b asterisk.logrotate"
diff --git a/main/asterisk/ASTERISK-24517.patch b/main/asterisk/ASTERISK-24517.patch
deleted file mode 100644
index baf469497e..0000000000
--- a/main/asterisk/ASTERISK-24517.patch
+++ /dev/null
@@ -1,3546 +0,0 @@
-From c479abfc489c42923ca7bb9afad11ad5ba84793e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
-Date: Thu, 2 Jun 2016 22:10:06 +0300
-Subject: [PATCH] Implement internal abstraction for iostreams
-
-fopencookie/funclose is a non-standard API and should not be used
-in portable software. Additionally, the way FILE's fd is used in
-non-blocking mode is undefined behaviour and cannot be relied on.
-
-This introduces internal abstraction for io streams, that allows
-implementing the desired virtualization of read/write operations
-with necessary timeout handling.
-
-ASTERISK-24515 #close
-ASTERISK-24517 #close
-
-Change-Id: Id916aef418b665ced6a7489aef74908b6e376e85
----
- apps/app_externalivr.c | 119 ++++---
- channels/chan_sip.c | 61 ++--
- configure.ac | 4 -
- include/asterisk/iostream.h | 118 +++++++
- include/asterisk/tcptls.h | 92 +-----
- main/http.c | 109 ++-----
- main/iostream.c | 553 ++++++++++++++++++++++++++++++++
- main/manager.c | 137 ++++----
- main/tcptls.c | 767 ++++++--------------------------------------
- main/utils.c | 68 ----
- res/res_http_post.c | 10 +-
- res/res_http_websocket.c | 116 +++----
- res/res_phoneprov.c | 2 +-
- 13 files changed, 993 insertions(+), 1163 deletions(-)
- create mode 100644 include/asterisk/iostream.h
- create mode 100644 main/iostream.c
-
-diff --git a/apps/app_externalivr.c b/apps/app_externalivr.c
-index c824e91059..9848e5fb84 100644
---- a/apps/app_externalivr.c
-+++ b/apps/app_externalivr.c
-@@ -152,10 +152,12 @@ struct gen_state {
- };
-
- static int eivr_comm(struct ast_channel *chan, struct ivr_localuser *u,
-- int *eivr_events_fd, int *eivr_commands_fd, int *eivr_errors_fd,
-+ struct ast_iostream *eivr_events,
-+ struct ast_iostream *eivr_commands,
-+ struct ast_iostream *eivr_errors,
- const struct ast_str *args, const struct ast_flags flags);
-
--static void send_eivr_event(FILE *handle, const char event, const char *data,
-+static void send_eivr_event(struct ast_iostream *stream, const char event, const char *data,
- const struct ast_channel *chan)
- {
- struct ast_str *tmp = ast_str_create(12);
-@@ -164,9 +166,11 @@ static void send_eivr_event(FILE *handle, const char event, const char *data,
- if (data) {
- ast_str_append(&tmp, 0, ",%s", data);
- }
-+ ast_str_append(&tmp, 0, "\n");
-+ ast_iostream_write(stream, ast_str_buffer(tmp), strlen(ast_str_buffer(tmp)));
-+ ast_str_truncate(tmp, -1);
-
-- fprintf(handle, "%s\n", ast_str_buffer(tmp));
-- ast_debug(1, "sent '%s'\n", ast_str_buffer(tmp));
-+ ast_debug(1, "sent '%s'", ast_str_buffer(tmp));
- ast_free(tmp);
- }
-
-@@ -395,6 +399,8 @@ static int app_exec(struct ast_channel *chan, const char *data)
- int child_stdin[2] = { -1, -1 };
- int child_stdout[2] = { -1, -1 };
- int child_stderr[2] = { -1, -1 };
-+ struct ast_iostream *stream_stdin = NULL, *stream_stdout = NULL,
-+ *stream_stderr = NULL;
- int res = -1;
- int pid;
-
-@@ -526,7 +532,7 @@ static int app_exec(struct ast_channel *chan, const char *data)
- goto exit;
- }
-
-- res = eivr_comm(chan, u, &ser->fd, &ser->fd, NULL, comma_delim_args, flags);
-+ res = eivr_comm(chan, u, ser->stream, ser->stream, NULL, comma_delim_args, flags);
-
- } else {
- if (pipe(child_stdin)) {
-@@ -568,7 +574,12 @@ static int app_exec(struct ast_channel *chan, const char *data)
- child_stdout[1] = -1;
- close(child_stderr[1]);
- child_stderr[1] = -1;
-- res = eivr_comm(chan, u, &child_stdin[1], &child_stdout[0], &child_stderr[0], comma_delim_args, flags);
-+
-+ stream_stdin = ast_iostream_from_fd(&child_stdin[1]);
-+ stream_stdout = ast_iostream_from_fd(&child_stdout[0]);
-+ stream_stderr = ast_iostream_from_fd(&child_stderr[0]);
-+
-+ res = eivr_comm(chan, u, stream_stdin, stream_stdout, stream_stderr, comma_delim_args, flags);
- }
- }
-
-@@ -576,6 +587,15 @@ static int app_exec(struct ast_channel *chan, const char *data)
- if (u->gen_active) {
- ast_deactivate_generator(chan);
- }
-+ if (stream_stdin) {
-+ ast_iostream_close(stream_stdin);
-+ }
-+ if (stream_stdout) {
-+ ast_iostream_close(stream_stdout);
-+ }
-+ if (stream_stderr) {
-+ ast_iostream_close(stream_stderr);
-+ }
- if (child_stdin[0] > -1) {
- close(child_stdin[0]);
- }
-@@ -604,46 +624,25 @@ static int app_exec(struct ast_channel *chan, const char *data)
- }
-
- static int eivr_comm(struct ast_channel *chan, struct ivr_localuser *u,
-- int *eivr_events_fd, int *eivr_commands_fd, int *eivr_errors_fd,
-- const struct ast_str *args, const struct ast_flags flags)
-+ struct ast_iostream *eivr_events,
-+ struct ast_iostream *eivr_commands,
-+ struct ast_iostream *eivr_errors,
-+ const struct ast_str *args, const struct ast_flags flags)
- {
-+ char input[1024];
- struct playlist_entry *entry;
- struct ast_frame *f;
- int ms;
- int exception;
- int ready_fd;
-- int waitfds[2] = { *eivr_commands_fd, (eivr_errors_fd) ? *eivr_errors_fd : -1 };
-+ int waitfds[2];
-+ int r;
- struct ast_channel *rchan;
- int res = -1;
-- int test_available_fd = -1;
- int hangup_info_sent = 0;
--
-- FILE *eivr_commands = NULL;
-- FILE *eivr_errors = NULL;
-- FILE *eivr_events = NULL;
-
-- if (!(eivr_events = fdopen(*eivr_events_fd, "w"))) {
-- ast_chan_log(LOG_ERROR, chan, "Could not open stream to send events\n");
-- goto exit;
-- }
-- if (!(eivr_commands = fdopen(*eivr_commands_fd, "r"))) {
-- ast_chan_log(LOG_ERROR, chan, "Could not open stream to receive commands\n");
-- goto exit;
-- }
-- if (eivr_errors_fd) { /* if opening a socket connection, error stream will not be used */
-- if (!(eivr_errors = fdopen(*eivr_errors_fd, "r"))) {
-- ast_chan_log(LOG_ERROR, chan, "Could not open stream to receive errors\n");
-- goto exit;
-- }
-- }
--
-- test_available_fd = open("/dev/null", O_RDONLY);
--
-- setvbuf(eivr_events, NULL, _IONBF, 0);
-- setvbuf(eivr_commands, NULL, _IONBF, 0);
-- if (eivr_errors) {
-- setvbuf(eivr_errors, NULL, _IONBF, 0);
-- }
-+ waitfds[0] = ast_iostream_get_fd(eivr_commands);
-+ waitfds[1] = eivr_errors ? ast_iostream_get_fd(eivr_errors) : -1;
-
- while (1) {
- if (ast_test_flag(ast_channel_flags(chan), AST_FLAG_ZOMBIE)) {
-@@ -667,7 +666,7 @@ static int eivr_comm(struct ast_channel *chan, struct ivr_localuser *u,
- errno = 0;
- exception = 0;
-
-- rchan = ast_waitfor_nandfds(&chan, 1, waitfds, (eivr_errors_fd) ? 2 : 1, &exception, &ready_fd, &ms);
-+ rchan = ast_waitfor_nandfds(&chan, 1, waitfds, (eivr_errors) ? 2 : 1, &exception, &ready_fd, &ms);
-
- if (ast_channel_state(chan) == AST_STATE_UP && !AST_LIST_EMPTY(&u->finishlist)) {
- AST_LIST_LOCK(&u->finishlist);
-@@ -715,15 +714,18 @@ static int eivr_comm(struct ast_channel *chan, struct ivr_localuser *u,
- break;
- }
- ast_frfree(f);
-- } else if (ready_fd == *eivr_commands_fd) {
-- char input[1024];
--
-- if (exception || (dup2(*eivr_commands_fd, test_available_fd) == -1) || feof(eivr_commands)) {
-+ } else if (ready_fd == waitfds[0]) {
-+ if (exception) {
- ast_chan_log(LOG_ERROR, chan, "Child process went away\n");
- break;
- }
-
-- if (!fgets(input, sizeof(input), eivr_commands)) {
-+ r = ast_iostream_gets(eivr_commands, input, sizeof(input));
-+ if (r <= 0) {
-+ if (r == 0) {
-+ ast_chan_log(LOG_ERROR, chan, "Child process went away\n");
-+ break;
-+ }
- continue;
- }
-
-@@ -869,16 +871,19 @@ static int eivr_comm(struct ast_channel *chan, struct ivr_localuser *u,
- else
- ast_chan_log(LOG_WARNING, chan, "Unknown option requested: %s\n", &input[2]);
- }
-- } else if (eivr_errors_fd && (ready_fd == *eivr_errors_fd)) {
-- char input[1024];
--
-- if (exception || feof(eivr_errors)) {
-+ } else if (ready_fd == waitfds[1]) {
-+ if (exception) {
- ast_chan_log(LOG_ERROR, chan, "Child process went away\n");
- break;
- }
-- if (fgets(input, sizeof(input), eivr_errors)) {
-+
-+ r = ast_iostream_gets(eivr_errors, input, sizeof(input));
-+ if (r > 0) {
- ast_chan_log(LOG_NOTICE, chan, "stderr: %s\n", ast_strip(input));
-- }
-+ } else if (r == 0) {
-+ ast_chan_log(LOG_ERROR, chan, "Child process went away\n");
-+ break;
-+ }
- } else if ((ready_fd < 0) && ms) {
- if (errno == 0 || errno == EINTR)
- continue;
-@@ -888,23 +893,7 @@ static int eivr_comm(struct ast_channel *chan, struct ivr_localuser *u,
- }
- }
-
-- exit:
-- if (test_available_fd > -1) {
-- close(test_available_fd);
-- }
-- if (eivr_events) {
-- fclose(eivr_events);
-- *eivr_events_fd = -1;
-- }
-- if (eivr_commands) {
-- fclose(eivr_commands);
-- *eivr_commands_fd = -1;
-- }
-- if (eivr_errors) {
-- fclose(eivr_errors);
-- *eivr_errors_fd = -1;
-- }
-- return res;
-+ return res;
- }
-
- static int unload_module(void)
-diff --git a/channels/chan_sip.c b/channels/chan_sip.c
-index 679cc3dfce..4c7b78b4aa 100644
---- a/channels/chan_sip.c
-+++ b/channels/chan_sip.c
-@@ -2546,7 +2546,7 @@ static struct sip_threadinfo *sip_threadinfo_create(struct ast_tcptls_session_in
- }
- ao2_t_ref(tcptls_session, +1, "tcptls_session ref for sip_threadinfo object");
- th->tcptls_session = tcptls_session;
-- th->type = transport ? transport : (tcptls_session->ssl ? AST_TRANSPORT_TLS: AST_TRANSPORT_TCP);
-+ th->type = transport ? transport : (ast_iostream_get_ssl(tcptls_session->stream) ? AST_TRANSPORT_TLS: AST_TRANSPORT_TCP);
- ao2_t_link(threadt, th, "Adding new tcptls helper thread");
- ao2_t_ref(th, -1, "Decrementing threadinfo ref from alloc, only table ref remains");
- return th;
-@@ -2569,8 +2569,7 @@ static int sip_tcptls_write(struct ast_tcptls_session_instance *tcptls_session,
-
- ao2_lock(tcptls_session);
-
-- if ((tcptls_session->fd == -1) ||
-- !(th = ao2_t_find(threadt, &tmp, OBJ_POINTER, "ao2_find, getting sip_threadinfo in tcp helper thread")) ||
-+ if (!(th = ao2_t_find(threadt, &tmp, OBJ_POINTER, "ao2_find, getting sip_threadinfo in tcp helper thread")) ||
- !(packet = ao2_alloc(sizeof(*packet), tcptls_packet_destructor)) ||
- !(packet->data = ast_str_create(len))) {
- goto tcptls_write_setup_error;
-@@ -2883,7 +2882,7 @@ static int sip_tcptls_read(struct sip_request *req, struct ast_tcptls_session_in
- } else {
- timeout = -1;
- }
-- res = ast_wait_for_input(tcptls_session->fd, timeout);
-+ res = ast_wait_for_input(ast_iostream_get_fd(tcptls_session->stream), timeout);
- if (res < 0) {
- ast_debug(2, "SIP TCP/TLS server :: ast_wait_for_input returned %d\n", res);
- return -1;
-@@ -2892,7 +2891,7 @@ static int sip_tcptls_read(struct sip_request *req, struct ast_tcptls_session_in
- return -1;
- }
-
-- res = ast_tcptls_server_read(tcptls_session, readbuf, sizeof(readbuf) - 1);
-+ res = ast_iostream_read(tcptls_session->stream, readbuf, sizeof(readbuf) - 1);
- if (res < 0) {
- if (errno == EAGAIN || errno == EINTR) {
- continue;
-@@ -2953,18 +2952,8 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s
- goto cleanup;
- }
-
-- if ((flags = fcntl(tcptls_session->fd, F_GETFL)) == -1) {
-- ast_log(LOG_ERROR, "error setting socket to non blocking mode, fcntl() failed: %s\n", strerror(errno));
-- goto cleanup;
-- }
--
-- flags |= O_NONBLOCK;
-- if (fcntl(tcptls_session->fd, F_SETFL, flags) == -1) {
-- ast_log(LOG_ERROR, "error setting socket to non blocking mode, fcntl() failed: %s\n", strerror(errno));
-- goto cleanup;
-- }
--
-- if (!(me = sip_threadinfo_create(tcptls_session, tcptls_session->ssl ? AST_TRANSPORT_TLS : AST_TRANSPORT_TCP))) {
-+ ast_iostream_nonblock(tcptls_session->stream);
-+ if (!(me = sip_threadinfo_create(tcptls_session, ast_iostream_get_ssl(tcptls_session->stream) ? AST_TRANSPORT_TLS : AST_TRANSPORT_TCP))) {
- goto cleanup;
- }
- me->threadid = pthread_self();
-@@ -2987,15 +2976,15 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s
- }
-
- flags = 1;
-- if (setsockopt(tcptls_session->fd, SOL_SOCKET, SO_KEEPALIVE, &flags, sizeof(flags))) {
-+ if (setsockopt(ast_iostream_get_fd(tcptls_session->stream), SOL_SOCKET, SO_KEEPALIVE, &flags, sizeof(flags))) {
- ast_log(LOG_ERROR, "error enabling TCP keep-alives on sip socket: %s\n", strerror(errno));
- goto cleanup;
- }
-
-- ast_debug(2, "Starting thread for %s server\n", tcptls_session->ssl ? "TLS" : "TCP");
-+ ast_debug(2, "Starting thread for %s server\n", ast_iostream_get_ssl(tcptls_session->stream) ? "TLS" : "TCP");
-
- /* set up pollfd to watch for reads on both the socket and the alert_pipe */
-- fds[0].fd = tcptls_session->fd;
-+ fds[0].fd = ast_iostream_get_fd(tcptls_session->stream);
- fds[1].fd = me->alert_pipe[0];
- fds[0].events = fds[1].events = POLLIN | POLLPRI;
-
-@@ -3015,9 +3004,9 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s
- * We cannot let the stream exclusively wait for data to arrive.
- * We have to wake up the task to send outgoing messages.
