aboutsummaryrefslogtreecommitdiffstats
path: root/main/asterisk
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2016-11-18 09:35:46 +0200
committerTimo Teräs <timo.teras@iki.fi>2016-11-18 09:37:08 +0200
commite30b06dd6ea3c6330c2904973fb541fdbb630984 (patch)
tree20c9e34d6b6142be836cc27aee90c0a32771cf35 /main/asterisk
parent8cc23c434a914599ff1d806f405de7e76f0ffd07 (diff)
downloadaports-e30b06dd6ea3c6330c2904973fb541fdbb630984.tar.bz2
aports-e30b06dd6ea3c6330c2904973fb541fdbb630984.tar.xz
main/asterisk: add upstream submitted portability fixes
fixes #3503 fixes #6394
Diffstat (limited to 'main/asterisk')
-rw-r--r--main/asterisk/APKBUILD12
-rw-r--r--main/asterisk/ASTERISK-24517.patch3100
-rw-r--r--main/asterisk/fix-strerror_r.patch72
3 files changed, 3182 insertions, 2 deletions
diff --git a/main/asterisk/APKBUILD b/main/asterisk/APKBUILD
index 64324ff126..91f889f69e 100644
--- a/main/asterisk/APKBUILD
+++ b/main/asterisk/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=asterisk
pkgver=14.1.2
-pkgrel=0
+pkgrel=1
pkgdesc="Asterisk: A Module Open Source PBX System"
pkgusers="asterisk"
pkggroups="asterisk"
@@ -28,8 +28,10 @@ subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc $pkgname-pgsql $pkgname-odbc
_download="http://downloads.asterisk.org/pub/telephony/asterisk/releases"
source="$_download/asterisk-$pkgver.tar.gz
http://dev.alpinelinux.org/~tteras/asterisk-addon-mp3-r201.patch.gz
-
+ ASTERISK-24517.patch
+ fix-strerror_r.patch
musl-mutex-init.patch
+
asterisk.initd
asterisk.confd
asterisk.logrotate"
@@ -236,18 +238,24 @@ sound_en() {
md5sums="9018a48187bb112601c6a17fff329aa2 asterisk-14.1.2.tar.gz
126dd4fba66f4cf9aa94dfd7034e0ec4 asterisk-addon-mp3-r201.patch.gz
+f94277819ef99d2f67654176e0752267 ASTERISK-24517.patch
+b562be4a764d275dad87682642b56ee3 fix-strerror_r.patch
1ca5e8326dc03c963a7ce5455d0f21ba musl-mutex-init.patch
4bdc82ba3d6bdfdedc71e5da2fde5ec2 asterisk.initd
ed31d7ba37bcf8b0346dcf8593c395f0 asterisk.confd
3e65172275684373e1a25c8a11224411 asterisk.logrotate"
sha256sums="4846a0194ee6a0c508f46d1caa0405d8a74996adf925136af777f34cc6203a71 asterisk-14.1.2.tar.gz
d32a5a695cee1699011d0e9ad02eb43af612def06f92017627194099edf98e3f asterisk-addon-mp3-r201.patch.gz
+909581915ce1c674a575212040cf94395eda90405aa0f327824e6a518dc94e43 ASTERISK-24517.patch
+546c0d60e08a17e7b888baada693a08608c3d4f54709e2959305c4a772bb8158 fix-strerror_r.patch
a5205ed44b57a72934baf8cde543ddb179f277494181818905110bfdcccfe7d9 musl-mutex-init.patch
10454553733e6cc52c6e9db508768a638655d99c095c5b39fb043858c088f21f asterisk.initd
d221148583b57f9c37d7160f2493f0d204ad11f7abb17e3a3534e108ad5452d7 asterisk.confd
77b253b6db71460acf9a51e87ad4c8582027a46db01a4c50fb048bada58c19d1 asterisk.logrotate"
sha512sums="a61c290c7b0204c4b2190ab812202eb801229bf9b29c65e5979805f68eb0327043e0c503fc379da7376ef1150819071d27453730483ea804869480219dfe30f9 asterisk-14.1.2.tar.gz
aacef3f4796fb1abd33266998b53909cb4b36e7cc5ad2f7bac68bdc43e9a9072d9a4e2e7e681bddfa31f3d04575eb248afe6ea95da780c67e4829c1e22adfe1b asterisk-addon-mp3-r201.patch.gz
+cbd936685657505bf95d5284d154d6d3e3ff59e01dffd3a88f8bf8284392281137258aa31ec071d7af297034301ab22583661cd8b88a7a8fcdf6cfaaa97d6cea ASTERISK-24517.patch
+46f661b5056a571181adfd93a34c836e2df091e1bfd400e0c09794f43b097c4401f47bf8f4b620a1549fa90bf287b3018d803c102c6c7835a67c4c85ea5c2e76 fix-strerror_r.patch
f72c2e04de80d3ed9ce841308101383a1655e6da7a3c888ad31fffe63d1280993e08aefcf8e638316d439c68b38ee05362c87503fca1f36343976a01af9d6eb1 musl-mutex-init.patch
cd5bd1c1d7db0a44b14eb10e6d098af0c6474c8fe1a57395090d6795ac00e9243d004b7d24eba2cfd5bd6d6407c271913e794551a8dfcf3cf93e89fc91349e12 asterisk.initd
ab6b6f08ff43268cbb1abb7ed7d678949991ba495682a644bbaeb017d6adbff0a43297905fd73ae8db1786a28d5b5904f1bc253209a0e388c8a27f26c6ce14ed asterisk.confd
diff --git a/main/asterisk/ASTERISK-24517.patch b/main/asterisk/ASTERISK-24517.patch
new file mode 100644
index 0000000000..607d1f8c6d
--- /dev/null
+++ b/main/asterisk/ASTERISK-24517.patch
@@ -0,0 +1,3100 @@
+From 40df0ee8bfa49a18eb5fa6b2e02715fa82da8a96 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Thu, 2 Jun 2016 22:10:06 +0300
+Subject: [PATCH] Implement internal abstraction for iostreams
+
+fopencookie/funclose is a non-standard API and should not be used
+in portable software. Additionally, the way FILE's fd is used in
+non-blocking mode is undefined behaviour and cannot be relied on.