- */
-- ast_tcptls_stream_set_exclusive_input(tcptls_session->stream_cookie, 0);
-+ ast_iostream_set_exclusive_input(tcptls_session->stream, 0);
-
-- ast_tcptls_stream_set_timeout_sequence(tcptls_session->stream_cookie, ast_tvnow(),
-+ ast_iostream_set_timeout_sequence(tcptls_session->stream, ast_tvnow(),
- tcptls_session->client ? -1 : (authtimeout * 1000));
-
- for (;;) {
-@@ -3025,7 +3014,7 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s
-
- if (!tcptls_session->client && req.authenticated && !authenticated) {
- authenticated = 1;
-- ast_tcptls_stream_set_timeout_disable(tcptls_session->stream_cookie);
-+ ast_iostream_set_timeout_disable(tcptls_session->stream);
- ast_atomic_fetchadd_int(&unauth_sessions, -1);
- }
-
-@@ -3036,7 +3025,7 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s
- }
-
- if (timeout == 0) {
-- ast_debug(2, "SIP %s server timed out\n", tcptls_session->ssl ? "TLS": "TCP");
-+ ast_debug(2, "SIP %s server timed out\n", ast_iostream_get_ssl(tcptls_session->stream) ? "TLS": "TCP");
- goto cleanup;
- }
- } else {
-@@ -3046,11 +3035,11 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s
- if (ast_str_strlen(tcptls_session->overflow_buf) == 0) {
- res = ast_poll(fds, 2, timeout); /* polls for both socket and alert_pipe */
- if (res < 0) {
-- ast_debug(2, "SIP %s server :: ast_wait_for_input returned %d\n", tcptls_session->ssl ? "TLS": "TCP", res);
-+ ast_debug(2, "SIP %s server :: ast_wait_for_input returned %d\n", ast_iostream_get_ssl(tcptls_session->stream) ? "TLS": "TCP", res);
- goto cleanup;
- } else if (res == 0) {
- /* timeout */
-- ast_debug(2, "SIP %s server timed out\n", tcptls_session->ssl ? "TLS": "TCP");
-+ ast_debug(2, "SIP %s server timed out\n", ast_iostream_get_ssl(tcptls_session->stream) ? "TLS": "TCP");
- goto cleanup;
- }
- }
-@@ -3075,14 +3064,14 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s
-
- memset(buf, 0, sizeof(buf));
-
-- if (tcptls_session->ssl) {
-+ if (ast_iostream_get_ssl(tcptls_session->stream)) {
- set_socket_transport(&req.socket, AST_TRANSPORT_TLS);
- req.socket.port = htons(ourport_tls);
- } else {
- set_socket_transport(&req.socket, AST_TRANSPORT_TCP);
- req.socket.port = htons(ourport_tcp);
- }
-- req.socket.fd = tcptls_session->fd;
-+ req.socket.fd = ast_iostream_get_fd(tcptls_session->stream);
-
- res = sip_tcptls_read(&req, tcptls_session, authenticated, start);
- if (res < 0) {
-@@ -3116,7 +3105,7 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s
- ao2_unlock(me);
-
- if (packet) {
-- if (ast_tcptls_server_write(tcptls_session, ast_str_buffer(packet->data), packet->len) == -1) {
-+ if (ast_iostream_write(tcptls_session->stream, ast_str_buffer(packet->data), packet->len) == -1) {
- ast_log(LOG_WARNING, "Failure to write to tcp/tls socket\n");
- }
- ao2_t_ref(packet, -1, "tcptls packet sent, this is no longer needed");
-@@ -3128,7 +3117,7 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s
- }
- }
-
-- ast_debug(2, "Shutting down thread for %s server\n", tcptls_session->ssl ? "TLS" : "TCP");
-+ ast_debug(2, "Shutting down thread for %s server\n", ast_iostream_get_ssl(tcptls_session->stream) ? "TLS" : "TCP");
-
- cleanup:
- if (tcptls_session && !tcptls_session->client && !authenticated) {
-@@ -29229,9 +29218,8 @@ static int sip_prepare_socket(struct sip_pvt *p)
- return s->fd;
- }
- if ((s->type & (AST_TRANSPORT_TCP | AST_TRANSPORT_TLS)) &&
-- (s->tcptls_session) &&
-- (s->tcptls_session->fd != -1)) {
-- return s->tcptls_session->fd;
-+ s->tcptls_session) {
-+ return ast_iostream_get_fd(s->tcptls_session->stream);
- }
- if ((s->type & (AST_TRANSPORT_WS | AST_TRANSPORT_WSS))) {
- return s->ws_session ? ast_websocket_fd(s->ws_session) : -1;
-@@ -29261,7 +29249,7 @@ static int sip_prepare_socket(struct sip_pvt *p)
- /* 1. check for existing threads */
- ast_sockaddr_copy(&sa_tmp, sip_real_dst(p));
- if ((tcptls_session = sip_tcp_locate(&sa_tmp))) {
-- s->fd = tcptls_session->fd;
-+ s->fd = ast_iostream_get_fd(tcptls_session->stream);
- if (s->tcptls_session) {
- ao2_ref(s->tcptls_session, -1);
- s->tcptls_session = NULL;
-@@ -29319,7 +29307,7 @@ static int sip_prepare_socket(struct sip_pvt *p)
- goto create_tcptls_session_fail;
- }
-
-- s->fd = s->tcptls_session->fd;
-+ s->fd = ast_iostream_get_fd(s->tcptls_session->stream);
-
- /* client connections need to have the sip_threadinfo object created before
- * the thread is detached. This ensures the alert_pipe is up before it will
-@@ -30121,8 +30109,7 @@ static int sip_send_keepalive(const void *data)
- if ((peer->socket.fd != -1) && (peer->socket.type == AST_TRANSPORT_UDP)) {
- res = ast_sendto(peer->socket.fd, keepalive, sizeof(keepalive), 0, &peer->addr);
- } else if ((peer->socket.type & (AST_TRANSPORT_TCP | AST_TRANSPORT_TLS)) &&
-- (peer->socket.tcptls_session) &&
-- (peer->socket.tcptls_session->fd != -1)) {
-+ peer->socket.tcptls_session) {
- res = sip_tcptls_write(peer->socket.tcptls_session, keepalive, sizeof(keepalive));
- } else if (peer->socket.type == AST_TRANSPORT_UDP) {
- res = ast_sendto(sipsock, keepalive, sizeof(keepalive), 0, &peer->addr);
-diff --git a/configure.ac b/configure.ac
-index ebf416cfca..cee352dac9 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -823,10 +823,6 @@ AC_ARG_ENABLE([asteriskssl],
- esac], [AST_ASTERISKSSL=yes])
- AC_SUBST(AST_ASTERISKSSL)
-
--# https support (in main/http.c) uses funopen on BSD systems,
--# fopencookie on linux
--AC_CHECK_FUNCS([funopen fopencookie])
--
- AC_CHECK_FUNCS([inet_aton])
-
- # check if we have IP_PKTINFO constant defined
-diff --git a/include/asterisk/iostream.h b/include/asterisk/iostream.h
-new file mode 100644
-index 0000000000..c641ffb373
---- /dev/null
-+++ b/include/asterisk/iostream.h
-@@ -0,0 +1,118 @@
-+/*
-+ * Asterisk -- An open source telephony toolkit.
-+ *
-+ * Copyright (C) 1999 - 2015, Digium, Inc.
-+ *
-+ * Timo Teräs <timo.teras@iki.fi>
-+ *
-+ * See http://www.asterisk.org for more information about
-+ * the Asterisk project. Please do not directly contact
-+ * any of the maintainers of this project for assistance;
-+ * the project provides a web site, mailing lists and IRC
-+ * channels for your use.
-+ *
-+ * This program is free software, distributed under the terms of
-+ * the GNU General Public License Version 2. See the LICENSE file
-+ * at the top of the source tree.
-+ */
-+
-+#ifndef _ASTERISK_IOSTREAM_H
-+#define _ASTERISK_IOSTREAM_H
-+
-+/*!
-+ * \file iostream.h
-+ *
-+ * \brief Generic abstraction for input/output streams.
-+ */
-+
-+#if defined(HAVE_OPENSSL)
-+#define DO_SSL /* comment in/out if you want to support ssl */
-+#endif
-+
-+#ifdef DO_SSL
-+#include <openssl/ssl.h>
-+#include <openssl/err.h>
-+#include <openssl/x509v3.h>
-+#else
-+/* declare dummy types so we can define a pointer to them */
-+typedef struct {} SSL;
-+typedef struct {} SSL_CTX;
-+#endif /* DO_SSL */
-+
-+struct ast_iostream;
-+
-+/*!
-+ * \brief Disable the iostream timeout timer.
-+ *
-+ * \param stream iostream control data.
-+ *
-+ * \return Nothing
-+ */
-+void ast_iostream_set_timeout_disable(struct ast_iostream *stream);
-+
-+/*!
-+ * \brief Set the iostream inactivity timeout timer.
-+ *
-+ * \param stream iostream control data.
-+ * \param timeout Number of milliseconds to wait for data transfer with the peer.
-+ *
-+ * \details This is basically how much time we are willing to spend
-+ * in an I/O call before we declare the peer unresponsive.
-+ *
-+ * \note Setting timeout to -1 disables the timeout.
-+ * \note Setting this timeout replaces the I/O sequence timeout timer.
-+ *
-+ * \return Nothing
-+ */
-+void ast_iostream_set_timeout_inactivity(struct ast_iostream *stream, int timeout);
-+
-+void ast_iostream_set_timeout_idle_inactivity(struct ast_iostream *stream, int timeout, int timeout_reset);
-+
-+/*!
-+ * \brief Set the iostream I/O sequence timeout timer.
-+ *
-+ * \param stream iostream control data.
-+ * \param start Time the I/O sequence timer starts.
-+ * \param timeout Number of milliseconds from the start time before timeout.
-+ *
-+ * \details This is how much time are we willing to allow the peer
-+ * to complete an operation that can take several I/O calls. The
-+ * main use is as an authentication timer with us.
-+ *
-+ * \note Setting timeout to -1 disables the timeout.
-+ * \note Setting this timeout replaces the inactivity timeout timer.
-+ *
-+ * \return Nothing
-+ */
-+void ast_iostream_set_timeout_sequence(struct ast_iostream *stream, struct timeval start, int timeout);
-+
-+/*!
-+ * \brief Set the iostream if it can exclusively depend upon the set timeouts.
-+ *
-+ * \param stream iostream control data.
-+ * \param exclusive_input TRUE if stream can exclusively wait for fd input.
-+ * Otherwise, the stream will not wait for fd input. It will wait while
-+ * trying to send data.
-+ *
-+ * \note The stream timeouts still need to be set.
-+ *
-+ * \return Nothing
-+ */
-+void ast_iostream_set_exclusive_input(struct ast_iostream *stream, int exclusive_input);
-+
-+int ast_iostream_get_fd(struct ast_iostream *stream);
-+void ast_iostream_nonblock(struct ast_iostream *stream);
-+
-+SSL* ast_iostream_get_ssl(struct ast_iostream *stream);
-+
-+ssize_t ast_iostream_read(struct ast_iostream *stream, void *buf, size_t count);
-+ssize_t ast_iostream_gets(struct ast_iostream *stream, char *buf, size_t count);
-+ssize_t ast_iostream_discard(struct ast_iostream *stream, size_t count);
-+ssize_t ast_iostream_write(struct ast_iostream *stream, const void *buf, size_t count);
-+ssize_t ast_iostream_printf(struct ast_iostream *stream, const void *fmt, ...);
-+
-+struct ast_iostream* ast_iostream_from_fd(int *fd);
-+int ast_iostream_start_tls(struct ast_iostream **stream, SSL_CTX *ctx, int client);
-+int ast_iostream_close(struct ast_iostream *stream);
-+
-+#endif /* _ASTERISK_IOSTREAM_H */
-diff --git a/include/asterisk/tcptls.h b/include/asterisk/tcptls.h
-index d19ec529a9..1e3a7524bf 100644
---- a/include/asterisk/tcptls.h
-+++ b/include/asterisk/tcptls.h
-@@ -57,20 +57,7 @@
-
- #include "asterisk/netsock2.h"
- #include "asterisk/utils.h"
--
--#if defined(HAVE_OPENSSL) && (defined(HAVE_FUNOPEN) || defined(HAVE_FOPENCOOKIE))
--#define DO_SSL /* comment in/out if you want to support ssl */
--#endif
--
--#ifdef DO_SSL
--#include <openssl/ssl.h>
--#include <openssl/err.h>
--#include <openssl/x509v3.h>
--#else
--/* declare dummy types so we can define a pointer to them */
--typedef struct {} SSL;
--typedef struct {} SSL_CTX;
--#endif /* DO_SSL */
-+#include "asterisk/iostream.h"
-
- /*! SSL support */
- #define AST_CERTFILE "asterisk.pem"
-@@ -157,72 +144,10 @@ struct ast_tcptls_session_args {
- struct ast_tls_config *old_tls_cfg; /*!< copy of the SSL configuration to determine whether changes have been made */
- };
-
--struct ast_tcptls_stream;
--
--/*!
-- * \brief Disable the TCP/TLS stream timeout timer.
-- *
-- * \param stream TCP/TLS stream control data.
-- *
-- * \return Nothing
-- */
--void ast_tcptls_stream_set_timeout_disable(struct ast_tcptls_stream *stream);
--
--/*!
-- * \brief Set the TCP/TLS stream inactivity timeout timer.
-- *
-- * \param stream TCP/TLS stream control data.
-- * \param timeout Number of milliseconds to wait for data transfer with the peer.
-- *
-- * \details This is basically how much time we are willing to spend
-- * in an I/O call before we declare the peer unresponsive.
-- *
-- * \note Setting timeout to -1 disables the timeout.
-- * \note Setting this timeout replaces the I/O sequence timeout timer.
-- *
-- * \return Nothing
-- */
--void ast_tcptls_stream_set_timeout_inactivity(struct ast_tcptls_stream *stream, int timeout);
--
--/*!
-- * \brief Set the TCP/TLS stream I/O sequence timeout timer.
-- *
-- * \param stream TCP/TLS stream control data.
-- * \param start Time the I/O sequence timer starts.
-- * \param timeout Number of milliseconds from the start time before timeout.
-- *
-- * \details This is how much time are we willing to allow the peer
-- * to complete an operation that can take several I/O calls. The
-- * main use is as an authentication timer with us.
-- *
-- * \note Setting timeout to -1 disables the timeout.
-- * \note Setting this timeout replaces the inactivity timeout timer.
-- *
-- * \return Nothing
-- */
--void ast_tcptls_stream_set_timeout_sequence(struct ast_tcptls_stream *stream, struct timeval start, int timeout);
--
--/*!
-- * \brief Set the TCP/TLS stream I/O if it can exclusively depend upon the set timeouts.
-- *
-- * \param stream TCP/TLS stream control data.
-- * \param exclusive_input TRUE if stream can exclusively wait for fd input.
-- * Otherwise, the stream will not wait for fd input. It will wait while
-- * trying to send data.
-- *
-- * \note The stream timeouts still need to be set.
-- *
-- * \return Nothing
-- */
--void ast_tcptls_stream_set_exclusive_input(struct ast_tcptls_stream *stream, int exclusive_input);
--
- /*! \brief
- * describes a server instance
- */
- struct ast_tcptls_session_instance {
-- FILE *f; /*!< fopen/funopen result */
-- int fd; /*!< the socket returned by accept() */
-- SSL *ssl; /*!< ssl state */
- int client;
- struct ast_sockaddr remote_address;
- struct ast_tcptls_session_args *parent;
-@@ -232,20 +157,12 @@ struct ast_tcptls_session_instance {
- * extra data.
- */
- struct ast_str *overflow_buf;
-- /*! ao2 FILE stream cookie object associated with f. */
-- struct ast_tcptls_stream *stream_cookie;
-+ /*! ao2 stream object associated with this session. */
-+ struct ast_iostream *stream;
- /*! ao2 object private data of parent->worker_fn */
- void *private_data;
- };
-
--#if defined(HAVE_FUNOPEN)
--#define HOOK_T int
--#define LEN_T int
--#else
--#define HOOK_T ssize_t
--#define LEN_T size_t
--#endif
--
- /*!
- * \brief attempts to connect and start tcptls session, on error the tcptls_session's
- * ref count is decremented, fd and file are closed, and NULL is returned.
-@@ -301,7 +218,4 @@ void ast_ssl_teardown(struct ast_tls_config *cfg);
- */
- int ast_tls_read_conf(struct ast_tls_config *tls_cfg, struct ast_tcptls_session_args *tls_desc, const char *varname, const char *value);
-
--HOOK_T ast_tcptls_server_read(struct ast_tcptls_session_instance *ser, void *buf, size_t count);
--HOOK_T ast_tcptls_server_write(struct ast_tcptls_session_instance *ser, const void *buf, size_t count);
--
- #endif /* _ASTERISK_TCPTLS_H */
-diff --git a/main/http.c b/main/http.c
-index 907f10223b..7a61249114 100644
---- a/main/http.c
-+++ b/main/http.c
-@@ -451,11 +451,13 @@ void ast_http_send(struct ast_tcptls_session_instance *ser,
- struct timeval now = ast_tvnow();
- struct ast_tm tm;
- char timebuf[80];
-+ char buf[256];
-+ int len;
- int content_length = 0;
- int close_connection;
- struct ast_str *server_header_field = ast_str_create(MAX_SERVER_NAME_LENGTH);
-
-- if (!ser || !ser->f || !server_header_field) {
-+ if (!ser || !server_header_field) {
- /* The connection is not open. */
- ast_free(http_header);
- ast_free(out);
-@@ -505,7 +507,7 @@ void ast_http_send(struct ast_tcptls_session_instance *ser,
- }
-
- /* send http header */
-- fprintf(ser->f,
-+ ast_iostream_printf(ser->stream,
- "HTTP/1.1 %d %s\r\n"
- "%s"
- "Date: %s\r\n"
-@@ -526,26 +528,16 @@ void ast_http_send(struct ast_tcptls_session_instance *ser,
- /* send content */
- if (method != AST_HTTP_HEAD || status_code >= 400) {
- if (out && ast_str_strlen(out)) {
-- /*
-- * NOTE: Because ser->f is a non-standard FILE *, fwrite() will probably not
-- * behave exactly as documented.
-- */
-- if (fwrite(ast_str_buffer(out), ast_str_strlen(out), 1, ser->f) != 1) {
-+ len = ast_str_strlen(out);
-+ if (ast_iostream_write(ser->stream, ast_str_buffer(out), len) != len) {
- ast_log(LOG_ERROR, "fwrite() failed: %s\n", strerror(errno));
- close_connection = 1;
- }
- }
-
- if (fd) {
-- char buf[256];
-- int len;
--
- while ((len = read(fd, buf, sizeof(buf))) > 0) {
-- /*
-- * NOTE: Because ser->f is a non-standard FILE *, fwrite() will probably not
-- * behave exactly as documented.
-- */
-- if (fwrite(buf, len, 1, ser->f) != 1) {
-+ if (ast_iostream_write(ser->stream, buf, len) != len) {
- ast_log(LOG_WARNING, "fwrite() failed: %s\n", strerror(errno));
- close_connection = 1;
- break;
-@@ -577,7 +569,7 @@ void ast_http_create_response(struct ast_tcptls_session_instance *ser, int statu
- ast_free(http_header_data);
- ast_free(server_address);
- ast_free(out);
-- if (ser && ser->f) {
-+ if (ser) {
- ast_debug(1, "HTTP closing session. OOM.\n");
- ast_tcptls_close_session_file(ser);
- }
-@@ -931,14 +923,9 @@ static int http_body_read_contents(struct ast_tcptls_session_instance *ser, char
- {
- int res;
-
-- /*
-- * NOTE: Because ser->f is a non-standard FILE *, fread() does not behave as
-- * documented.