+
+This introduces internal abstraction for io streams, that allows
+implementing the desired virtualization of read/write operations
+with necessary timeout handling.
+
+ASTERISK-24515 #close
+ASTERISK-24517 #close
+
+Change-Id: Id916aef418b665ced6a7489aef74908b6e376e85
+---
+ apps/app_externalivr.c | 119 ++++----
+ channels/chan_sip.c | 61 ++--
+ configure.ac | 4 -
+ include/asterisk/iostream.h | 118 ++++++++
+ include/asterisk/tcptls.h | 92 +-----
+ main/http.c | 105 +++----
+ main/iostream.c | 553 ++++++++++++++++++++++++++++++++++
+ main/manager.c | 142 ++++-----
+ main/tcptls.c | 711 ++++++--------------------------------------
+ main/utils.c | 62 ----
+ res/res_http_post.c | 10 +-
+ res/res_http_websocket.c | 116 ++++----
+ res/res_phoneprov.c | 2 +-
+ 13 files changed, 997 insertions(+), 1098 deletions(-)
+ create mode 100644 include/asterisk/iostream.h
+ create mode 100644 main/iostream.c
+
+diff --git a/apps/app_externalivr.c b/apps/app_externalivr.c
+index 2bb1d8b..129f29b 100644
+--- a/apps/app_externalivr.c
++++ b/apps/app_externalivr.c
+@@ -152,10 +152,12 @@ struct gen_state {
+ };
+
+ static int eivr_comm(struct ast_channel *chan, struct ivr_localuser *u,
+- int *eivr_events_fd, int *eivr_commands_fd, int *eivr_errors_fd,
++ struct ast_iostream *eivr_events,
++ struct ast_iostream *eivr_commands,
++ struct ast_iostream *eivr_errors,
+ const struct ast_str *args, const struct ast_flags flags);
+
+-static void send_eivr_event(FILE *handle, const char event, const char *data,
++static void send_eivr_event(struct ast_iostream *stream, const char event, const char *data,
+ const struct ast_channel *chan)
+ {
+ struct ast_str *tmp = ast_str_create(12);
+@@ -164,9 +166,11 @@ static void send_eivr_event(FILE *handle, const char event, const char *data,
+ if (data) {
+ ast_str_append(&tmp, 0, ",%s", data);
+ }
++ ast_str_append(&tmp, 0, "\n");
++ ast_iostream_write(stream, ast_str_buffer(tmp), strlen(ast_str_buffer(tmp)));
++ ast_str_truncate(tmp, -1);
+
+- fprintf(handle, "%s\n", ast_str_buffer(tmp));
+- ast_debug(1, "sent '%s'\n", ast_str_buffer(tmp));
++ ast_debug(1, "sent '%s'", ast_str_buffer(tmp));
+ ast_free(tmp);
+ }
+
+@@ -395,6 +399,8 @@ static int app_exec(struct ast_channel *chan, const char *data)
+ int child_stdin[2] = { -1, -1 };
+ int child_stdout[2] = { -1, -1 };
+ int child_stderr[2] = { -1, -1 };
++ struct ast_iostream *stream_stdin = NULL, *stream_stdout = NULL,
++ *stream_stderr = NULL;
+ int res = -1;
+ int pid;
+
+@@ -526,7 +532,7 @@ static int app_exec(struct ast_channel *chan, const char *data)
+ goto exit;
+ }
+
+- res = eivr_comm(chan, u, &ser->fd, &ser->fd, NULL, comma_delim_args, flags);
++ res = eivr_comm(chan, u, ser->stream, ser->stream, NULL, comma_delim_args, flags);
+
+ } else {
+ if (pipe(child_stdin)) {
+@@ -568,7 +574,12 @@ static int app_exec(struct ast_channel *chan, const char *data)
+ child_stdout[1] = -1;
+ close(child_stderr[1]);
+ child_stderr[1] = -1;
+- res = eivr_comm(chan, u, &child_stdin[1], &child_stdout[0], &child_stderr[0], comma_delim_args, flags);
++
++ stream_stdin = ast_iostream_from_fd(&child_stdin[1]);
++ stream_stdout = ast_iostream_from_fd(&child_stdout[0]);
++ stream_stderr = ast_iostream_from_fd(&child_stderr[0]);
++
++ res = eivr_comm(chan, u, stream_stdin, stream_stdout, stream_stderr, comma_delim_args, flags);
+ }
+ }
+
+@@ -576,6 +587,15 @@ static int app_exec(struct ast_channel *chan, const char *data)
+ if (u->gen_active) {
+ ast_deactivate_generator(chan);
+ }
++ if (stream_stdin) {
++ ast_iostream_close(stream_stdin);
++ }
++ if (stream_stdout) {
++ ast_iostream_close(stream_stdout);
++ }
++ if (stream_stderr) {
++ ast_iostream_close(stream_stderr);
++ }
+ if (child_stdin[0] > -1) {
+ close(child_stdin[0]);
+ }
+@@ -604,46 +624,25 @@ static int app_exec(struct ast_channel *chan, const char *data)
+ }
+
+ static int eivr_comm(struct ast_channel *chan, struct ivr_localuser *u,
+- int *eivr_events_fd, int *eivr_commands_fd, int *eivr_errors_fd,
+- const struct ast_str *args, const struct ast_flags flags)
++ struct ast_iostream *eivr_events,
++ struct ast_iostream *eivr_commands,
++ struct ast_iostream *eivr_errors,
++ const struct ast_str *args, const struct ast_flags flags)
+ {
++ char input[1024];
+ struct playlist_entry *entry;
+ struct ast_frame *f;
+ int ms;
+ int exception;
+ int ready_fd;
+- int waitfds[2] = { *eivr_commands_fd, (eivr_errors_fd) ? *eivr_errors_fd : -1 };
++ int waitfds[2];
++ int r;
+ struct ast_channel *rchan;
+ int res = -1;
+- int test_available_fd = -1;
+ int hangup_info_sent = 0;
+-
+- FILE *eivr_commands = NULL;
+- FILE *eivr_errors = NULL;
+- FILE *eivr_events = NULL;
+
+- if (!(eivr_events = fdopen(*eivr_events_fd, "w"))) {
+- ast_chan_log(LOG_ERROR, chan, "Could not open stream to send events\n");
+- goto exit;
+- }
+- if (!(eivr_commands = fdopen(*eivr_commands_fd, "r"))) {
+- ast_chan_log(LOG_ERROR, chan, "Could not open stream to receive commands\n");
+- goto exit;
+- }
+- if (eivr_errors_fd) { /* if opening a socket connection, error stream will not be used */
+- if (!(eivr_errors = fdopen(*eivr_errors_fd, "r"))) {
+- ast_chan_log(LOG_ERROR, chan, "Could not open stream to receive errors\n");
+- goto exit;
+- }
+- }
+-
+- test_available_fd = open("/dev/null", O_RDONLY);
+-
+- setvbuf(eivr_events, NULL, _IONBF, 0);
+- setvbuf(eivr_commands, NULL, _IONBF, 0);
+- if (eivr_errors) {
+- setvbuf(eivr_errors, NULL, _IONBF, 0);
+- }
++ waitfds[0] = ast_iostream_get_fd(eivr_commands);
++ waitfds[1] = eivr_errors ? ast_iostream_get_fd(eivr_errors) : -1;
+
+ while (1) {
+ if (ast_test_flag(ast_channel_flags(chan), AST_FLAG_ZOMBIE)) {
+@@ -667,7 +666,7 @@ static int eivr_comm(struct ast_channel *chan, struct ivr_localuser *u,
+ errno = 0;
+ exception = 0;
+
+- rchan = ast_waitfor_nandfds(&chan, 1, waitfds, (eivr_errors_fd) ? 2 : 1, &exception, &ready_fd, &ms);
++ rchan = ast_waitfor_nandfds(&chan, 1, waitfds, (eivr_errors) ? 2 : 1, &exception, &ready_fd, &ms);
+
+ if (ast_channel_state(chan) == AST_STATE_UP && !AST_LIST_EMPTY(&u->finishlist)) {
+ AST_LIST_LOCK(&u->finishlist);
+@@ -715,15 +714,18 @@ static int eivr_comm(struct ast_channel *chan, struct ivr_localuser *u,
+ break;
+ }
+ ast_frfree(f);
+- } else if (ready_fd == *eivr_commands_fd) {
+- char input[1024];
+-
+- if (exception || (dup2(*eivr_commands_fd, test_available_fd) == -1) || feof(eivr_commands)) {
++ } else if (ready_fd == waitfds[0]) {
++ if (exception) {
+ ast_chan_log(LOG_ERROR, chan, "Child process went away\n");
+ break;
+ }
+
+- if (!fgets(input, sizeof(input), eivr_commands)) {
++ r = ast_iostream_gets(eivr_commands, input, sizeof(input));
++ if (r <= 0) {
++ if (r == 0) {
++ ast_chan_log(LOG_ERROR, chan, "Child process went away\n");
++ break;
++ }
+ continue;
+ }
+
+@@ -869,16 +871,19 @@ static int eivr_comm(struct ast_channel *chan, struct ivr_localuser *u,
+ else
+ ast_chan_log(LOG_WARNING, chan, "Unknown option requested: %s\n", &input[2]);
+ }
+- } else if (eivr_errors_fd && (ready_fd == *eivr_errors_fd)) {
+- char input[1024];
+-
+- if (exception || feof(eivr_errors)) {
++ } else if (ready_fd == waitfds[1]) {
++ if (exception) {
+ ast_chan_log(LOG_ERROR, chan, "Child process went away\n");
+ break;
+ }
+- if (fgets(input, sizeof(input), eivr_errors)) {
++
++ r = ast_iostream_gets(eivr_errors, input, sizeof(input));
++ if (r > 0) {
+ ast_chan_log(LOG_NOTICE, chan, "stderr: %s\n", ast_strip(input));
+- }
++ } else if (r == 0) {
++ ast_chan_log(LOG_ERROR, chan, "Child process went away\n");
++ break;
++ }
+ } else if ((ready_fd < 0) && ms) {
+ if (errno == 0 || errno == EINTR)
+ continue;
+@@ -888,23 +893,7 @@ static int eivr_comm(struct ast_channel *chan, struct ivr_localuser *u,
+ }
+ }
+
+- exit:
+- if (test_available_fd > -1) {
+- close(test_available_fd);
+- }
+- if (eivr_events) {
+- fclose(eivr_events);
+- *eivr_events_fd = -1;
+- }
+- if (eivr_commands) {
+- fclose(eivr_commands);
+- *eivr_commands_fd = -1;
+- }
+- if (eivr_errors) {
+- fclose(eivr_errors);
+- *eivr_errors_fd = -1;
+- }
+- return res;
++ return res;
+ }
+
+ static int unload_module(void)