-- */
--
-- /* Stay in fread until get all the expected data or timeout. */
-- res = fread(buf, length, 1, ser->f);
-- if (res < 1) {
-+ /* Stream is in exclusive mode so we get it all if possible. */
-+ res = ast_iostream_read(ser->stream, buf, length);
-+ if (res < length) {
- ast_log(LOG_WARNING, "Short HTTP request %s (Wanted %d)\n",
- what_getting, length);
- return -1;
-@@ -960,28 +947,12 @@ static int http_body_read_contents(struct ast_tcptls_session_instance *ser, char
- */
- static int http_body_discard_contents(struct ast_tcptls_session_instance *ser, int length, const char *what_getting)
- {
-- int res;
-- char buf[MAX_HTTP_LINE_LENGTH];/* Discard buffer */
--
-- /*
-- * NOTE: Because ser->f is a non-standard FILE *, fread() does not behave as
-- * documented.
-- */
-+ ssize_t res;
-
-- /* Stay in fread until get all the expected data or timeout. */
-- while (sizeof(buf) < length) {
-- res = fread(buf, sizeof(buf), 1, ser->f);
-- if (res < 1) {
-- ast_log(LOG_WARNING, "Short HTTP request %s (Wanted %zu of remaining %d)\n",
-- what_getting, sizeof(buf), length);
-- return -1;
-- }
-- length -= sizeof(buf);
-- }
-- res = fread(buf, length, 1, ser->f);
-- if (res < 1) {
-- ast_log(LOG_WARNING, "Short HTTP request %s (Wanted %d of remaining %d)\n",
-- what_getting, length, length);
-+ res = ast_iostream_discard(ser->stream, length);
-+ if (res < length) {
-+ ast_log(LOG_WARNING, "Short HTTP request %s (Wanted %d but got %zd)\n",
-+ what_getting, length, res);
- return -1;
- }
- return 0;
-@@ -1057,7 +1028,7 @@ static int http_body_get_chunk_length(struct ast_tcptls_session_instance *ser)
- char header_line[MAX_HTTP_LINE_LENGTH];
-
- /* get the line of hexadecimal giving chunk-size w/ optional chunk-extension */
-- if (!fgets(header_line, sizeof(header_line), ser->f)) {
-+ if (ast_iostream_gets(ser->stream, header_line, sizeof(header_line)) <= 0) {
- ast_log(LOG_WARNING, "Short HTTP read of chunked header\n");
- return -1;
- }
-@@ -1090,8 +1061,8 @@ static int http_body_check_chunk_sync(struct ast_tcptls_session_instance *ser)
- */
-
- /* Stay in fread until get the expected CRLF or timeout. */
-- res = fread(chunk_sync, sizeof(chunk_sync), 1, ser->f);
-- if (res < 1) {
-+ res = ast_iostream_read(ser->stream, chunk_sync, sizeof(chunk_sync));
-+ if (res < sizeof(chunk_sync)) {
- ast_log(LOG_WARNING, "Short HTTP chunk sync read (Wanted %zu)\n",
- sizeof(chunk_sync));
- return -1;
-@@ -1120,7 +1091,7 @@ static int http_body_discard_chunk_trailer_headers(struct ast_tcptls_session_ins
- char header_line[MAX_HTTP_LINE_LENGTH];
-
- for (;;) {
-- if (!fgets(header_line, sizeof(header_line), ser->f)) {
-+ if (ast_iostream_gets(ser->stream, header_line, sizeof(header_line)) <= 0) {
- ast_log(LOG_WARNING, "Short HTTP read of chunked trailer header\n");
- return -1;
- }
-@@ -1783,7 +1754,7 @@ static int http_request_headers_get(struct ast_tcptls_session_instance *ser, str
- char *name;
- char *value;
-
-- if (!fgets(header_line, sizeof(header_line), ser->f)) {
-+ if (ast_iostream_gets(ser->stream, header_line, sizeof(header_line)) <= 0) {
- ast_http_error(ser, 400, "Bad Request", "Timeout");
- return -1;
- }
-@@ -1857,7 +1828,7 @@ static int httpd_process_request(struct ast_tcptls_session_instance *ser)
- int res;
- char request_line[MAX_HTTP_LINE_LENGTH];
-
-- if (!fgets(request_line, sizeof(request_line), ser->f)) {
-+ if (ast_iostream_gets(ser->stream, request_line, sizeof(request_line)) <= 0) {
- return -1;
- }
-
-@@ -1941,7 +1912,7 @@ static void *httpd_helper_thread(void *data)
- int flags = 1;
- int timeout;
-
-- if (!ser || !ser->f) {
-+ if (!ser) {
- ao2_cleanup(ser);
- return NULL;
- }
-@@ -1958,14 +1929,11 @@ static void *httpd_helper_thread(void *data)
- * This is necessary to prevent delays (caused by buffering) as we
- * write to the socket in bits and pieces.
- */
-- if (setsockopt(ser->fd, IPPROTO_TCP, TCP_NODELAY, (char *) &flags, sizeof(flags)) < 0) {
-+ if (setsockopt(ast_iostream_get_fd(ser->stream), IPPROTO_TCP, TCP_NODELAY, (char *) &flags, sizeof(flags)) < 0) {
- ast_log(LOG_WARNING, "Failed to set TCP_NODELAY on HTTP connection: %s\n", strerror(errno));
-+ ast_log(LOG_WARNING, "Some HTTP requests may be slow to respond.\n");
- }
--
-- /* make sure socket is non-blocking */
-- flags = fcntl(ser->fd, F_GETFL);
-- flags |= O_NONBLOCK;
-- fcntl(ser->fd, F_SETFL, flags);
-+ ast_iostream_nonblock(ser->stream);
-
- /* Setup HTTP worker private data to keep track of request body reading. */
- ao2_cleanup(ser->private_data);
-@@ -1988,23 +1956,17 @@ static void *httpd_helper_thread(void *data)
- }
-
- /* We can let the stream wait for data to arrive. */
-- ast_tcptls_stream_set_exclusive_input(ser->stream_cookie, 1);
-+ ast_iostream_set_exclusive_input(ser->stream, 1);
-
- for (;;) {
-- int ch;
--
- /* Wait for next potential HTTP request message. */
-- ast_tcptls_stream_set_timeout_inactivity(ser->stream_cookie, timeout);
-- ch = fgetc(ser->f);
-- if (ch == EOF || ungetc(ch, ser->f) == EOF) {
-- /* Between request idle timeout */
-- ast_debug(1, "HTTP idle timeout or peer closed connection.\n");
-+ ast_iostream_set_timeout_idle_inactivity(ser->stream, timeout, session_inactivity);
-+ if (httpd_process_request(ser)) {
-+ /* Break the connection or the connection closed */
- break;
- }
--
-- ast_tcptls_stream_set_timeout_inactivity(ser->stream_cookie, session_inactivity);
-- if (httpd_process_request(ser) || !ser->f || feof(ser->f)) {
-- /* Break the connection or the connection closed */
-+ if (!ser->stream) {
-+ /* Web-socket or similar that took the connection */
- break;
- }
-
-@@ -2018,10 +1980,9 @@ static void *httpd_helper_thread(void *data)
- done:
- ast_atomic_fetchadd_int(&session_count, -1);
-
-- if (ser->f) {
-- ast_debug(1, "HTTP closing session. Top level\n");
-- ast_tcptls_close_session_file(ser);
-- }
-+ ast_debug(1, "HTTP closing session. Top level\n");
-+ ast_tcptls_close_session_file(ser);
-+
- ao2_ref(ser, -1);
- return NULL;
- }
-diff --git a/main/iostream.c b/main/iostream.c
-new file mode 100644
-index 0000000000..46abc18a5c
---- /dev/null
-+++ b/main/iostream.c
-@@ -0,0 +1,553 @@
-+/*
-+ * Asterisk -- An open source telephony toolkit.
-+ *
-+ * Copyright (C) 1999 - 2015, Digium, Inc.
-+ *
-+ * Timo Teräs <timo.teras@iki.fi>
-+ *
-+ * See http://www.asterisk.org for more information about
-+ * the Asterisk project. Please do not directly contact
-+ * any of the maintainers of this project for assistance;
-+ * the project provides a web site, mailing lists and IRC
-+ * channels for your use.
-+ *
-+ * This program is free software, distributed under the terms of
-+ * the GNU General Public License Version 2. See the LICENSE file
-+ * at the top of the source tree.
-+ */
-+
-+#include <fcntl.h>
-+#include <stdarg.h>
-+
-+#include "asterisk.h"
-+#include "asterisk/utils.h"
-+#include "asterisk/astobj2.h"
-+#include "asterisk/iostream.h"
-+
-+struct ast_iostream {
-+ SSL *ssl;
-+ struct timeval start;
-+ int fd;
-+ int timeout;
-+ int timeout_reset;
-+ int exclusive_input;
-+ int rbuflen;
-+ char *rbufhead;
-+ char rbuf[2048];
-+};
-+
-+int ast_iostream_get_fd(struct ast_iostream *stream)
-+{
-+ return stream->fd;
-+}
-+
-+void ast_iostream_nonblock(struct ast_iostream *stream)
-+{
-+ fcntl(stream->fd, F_SETFL, fcntl(stream->fd, F_GETFL) | O_NONBLOCK);
-+}
-+
-+SSL *ast_iostream_get_ssl(struct ast_iostream *stream)
-+{
-+ return stream->ssl;
-+}
-+
-+void ast_iostream_set_timeout_disable(struct ast_iostream *stream)
-+{
-+ ast_assert(stream != NULL);
-+
-+ stream->timeout = -1;
-+ stream->timeout_reset = -1;
-+}
-+
-+void ast_iostream_set_timeout_inactivity(struct ast_iostream *stream, int timeout)
-+{
-+ ast_assert(stream != NULL);
-+
-+ stream->start.tv_sec = 0;
-+ stream->timeout = timeout;
-+ stream->timeout_reset = timeout;
-+}
-+
-+void ast_iostream_set_timeout_idle_inactivity(struct ast_iostream *stream, int timeout, int timeout_reset)
-+{
-+ ast_assert(stream != NULL);
-+
-+ stream->start.tv_sec = 0;
-+ stream->timeout = timeout;
-+ stream->timeout_reset = timeout_reset;
-+}
-+
-+void ast_iostream_set_timeout_sequence(struct ast_iostream *stream, struct timeval start, int timeout)
-+{
-+ ast_assert(stream != NULL);
-+
-+ stream->start = start;
-+ stream->timeout = timeout;
-+ stream->timeout_reset = timeout;
-+}
-+
-+void ast_iostream_set_exclusive_input(struct ast_iostream *stream, int exclusive_input)
-+{
-+ ast_assert(stream != NULL);
-+
-+ stream->exclusive_input = exclusive_input;
-+}
-+
-+static ssize_t iostream_read(struct ast_iostream *stream, void *buf, size_t size)
-+{
-+ struct timeval start;
-+ int ms;
-+ int res;
-+
-+ if (stream->start.tv_sec) {
-+ start = stream->start;
-+ } else {
-+ start = ast_tvnow();
-+ }
-+
-+#if defined(DO_SSL)
-+ if (stream->ssl) {
-+ for (;;) {
-+ res = SSL_read(stream->ssl, buf, size);
-+ if (0 < res) {
-+ /* We read some payload data. */
-+ stream->timeout = stream->timeout_reset;
-+ return res;
-+ }
-+ switch (SSL_get_error(stream->ssl, res)) {
-+ case SSL_ERROR_ZERO_RETURN:
-+ /* Report EOF for a shutdown */
-+ ast_debug(1, "TLS clean shutdown alert reading data\n");
-+ return 0;
-+ case SSL_ERROR_WANT_READ:
-+ if (!stream->exclusive_input) {
-+ /* We cannot wait for data now. */
-+ errno = EAGAIN;
-+ return -1;
-+ }
-+ while ((ms = ast_remaining_ms(start, stream->timeout))) {
-+ res = ast_wait_for_input(stream->fd, ms);
-+ if (0 < res) {
-+ /* Socket is ready to be read. */
-+ break;
-+ }
-+ if (res < 0) {
-+ if (errno == EINTR || errno == EAGAIN) {
-+ /* Try again. */
-+ continue;
-+ }
-+ ast_debug(1, "TLS socket error waiting for read data: %s\n",
-+ strerror(errno));
-+ return -1;
-+ }
-+ }
-+ break;
-+ case SSL_ERROR_WANT_WRITE:
-+ while ((ms = ast_remaining_ms(start, stream->timeout))) {
-+ res = ast_wait_for_output(stream->fd, ms);
-+ if (0 < res) {
-+ /* Socket is ready to be written. */
-+ break;
-+ }
-+ if (res < 0) {
-+ if (errno == EINTR || errno == EAGAIN) {
-+ /* Try again. */
-+ continue;
-+ }
-+ ast_debug(1, "TLS socket error waiting for write space: %s\n",
-+ strerror(errno));
-+ return -1;
-+ }
-+ }
-+ break;
-+ default:
-+ /* Report EOF for an undecoded SSL or transport error. */
-+ ast_debug(1, "TLS transport or SSL error reading data\n");
-+ return 0;
-+ }
-+ if (!ms) {
-+ /* Report EOF for a timeout */
-+ ast_debug(1, "TLS timeout reading data\n");
-+ return 0;
-+ }
-+ }
-+ }
-+#endif /* defined(DO_SSL) */
-+
-+ for (;;) {
-+ res = read(stream->fd, buf, size);
-+ if (0 <= res) {
-+ /* Got data or we cannot wait for it. */
-+ stream->timeout = stream->timeout_reset;
-+ return res;
-+ }
-+ if (!stream->exclusive_input) {
-+ return res;
-+ }
-+ if (errno != EINTR && errno != EAGAIN) {
-+ /* Not a retryable error. */
-+ ast_debug(1, "TCP socket error reading data: %s\n",
-+ strerror(errno));
-+ return -1;
-+ }
-+ ms = ast_remaining_ms(start, stream->timeout);
-+ if (!ms) {
-+ /* Report EOF for a timeout */
-+ ast_debug(1, "TCP timeout reading data\n");
-+ return 0;
-+ }
-+ ast_wait_for_input(stream->fd, ms);
-+ }
-+}
-+
-+ssize_t ast_iostream_read(struct ast_iostream *stream, void *buf, size_t size)
-+{
-+ if (!size) {
-+ /* You asked for no data you got no data. */
-+ return 0;
-+ }
-+
-+ if (!stream || stream->fd == -1) {
-+ errno = EBADF;
-+ return -1;
-+ }
-+
-+ /* Get any remains from the read buffer */
-+ if (stream->rbuflen) {
-+ size_t r = size;
-+ if (r > stream->rbuflen) {
-+ r = stream->rbuflen;
-+ }
-+ memcpy(buf, stream->rbufhead, r);
-+ stream->rbuflen -= r;
-+ stream->rbufhead += r;
-+ return r;
-+ }
-+
-+ return iostream_read(stream, buf, size);
-+}
-+
-+ssize_t ast_iostream_gets(struct ast_iostream *stream, char *buf, size_t count)
-+{
-+ ssize_t r;
-+ char *newline;
-+
-+ do {
-+ /* Search for newline */
-+ newline = memchr(stream->rbufhead, '\n', stream->rbuflen);
-+ if (newline) {
-+ r = newline - stream->rbufhead + 1;
-+ if (r > count-1) {
-+ r = count-1;
-+ }
-+ break;
-+ }
-+
-+ /* Enough data? */
-+ if (stream->rbuflen >= count - 1) {
-+ r = count - 1;
-+ break;
-+ }
-+
-+ /* Try to fill in line buffer */
-+ if (stream->rbuflen && stream->rbuf != stream->rbufhead) {
-+ memmove(&stream->rbuf, stream->rbufhead, stream->rbuflen);
-+ }
-+ stream->rbufhead = stream->rbuf;
-+
-+ r = iostream_read(stream, stream->rbufhead + stream->rbuflen, sizeof(stream->rbuf) - stream->rbuflen);
-+ if (r <= 0) {
-+ return r;
-+ }
-+ stream->rbuflen += r;
-+ } while (1);
-+
-+ /* Return r bytes with termination byte */
-+ memcpy(buf, stream->rbufhead, r);
-+ buf[r] = 0;
-+ stream->rbuflen -= r;
-+ stream->rbufhead += r;
-+
-+ return r;
-+}
-+
-+ssize_t ast_iostream_discard(struct ast_iostream *stream, size_t size)
-+{
-+ char buf[1024];
-+ size_t remaining = size;
-+ ssize_t ret;
-+
-+ while (remaining) {
-+ ret = ast_iostream_read(stream, buf, remaining > sizeof(buf) ? sizeof(buf) : remaining);
-+ if (ret < 0) {
-+ return ret;
-+ }
-+ remaining -= ret;
-+ }
-+
-+ return size;
-+}
-+
-+ssize_t ast_iostream_write(struct ast_iostream *stream, const void *buf, size_t size)
-+{
-+ struct timeval start;
-+ int ms;
-+ int res;
-+ int written;
-+ int remaining;
-+
-+ if (!size) {
-+ /* You asked to write no data you wrote no data. */
-+ return 0;
-+ }
-+
-+ if (!stream || stream->fd == -1) {
-+ errno = EBADF;
-+ return -1;
-+ }
-+
-+ if (stream->start.tv_sec) {
-+ start = stream->start;
-+ } else {
-+ start = ast_tvnow();
-+ }
-+
-+#if defined(DO_SSL)
-+ if (stream->ssl) {
-+ written = 0;
-+ remaining = size;
-+ for (;;) {
-+ res = SSL_write(stream->ssl, buf + written, remaining);
-+ if (res == remaining) {
-+ /* Everything was written. */
-+ return size;
-+ }
-+ if (0 < res) {
-+ /* Successfully wrote part of the buffer. Try to write the rest. */
-+ written += res;
-+ remaining -= res;
-+ continue;
-+ }
-+ switch (SSL_get_error(stream->ssl, res)) {
-+ case SSL_ERROR_ZERO_RETURN:
-+ ast_debug(1, "TLS clean shutdown alert writing data\n");
-+ if (written) {
-+ /* Report partial write. */
-+ return written;
-+ }
-+ errno = EBADF;
-+ return -1;
-+ case SSL_ERROR_WANT_READ:
-+ ms = ast_remaining_ms(start, stream->timeout);
-+ if (!ms) {
-+ /* Report partial write. */
-+ ast_debug(1, "TLS timeout writing data (want read)\n");
-+ return written;
-+ }
-+ ast_wait_for_input(stream->fd, ms);
-+ break;
-+ case SSL_ERROR_WANT_WRITE:
-+ ms = ast_remaining_ms(start, stream->timeout);
-+ if (!ms) {
-+ /* Report partial write. */
-+ ast_debug(1, "TLS timeout writing data (want write)\n");
-+ return written;
-+ }
-+ ast_wait_for_output(stream->fd, ms);
-+ break;
-+ default:
-+ /* Undecoded SSL or transport error. */
-+ ast_debug(1, "TLS transport or SSL error writing data\n");
-+ if (written) {
-+ /* Report partial write. */
-+ return written;
-+ }
-+ errno = EBADF;
-+ return -1;
-+ }
-+ }
-+ }
-+#endif /* defined(DO_SSL) */
-+
-+ written = 0;
-+ remaining = size;
-+ for (;;) {
-+ res = write(stream->fd, buf + written, remaining);
-+ if (res == remaining) {
-+ /* Yay everything was written. */
-+ return size;
-+ }
-+ if (0 < res) {
-+ /* Successfully wrote part of the buffer. Try to write the rest. */
-+ written += res;
-+ remaining -= res;
-+ continue;
-+ }
-+ if (errno != EINTR && errno != EAGAIN) {
-+ /* Not a retryable error. */
-+ ast_debug(1, "TCP socket error writing: %s\n", strerror(errno));
-+ if (written) {
-+ return written;
-+ }
-+ return -1;
-+ }
-+ ms = ast_remaining_ms(start, stream->timeout);
-+ if (!ms) {
-+ /* Report partial write. */
-+ ast_debug(1, "TCP timeout writing data\n");
-+ return written;
-+ }
-+ ast_wait_for_output(stream->fd, ms);
-+ }
-+}
-+
-+ssize_t ast_iostream_printf(struct ast_iostream *stream, const void *fmt, ...)
-+{
-+ char sbuf[256], *buf = sbuf;
-+ int len, len2, ret = -1;
-+ va_list va;
-+
-+ va_start(va, fmt);
-+ len = vsnprintf(buf, sizeof(sbuf), fmt, va);
-+ va_end(va);
-+
-+ if (len > sizeof(sbuf)) {
-+ buf = ast_malloc(len);
-+ if (!buf) {
-+ return -1;
-+ }
-+ va_start(va, fmt);
-+ len2 = vsnprintf(buf, len, fmt, va);
-+ va_end(va);
-+ if (len2 > len) {
-+ goto error;
-+ }
-+ }
-+
-+ if (ast_iostream_write(stream, buf, len) == len)
-+ ret = len;
-+
-+error:
-+ if (buf != sbuf) {
-+ ast_free(buf);
-+ }
-+
-+ return ret;
-+}
-+
-+int ast_iostream_close(struct ast_iostream *stream)
-+{
-+ if (!stream) {
-+ errno = EBADF;
-+ return -1;
-+ }
-+
-+ if (stream->fd != -1) {
-+#if defined(DO_SSL)
-+ if (stream->ssl) {
-+ int res;
-+
-+ /*
-+ * According to the TLS standard, it is acceptable for an
-+ * application to only send its shutdown alert and then
-+ * close the underlying connection without waiting for
-+ * the peer's response (this way resources can be saved,
-+ * as the process can already terminate or serve another
-+ * connection).
-+ */
-+ res = SSL_shutdown(stream->ssl);
-+ if (res < 0) {
-+ ast_log(LOG_ERROR, "SSL_shutdown() failed: %d\n",
-+ SSL_get_error(stream->ssl, res));
-+ }
-+
-+ if (!stream->ssl->server) {
-+ /* For client threads, ensure that the error stack is cleared */
-+ ERR_remove_state(0);
-+ }
-+
-+ SSL_free(stream->ssl);
-+ stream->ssl = NULL;
-+ }
-+#endif /* defined(DO_SSL) */
-+
-+ /*
-+ * Issuing shutdown() is necessary here to avoid a race
-+ * condition where the last data written may not appear
-+ * in the TCP stream. See ASTERISK-23548
-+ */
-+ shutdown(stream->fd, SHUT_RDWR);
-+ if (close(stream->fd)) {
-+ ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno));
-+ }
-+ stream->fd = -1;
-+ }
-+ ao2_t_ref(stream, -1, "Closed ast_iostream");
-+
-+ return 0;
-+}
-+
-+static void iostream_dtor(void *cookie)
-+{
-+#ifdef AST_DEVMODE
-+ /* Since the ast_assert below is the only one using stream,
-+ * and ast_assert is only available with AST_DEVMODE, we
-+ * put this in a conditional to avoid compiler warnings. */
-+ struct ast_iostream *stream = cookie;
-+#endif
-+
-+ ast_assert(stream->fd == -1);
-+}
-+
-+struct ast_iostream *ast_iostream_from_fd(int *fd)
-+{
-+ struct ast_iostream *stream;
-+
-+ stream = ao2_alloc_options(sizeof(*stream), iostream_dtor,
-+ AO2_ALLOC_OPT_LOCK_NOLOCK);
-+ if (stream) {
-+ stream->timeout = -1;
-+ stream->timeout_reset = -1;
-+ stream->fd = *fd;
-+ *fd = -1;
-+ }
-+
-+ return stream;
-+}
-+
-+int ast_iostream_start_tls(struct ast_iostream **pstream, SSL_CTX *ssl_ctx, int client)
-+{
-+#ifdef DO_SSL
-+ struct ast_iostream *stream = *pstream;
-+ int (*ssl_setup)(SSL *) = client ? SSL_connect : SSL_accept;
-+ char err[256];
-+
-+ stream->ssl = SSL_new(ssl_ctx);
-+ if (!stream->ssl) {
-+ ast_log(LOG_ERROR, "Unable to create new SSL connection\n");
-+ errno = ENOMEM;
-+ return -1;
-+ }
-+
-+ /*
-+ * This function takes struct ast_iostream **, so it can chain
-+ * SSL over any ast_iostream. For now we assume it's a file descriptor.
-+ * But later this should instead use BIO wrapper to tie SSL to another
-+ * ast_iostream.
-+ */
-+ SSL_set_fd(stream->ssl, stream->fd);
-+
-+ if (ssl_setup(stream->ssl) <= 0) {
-+ ast_log(LOG_ERROR, "Problem setting up ssl connection: %s\n",
-+ ERR_error_string(ERR_get_error(), err));
-+ errno = EIO;
-+ return -1;
-+ }
-+
-+ return 0;
-+#else
-+ ast_log(LOG_ERROR, "SSL not enabled in this build\n");
-+ errno = ENOTSUP;
-+ return -1;
-+#endif
-+}
-diff --git a/main/manager.c b/main/manager.c
-index 80d9659ef8..4d864235bb 100644
---- a/main/manager.c
-+++ b/main/manager.c
-@@ -1551,8 +1551,7 @@ static void acl_change_stasis_unsubscribe(void)
- struct mansession_session {
- /*! \todo XXX need to document which fields it is protecting */
- struct ast_sockaddr addr; /*!< address we are connecting from */
-- FILE *f; /*!< fdopen() on the underlying fd */
-- int fd; /*!< descriptor used for output. Either the socket (AMI) or a temporary file (HTTP) */
-+ struct ast_iostream *stream; /*!< AMI stream */
- int inuse; /*!< number of HTTP sessions using this entry */
- int needdestroy; /*!< Whether an HTTP session should be destroyed */
- pthread_t waiting_thread; /*!< Sleeping thread using this descriptor */
-@@ -1594,9 +1593,8 @@ enum mansession_message_parsing {
- */
- struct mansession {
- struct mansession_session *session;
-+ struct ast_iostream *stream;
- struct ast_tcptls_session_instance *tcptls_session;
-- FILE *f;
-- int fd;
- enum mansession_message_parsing parsing;
- int write_error:1;
- struct manager_custom_hook *hook;
-@@ -2168,10 +2166,6 @@ static void session_destructor(void *obj)
- ast_datastore_free(datastore);
- }
-
-- if (session->f != NULL) {
-- fflush(session->f);
-- fclose(session->f);
-- }
- if (eqe) {
- ast_atomic_fetchadd_int(&eqe->usecount, -1);
- }
-@@ -2206,7 +2200,6 @@ static struct mansession_session *build_mansession(const struct ast_sockaddr *ad
- return NULL;
- }
-
-- newsession->fd = -1;
- newsession->waiting_thread = AST_PTHREADT_NULL;
- newsession->writetimeout = 100;
- newsession->send_events = -1;
-@@ -2619,7 +2612,7 @@ static char *handle_showmanconn(struct ast_cli_entry *e, int cmd, struct ast_cli
- ast_sockaddr_stringify_addr(&session->addr),
- (int) (session->sessionstart),
- (int) (now - session->sessionstart),
-- session->fd,
-+ session->stream ? ast_iostream_get_fd(session->stream) : -1,
- session->inuse,
- session->readperm,
- session->writeperm);
-@@ -2891,7 +2884,6 @@ int ast_hook_send_action(struct manager_custom_hook *hook, const char *msg)
- * This is necessary to meet the previous design of manager.c
- */
- s.hook = hook;
-- s.f = (void*)1; /* set this to something so our request will make it through all functions that test it*/
-
- ao2_lock(act_found);
- if (act_found->registered && act_found->func) {
-@@ -2922,9 +2914,8 @@ int ast_hook_send_action(struct manager_custom_hook *hook, const char *msg)
- */
- static int send_string(struct mansession *s, char *string)
- {
-- int res;
-- FILE *f = s->f ? s->f : s->session->f;
-- int fd = s->f ? s->fd : s->session->fd;
-+ struct ast_iostream *stream = s->stream ? s->stream : s->session->stream;
-+ int len, res;
-
- /* It's a result from one of the hook's action invocation */
- if (s->hook) {
-@@ -2936,7 +2927,12 @@ static int send_string(struct mansession *s, char *string)
- return 0;
- }
-
-- if ((res = ast_careful_fwrite(f, fd, string, strlen(string), s->session->writetimeout))) {
-+ len = strlen(string);
-+ ast_iostream_set_timeout_inactivity(stream, s->session->writetimeout);
-+ res = ast_iostream_write(stream, string, len);
-+ ast_iostream_set_timeout_disable(stream);
-+
-+ if (res < len) {
- s->write_error = 1;
- }
-
-@@ -2977,10 +2973,10 @@ void astman_append(struct mansession *s, const char *fmt, ...)
- return;
- }
-
-- if (s->f != NULL || s->session->f != NULL) {
-+ if (s->tcptls_session != NULL && s->tcptls_session->stream != NULL) {
- send_string(s, ast_str_buffer(buf));
- } else {
-- ast_verbose("fd == -1 in astman_append, should not happen\n");
-+ ast_verbose("No connection stream in astman_append, should not happen\n");
- }
- }
-
-@@ -4121,7 +4117,7 @@ static int action_waitevent(struct mansession *s, const struct message *m)
- break;
- }
- if (s->session->managerid == 0) { /* AMI session */
-- if (ast_wait_for_input(s->session->fd, 1000)) {
-+ if (ast_wait_for_input(ast_iostream_get_fd(s->session->stream), 1000)) {
- break;
- }
- } else { /* HTTP session */
-@@ -5936,7 +5932,7 @@ static int process_events(struct mansession *s)
- int ret = 0;
-
- ao2_lock(s->session);
-- if (s->session->f != NULL) {
-+ if (s->session->stream != NULL) {
- struct eventqent *eqe = s->session->last_ev;
-
- while ((eqe = advance_event(eqe))) {
-@@ -6478,7 +6474,7 @@ static int get_input(struct mansession *s, char *output)
- s->session->waiting_thread = pthread_self();
- ao2_unlock(s->session);
-
-- res = ast_wait_for_input(s->session->fd, timeout);
-+ res = ast_wait_for_input(ast_iostream_get_fd(s->session->stream), timeout);
-
- ao2_lock(s->session);
- s->session->waiting_thread = AST_PTHREADT_NULL;
-@@ -6496,13 +6492,7 @@ static int get_input(struct mansession *s, char *output)
- }
-
- ao2_lock(s->session);
-- /*
-- * It is worth noting here that you can all but ignore fread()'s documentation
-- * for the purposes of this call. The FILE * we are working with here was created
-- * as a result of a call to fopencookie() (or equivalent) in tcptls.c, and as such
-- * the behavior of fread() is not as documented. Frankly, I think this is gross.
-- */
-- res = fread(src + s->session->inlen, 1, maxlen - s->session->inlen, s->session->f);
-+ res = ast_iostream_read(s->session->stream, src + s->session->inlen, maxlen - s->session->inlen);
- if (res < 1) {
- res = -1; /* error return */
- } else {
-@@ -6640,7 +6630,7 @@ static void *session_do(void *data)
- struct ast_sockaddr ser_remote_address_tmp;
-
- if (ast_atomic_fetchadd_int(&unauth_sessions, +1) >= authlimit) {
-- fclose(ser->f);
-+ ast_iostream_close(ser->stream);
- ast_atomic_fetchadd_int(&unauth_sessions, -1);
- goto done;
- }
-@@ -6649,7 +6639,7 @@ static void *session_do(void *data)
- session = build_mansession(&ser_remote_address_tmp);
-
- if (session == NULL) {
-- fclose(ser->f);
-+ ast_iostream_close(ser->stream);
- ast_atomic_fetchadd_int(&unauth_sessions, -1);
- goto done;
- }
-@@ -6657,14 +6647,10 @@ static void *session_do(void *data)
- /* here we set TCP_NODELAY on the socket to disable Nagle's algorithm.
- * This is necessary to prevent delays (caused by buffering) as we
- * write to the socket in bits and pieces. */
-- if (setsockopt(ser->fd, IPPROTO_TCP, TCP_NODELAY, (char *) &flags, sizeof(flags)) < 0) {
-+ if (setsockopt(ast_iostream_get_fd(ser->stream), IPPROTO_TCP, TCP_NODELAY, (char *) &flags, sizeof(flags)) < 0) {
- ast_log(LOG_WARNING, "Failed to set TCP_NODELAY on manager connection: %s\n", strerror(errno));
- }
--
-- /* make sure socket is non-blocking */
-- flags = fcntl(ser->fd, F_GETFL);
-- flags |= O_NONBLOCK;
-- fcntl(ser->fd, F_SETFL, flags);
-+ ast_iostream_nonblock(ser->stream);
-
- ao2_lock(session);
- /* Hook to the tail of the event queue */
-@@ -6673,8 +6659,7 @@ static void *session_do(void *data)
- ast_mutex_init(&s.lock);
-
- /* these fields duplicate those in the 'ser' structure */
-- session->fd = s.fd = ser->fd;
-- session->f = s.f = ser->f;
-+ session->stream = s.stream = ser->stream;
- ast_sockaddr_copy(&session->addr, &ser_remote_address_tmp);
- s.session = session;
-
-@@ -6693,9 +6678,9 @@ static void *session_do(void *data)
- * We cannot let the stream exclusively wait for data to arrive.
- * We have to wake up the task to send async events.