+diff --git a/channels/chan_sip.c b/channels/chan_sip.c
+index 297981a..ac44f2d 100644
+--- a/channels/chan_sip.c
++++ b/channels/chan_sip.c
+@@ -2543,7 +2543,7 @@ static struct sip_threadinfo *sip_threadinfo_create(struct ast_tcptls_session_in
+ }
+ ao2_t_ref(tcptls_session, +1, "tcptls_session ref for sip_threadinfo object");
+ th->tcptls_session = tcptls_session;
+- th->type = transport ? transport : (tcptls_session->ssl ? AST_TRANSPORT_TLS: AST_TRANSPORT_TCP);
++ th->type = transport ? transport : (ast_iostream_get_ssl(tcptls_session->stream) ? AST_TRANSPORT_TLS: AST_TRANSPORT_TCP);
+ ao2_t_link(threadt, th, "Adding new tcptls helper thread");
+ ao2_t_ref(th, -1, "Decrementing threadinfo ref from alloc, only table ref remains");
+ return th;
+@@ -2566,8 +2566,7 @@ static int sip_tcptls_write(struct ast_tcptls_session_instance *tcptls_session,
+
+ ao2_lock(tcptls_session);
+
+- if ((tcptls_session->fd == -1) ||
+- !(th = ao2_t_find(threadt, &tmp, OBJ_POINTER, "ao2_find, getting sip_threadinfo in tcp helper thread")) ||
++ if (!(th = ao2_t_find(threadt, &tmp, OBJ_POINTER, "ao2_find, getting sip_threadinfo in tcp helper thread")) ||
+ !(packet = ao2_alloc(sizeof(*packet), tcptls_packet_destructor)) ||
+ !(packet->data = ast_str_create(len))) {
+ goto tcptls_write_setup_error;
+@@ -2880,7 +2879,7 @@ static int sip_tcptls_read(struct sip_request *req, struct ast_tcptls_session_in
+ } else {
+ timeout = -1;
+ }
+- res = ast_wait_for_input(tcptls_session->fd, timeout);
++ res = ast_wait_for_input(ast_iostream_get_fd(tcptls_session->stream), timeout);
+ if (res < 0) {
+ ast_debug(2, "SIP TCP/TLS server :: ast_wait_for_input returned %d\n", res);
+ return -1;
+@@ -2889,7 +2888,7 @@ static int sip_tcptls_read(struct sip_request *req, struct ast_tcptls_session_in
+ return -1;
+ }
+
+- res = ast_tcptls_server_read(tcptls_session, readbuf, sizeof(readbuf) - 1);
++ res = ast_iostream_read(tcptls_session->stream, readbuf, sizeof(readbuf) - 1);
+ if (res < 0) {
+ if (errno == EAGAIN || errno == EINTR) {
+ continue;
+@@ -2950,18 +2949,8 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s
+ goto cleanup;
+ }
+
+- if ((flags = fcntl(tcptls_session->fd, F_GETFL)) == -1) {
+- ast_log(LOG_ERROR, "error setting socket to non blocking mode, fcntl() failed: %s\n", strerror(errno));
+- goto cleanup;
+- }
+-
+- flags |= O_NONBLOCK;
+- if (fcntl(tcptls_session->fd, F_SETFL, flags) == -1) {
+- ast_log(LOG_ERROR, "error setting socket to non blocking mode, fcntl() failed: %s\n", strerror(errno));
+- goto cleanup;
+- }
+-
+- if (!(me = sip_threadinfo_create(tcptls_session, tcptls_session->ssl ? AST_TRANSPORT_TLS : AST_TRANSPORT_TCP))) {
++ ast_iostream_nonblock(tcptls_session->stream);
++ if (!(me = sip_threadinfo_create(tcptls_session, ast_iostream_get_ssl(tcptls_session->stream) ? AST_TRANSPORT_TLS : AST_TRANSPORT_TCP))) {
+ goto cleanup;
+ }
+ ao2_t_ref(me, +1, "Adding threadinfo ref for tcp_helper_thread");
+@@ -2978,16 +2967,16 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s
+ }
+
+ flags = 1;
+- if (setsockopt(tcptls_session->fd, SOL_SOCKET, SO_KEEPALIVE, &flags, sizeof(flags))) {
++ if (setsockopt(ast_iostream_get_fd(tcptls_session->stream), SOL_SOCKET, SO_KEEPALIVE, &flags, sizeof(flags))) {
+ ast_log(LOG_ERROR, "error enabling TCP keep-alives on sip socket: %s\n", strerror(errno));
+ goto cleanup;
+ }
+
+ me->threadid = pthread_self();
+- ast_debug(2, "Starting thread for %s server\n", tcptls_session->ssl ? "TLS" : "TCP");
++ ast_debug(2, "Starting thread for %s server\n", ast_iostream_get_ssl(tcptls_session->stream) ? "TLS" : "TCP");
+
+ /* set up pollfd to watch for reads on both the socket and the alert_pipe */
+- fds[0].fd = tcptls_session->fd;
++ fds[0].fd = ast_iostream_get_fd(tcptls_session->stream);
+ fds[1].fd = me->alert_pipe[0];
+ fds[0].events = fds[1].events = POLLIN | POLLPRI;
+
+@@ -3007,9 +2996,9 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s
+ * We cannot let the stream exclusively wait for data to arrive.
+ * We have to wake up the task to send outgoing messages.