- */
-- ast_tcptls_stream_set_exclusive_input(ser->stream_cookie, 0);
-+ ast_iostream_set_exclusive_input(ser->stream, 0);
-
-- ast_tcptls_stream_set_timeout_sequence(ser->stream_cookie,
-+ ast_iostream_set_timeout_sequence(ser->stream,
- ast_tvnow(), authtimeout * 1000);
-
- astman_append(&s, "Asterisk Call Manager/%s\r\n", AMI_VERSION); /* welcome prompt */
-@@ -6704,7 +6689,7 @@ static void *session_do(void *data)
- break;
- }
- if (session->authenticated) {
-- ast_tcptls_stream_set_timeout_disable(ser->stream_cookie);
-+ ast_iostream_set_timeout_disable(ser->stream);
- }
- }
- /* session is over, explain why and terminate */
-@@ -7564,23 +7549,9 @@ static void xml_translate(struct ast_str **out, char *in, struct ast_variable *g
-
- static void close_mansession_file(struct mansession *s)
- {
-- if (s->f) {
-- if (fclose(s->f)) {
-- ast_log(LOG_ERROR, "fclose() failed: %s\n", strerror(errno));
-- }
-- s->f = NULL;
-- s->fd = -1;
-- } else if (s->fd != -1) {
-- /*
-- * Issuing shutdown() is necessary here to avoid a race
-- * condition where the last data written may not appear
-- * in the TCP stream. See ASTERISK-23548
-- */
-- shutdown(s->fd, SHUT_RDWR);
-- if (close(s->fd)) {
-- ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno));
-- }
-- s->fd = -1;
-+ if (s->stream) {
-+ ast_iostream_close(s->stream);
-+ s->stream = NULL;
- } else {
- ast_log(LOG_ERROR, "Attempted to close file/file descriptor on mansession without a valid file or file descriptor.\n");
- }
-@@ -7589,17 +7560,20 @@ static void close_mansession_file(struct mansession *s)
- static void process_output(struct mansession *s, struct ast_str **out, struct ast_variable *params, enum output_format format)
- {
- char *buf;
-- size_t l;
-+ off_t l;
-+ int fd;
-
-- if (!s->f)
-+ if (!s->stream)
- return;
-
- /* Ensure buffer is NULL-terminated */
-- fprintf(s->f, "%c", 0);
-- fflush(s->f);
-+ ast_iostream_write(s->stream, "", 1);
-+
-+ fd = ast_iostream_get_fd(s->stream);
-
-- if ((l = ftell(s->f)) > 0) {
-- if (MAP_FAILED == (buf = mmap(NULL, l, PROT_READ | PROT_WRITE, MAP_PRIVATE, s->fd, 0))) {
-+ l = lseek(fd, SEEK_CUR, 0);
-+ if (l > 0) {
-+ if (MAP_FAILED == (buf = mmap(NULL, l, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0))) {
- ast_log(LOG_WARNING, "mmap failed. Manager output was not processed\n");
- } else {
- if (format == FORMAT_XML || format == FORMAT_HTML) {
-@@ -7626,6 +7600,7 @@ static int generic_http_callback(struct ast_tcptls_session_instance *ser,
- struct mansession s = { .session = NULL, .tcptls_session = ser };
- struct mansession_session *session = NULL;
- uint32_t ident;
-+ int fd;
- int blastaway = 0;
- struct ast_variable *v;
- struct ast_variable *params = get_params;
-@@ -7681,17 +7656,17 @@ static int generic_http_callback(struct ast_tcptls_session_instance *ser,
- }
-
- s.session = session;
-- s.fd = mkstemp(template); /* create a temporary file for command output */
-+ fd = mkstemp(template); /* create a temporary file for command output */
- unlink(template);
-- if (s.fd <= -1) {
-+ if (fd <= -1) {
- ast_http_error(ser, 500, "Server Error", "Internal Server Error (mkstemp failed)");
- goto generic_callback_out;
- }
-- s.f = fdopen(s.fd, "w+");
-- if (!s.f) {
-+ s.stream = ast_iostream_from_fd(&fd);
-+ if (!s.stream) {
- ast_log(LOG_WARNING, "HTTP Manager, fdopen failed: %s!\n", strerror(errno));
- ast_http_error(ser, 500, "Server Error", "Internal Server Error (fdopen failed)");
-- close(s.fd);
-+ close(fd);
- goto generic_callback_out;
- }
-
-@@ -7831,9 +7806,9 @@ generic_callback_out:
- if (blastaway) {
- session_destroy(session);
- } else {
-- if (session->f) {
-- fclose(session->f);
-- session->f = NULL;
-+ if (session->stream) {
-+ ast_iostream_close(session->stream);
-+ session->stream = NULL;
- }
- unref_mansession(session);
- }
-@@ -7858,6 +7833,7 @@ static int auth_http_callback(struct ast_tcptls_session_instance *ser,
- struct message m = { 0 };
- unsigned int idx;
- size_t hdrlen;
-+ int fd;
-
- time_t time_now = time(NULL);
- unsigned long nonce = 0, nc;
-@@ -8036,17 +8012,17 @@ static int auth_http_callback(struct ast_tcptls_session_instance *ser,
-
- ast_mutex_init(&s.lock);
- s.session = session;
-- s.fd = mkstemp(template); /* create a temporary file for command output */
-+ fd = mkstemp(template); /* create a temporary file for command output */
- unlink(template);
-- if (s.fd <= -1) {
-+ if (fd <= -1) {
- ast_http_error(ser, 500, "Server Error", "Internal Server Error (mkstemp failed)");
- goto auth_callback_out;
- }
-- s.f = fdopen(s.fd, "w+");
-- if (!s.f) {
-+ s.stream = ast_iostream_from_fd(&fd);
-+ if (!s.stream) {
- ast_log(LOG_WARNING, "HTTP Manager, fdopen failed: %s!\n", strerror(errno));
- ast_http_error(ser, 500, "Server Error", "Internal Server Error (fdopen failed)");
-- close(s.fd);
-+ close(fd);
- goto auth_callback_out;
- }
-
-@@ -8097,7 +8073,7 @@ static int auth_http_callback(struct ast_tcptls_session_instance *ser,
- m.headers[idx] = NULL;
- }
-
-- result_size = ftell(s.f); /* Calculate approx. size of result */
-+ result_size = lseek(ast_iostream_get_fd(s.stream), SEEK_CUR, 0); /* Calculate approx. size of result */
-
- http_header = ast_str_create(80);
- out = ast_str_create(result_size * 2 + 512);
-@@ -8149,11 +8125,10 @@ auth_callback_out:
- ast_free(out);
-
- ao2_lock(session);
-- if (session->f) {
-- fclose(session->f);
-+ if (session->stream) {
-+ ast_iostream_close(session->stream);
-+ session->stream = NULL;
- }
-- session->f = NULL;
-- session->fd = -1;
- ao2_unlock(session);
-
- if (session->needdestroy) {
-diff --git a/main/tcptls.c b/main/tcptls.c
-index 8e50a0c8e9..ca9a447868 100644
---- a/main/tcptls.c
-+++ b/main/tcptls.c
-@@ -51,559 +51,13 @@ ASTERISK_REGISTER_FILE()
- #include "asterisk/pbx.h"
- #include "asterisk/app.h"
-
--/*! ao2 object used for the FILE stream fopencookie()/funopen() cookie. */
--struct ast_tcptls_stream {
-- /*! SSL state if not NULL */
-- SSL *ssl;
-- /*!
-- * \brief Start time from when an I/O sequence must complete
-- * by struct ast_tcptls_stream.timeout.
-- *
-- * \note If struct ast_tcptls_stream.start.tv_sec is zero then
-- * start time is the current I/O request.
-- */
-- struct timeval start;
-- /*!
-- * \brief The socket returned by accept().
-- *
-- * \note Set to -1 if the stream is closed.
-- */
-- int fd;
-- /*!
-- * \brief Timeout in ms relative to struct ast_tcptls_stream.start
-- * to wait for an event on struct ast_tcptls_stream.fd.
-- *
-- * \note Set to -1 to disable timeout.
-- * \note The socket needs to be set to non-blocking for the timeout
-- * feature to work correctly.
-- */
-- int timeout;
-- /*! TRUE if stream can exclusively wait for fd input. */
-- int exclusive_input;
--};
--
--#if defined(DO_SSL)
--AST_THREADSTORAGE(err2str_threadbuf);
--#define ERR2STR_BUFSIZE 128
--
--static const char *ssl_error_to_string(int sslerr, int ret)
--{
-- switch (sslerr) {
-- case SSL_ERROR_SSL:
-- return "Internal SSL error";
-- case SSL_ERROR_SYSCALL:
-- if (!ret) {
-- return "System call EOF";
-- } else if (ret == -1) {
-- char *buf;
--
-- buf = ast_threadstorage_get(&err2str_threadbuf, ERR2STR_BUFSIZE);
-- if (!buf) {
-- return "Unknown";
-- }
--
-- snprintf(buf, ERR2STR_BUFSIZE, "Underlying BIO error: %s", strerror(errno));
-- return buf;
-- } else {
-- return "System call other";
-- }
-- default:
-- break;
-- }
--
-- return "Unknown";
--}
--#endif
--
--void ast_tcptls_stream_set_timeout_disable(struct ast_tcptls_stream *stream)
--{
-- ast_assert(stream != NULL);
--
-- stream->timeout = -1;
--}
--
--void ast_tcptls_stream_set_timeout_inactivity(struct ast_tcptls_stream *stream, int timeout)
--{
-- ast_assert(stream != NULL);
--
-- stream->start.tv_sec = 0;
-- stream->timeout = timeout;
--}
--
--void ast_tcptls_stream_set_timeout_sequence(struct ast_tcptls_stream *stream, struct timeval start, int timeout)
--{
-- ast_assert(stream != NULL);
--
-- stream->start = start;
-- stream->timeout = timeout;
--}
--
--void ast_tcptls_stream_set_exclusive_input(struct ast_tcptls_stream *stream, int exclusive_input)
--{
-- ast_assert(stream != NULL);
--
-- stream->exclusive_input = exclusive_input;
--}
--
--/*!
-- * \internal
-- * \brief fopencookie()/funopen() stream read function.
-- *
-- * \param cookie Stream control data.
-- * \param buf Where to put read data.
-- * \param size Size of the buffer.
-- *
-- * \retval number of bytes put into buf.
-- * \retval 0 on end of file.
-- * \retval -1 on error.
-- */
--static HOOK_T tcptls_stream_read(void *cookie, char *buf, LEN_T size)
--{
-- struct ast_tcptls_stream *stream = cookie;
-- struct timeval start;
-- int ms;
-- int res;
--
-- if (!size) {
-- /* You asked for no data you got no data. */
-- return 0;
-- }
--
-- if (!stream || stream->fd == -1) {
-- errno = EBADF;
-- return -1;
-- }
--
-- if (stream->start.tv_sec) {
-- start = stream->start;
-- } else {
-- start = ast_tvnow();
-- }
--
--#if defined(DO_SSL)
-- if (stream->ssl) {
-- for (;;) {
-- int sslerr;
-- char err[256];
--
-- res = SSL_read(stream->ssl, buf, size);
-- if (0 < res) {
-- /* We read some payload data. */
-- return res;
-- }
--
-- sslerr = SSL_get_error(stream->ssl, res);
-- switch (sslerr) {
-- case SSL_ERROR_ZERO_RETURN:
-- /* Report EOF for a shutdown */
-- ast_debug(1, "TLS clean shutdown alert reading data\n");
-- return 0;
-- case SSL_ERROR_WANT_READ:
-- if (!stream->exclusive_input) {
-- /* We cannot wait for data now. */
-- errno = EAGAIN;
-- return -1;
-- }
-- while ((ms = ast_remaining_ms(start, stream->timeout))) {
-- res = ast_wait_for_input(stream->fd, ms);
-- if (0 < res) {
-- /* Socket is ready to be read. */
-- break;
-- }
-- if (res < 0) {
-- if (errno == EINTR || errno == EAGAIN) {
-- /* Try again. */
-- continue;
-- }
-- ast_debug(1, "TLS socket error waiting for read data: %s\n",
-- strerror(errno));
-- return -1;
-- }
-- }
-- break;
-- case SSL_ERROR_WANT_WRITE:
-- while ((ms = ast_remaining_ms(start, stream->timeout))) {
-- res = ast_wait_for_output(stream->fd, ms);
-- if (0 < res) {
-- /* Socket is ready to be written. */
-- break;
-- }
-- if (res < 0) {
-- if (errno == EINTR || errno == EAGAIN) {
-- /* Try again. */
-- continue;
-- }
-- ast_debug(1, "TLS socket error waiting for write space: %s\n",
-- strerror(errno));
-- return -1;
-- }
-- }
-- break;
-- default:
-- /* Report EOF for an undecoded SSL or transport error. */
-- ast_debug(1, "TLS transport or SSL error reading data: %s, %s\n", ERR_error_string(sslerr, err),
-- ssl_error_to_string(sslerr, res));
-- return 0;
-- }
-- if (!ms) {
-- /* Report EOF for a timeout */
-- ast_debug(1, "TLS timeout reading data\n");
-- return 0;
-- }
-- }
-- }
--#endif /* defined(DO_SSL) */
--
-- for (;;) {
-- res = read(stream->fd, buf, size);
-- if (0 <= res || !stream->exclusive_input) {
-- /* Got data or we cannot wait for it. */
-- return res;
-- }
-- if (errno != EINTR && errno != EAGAIN) {
-- /* Not a retryable error. */
-- ast_debug(1, "TCP socket error reading data: %s\n",
-- strerror(errno));
-- return -1;
-- }
-- ms = ast_remaining_ms(start, stream->timeout);
-- if (!ms) {
-- /* Report EOF for a timeout */
-- ast_debug(1, "TCP timeout reading data\n");
-- return 0;
-- }
-- ast_wait_for_input(stream->fd, ms);
-- }
--}
--
--/*!
-- * \internal
-- * \brief fopencookie()/funopen() stream write function.
-- *
-- * \param cookie Stream control data.
-- * \param buf Where to get data to write.
-- * \param size Size of the buffer.
-- *
-- * \retval number of bytes written from buf.
-- * \retval -1 on error.
-- */
--static HOOK_T tcptls_stream_write(void *cookie, const char *buf, LEN_T size)
--{
-- struct ast_tcptls_stream *stream = cookie;
-- struct timeval start;
-- int ms;
-- int res;
-- int written;
-- int remaining;
--
-- if (!size) {
-- /* You asked to write no data you wrote no data. */
-- return 0;
-- }
--
-- if (!stream || stream->fd == -1) {
-- errno = EBADF;
-- return -1;
-- }
--
-- if (stream->start.tv_sec) {
-- start = stream->start;
-- } else {
-- start = ast_tvnow();
-- }
--
--#if defined(DO_SSL)
-- if (stream->ssl) {
-- written = 0;
-- remaining = size;
-- for (;;) {
-- int sslerr;
-- char err[256];
--
-- res = SSL_write(stream->ssl, buf + written, remaining);
-- if (res == remaining) {
-- /* Everything was written. */
-- return size;
-- }
-- if (0 < res) {
-- /* Successfully wrote part of the buffer. Try to write the rest. */
-- written += res;
-- remaining -= res;
-- continue;
-- }
-- sslerr = SSL_get_error(stream->ssl, res);
-- switch (sslerr) {
-- case SSL_ERROR_ZERO_RETURN:
-- ast_debug(1, "TLS clean shutdown alert writing data\n");
-- if (written) {
-- /* Report partial write. */
-- return written;
-- }
-- errno = EBADF;
-- return -1;
-- case SSL_ERROR_WANT_READ:
-- ms = ast_remaining_ms(start, stream->timeout);
-- if (!ms) {
-- /* Report partial write. */
-- ast_debug(1, "TLS timeout writing data (want read)\n");
-- return written;
-- }
-- ast_wait_for_input(stream->fd, ms);
-- break;
-- case SSL_ERROR_WANT_WRITE:
-- ms = ast_remaining_ms(start, stream->timeout);
-- if (!ms) {
-- /* Report partial write. */
-- ast_debug(1, "TLS timeout writing data (want write)\n");
-- return written;
-- }
-- ast_wait_for_output(stream->fd, ms);
-- break;
-- default:
-- /* Undecoded SSL or transport error. */
-- ast_debug(1, "TLS transport or SSL error writing data: %s, %s\n", ERR_error_string(sslerr, err),
-- ssl_error_to_string(sslerr, res));
-- if (written) {
-- /* Report partial write. */
-- return written;
-- }
-- errno = EBADF;
-- return -1;
-- }
-- }
-- }
--#endif /* defined(DO_SSL) */
--
-- written = 0;
-- remaining = size;
-- for (;;) {
-- res = write(stream->fd, buf + written, remaining);
-- if (res == remaining) {
-- /* Yay everything was written. */
-- return size;
-- }
-- if (0 < res) {
-- /* Successfully wrote part of the buffer. Try to write the rest. */
-- written += res;
-- remaining -= res;
-- continue;
-- }
-- if (errno != EINTR && errno != EAGAIN) {
-- /* Not a retryable error. */
-- ast_debug(1, "TCP socket error writing: %s\n", strerror(errno));
-- if (written) {
-- return written;
-- }
-- return -1;
-- }
-- ms = ast_remaining_ms(start, stream->timeout);
-- if (!ms) {
-- /* Report partial write. */
-- ast_debug(1, "TCP timeout writing data\n");
-- return written;
-- }
-- ast_wait_for_output(stream->fd, ms);
-- }
--}
--
--/*!
-- * \internal
-- * \brief fopencookie()/funopen() stream close function.
-- *
-- * \param cookie Stream control data.
-- *
-- * \retval 0 on success.
-- * \retval -1 on error.
-- */
--static int tcptls_stream_close(void *cookie)
--{
-- struct ast_tcptls_stream *stream = cookie;
--
-- if (!stream) {
-- errno = EBADF;
-- return -1;
-- }
--
-- if (stream->fd != -1) {
--#if defined(DO_SSL)
-- if (stream->ssl) {
-- int res;
--
-- /*
-- * According to the TLS standard, it is acceptable for an
-- * application to only send its shutdown alert and then
-- * close the underlying connection without waiting for
-- * the peer's response (this way resources can be saved,
-- * as the process can already terminate or serve another
-- * connection).
-- */
-- res = SSL_shutdown(stream->ssl);
-- if (res < 0) {
-- int sslerr = SSL_get_error(stream->ssl, res);
-- char err[256];
--
-- ast_log(LOG_ERROR, "SSL_shutdown() failed: %s, %s\n",
-- ERR_error_string(sslerr, err), ssl_error_to_string(sslerr, res));
-- }
--
--#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-- if (!SSL_is_server(stream->ssl)) {
--#else
-- if (!stream->ssl->server) {
--#endif
-- /* For client threads, ensure that the error stack is cleared */
--#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
--#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER >= 0x10000000L
-- ERR_remove_thread_state(NULL);
--#else
-- ERR_remove_state(0);
--#endif /* openssl = 1.0 */
--#endif /* openssl < 1.1 */
-- }
--
-- SSL_free(stream->ssl);
-- stream->ssl = NULL;
-- }
--#endif /* defined(DO_SSL) */
--
-- /*
-- * Issuing shutdown() is necessary here to avoid a race
-- * condition where the last data written may not appear
-- * in the TCP stream. See ASTERISK-23548
-- */
-- shutdown(stream->fd, SHUT_RDWR);
-- if (close(stream->fd)) {
-- ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno));
-- }
-- stream->fd = -1;
-- }
-- ao2_t_ref(stream, -1, "Closed tcptls stream cookie");
--
-- return 0;
--}
--
--/*!
-- * \internal
-- * \brief fopencookie()/funopen() stream destructor function.
-- *
-- * \param cookie Stream control data.
-- *
-- * \return Nothing
-- */
--static void tcptls_stream_dtor(void *cookie)
--{
--#ifdef AST_DEVMODE
-- /* Since the ast_assert below is the only one using stream,
-- * and ast_assert is only available with AST_DEVMODE, we
-- * put this in a conditional to avoid compiler warnings. */
-- struct ast_tcptls_stream *stream = cookie;
--#endif
--
-- ast_assert(stream->fd == -1);
--}
--
--/*!
-- * \internal
-- * \brief fopencookie()/funopen() stream allocation function.
-- *
-- * \retval stream_cookie on success.
-- * \retval NULL on error.
-- */
--static struct ast_tcptls_stream *tcptls_stream_alloc(void)
--{
-- struct ast_tcptls_stream *stream;
--
-- stream = ao2_alloc_options(sizeof(*stream), tcptls_stream_dtor,
-- AO2_ALLOC_OPT_LOCK_NOLOCK);
-- if (stream) {
-- stream->fd = -1;
-- stream->timeout = -1;
-- }
-- return stream;
--}
--
--/*!
-- * \internal
-- * \brief Open a custom FILE stream for tcptls.
-- *
-- * \param stream Stream cookie control data.
-- * \param ssl SSL state if not NULL.
-- * \param fd Socket file descriptor.
-- * \param timeout ms to wait for an event on fd. -1 if timeout disabled.
-- *
-- * \retval fp on success.
-- * \retval NULL on error.
-- */
--static FILE *tcptls_stream_fopen(struct ast_tcptls_stream *stream, SSL *ssl, int fd, int timeout)
--{
-- FILE *fp;
--
--#if defined(HAVE_FOPENCOOKIE) /* the glibc/linux interface */
-- static const cookie_io_functions_t cookie_funcs = {
-- tcptls_stream_read,
-- tcptls_stream_write,
-- NULL,
-- tcptls_stream_close
-- };
--#endif /* defined(HAVE_FOPENCOOKIE) */
--
-- if (fd == -1) {
-- /* Socket not open. */
-- return NULL;
-- }
--
-- stream->ssl = ssl;
-- stream->fd = fd;
-- stream->timeout = timeout;
-- ao2_t_ref(stream, +1, "Opening tcptls stream cookie");
--
--#if defined(HAVE_FUNOPEN) /* the BSD interface */
-- fp = funopen(stream, tcptls_stream_read, tcptls_stream_write, NULL,
-- tcptls_stream_close);
--#elif defined(HAVE_FOPENCOOKIE) /* the glibc/linux interface */
-- fp = fopencookie(stream, "w+", cookie_funcs);
--#else
-- /* could add other methods here */
-- ast_debug(2, "No stream FILE methods attempted!\n");
-- fp = NULL;
--#endif
--
-- if (!fp) {
-- stream->fd = -1;
-- ao2_t_ref(stream, -1, "Failed to open tcptls stream cookie");
-- }
-- return fp;
--}
--
--HOOK_T ast_tcptls_server_read(struct ast_tcptls_session_instance *tcptls_session, void *buf, size_t count)
--{
-- if (!tcptls_session->stream_cookie || tcptls_session->stream_cookie->fd == -1) {
-- ast_log(LOG_ERROR, "TCP/TLS read called on invalid stream.\n");
-- errno = EIO;
-- return -1;
-- }
--
-- return tcptls_stream_read(tcptls_session->stream_cookie, buf, count);
--}
--
--HOOK_T ast_tcptls_server_write(struct ast_tcptls_session_instance *tcptls_session, const void *buf, size_t count)
--{
-- if (!tcptls_session->stream_cookie || tcptls_session->stream_cookie->fd == -1) {
-- ast_log(LOG_ERROR, "TCP/TLS write called on invalid stream.\n");
-- errno = EIO;
-- return -1;
-- }
--
-- return tcptls_stream_write(tcptls_session->stream_cookie, buf, count);
--}
--
- static void session_instance_destructor(void *obj)
- {
- struct ast_tcptls_session_instance *i = obj;
-
-- if (i->stream_cookie) {
-- ao2_t_ref(i->stream_cookie, -1, "Destroying tcptls session instance");
-- i->stream_cookie = NULL;
-+ if (i->stream) {
-+ ast_iostream_close(i->stream);
-+ i->stream = NULL;
- }
- ast_free(i->overflow_buf);
- ao2_cleanup(i->private_data);
-@@ -649,8 +103,7 @@ static void *handle_tcptls_connection(void *data)
- {
- struct ast_tcptls_session_instance *tcptls_session = data;
- #ifdef DO_SSL
-- int (*ssl_setup)(SSL *) = (tcptls_session->client) ? SSL_connect : SSL_accept;
-- int ret;
-+ SSL *ssl;
- #endif
-
- /* TCP/TLS connections are associated with external protocols, and
-@@ -665,127 +118,94 @@ static void *handle_tcptls_connection(void *data)
- return NULL;
- }
-
-- tcptls_session->stream_cookie = tcptls_stream_alloc();
-- if (!tcptls_session->stream_cookie) {
-- ast_tcptls_close_session_file(tcptls_session);
-- ao2_ref(tcptls_session, -1);
-- return NULL;
-- }
-+ if (tcptls_session->parent->tls_cfg) {
-+#ifdef DO_SSL
-+ if (ast_iostream_start_tls(&tcptls_session->stream, tcptls_session->parent->tls_cfg->ssl_ctx, tcptls_session->client) < 0) {
-+ ast_tcptls_close_session_file(tcptls_session);
-+ ao2_ref(tcptls_session, -1);
-+ return NULL;
-+ }
-
-- /*
-- * open a FILE * as appropriate.
-- */
-- if (!tcptls_session->parent->tls_cfg) {
-- tcptls_session->f = tcptls_stream_fopen(tcptls_session->stream_cookie, NULL,
-- tcptls_session->fd, -1);
-- if (tcptls_session->f) {
-- if (setvbuf(tcptls_session->f, NULL, _IONBF, 0)) {
-+ ssl = ast_iostream_get_ssl(tcptls_session->stream);
-+ if ((tcptls_session->client && !ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_DONT_VERIFY_SERVER))
-+ || (!tcptls_session->client && ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_VERIFY_CLIENT))) {
-+ X509 *peer;
-+ long res;
-+ peer = SSL_get_peer_certificate(ssl);
-+ if (!peer) {
-+ ast_log(LOG_ERROR, "No peer SSL certificate to verify\n");
- ast_tcptls_close_session_file(tcptls_session);
-+ ao2_ref(tcptls_session, -1);
-+ return NULL;
- }
-- }
-- }
--#ifdef DO_SSL
-- else if ( (tcptls_session->ssl = SSL_new(tcptls_session->parent->tls_cfg->ssl_ctx)) ) {
-- SSL_set_fd(tcptls_session->ssl, tcptls_session->fd);
-- if ((ret = ssl_setup(tcptls_session->ssl)) <= 0) {
-- char err[256];
-- int sslerr = SSL_get_error(tcptls_session->ssl, ret);
--
-- ast_log(LOG_ERROR, "Problem setting up ssl connection: %s, %s\n", ERR_error_string(sslerr, err),
-- ssl_error_to_string(sslerr, ret));
-- } else if ((tcptls_session->f = tcptls_stream_fopen(tcptls_session->stream_cookie,
-- tcptls_session->ssl, tcptls_session->fd, -1))) {
-- if ((tcptls_session->client && !ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_DONT_VERIFY_SERVER))
-- || (!tcptls_session->client && ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_VERIFY_CLIENT))) {
-- X509 *peer;
-- long res;
-- peer = SSL_get_peer_certificate(tcptls_session->ssl);
-- if (!peer) {
-- ast_log(LOG_ERROR, "No peer SSL certificate to verify\n");
-- ast_tcptls_close_session_file(tcptls_session);
-- ao2_ref(tcptls_session, -1);
-- return NULL;
-- }
--
-- res = SSL_get_verify_result(tcptls_session->ssl);
-- if (res != X509_V_OK) {
-- ast_log(LOG_ERROR, "Certificate did not verify: %s\n", X509_verify_cert_error_string(res));
-- X509_free(peer);
-- ast_tcptls_close_session_file(tcptls_session);
-- ao2_ref(tcptls_session, -1);
-- return NULL;
-- }
-- if (!ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_IGNORE_COMMON_NAME)) {
-- ASN1_STRING *str;
-- X509_NAME *name = X509_get_subject_name(peer);
-- STACK_OF(GENERAL_NAME) *alt_names;
-- int pos = -1;
-- int found = 0;
--
-- for (;;) {
-- /* Walk the certificate to check all available "Common Name" */
-- /* XXX Probably should do a gethostbyname on the hostname and compare that as well */
-- pos = X509_NAME_get_index_by_NID(name, NID_commonName, pos);
-- if (pos < 0) {
-- break;
-- }
-
-- str = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, pos));
-- if (!check_tcptls_cert_name(str, tcptls_session->parent->hostname, "common name")) {
-- found = 1;
-- break;
-- }
-+ res = SSL_get_verify_result(ssl);
-+ if (res != X509_V_OK) {
-+ ast_log(LOG_ERROR, "Certificate did not verify: %s\n", X509_verify_cert_error_string(res));
-+ X509_free(peer);
-+ ast_tcptls_close_session_file(tcptls_session);
-+ ao2_ref(tcptls_session, -1);
-+ return NULL;
-+ }
-+ if (!ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_IGNORE_COMMON_NAME)) {
-+ ASN1_STRING *str;
-+ X509_NAME *name = X509_get_subject_name(peer);
-+ STACK_OF(GENERAL_NAME) *alt_names;
-+ int pos = -1;
-+ int found = 0;
-+
-+ for (;;) {
-+ /* Walk the certificate to check all available "Common Name" */
-+ /* XXX Probably should do a gethostbyname on the hostname and compare that as well */
-+ pos = X509_NAME_get_index_by_NID(name, NID_commonName, pos);
-+ if (pos < 0) {
-+ break;
- }
-+ str = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, pos));
-+ if (!check_tcptls_cert_name(str, tcptls_session->parent->hostname, "common name")) {
-+ found = 1;
-+ break;
-+ }
-+ }
-
-- if (!found) {
-- alt_names = X509_get_ext_d2i(peer, NID_subject_alt_name, NULL, NULL);
-- if (alt_names != NULL) {
-- int alt_names_count = sk_GENERAL_NAME_num(alt_names);
--
-- for (pos = 0; pos < alt_names_count; pos++) {
-- const GENERAL_NAME *alt_name = sk_GENERAL_NAME_value(alt_names, pos);
-+ if (!found) {
-+ alt_names = X509_get_ext_d2i(peer, NID_subject_alt_name, NULL, NULL);
-+ if (alt_names != NULL) {
-+ int alt_names_count = sk_GENERAL_NAME_num(alt_names);
-
-- if (alt_name->type != GEN_DNS) {
-- continue;
-- }
-+ for (pos = 0; pos < alt_names_count; pos++) {
-+ const GENERAL_NAME *alt_name = sk_GENERAL_NAME_value(alt_names, pos);
-
-- if (!check_tcptls_cert_name(alt_name->d.dNSName, tcptls_session->parent->hostname, "alt name")) {
-- found = 1;
-- break;
-- }
-+ if (alt_name->type != GEN_DNS) {
-+ continue;
- }
-
-- sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
-+ if (!check_tcptls_cert_name(alt_name->d.dNSName, tcptls_session->parent->hostname, "alt name")) {
-+ found = 1;
-+ break;
-+ }
- }
-- }
-
-- if (!found) {
-- ast_log(LOG_ERROR, "Certificate common name did not match (%s)\n", tcptls_session->parent->hostname);
-- X509_free(peer);
-- ast_tcptls_close_session_file(tcptls_session);
-- ao2_ref(tcptls_session, -1);
-- return NULL;
-+ sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
- }
- }
-- X509_free(peer);
-+
-+ if (!found) {
-+ ast_log(LOG_ERROR, "Certificate common name did not match (%s)\n", tcptls_session->parent->hostname);
-+ X509_free(peer);
-+ ast_tcptls_close_session_file(tcptls_session);
-+ ao2_ref(tcptls_session, -1);
-+ return NULL;
-+ }
- }
-+ X509_free(peer);
- }
-- if (!tcptls_session->f) { /* no success opening descriptor stacking */
-- SSL_free(tcptls_session->ssl);
-- }
-- }
--#endif /* DO_SSL */
--
-- if (!tcptls_session->f) {
-+#else
-+ ast_log(LOG_ERROR, "Attempted a TLS connection without OpenSSL support. This will not work!\n");
- ast_tcptls_close_session_file(tcptls_session);
-- ast_log(LOG_WARNING, "FILE * open failed!\n");
--#ifndef DO_SSL
-- if (tcptls_session->parent->tls_cfg) {
-- ast_log(LOG_ERROR, "Attempted a TLS connection without OpenSSL support. This will not work!\n");
-- }
--#endif
- ao2_ref(tcptls_session, -1);
- return NULL;
-+#endif /* DO_SSL */
- }
-
- if (tcptls_session->parent->worker_fn) {
-@@ -844,7 +264,13 @@ void *ast_tcptls_server_root(void *data)
- }
- flags = fcntl(fd, F_GETFL);
- fcntl(fd, F_SETFL, flags & ~O_NONBLOCK);
-- tcptls_session->fd = fd;
-+
-+ tcptls_session->stream = ast_iostream_from_fd(&fd);
-+ if (!tcptls_session->stream) {
-+ ast_log(LOG_WARNING, "No memory for new session iostream\n");
-+ continue;
-+ }
-+
- tcptls_session->parent = desc;
- ast_sockaddr_copy(&tcptls_session->remote_address, &addr);
-
-@@ -1122,7 +548,7 @@ client_start_error:
-
- struct ast_tcptls_session_instance *ast_tcptls_client_create(struct ast_tcptls_session_args *desc)
- {
-- int x = 1;
-+ int fd, x = 1;
- struct ast_tcptls_session_instance *tcptls_session = NULL;
-
- /* Do nothing if nothing has changed */
-@@ -1138,8 +564,8 @@ struct ast_tcptls_session_instance *ast_tcptls_client_create(struct ast_tcptls_s
- close(desc->accept_fd);
- }
-
-- desc->accept_fd = socket(ast_sockaddr_is_ipv6(&desc->remote_address) ?
-- AF_INET6 : AF_INET, SOCK_STREAM, IPPROTO_TCP);
-+ fd = desc->accept_fd = socket(ast_sockaddr_is_ipv6(&desc->remote_address) ?
-+ AF_INET6 : AF_INET, SOCK_STREAM, IPPROTO_TCP);
- if (desc->accept_fd < 0) {
- ast_log(LOG_ERROR, "Unable to allocate socket for %s: %s\n",
- desc->name, strerror(errno));
-@@ -1169,7 +595,11 @@ struct ast_tcptls_session_instance *ast_tcptls_client_create(struct ast_tcptls_s
- goto error;
- }
- tcptls_session->client = 1;
-- tcptls_session->fd = desc->accept_fd;
-+ tcptls_session->stream = ast_iostream_from_fd(&fd);
-+ if (!tcptls_session->stream) {
-+ goto error;
-+ }
-+
- tcptls_session->parent = desc;
- tcptls_session->parent->worker_fn = NULL;
- ast_sockaddr_copy(&tcptls_session->remote_address,
-@@ -1329,24 +759,9 @@ error:
-
- void ast_tcptls_close_session_file(struct ast_tcptls_session_instance *tcptls_session)
- {
-- if (tcptls_session->f) {
-- fflush(tcptls_session->f);
-- if (fclose(tcptls_session->f)) {
-- ast_log(LOG_ERROR, "fclose() failed: %s\n", strerror(errno));
-- }
-- tcptls_session->f = NULL;
-- tcptls_session->fd = -1;
-- } else if (tcptls_session->fd != -1) {
-- /*
-- * Issuing shutdown() is necessary here to avoid a race
-- * condition where the last data written may not appear
-- * in the TCP stream. See ASTERISK-23548
-- */
-- shutdown(tcptls_session->fd, SHUT_RDWR);
-- if (close(tcptls_session->fd)) {
-- ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno));
-- }
-- tcptls_session->fd = -1;
-+ if (tcptls_session->stream) {
-+ ast_iostream_close(tcptls_session->stream);
-+ tcptls_session->stream = NULL;
- } else {
- ast_log(LOG_ERROR, "ast_tcptls_close_session_file invoked on session instance without file or file descriptor\n");
- }
-diff --git a/main/utils.c b/main/utils.c
-index cfe2e4c427..12aaf68094 100644
---- a/main/utils.c
-+++ b/main/utils.c
-@@ -1432,74 +1432,6 @@ int ast_carefulwrite(int fd, char *s, int len, int timeoutms)
- return res;
- }
-
--int ast_careful_fwrite(FILE *f, int fd, const char *src, size_t len, int timeoutms)
--{
-- struct timeval start = ast_tvnow();
-- int n = 0;
-- int elapsed = 0;
--
-- while (len) {
-- if (wait_for_output(fd, timeoutms - elapsed)) {
-- /* poll returned a fatal error, so bail out immediately. */
-- return -1;
-- }
--
-- /* Clear any errors from a previous write */
-- clearerr(f);
--
-- n = fwrite(src, 1, len, f);
--
-- if (ferror(f) && errno != EINTR && errno != EAGAIN) {
-- /* fatal error from fwrite() */
-- if (errno == EPIPE) {
-- ast_debug(1, "fwrite() failed due to reading end being closed: EPIPE\n");
-- } else if (!feof(f)) {
-- /* Don't spam the logs if it was just that the connection is closed. */
-- ast_log(LOG_ERROR, "fwrite() returned error: %s\n", strerror(errno));
-- }
-- n = -1;
-- break;
-- }
--
-- /* Update for data already written to the socket */
-- len -= n;
-- src += n;
--
-- elapsed = ast_tvdiff_ms(ast_tvnow(), start);
-- if (elapsed >= timeoutms) {
-- /* We've taken too long to write
-- * This is only an error condition if we haven't finished writing. */
-- n = len ? -1 : 0;
-- break;
-- }
-- }
--
-- errno = 0;
-- while (fflush(f)) {
-- if (errno == EAGAIN || errno == EINTR) {
-- /* fflush() does not appear to reset errno if it flushes
-- * and reaches EOF at the same time. It returns EOF with
-- * the last seen value of errno, causing a possible loop.
-- * Also usleep() to reduce CPU eating if it does loop */
-- errno = 0;
-- usleep(1);
-- continue;
-- }
-- if (errno && !feof(f)) {
-- if (errno == EPIPE) {
-- ast_debug(1, "fflush() failed due to reading end being closed: EPIPE\n");
-- } else {
-- /* Don't spam the logs if it was just that the connection is closed. */
-- ast_log(LOG_ERROR, "fflush() returned error: %s\n", strerror(errno));
-- }
-- }
-- n = -1;
-- break;
-- }
--
-- return n < 0 ? -1 : 0;
--}
--
- char *ast_strip_quoted(char *s, const char *beg_quotes, const char *end_quotes)
- {
- char *e;
-diff --git a/res/res_http_post.c b/res/res_http_post.c
-index 37fc4fa091..907ee56fbd 100644
---- a/res/res_http_post.c
-+++ b/res/res_http_post.c
-@@ -213,7 +213,7 @@ static int find_sequence(char * inbuf, int inlen, char * matchbuf, int matchlen)
- * This function has two modes. The first to find a boundary marker. The
- * second is to find the filename immediately after the boundary.