+ */
+- ast_tcptls_stream_set_exclusive_input(tcptls_session->stream_cookie, 0);
++ ast_iostream_set_exclusive_input(tcptls_session->stream, 0);
+
+- ast_tcptls_stream_set_timeout_sequence(tcptls_session->stream_cookie, ast_tvnow(),
++ ast_iostream_set_timeout_sequence(tcptls_session->stream, ast_tvnow(),
+ tcptls_session->client ? -1 : (authtimeout * 1000));
+
+ for (;;) {
+@@ -3017,7 +3006,7 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s
+
+ if (!tcptls_session->client && req.authenticated && !authenticated) {
+ authenticated = 1;
+- ast_tcptls_stream_set_timeout_disable(tcptls_session->stream_cookie);
++ ast_iostream_set_timeout_disable(tcptls_session->stream);
+ ast_atomic_fetchadd_int(&unauth_sessions, -1);
+ }
+
+@@ -3028,7 +3017,7 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s
+ }
+
+ if (timeout == 0) {
+- ast_debug(2, "SIP %s server timed out\n", tcptls_session->ssl ? "TLS": "TCP");
++ ast_debug(2, "SIP %s server timed out\n", ast_iostream_get_ssl(tcptls_session->stream) ? "TLS": "TCP");
+ goto cleanup;
+ }
+ } else {
+@@ -3038,11 +3027,11 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s
+ if (ast_str_strlen(tcptls_session->overflow_buf) == 0) {
+ res = ast_poll(fds, 2, timeout); /* polls for both socket and alert_pipe */
+ if (res < 0) {
+- ast_debug(2, "SIP %s server :: ast_wait_for_input returned %d\n", tcptls_session->ssl ? "TLS": "TCP", res);
++ ast_debug(2, "SIP %s server :: ast_wait_for_input returned %d\n", ast_iostream_get_ssl(tcptls_session->stream) ? "TLS": "TCP", res);
+ goto cleanup;
+ } else if (res == 0) {
+ /* timeout */
+- ast_debug(2, "SIP %s server timed out\n", tcptls_session->ssl ? "TLS": "TCP");
++ ast_debug(2, "SIP %s server timed out\n", ast_iostream_get_ssl(tcptls_session->stream) ? "TLS": "TCP");
+ goto cleanup;
+ }
+ }
+@@ -3067,14 +3056,14 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s
+
+ memset(buf, 0, sizeof(buf));
+
+- if (tcptls_session->ssl) {
++ if (ast_iostream_get_ssl(tcptls_session->stream)) {
+ set_socket_transport(&req.socket, AST_TRANSPORT_TLS);
+ req.socket.port = htons(ourport_tls);
+ } else {
+ set_socket_transport(&req.socket, AST_TRANSPORT_TCP);
+ req.socket.port = htons(ourport_tcp);
+ }
+- req.socket.fd = tcptls_session->fd;
++ req.socket.fd = ast_iostream_get_fd(tcptls_session->stream);
+
+ res = sip_tcptls_read(&req, tcptls_session, authenticated, start);
+ if (res < 0) {
+@@ -3108,7 +3097,7 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s
+ ao2_unlock(me);
+
+ if (packet) {
+- if (ast_tcptls_server_write(tcptls_session, ast_str_buffer(packet->data), packet->len) == -1) {
++ if (ast_iostream_write(tcptls_session->stream, ast_str_buffer(packet->data), packet->len) == -1) {
+ ast_log(LOG_WARNING, "Failure to write to tcp/tls socket\n");
+ }
+ ao2_t_ref(packet, -1, "tcptls packet sent, this is no longer needed");
+@@ -3120,7 +3109,7 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s
+ }
+ }
+
+- ast_debug(2, "Shutting down thread for %s server\n", tcptls_session->ssl ? "TLS" : "TCP");
++ ast_debug(2, "Shutting down thread for %s server\n", ast_iostream_get_ssl(tcptls_session->stream) ? "TLS" : "TCP");
+
+ cleanup:
+ if (tcptls_session && !tcptls_session->client && !authenticated) {
+@@ -29089,9 +29078,8 @@ static int sip_prepare_socket(struct sip_pvt *p)
+ return s->fd;
+ }
+ if ((s->type & (AST_TRANSPORT_TCP | AST_TRANSPORT_TLS)) &&
+- (s->tcptls_session) &&
+- (s->tcptls_session->fd != -1)) {
+- return s->tcptls_session->fd;
++ s->tcptls_session) {
++ return ast_iostream_get_fd(s->tcptls_session->stream);
+ }
+ if ((s->type & (AST_TRANSPORT_WS | AST_TRANSPORT_WSS))) {
+ return s->ws_session ? ast_websocket_fd(s->ws_session) : -1;
+@@ -29121,7 +29109,7 @@ static int sip_prepare_socket(struct sip_pvt *p)
+ /* 1. check for existing threads */
+ ast_sockaddr_copy(&sa_tmp, sip_real_dst(p));
+ if ((tcptls_session = sip_tcp_locate(&sa_tmp))) {
+- s->fd = tcptls_session->fd;
++ s->fd = ast_iostream_get_fd(tcptls_session->stream);
+ if (s->tcptls_session) {
+ ao2_ref(s->tcptls_session, -1);
+ s->tcptls_session = NULL;
+@@ -29168,7 +29156,7 @@ static int sip_prepare_socket(struct sip_pvt *p)
+ goto create_tcptls_session_fail;
+ }
+
+- s->fd = s->tcptls_session->fd;
++ s->fd = ast_iostream_get_fd(s->tcptls_session->stream);
+
+ /* client connections need to have the sip_threadinfo object created before
+ * the thread is detached. This ensures the alert_pipe is up before it will
+@@ -29970,8 +29958,7 @@ static int sip_send_keepalive(const void *data)
+ if ((peer->socket.fd != -1) && (peer->socket.type == AST_TRANSPORT_UDP)) {
+ res = ast_sendto(peer->socket.fd, keepalive, sizeof(keepalive), 0, &peer->addr);
+ } else if ((peer->socket.type & (AST_TRANSPORT_TCP | AST_TRANSPORT_TLS)) &&
+- (peer->socket.tcptls_session) &&
+- (peer->socket.tcptls_session->fd != -1)) {
++ peer->socket.tcptls_session) {
+ res = sip_tcptls_write(peer->socket.tcptls_session, keepalive, sizeof(keepalive));
+ } else if (peer->socket.type == AST_TRANSPORT_UDP) {
+ res = ast_sendto(sipsock, keepalive, sizeof(keepalive), 0, &peer->addr);
+diff --git a/configure.ac b/configure.ac
+index 66c8971..20bbf76 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -815,10 +815,6 @@ AC_ARG_ENABLE([asteriskssl],
+ esac], [AST_ASTERISKSSL=yes])
+ AC_SUBST(AST_ASTERISKSSL)
+
+-# https support (in main/http.c) uses funopen on BSD systems,
+-# fopencookie on linux
+-AC_CHECK_FUNCS([funopen fopencookie])
+-
+ AC_CHECK_FUNCS([inet_aton])
+
+ # check if we have IP_PKTINFO constant defined
+diff --git a/include/asterisk/iostream.h b/include/asterisk/iostream.h
+new file mode 100644
+index 0000000..c641ffb
+--- /dev/null
++++ b/include/asterisk/iostream.h
+@@ -0,0 +1,118 @@
++/*
++ * Asterisk -- An open source telephony toolkit.