- */
--static int readmimefile(FILE *fin, FILE *fout, char *boundary, int contentlen)
-+static int readmimefile(struct ast_iostream *in, FILE *fout, char *boundary, int contentlen)
- {
- int find_filename = 0;
- char buf[4096];
-@@ -224,7 +224,7 @@ static int readmimefile(FILE *fin, FILE *fout, char *boundary, int contentlen)
- int boundary_len;
- char * path_end, * path_start, * filespec;
-
-- if (NULL == fin || NULL == fout || NULL == boundary || 0 >= contentlen) {
-+ if (NULL == in || NULL == fout || NULL == boundary || 0 >= contentlen) {
- return -1;
- }
-
-@@ -238,8 +238,8 @@ static int readmimefile(FILE *fin, FILE *fout, char *boundary, int contentlen)
- }
-
- if (0 < num_to_read) {
-- if (fread(&(buf[char_in_buf]), 1, num_to_read, fin) < num_to_read) {
-- ast_log(LOG_WARNING, "fread() failed: %s\n", strerror(errno));
-+ if (ast_iostream_read(in, &(buf[char_in_buf]), num_to_read) < num_to_read) {
-+ ast_log(LOG_WARNING, "read failed: %s\n", strerror(errno));
- num_to_read = 0;
- }
- contentlen -= num_to_read;
-@@ -380,7 +380,7 @@ static int http_post_callback(struct ast_tcptls_session_instance *ser, const str
- */
- ast_http_body_read_status(ser, 0);
-
-- if (0 > readmimefile(ser->f, f, boundary_marker, content_len)) {
-+ if (0 > readmimefile(ser->stream, f, boundary_marker, content_len)) {
- ast_debug(1, "Cannot find boundary marker in POST request.\n");
- fclose(f);
- ast_http_error(ser, 400, "Bad Request", "Cannot find boundary marker in POST request.");
-diff --git a/res/res_http_websocket.c b/res/res_http_websocket.c
-index 9f5d931d6a..5f59c2c8cb 100644
---- a/res/res_http_websocket.c
-+++ b/res/res_http_websocket.c
-@@ -88,8 +88,7 @@ ASTERISK_REGISTER_FILE()
-
- /*! \brief Structure definition for session */
- struct ast_websocket {
-- FILE *f; /*!< Pointer to the file instance used for writing and reading */
-- int fd; /*!< File descriptor for the session, only used for polling */
-+ struct ast_iostream *stream; /*!< iostream of the connection */
- struct ast_sockaddr address; /*!< Address of the remote client */
- enum ast_websocket_opcode opcode; /*!< Cached opcode for multi-frame messages */
- size_t payload_len; /*!< Length of the payload */
-@@ -180,10 +179,11 @@ static void session_destroy_fn(void *obj)
- {
- struct ast_websocket *session = obj;
-
-- if (session->f) {
-+ if (session->stream) {
- ast_websocket_close(session, 0);
-- if (session->f) {
-- fclose(session->f);
-+ if (session->stream) {
-+ ast_iostream_close(session->stream);
-+ session->stream = NULL;
- ast_verb(2, "WebSocket connection %s '%s' closed\n", session->client ? "to" : "from",
- ast_sockaddr_stringify(&session->address));
- }
-@@ -309,20 +309,22 @@ int AST_OPTIONAL_API_NAME(ast_websocket_close)(struct ast_websocket *session, ui
- session->close_sent = 1;
-
- ao2_lock(session);
-- res = ast_careful_fwrite(session->f, session->fd, frame, 4, session->timeout);
-+ ast_iostream_set_timeout_inactivity(session->stream, session->timeout);
-+ res = ast_iostream_write(session->stream, frame, sizeof(frame));
-+ ast_iostream_set_timeout_disable(session->stream);
-
- /* If an error occurred when trying to close this connection explicitly terminate it now.
- * Doing so will cause the thread polling on it to wake up and terminate.
- */
-- if (res) {
-- fclose(session->f);
-- session->f = NULL;
-+ if (res != sizeof(frame)) {
-+ ast_iostream_close(session->stream);
-+ session->stream = NULL;
- ast_verb(2, "WebSocket connection %s '%s' forcefully closed due to fatal write error\n",
- session->client ? "to" : "from", ast_sockaddr_stringify(&session->address));
- }
-
- ao2_unlock(session);
-- return res;
-+ return res == sizeof(frame);
- }
-
- static const char *opcode_map[] = {
-@@ -390,7 +392,8 @@ int AST_OPTIONAL_API_NAME(ast_websocket_write)(struct ast_websocket *session, en
- return -1;
- }
-
-- if (ast_careful_fwrite(session->f, session->fd, frame, frame_size, session->timeout)) {
-+ ast_iostream_set_timeout_sequence(session->stream, ast_tvnow(), session->timeout);
-+ if (ast_iostream_write(session->stream, frame, frame_size) != frame_size) {
- ao2_unlock(session);
- /* 1011 - server terminating connection due to not being able to fulfill the request */
- ast_debug(1, "Closing WS with 1011 because we can't fulfill a write request\n");
-@@ -398,7 +401,7 @@ int AST_OPTIONAL_API_NAME(ast_websocket_write)(struct ast_websocket *session, en
- return -1;
- }
-
-- fflush(session->f);
-+ ast_iostream_set_timeout_disable(session->stream);
- ao2_unlock(session);
-
- return 0;
-@@ -426,7 +429,7 @@ void AST_OPTIONAL_API_NAME(ast_websocket_unref)(struct ast_websocket *session)
-
- int AST_OPTIONAL_API_NAME(ast_websocket_fd)(struct ast_websocket *session)
- {
-- return session->closing ? -1 : session->fd;
-+ return session->closing ? -1 : ast_iostream_get_fd(session->stream);
- }
-
- struct ast_sockaddr * AST_OPTIONAL_API_NAME(ast_websocket_remote_address)(struct ast_websocket *session)
-@@ -441,18 +444,8 @@ int AST_OPTIONAL_API_NAME(ast_websocket_is_secure)(struct ast_websocket *session
-
- int AST_OPTIONAL_API_NAME(ast_websocket_set_nonblock)(struct ast_websocket *session)
- {
-- int flags;
--
-- if ((flags = fcntl(session->fd, F_GETFL)) == -1) {
-- return -1;
-- }
--
-- flags |= O_NONBLOCK;
--
-- if ((flags = fcntl(session->fd, F_SETFL, flags)) == -1) {
-- return -1;
-- }
--
-+ ast_iostream_nonblock(session->stream);
-+ ast_iostream_set_exclusive_input(session->stream, 0);
- return 0;
- }
-
-@@ -505,17 +498,16 @@ static inline int ws_safe_read(struct ast_websocket *session, char *buf, int len
- int sanity = 10;
-
- ao2_lock(session);
-- if (!session->f) {
-+ if (!session->stream) {
- ao2_unlock(session);
- errno = ECONNABORTED;
- return -1;
- }
-
- for (;;) {
-- clearerr(session->f);
-- rlen = fread(rbuf, 1, xlen, session->f);
-- if (!rlen) {
-- if (feof(session->f)) {
-+ rlen = ast_iostream_read(session->stream, rbuf, xlen);
-+ if (rlen != xlen) {
-+ if (rlen == 0) {
- ast_log(LOG_WARNING, "Web socket closed abruptly\n");
- *opcode = AST_WEBSOCKET_OPCODE_CLOSE;
- session->closing = 1;
-@@ -523,7 +515,7 @@ static inline int ws_safe_read(struct ast_websocket *session, char *buf, int len
- return -1;
- }
-
-- if (ferror(session->f) && errno != EAGAIN) {
-+ if (rlen < 0 && errno != EAGAIN) {
- ast_log(LOG_ERROR, "Error reading from web socket: %s\n", strerror(errno));
- *opcode = AST_WEBSOCKET_OPCODE_CLOSE;
- session->closing = 1;
-@@ -544,7 +536,7 @@ static inline int ws_safe_read(struct ast_websocket *session, char *buf, int len
- if (!xlen) {
- break;
- }
-- if (ast_wait_for_input(session->fd, 1000) < 0) {
-+ if (ast_wait_for_input(ast_iostream_get_fd(session->stream), 1000) < 0) {
- ast_log(LOG_ERROR, "ast_wait_for_input returned err: %s\n", strerror(errno));
- *opcode = AST_WEBSOCKET_OPCODE_CLOSE;
- session->closing = 1;
-@@ -839,7 +831,7 @@ int AST_OPTIONAL_API_NAME(ast_websocket_uri_cb)(struct ast_tcptls_session_instan
- ao2_ref(protocol_handler, -1);
- return 0;
- }
-- session->timeout = AST_DEFAULT_WEBSOCKET_WRITE_TIMEOUT;
-+ session->timeout = AST_DEFAULT_WEBSOCKET_WRITE_TIMEOUT;
-
- /* Generate the session id */
- if (!ast_uuid_generate_str(session->session_id, sizeof(session->session_id))) {
-@@ -869,7 +861,8 @@ int AST_OPTIONAL_API_NAME(ast_websocket_uri_cb)(struct ast_tcptls_session_instan
- * Connection_.
- */
- if (protocol) {
-- fprintf(ser->f, "HTTP/1.1 101 Switching Protocols\r\n"
-+ ast_iostream_printf(ser->stream,
-+ "HTTP/1.1 101 Switching Protocols\r\n"
- "Upgrade: %s\r\n"
- "Connection: Upgrade\r\n"
- "Sec-WebSocket-Accept: %s\r\n"
-@@ -878,15 +871,14 @@ int AST_OPTIONAL_API_NAME(ast_websocket_uri_cb)(struct ast_tcptls_session_instan
- websocket_combine_key(key, base64, sizeof(base64)),
- protocol);
- } else {
-- fprintf(ser->f, "HTTP/1.1 101 Switching Protocols\r\n"
-+ ast_iostream_printf(ser->stream,
-+ "HTTP/1.1 101 Switching Protocols\r\n"
- "Upgrade: %s\r\n"
- "Connection: Upgrade\r\n"
- "Sec-WebSocket-Accept: %s\r\n\r\n",
- upgrade,
- websocket_combine_key(key, base64, sizeof(base64)));
- }
--
-- fflush(ser->f);
- } else {
-
- /* Specification defined in http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-75 or completely unknown */
-@@ -898,7 +890,7 @@ int AST_OPTIONAL_API_NAME(ast_websocket_uri_cb)(struct ast_tcptls_session_instan
- }
-
- /* Enable keepalive on all sessions so the underlying user does not have to */
-- if (setsockopt(ser->fd, SOL_SOCKET, SO_KEEPALIVE, &flags, sizeof(flags))) {
-+ if (setsockopt(ast_iostream_get_fd(ser->stream), SOL_SOCKET, SO_KEEPALIVE, &flags, sizeof(flags))) {
- ast_log(LOG_WARNING, "WebSocket connection from '%s' could not be accepted - failed to enable keepalive\n",
- ast_sockaddr_stringify(&ser->remote_address));
- websocket_bad_request(ser);
-@@ -910,25 +902,23 @@ int AST_OPTIONAL_API_NAME(ast_websocket_uri_cb)(struct ast_tcptls_session_instan
- ast_verb(2, "WebSocket connection from '%s' for protocol '%s' accepted using version '%d'\n", ast_sockaddr_stringify(&ser->remote_address), protocol ? : "", version);
-
- /* Populate the session with all the needed details */
-- session->f = ser->f;
-- session->fd = ser->fd;
-+ session->stream = ser->stream;
- ast_sockaddr_copy(&session->address, &ser->remote_address);
- session->opcode = -1;
- session->reconstruct = DEFAULT_RECONSTRUCTION_CEILING;
-- session->secure = ser->ssl ? 1 : 0;
-+ session->secure = ast_iostream_get_ssl(ser->stream) ? 1 : 0;
-
- /* Give up ownership of the socket and pass it to the protocol handler */
-- ast_tcptls_stream_set_exclusive_input(ser->stream_cookie, 0);
-+ ast_iostream_set_exclusive_input(session->stream, 0);
- protocol_handler->session_established(session, get_vars, headers);
- ao2_ref(protocol_handler, -1);
-
- /*
-- * By dropping the FILE* and fd from the session the connection
-+ * By dropping the stream from the session the connection
- * won't get closed when the HTTP server cleans up because we
- * passed the connection to the protocol handler.
- */
-- ser->f = NULL;
-- ser->fd = -1;
-+ ser->stream = NULL;
-
- return 0;
- }
-@@ -1262,7 +1252,7 @@ static enum ast_websocket_result websocket_client_handshake_get_response(
- int has_accept = 0;
- int has_protocol = 0;
-
-- if (!fgets(buf, sizeof(buf), client->ser->f)) {
-+ if (ast_iostream_gets(client->ser->stream, buf, sizeof(buf)) <= 0) {
- ast_log(LOG_ERROR, "Unable to retrieve HTTP status line.");
- return WS_BAD_STATUS;
- }
-@@ -1275,7 +1265,7 @@ static enum ast_websocket_result websocket_client_handshake_get_response(
-
- /* Ignoring line folding - assuming header field values are contained
- within a single line */
-- while (fgets(buf, sizeof(buf), client->ser->f)) {
-+ while (ast_iostream_gets(client->ser->stream, buf, sizeof(buf)) > 0) {
- char *name, *value;
- int parsed = ast_http_header_parse(buf, &name, &value);
-
-@@ -1328,19 +1318,19 @@ static enum ast_websocket_result websocket_client_handshake(
- client->protocols);
- }
-
-- if (fprintf(client->ser->f,
-- "GET /%s HTTP/1.1\r\n"
-- "Sec-WebSocket-Version: %d\r\n"
-- "Upgrade: websocket\r\n"
-- "Connection: Upgrade\r\n"
-- "Host: %s\r\n"
-- "Sec-WebSocket-Key: %s\r\n"
-- "%s\r\n",
-- client->resource_name ? ast_str_buffer(client->resource_name) : "",
-- client->version,
-- client->host,
-- client->key,
-- protocols) < 0) {
-+ if (ast_iostream_printf(client->ser->stream,
-+ "GET /%s HTTP/1.1\r\n"
-+ "Sec-WebSocket-Version: %d\r\n"
-+ "Upgrade: websocket\r\n"
-+ "Connection: Upgrade\r\n"
-+ "Host: %s\r\n"
-+ "Sec-WebSocket-Key: %s\r\n"
-+ "%s\r\n",
-+ client->resource_name ? ast_str_buffer(client->resource_name) : "",
-+ client->version,
-+ client->host,
-+ client->key,
-+ protocols) < 0) {
- ast_log(LOG_ERROR, "Failed to send handshake.\n");
- return WS_WRITE_ERROR;
- }
-@@ -1364,9 +1354,9 @@ static enum ast_websocket_result websocket_client_connect(struct ast_websocket *
- return res;
- }
-
-- ws->f = ws->client->ser->f;
-- ws->fd = ws->client->ser->fd;
-- ws->secure = ws->client->ser->ssl ? 1 : 0;
-+ ws->stream = ws->client->ser->stream;
-+ ws->secure = ast_iostream_get_ssl(ws->stream) ? 1 : 0;
-+ ws->client->ser->stream = NULL;
- ast_sockaddr_copy(&ws->address, &ws->client->ser->remote_address);
- return WS_OK;
- }
-diff --git a/res/res_phoneprov.c b/res/res_phoneprov.c
-index 2e4f873623..1b77b9f48b 100644
---- a/res/res_phoneprov.c
-+++ b/res/res_phoneprov.c
-@@ -950,7 +950,7 @@ static int phoneprov_callback(struct ast_tcptls_session_instance *ser, const str
- socklen_t namelen = sizeof(name.sa);
- int res;
-
-- if ((res = getsockname(ser->fd, &name.sa, &namelen))) {
-+ if ((res = getsockname(ast_iostream_get_fd(ser->stream), &name.sa, &namelen))) {
- ast_log(LOG_WARNING, "Could not get server IP, breakage likely.\n");
- } else {
- struct extension *exten_iter;
---
-2.13.2
-
-
-From 0a8fd8b669c3cf7d004cbdaff43294152b0f384c Mon Sep 17 00:00:00 2001
-From: Joshua Colp <jcolp@digium.com>
-Date: Mon, 28 Nov 2016 13:36:18 +0000
-Subject: [PATCH] iostream: Move include of asterisk.h
-
-The asterisk.h header file needs to be included first or else
-some things go awry, such as:
-
-implicit declaration of function 'vasprintf'
-
-Change-Id: I981dc2a77a1ba791888e4f1726644d4656c0407c
----
- main/iostream.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/main/iostream.c b/main/iostream.c
-index 46abc18a5c..008888142b 100644
---- a/main/iostream.c
-+++ b/main/iostream.c
-@@ -16,10 +16,11 @@
- * at the top of the source tree.
- */
-
-+#include "asterisk.h"
-+
- #include <fcntl.h>
- #include <stdarg.h>
-
--#include "asterisk.h"
- #include "asterisk/utils.h"
- #include "asterisk/astobj2.h"
- #include "asterisk/iostream.h"
---
-2.13.2
-
-
-From 4e8deff7298a73e6552bcdbe1ef7406806b70d20 Mon Sep 17 00:00:00 2001
-From: Mark Michelson <mmichelson@digium.com>
-Date: Tue, 6 Dec 2016 10:56:06 -0600
-Subject: [PATCH] Iostreams: Correct off-by-one error.
-
-ast_iostream_printf() attempts first to use a fixed-size buffer to
-perform its printf-like operation. If the fixed-size buffer is too
-small, then a heap allocation is used instead. The heap allocation in
-this case was exactly the length of the string to print. The issue here
-is that the ensuing call to vsnprintf() will print a NULL byte in the
-final space of the string. This meant that the final character was being
-chopped off the string and replaced with a NULL byte. For HTTP in
-particular, this caused problems because HTTP publishes the expected
-Contact-Length. This meant HTTP was publishing a length one character
-larger than what was actually present in the message.
-
-This patch corrects the issue by adding one to the allocation length.
-
-ASTERISK-26629
-Reported by Joshua Colp
-
-Change-Id: Ib3c5f41e96833d0415cf000656ac368168add639
----
- main/iostream.c | 13 ++++++++-----
- 1 file changed, 8 insertions(+), 5 deletions(-)
-
-diff --git a/main/iostream.c b/main/iostream.c
-index 008888142b..9fa39cce59 100644
---- a/main/iostream.c
-+++ b/main/iostream.c
-@@ -404,7 +404,7 @@ ssize_t ast_iostream_write(struct ast_iostream *stream, const void *buf, size_t
-
- ssize_t ast_iostream_printf(struct ast_iostream *stream, const void *fmt, ...)
- {
-- char sbuf[256], *buf = sbuf;
-+ char sbuf[512], *buf = sbuf;
- int len, len2, ret = -1;
- va_list va;
-
-@@ -412,15 +412,18 @@ ssize_t ast_iostream_printf(struct ast_iostream *stream, const void *fmt, ...)
- len = vsnprintf(buf, sizeof(sbuf), fmt, va);
- va_end(va);
-
-- if (len > sizeof(sbuf)) {
-- buf = ast_malloc(len);
-+ if (len > sizeof(sbuf) - 1) {
-+ /* Add one to the string length to accommodate the NULL byte */
-+ size_t buf_len = len + 1;
-+
-+ buf = ast_malloc(buf_len);
- if (!buf) {
- return -1;
- }
- va_start(va, fmt);
-- len2 = vsnprintf(buf, len, fmt, va);
-+ len2 = vsnprintf(buf, buf_len, fmt, va);
- va_end(va);
-- if (len2 > len) {
-+ if (len2 != len) {
- goto error;
- }
- }
---
-2.13.2
-
-
-From 318f540321dc7b4788f01a100440559f7f5c9792 Mon Sep 17 00:00:00 2001
-From: Mark Michelson <mmichelson@digium.com>
-Date: Thu, 1 Dec 2016 16:49:03 -0600
-Subject: [PATCH] http: Send headers and body in one write.
-
-This is a semi-regression caused by the iostreams change. Prior to
-iostreams, HTTP headers were written to a FILE handle using fprintf.
-Then the body was written using a call to fwrite(). Because of internal
-buffering, the result was that the HTTP headers and body would be sent
-out in a single write to the socket.
-
-With the change to iostreams, the HTTP headers are written using
-ast_iostream_printf(), which under the hood calls write(). The HTTP body
-calls ast_iostream_write(), which also calls write() under the hood.
-This results in two separate writes to the socket.
-
-Most HTTP client libraries out there will handle this change just fine.
-However, a few of our testsuite tests started failing because of the
-change. As a result, in order to reduce frustration for users, this
-change alters the HTTP code to write the headers and body in a single
-write operation.
-
-ASTERISK-26629 #close
-Reported by Joshua Colp
-
-Change-Id: Idc2d2fb3d9b3db14b8631a1e302244fa18b0e518
----
- main/http.c | 29 ++++++++++++-----------------
- 1 file changed, 12 insertions(+), 17 deletions(-)
-
-diff --git a/main/http.c b/main/http.c
-index 7a61249114..ddae0df2b7 100644
---- a/main/http.c
-+++ b/main/http.c
-@@ -456,6 +456,7 @@ void ast_http_send(struct ast_tcptls_session_instance *ser,
- int content_length = 0;
- int close_connection;
- struct ast_str *server_header_field = ast_str_create(MAX_SERVER_NAME_LENGTH);
-+ int send_content;
-
- if (!ser || !server_header_field) {
- /* The connection is not open. */
-@@ -506,6 +507,8 @@ void ast_http_send(struct ast_tcptls_session_instance *ser,
- lseek(fd, 0, SEEK_SET);
- }
-
-+ send_content = method != AST_HTTP_HEAD || status_code >= 400;
-+
- /* send http header */
- ast_iostream_printf(ser->stream,
- "HTTP/1.1 %d %s\r\n"
-@@ -515,33 +518,25 @@ void ast_http_send(struct ast_tcptls_session_instance *ser,
- "%s"
- "%s"
- "Content-Length: %d\r\n"
-- "\r\n",
-+ "\r\n"
-+ "%s",
- status_code, status_title ? status_title : "OK",
- ast_str_buffer(server_header_field),
- timebuf,
- close_connection ? "Connection: close\r\n" : "",
- static_content ? "" : "Cache-Control: no-cache, no-store\r\n",
- http_header ? ast_str_buffer(http_header) : "",
-- content_length
-+ content_length,
-+ send_content && out && ast_str_strlen(out) ? ast_str_buffer(out) : ""
- );
-
- /* send content */
-- if (method != AST_HTTP_HEAD || status_code >= 400) {
-- if (out && ast_str_strlen(out)) {
-- len = ast_str_strlen(out);
-- if (ast_iostream_write(ser->stream, ast_str_buffer(out), len) != len) {
-- ast_log(LOG_ERROR, "fwrite() failed: %s\n", strerror(errno));
-+ if (send_content && fd) {
-+ while ((len = read(fd, buf, sizeof(buf))) > 0) {
-+ if (ast_iostream_write(ser->stream, buf, len) != len) {
-+ ast_log(LOG_WARNING, "fwrite() failed: %s\n", strerror(errno));
- close_connection = 1;
-- }
-- }
--
-- if (fd) {
-- while ((len = read(fd, buf, sizeof(buf))) > 0) {
-- if (ast_iostream_write(ser->stream, buf, len) != len) {
-- ast_log(LOG_WARNING, "fwrite() failed: %s\n", strerror(errno));
-- close_connection = 1;
-- break;
-- }
-+ break;
- }
- }
- }
---
-2.13.2
-
-
-From c17d3c0a7d79a3d81c727c437e52aa15c1e3db8e Mon Sep 17 00:00:00 2001
-From: Badalyan Vyacheslav <v.badalyan@open-bs.ru>
-Date: Thu, 8 Dec 2016 18:34:28 +0000
-Subject: [PATCH] Fix IO conversion bug
-
-Expression 'rlen < 0' is always false.
-Unsigned type value is never < 0.
-
-Change-Id: Id9f393ff25b009a6c4a6e40b95f561a9369e4585
----
- res/res_http_websocket.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/res/res_http_websocket.c b/res/res_http_websocket.c
-index 5f59c2c8cb..293685205f 100644
---- a/res/res_http_websocket.c
-+++ b/res/res_http_websocket.c
-@@ -492,7 +492,7 @@ const char * AST_OPTIONAL_API_NAME(ast_websocket_session_id)(struct ast_websocke
- */
- static inline int ws_safe_read(struct ast_websocket *session, char *buf, int len, enum ast_websocket_opcode *opcode)
- {
-- size_t rlen;
-+ ssize_t rlen;
- int xlen = len;
- char *rbuf = buf;
- int sanity = 10;
---
-2.13.2
-
-
-From cd1a94e58075f23ba98315765d7f71dd5509a4aa Mon Sep 17 00:00:00 2001
-From: Joshua Colp <jcolp@digium.com>
-Date: Tue, 9 May 2017 15:34:49 +0000
-Subject: [PATCH] tcptls: Improve error messages for TLS connections.
-
-This change uses the functions provided by OpenSSL to query
-and better construct error messages for situations where
-the connection encounters a problem.
-
-ASTERISK-26606
-
-Change-Id: I7ae40ce88c0dc4e185c4df1ceb3a6ccc198f075b
----
- main/iostream.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++---------
- 1 file changed, 57 insertions(+), 10 deletions(-)
-
-diff --git a/main/iostream.c b/main/iostream.c
-index 9fa39cce59..1013c6d9b9 100644
---- a/main/iostream.c
-+++ b/main/iostream.c
-@@ -37,6 +37,39 @@ struct ast_iostream {
- char rbuf[2048];
- };
-
-+#if defined(DO_SSL)
-+AST_THREADSTORAGE(err2str_threadbuf);
-+#define ERR2STR_BUFSIZE 128
-+
-+static const char *ssl_error_to_string(int sslerr, int ret)
-+{
-+ switch (sslerr) {
-+ case SSL_ERROR_SSL:
-+ return "Internal SSL error";
-+ case SSL_ERROR_SYSCALL:
-+ if (!ret) {
-+ return "System call EOF";
-+ } else if (ret == -1) {
-+ char *buf;
-+
-+ buf = ast_threadstorage_get(&err2str_threadbuf, ERR2STR_BUFSIZE);
-+ if (!buf) {
-+ return "Unknown";
-+ }
-+
-+ snprintf(buf, ERR2STR_BUFSIZE, "Underlying BIO error: %s", strerror(errno));
-+ return buf;
-+ } else {
-+ return "System call other";
-+ }
-+ default:
-+ break;
-+ }
-+
-+ return "Unknown";
-+}
-+#endif
-+
- int ast_iostream_get_fd(struct ast_iostream *stream)
- {
- return stream->fd;
-@@ -109,13 +142,16 @@ static ssize_t iostream_read(struct ast_iostream *stream, void *buf, size_t size
- #if defined(DO_SSL)
- if (stream->ssl) {
- for (;;) {
-+ int sslerr;
-+ char err[256];
- res = SSL_read(stream->ssl, buf, size);
- if (0 < res) {
- /* We read some payload data. */
- stream->timeout = stream->timeout_reset;
- return res;
- }
-- switch (SSL_get_error(stream->ssl, res)) {
-+ sslerr = SSL_get_error(stream->ssl, res);
-+ switch (sslerr) {
- case SSL_ERROR_ZERO_RETURN:
- /* Report EOF for a shutdown */
- ast_debug(1, "TLS clean shutdown alert reading data\n");
-@@ -163,7 +199,8 @@ static ssize_t iostream_read(struct ast_iostream *stream, void *buf, size_t size
- break;
- default:
- /* Report EOF for an undecoded SSL or transport error. */
-- ast_debug(1, "TLS transport or SSL error reading data\n");
-+ ast_debug(1, "TLS transport or SSL error reading data: %s, %s\n", ERR_error_string(sslerr, err),
-+ ssl_error_to_string(sslerr, res));
- return 0;
- }
- if (!ms) {
-@@ -318,6 +355,8 @@ ssize_t ast_iostream_write(struct ast_iostream *stream, const void *buf, size_t
- written = 0;
- remaining = size;
- for (;;) {
-+ int sslerr;
-+ char err[256];
- res = SSL_write(stream->ssl, buf + written, remaining);
- if (res == remaining) {
- /* Everything was written. */
-@@ -329,7 +368,8 @@ ssize_t ast_iostream_write(struct ast_iostream *stream, const void *buf, size_t
- remaining -= res;
- continue;
- }
-- switch (SSL_get_error(stream->ssl, res)) {
-+ sslerr = SSL_get_error(stream->ssl, res);
-+ switch (sslerr) {
- case SSL_ERROR_ZERO_RETURN:
- ast_debug(1, "TLS clean shutdown alert writing data\n");
- if (written) {
-@@ -358,7 +398,8 @@ ssize_t ast_iostream_write(struct ast_iostream *stream, const void *buf, size_t
- break;
- default:
- /* Undecoded SSL or transport error. */
-- ast_debug(1, "TLS transport or SSL error writing data\n");
-+ ast_debug(1, "TLS transport or SSL error writing data: %s, %s\n", ERR_error_string(sslerr, err),
-+ ssl_error_to_string(sslerr, res));
- if (written) {
- /* Report partial write. */
- return written;
-@@ -461,8 +502,10 @@ int ast_iostream_close(struct ast_iostream *stream)
- */
- res = SSL_shutdown(stream->ssl);
- if (res < 0) {
-- ast_log(LOG_ERROR, "SSL_shutdown() failed: %d\n",
-- SSL_get_error(stream->ssl, res));
-+ int sslerr = SSL_get_error(stream->ssl, res);
-+ char err[256];
-+ ast_log(LOG_ERROR, "SSL_shutdown() failed: %s, %s\n",
-+ ERR_error_string(sslerr, err), ssl_error_to_string(sslerr, res));
- }
-
- if (!stream->ssl->server) {
-@@ -524,7 +567,7 @@ int ast_iostream_start_tls(struct ast_iostream **pstream, SSL_CTX *ssl_ctx, int
- #ifdef DO_SSL
- struct ast_iostream *stream = *pstream;
- int (*ssl_setup)(SSL *) = client ? SSL_connect : SSL_accept;
-- char err[256];
-+ int res;
-
- stream->ssl = SSL_new(ssl_ctx);
- if (!stream->ssl) {
-@@ -541,9 +584,13 @@ int ast_iostream_start_tls(struct ast_iostream **pstream, SSL_CTX *ssl_ctx, int
- */
- SSL_set_fd(stream->ssl, stream->fd);
-
-- if (ssl_setup(stream->ssl) <= 0) {
-- ast_log(LOG_ERROR, "Problem setting up ssl connection: %s\n",
-- ERR_error_string(ERR_get_error(), err));
-+ res = ssl_setup(stream->ssl);
-+ if (res <= 0) {
-+ int sslerr = SSL_get_error(stream->ssl, res);
-+ char err[256];
-+
-+ ast_log(LOG_ERROR, "Problem setting up ssl connection: %s, %s\n",
-+ ERR_error_string(sslerr, err), ssl_error_to_string(sslerr, res));
- errno = EIO;
- return -1;
- }
---
-2.13.2
-
diff --git a/main/asterisk/restore-multihomed-module.patch b/main/asterisk/restore-multihomed-module.patch
deleted file mode 100644
index 0a30e1b731..0000000000
--- a/main/asterisk/restore-multihomed-module.patch
+++ /dev/null
@@ -1,116 +0,0 @@
-https://issues.asterisk.org/jira/browse/ASTERISK-26518
-
-commit 500470607eae4144b44ed4f188cfff437d56f0e7
-Author: Alex Hermann <alex@hexla.nl>
-Date: Fri Jan 20 11:09:01 2017 +0100
-
- pjsip: Restore multihomed module
-
- Since the automatic dual stack commit, the multihome module has become
- part of the pjsip core module. This caused a circular dependency loop
- preventing the pjsip module from loading. By putting the logic back into
- its own module, things can be loaded again.
-
-diff --git a/res/res_pjsip.c b/res/res_pjsip.c
-index dd4a619d2a..6e9523d76b 100644
---- a/res/res_pjsip.c
-+++ b/res/res_pjsip.c
-@@ -4317,6 +4317,5 @@ static int unload_pjsip(void *data)
- if (ast_pjsip_endpoint && serializer_pool[0]) {
- ast_res_pjsip_cleanup_options_handling();
-- ast_res_pjsip_cleanup_message_ip_updater();
- ast_sip_destroy_distributor();
- ast_res_pjsip_destroy_configuration();
- ast_sip_destroy_system();
-@@ -4488,11 +4487,6 @@ static int load_module(void)
-
- ast_res_pjsip_init_options_handling(0);
-
-- if (ast_res_pjsip_init_message_ip_updater()) {
-- ast_log(LOG_ERROR, "Failed to initialize message IP updating. Aborting load\n");
-- goto error;
-- }
--
- ast_cli_register_multiple(cli_commands, ARRAY_LEN(cli_commands));
-
- AST_TEST_REGISTER(xml_sanitization_end_null);
-diff --git a/res/res_pjsip/pjsip_message_ip_updater.c b/res/res_pjsip_multihomed.c
-similarity index 94%
-rename from res/res_pjsip/pjsip_message_ip_updater.c
-rename to res/res_pjsip_multihomed.c
-index 7671ad0a75..3a29255973 100644
---- a/res/res_pjsip/pjsip_message_ip_updater.c
-+++ b/res/res_pjsip_multihomed.c
-@@ -16,6 +16,12 @@
- * at the top of the source tree.
- */
-
-+/*** MODULEINFO
-+ <depend>pjproject</depend>
-+ <depend>res_pjsip</depend>
-+ <support_level>core</support_level>
-+ ***/
-+
- #include "asterisk.h"
-
- #include <pjsip.h>
-@@ -23,7 +29,8 @@
-
- #include "asterisk/res_pjsip.h"
- #include "asterisk/res_pjsip_session.h"
--#include "include/res_pjsip_private.h"
-+#include "res_pjsip/include/res_pjsip_private.h"
-+#include "asterisk/module.h"
-
- #define MOD_DATA_RESTRICTIONS "restrictions"
-
-@@ -273,31 +280,41 @@ static pj_status_t multihomed_on_tx_message(pjsip_tx_data *tdata)
- return PJ_SUCCESS;
- }
-
--void ast_res_pjsip_cleanup_message_ip_updater(void)
-+static int unload_module(void)
- {
- ast_sip_unregister_service(&multihomed_module);
- ast_sip_unregister_supplement(&multihomed_supplement);
- ast_sip_session_unregister_supplement(&multihomed_session_supplement);
-+ return 0;
- }
-
--int ast_res_pjsip_init_message_ip_updater(void)
-+static int load_module(void)
- {
-+ CHECK_PJSIP_MODULE_LOADED();
-+
- if (ast_sip_session_register_supplement(&multihomed_session_supplement)) {
- ast_log(LOG_ERROR, "Could not register multihomed session supplement for outgoing requests\n");
-- return -1;
-+ return AST_MODULE_LOAD_FAILURE;
- }
-
- if (ast_sip_register_supplement(&multihomed_supplement)) {
- ast_log(LOG_ERROR, "Could not register multihomed supplement for outgoing requests\n");
-- ast_res_pjsip_cleanup_message_ip_updater();
-- return -1;
-+ unload_module();
-+ return AST_MODULE_LOAD_FAILURE;
- }
-
- if (ast_sip_register_service(&multihomed_module)) {
- ast_log(LOG_ERROR, "Could not register multihomed module for incoming and outgoing requests\n");
-- ast_res_pjsip_cleanup_message_ip_updater();
-- return -1;
-+ unload_module();
-+ return AST_MODULE_LOAD_FAILURE;
- }
-
-- return 0;
-+ return AST_MODULE_LOAD_SUCCESS;
- }
-+
-+AST_MODULE_INFO(ASTERISK_GPL_KEY, AST_MODFLAG_LOAD_ORDER, "PJSIP Multihomed Routing Support",
-+ .support_level = AST_MODULE_SUPPORT_CORE,
-+ .load = load_module,
-+ .unload = unload_module,
-+ .load_pri = AST_MODPRI_CHANNEL_DEPEND,
-+);