++ *
++ * Copyright (C) 1999 - 2015, Digium, Inc.
++ *
++ * Timo Teräs <timo.teras@iki.fi>
++ *
++ * See http://www.asterisk.org for more information about
++ * the Asterisk project. Please do not directly contact
++ * any of the maintainers of this project for assistance;
++ * the project provides a web site, mailing lists and IRC
++ * channels for your use.
++ *
++ * This program is free software, distributed under the terms of
++ * the GNU General Public License Version 2. See the LICENSE file
++ * at the top of the source tree.
++ */
++
++#ifndef _ASTERISK_IOSTREAM_H
++#define _ASTERISK_IOSTREAM_H
++
++/*!
++ * \file iostream.h
++ *
++ * \brief Generic abstraction for input/output streams.
++ */
++
++#if defined(HAVE_OPENSSL)
++#define DO_SSL /* comment in/out if you want to support ssl */
++#endif
++
++#ifdef DO_SSL
++#include <openssl/ssl.h>
++#include <openssl/err.h>
++#include <openssl/x509v3.h>
++#else
++/* declare dummy types so we can define a pointer to them */
++typedef struct {} SSL;
++typedef struct {} SSL_CTX;
++#endif /* DO_SSL */
++
++struct ast_iostream;
++
++/*!
++ * \brief Disable the iostream timeout timer.
++ *
++ * \param stream iostream control data.
++ *
++ * \return Nothing
++ */
++void ast_iostream_set_timeout_disable(struct ast_iostream *stream);
++
++/*!
++ * \brief Set the iostream inactivity timeout timer.
++ *
++ * \param stream iostream control data.
++ * \param timeout Number of milliseconds to wait for data transfer with the peer.
++ *
++ * \details This is basically how much time we are willing to spend
++ * in an I/O call before we declare the peer unresponsive.
++ *
++ * \note Setting timeout to -1 disables the timeout.
++ * \note Setting this timeout replaces the I/O sequence timeout timer.
++ *
++ * \return Nothing
++ */
++void ast_iostream_set_timeout_inactivity(struct ast_iostream *stream, int timeout);
++
++void ast_iostream_set_timeout_idle_inactivity(struct ast_iostream *stream, int timeout, int timeout_reset);
++
++/*!
++ * \brief Set the iostream I/O sequence timeout timer.
++ *
++ * \param stream iostream control data.
++ * \param start Time the I/O sequence timer starts.
++ * \param timeout Number of milliseconds from the start time before timeout.
++ *
++ * \details This is how much time are we willing to allow the peer
++ * to complete an operation that can take several I/O calls. The
++ * main use is as an authentication timer with us.
++ *
++ * \note Setting timeout to -1 disables the timeout.
++ * \note Setting this timeout replaces the inactivity timeout timer.
++ *
++ * \return Nothing
++ */
++void ast_iostream_set_timeout_sequence(struct ast_iostream *stream, struct timeval start, int timeout);
++
++/*!
++ * \brief Set the iostream if it can exclusively depend upon the set timeouts.
++ *
++ * \param stream iostream control data.
++ * \param exclusive_input TRUE if stream can exclusively wait for fd input.
++ * Otherwise, the stream will not wait for fd input. It will wait while
++ * trying to send data.
++ *
++ * \note The stream timeouts still need to be set.
++ *
++ * \return Nothing
++ */
++void ast_iostream_set_exclusive_input(struct ast_iostream *stream, int exclusive_input);
++
++int ast_iostream_get_fd(struct ast_iostream *stream);
++void ast_iostream_nonblock(struct ast_iostream *stream);
++
++SSL* ast_iostream_get_ssl(struct ast_iostream *stream);
++
++ssize_t ast_iostream_read(struct ast_iostream *stream, void *buf, size_t count);
++ssize_t ast_iostream_gets(struct ast_iostream *stream, char *buf, size_t count);
++ssize_t ast_iostream_discard(struct ast_iostream *stream, size_t count);
++ssize_t ast_iostream_write(struct ast_iostream *stream, const void *buf, size_t count);
++ssize_t ast_iostream_printf(struct ast_iostream *stream, const void *fmt, ...);
++
++struct ast_iostream* ast_iostream_from_fd(int *fd);
++int ast_iostream_start_tls(struct ast_iostream **stream, SSL_CTX *ctx, int client);
++int ast_iostream_close(struct ast_iostream *stream);
++
++#endif /* _ASTERISK_IOSTREAM_H */
+diff --git a/include/asterisk/tcptls.h b/include/asterisk/tcptls.h
+index 3c5f450..883cb92 100644
+--- a/include/asterisk/tcptls.h
++++ b/include/asterisk/tcptls.h
+@@ -57,20 +57,7 @@
+
+ #include "asterisk/netsock2.h"
+ #include "asterisk/utils.h"
+-
+-#if defined(HAVE_OPENSSL) && (defined(HAVE_FUNOPEN) || defined(HAVE_FOPENCOOKIE))
+-#define DO_SSL /* comment in/out if you want to support ssl */
+-#endif
+-
+-#ifdef DO_SSL
+-#include <openssl/ssl.h>
+-#include <openssl/err.h>
+-#include <openssl/x509v3.h>
+-#else
+-/* declare dummy types so we can define a pointer to them */
+-typedef struct {} SSL;
+-typedef struct {} SSL_CTX;
+-#endif /* DO_SSL */
++#include "asterisk/iostream.h"
+
+ /*! SSL support */
+ #define AST_CERTFILE "asterisk.pem"
+@@ -153,72 +140,10 @@ struct ast_tcptls_session_args {
+ const char *name;
+ };
+
+-struct ast_tcptls_stream;
+-
+-/*!
+- * \brief Disable the TCP/TLS stream timeout timer.
+- *
+- * \param stream TCP/TLS stream control data.
+- *
+- * \return Nothing
+- */
+-void ast_tcptls_stream_set_timeout_disable(struct ast_tcptls_stream *stream);
+-
+-/*!
+- * \brief Set the TCP/TLS stream inactivity timeout timer.
+- *
+- * \param stream TCP/TLS stream control data.
+- * \param timeout Number of milliseconds to wait for data transfer with the peer.
+- *
+- * \details This is basically how much time we are willing to spend
+- * in an I/O call before we declare the peer unresponsive.
+- *
+- * \note Setting timeout to -1 disables the timeout.
+- * \note Setting this timeout replaces the I/O sequence timeout timer.
+- *
+- * \return Nothing
+- */
+-void ast_tcptls_stream_set_timeout_inactivity(struct ast_tcptls_stream *stream, int timeout);
+-
+-/*!
+- * \brief Set the TCP/TLS stream I/O sequence timeout timer.
+- *
+- * \param stream TCP/TLS stream control data.
+- * \param start Time the I/O sequence timer starts.
+- * \param timeout Number of milliseconds from the start time before timeout.
+- *
+- * \details This is how much time are we willing to allow the peer
+- * to complete an operation that can take several I/O calls. The
+- * main use is as an authentication timer with us.
+- *
+- * \note Setting timeout to -1 disables the timeout.
+- * \note Setting this timeout replaces the inactivity timeout timer.
+- *
+- * \return Nothing
+- */
+-void ast_tcptls_stream_set_timeout_sequence(struct ast_tcptls_stream *stream, struct timeval start, int timeout);
+-
+-/*!
+- * \brief Set the TCP/TLS stream I/O if it can exclusively depend upon the set timeouts.
+- *
+- * \param stream TCP/TLS stream control data.
+- * \param exclusive_input TRUE if stream can exclusively wait for fd input.
+- * Otherwise, the stream will not wait for fd input. It will wait while
+- * trying to send data.
+- *
+- * \note The stream timeouts still need to be set.
+- *
+- * \return Nothing
+- */
+-void ast_tcptls_stream_set_exclusive_input(struct ast_tcptls_stream *stream, int exclusive_input);
+-
+ /*! \brief
+ * describes a server instance
+ */
+ struct ast_tcptls_session_instance {
+- FILE *f; /*!< fopen/funopen result */
+- int fd; /*!< the socket returned by accept() */
+- SSL *ssl; /*!< ssl state */
+ int client;
+ struct ast_sockaddr remote_address;
+ struct ast_tcptls_session_args *parent;
+@@ -228,20 +153,12 @@ struct ast_tcptls_session_instance {
+ * extra data.
+ */
+ struct ast_str *overflow_buf;
+- /*! ao2 FILE stream cookie object associated with f. */
+- struct ast_tcptls_stream *stream_cookie;
++ /*! ao2 stream object associated with this session. */
++ struct ast_iostream *stream;
+ /*! ao2 object private data of parent->worker_fn */
+ void *private_data;
+ };
+
+-#if defined(HAVE_FUNOPEN)
+-#define HOOK_T int
+-#define LEN_T int
+-#else
+-#define HOOK_T ssize_t
+-#define LEN_T size_t
+-#endif
+-
+ /*!
+ * \brief attempts to connect and start tcptls session, on error the tcptls_session's
+ * ref count is decremented, fd and file are closed, and NULL is returned.
+@@ -297,7 +214,4 @@ void ast_ssl_teardown(struct ast_tls_config *cfg);
+ */
+ int ast_tls_read_conf(struct ast_tls_config *tls_cfg, struct ast_tcptls_session_args *tls_desc, const char *varname, const char *value);
+
+-HOOK_T ast_tcptls_server_read(struct ast_tcptls_session_instance *ser, void *buf, size_t count);
+-HOOK_T ast_tcptls_server_write(struct ast_tcptls_session_instance *ser, const void *buf, size_t count);
+-
+ #endif /* _ASTERISK_TCPTLS_H */
+diff --git a/main/http.c b/main/http.c
+index da564da..8cb1c2f 100644
+--- a/main/http.c
++++ b/main/http.c
+@@ -451,11 +451,13 @@ void ast_http_send(struct ast_tcptls_session_instance *ser,
+ struct timeval now = ast_tvnow();
+ struct ast_tm tm;
+ char timebuf[80];
++ char buf[256];
++ int len;
+ int content_length = 0;
+ int close_connection;
+ struct ast_str *server_header_field = ast_str_create(MAX_SERVER_NAME_LENGTH);
+
+- if (!ser || !ser->f || !server_header_field) {
++ if (!ser || !server_header_field) {
+ /* The connection is not open. */
+ ast_free(http_header);
+ ast_free(out);
+@@ -505,7 +507,7 @@ void ast_http_send(struct ast_tcptls_session_instance *ser,
+ }
+
+ /* send http header */
+- fprintf(ser->f,
++ ast_iostream_printf(ser->stream,
+ "HTTP/1.1 %d %s\r\n"
+ "%s"
+ "Date: %s\r\n"
+@@ -526,18 +528,16 @@ void ast_http_send(struct ast_tcptls_session_instance *ser,
+ /* send content */
+ if (method != AST_HTTP_HEAD || status_code >= 400) {
+ if (out && ast_str_strlen(out)) {
+- if (fwrite(ast_str_buffer(out), ast_str_strlen(out), 1, ser->f) != 1) {
++ len = ast_str_strlen(out);
++ if (ast_iostream_write(ser->stream, ast_str_buffer(out), len) != len) {
+ ast_log(LOG_ERROR, "fwrite() failed: %s\n", strerror(errno));
+ close_connection = 1;
+ }
+ }
+
+ if (fd) {
+- char buf[256];
+- int len;
+-
+ while ((len = read(fd, buf, sizeof(buf))) > 0) {
+- if (fwrite(buf, len, 1, ser->f) != 1) {
++ if (ast_iostream_write(ser->stream, buf, len) != len) {
+ ast_log(LOG_WARNING, "fwrite() failed: %s\n", strerror(errno));
+ close_connection = 1;
+ break;
+@@ -569,7 +569,7 @@ void ast_http_create_response(struct ast_tcptls_session_instance *ser, int statu
+ ast_free(http_header_data);
+ ast_free(server_address);
+ ast_free(out);
+- if (ser && ser->f) {
++ if (ser) {
+ ast_debug(1, "HTTP closing session. OOM.\n");
+ ast_tcptls_close_session_file(ser);
+ }
+@@ -923,9 +923,9 @@ static int http_body_read_contents(struct ast_tcptls_session_instance *ser, char
+ {
+ int res;
+
+- /* Stay in fread until get all the expected data or timeout. */
+- res = fread(buf, length, 1, ser->f);
+- if (res < 1) {
++ /* Stream is in exclusive mode so we get it all if possible. */
++ res = ast_iostream_read(ser->stream, buf, length);
++ if (res < length) {
+ ast_log(LOG_WARNING, "Short HTTP request %s (Wanted %d)\n",
+ what_getting, length);
+ return -1;
+@@ -947,23 +947,12 @@ static int http_body_read_contents(struct ast_tcptls_session_instance *ser, char
+ */
+ static int http_body_discard_contents(struct ast_tcptls_session_instance *ser, int length, const char *what_getting)
+ {
+- int res;
+- char buf[MAX_HTTP_LINE_LENGTH];/* Discard buffer */
+-
+- /* Stay in fread until get all the expected data or timeout. */
+- while (sizeof(buf) < length) {
+- res = fread(buf, sizeof(buf), 1, ser->f);
+- if (res < 1) {
+- ast_log(LOG_WARNING, "Short HTTP request %s (Wanted %zu of remaining %d)\n",
+- what_getting, sizeof(buf), length);
+- return -1;
+- }
+- length -= sizeof(buf);
+- }
+- res = fread(buf, length, 1, ser->f);
+- if (res < 1) {
+- ast_log(LOG_WARNING, "Short HTTP request %s (Wanted %d of remaining %d)\n",
+- what_getting, length, length);
++ ssize_t res;
++
++ res = ast_iostream_discard(ser->stream, length);
++ if (res < length) {
++ ast_log(LOG_WARNING, "Short HTTP request %s (Wanted %d but got %zd)\n",
++ what_getting, length, res);
+ return -1;
+ }
+ return 0;
+@@ -1039,7 +1028,7 @@ static int http_body_get_chunk_length(struct ast_tcptls_session_instance *ser)
+ char header_line[MAX_HTTP_LINE_LENGTH];
+
+ /* get the line of hexadecimal giving chunk-size w/ optional chunk-extension */
+- if (!fgets(header_line, sizeof(header_line), ser->f)) {
++ if (ast_iostream_gets(ser->stream, header_line, sizeof(header_line)) <= 0) {
+ ast_log(LOG_WARNING, "Short HTTP read of chunked header\n");
+ return -1;
+ }
+@@ -1067,8 +1056,8 @@ static int http_body_check_chunk_sync(struct ast_tcptls_session_instance *ser)
+ char chunk_sync[2];
+
+ /* Stay in fread until get the expected CRLF or timeout. */
+- res = fread(chunk_sync, sizeof(chunk_sync), 1, ser->f);
+- if (res < 1) {
++ res = ast_iostream_read(ser->stream, chunk_sync, sizeof(chunk_sync));
++ if (res < sizeof(chunk_sync)) {
+ ast_log(LOG_WARNING, "Short HTTP chunk sync read (Wanted %zu)\n",
+ sizeof(chunk_sync));
+ return -1;
+@@ -1097,7 +1086,7 @@ static int http_body_discard_chunk_trailer_headers(struct ast_tcptls_session_ins
+ char header_line[MAX_HTTP_LINE_LENGTH];
+
+ for (;;) {
+- if (!fgets(header_line, sizeof(header_line), ser->f)) {
++ if (ast_iostream_gets(ser->stream, header_line, sizeof(header_line)) <= 0) {
+ ast_log(LOG_WARNING, "Short HTTP read of chunked trailer header\n");
+ return -1;
+ }
+@@ -1760,7 +1749,7 @@ static int http_request_headers_get(struct ast_tcptls_session_instance *ser, str
+ char *name;
+ char *value;
+
+- if (!fgets(header_line, sizeof(header_line), ser->f)) {
++ if (ast_iostream_gets(ser->stream, header_line, sizeof(header_line)) <= 0) {
+ ast_http_error(ser, 400, "Bad Request", "Timeout");
+ return -1;
+ }
+@@ -1834,7 +1823,7 @@ static int httpd_process_request(struct ast_tcptls_session_instance *ser)
+ int res;
+ char request_line[MAX_HTTP_LINE_LENGTH];
+
+- if (!fgets(request_line, sizeof(request_line), ser->f)) {
++ if (ast_iostream_gets(ser->stream, request_line, sizeof(request_line)) <= 0) {
+ return -1;
+ }
+
+@@ -1915,11 +1904,10 @@ static int httpd_process_request(struct ast_tcptls_session_instance *ser)
+ static void *httpd_helper_thread(void *data)
+ {
+ struct ast_tcptls_session_instance *ser = data;
+- struct protoent *p;
+- int flags;
+ int timeout;
++ int arg = 1;
+
+- if (!ser || !ser->f) {
++ if (!ser) {
+ ao2_cleanup(ser);
+ return NULL;
+ }
+@@ -1936,23 +1924,11 @@ static void *httpd_helper_thread(void *data)
+ * This is necessary to prevent delays (caused by buffering) as we
+ * write to the socket in bits and pieces.
+ */
+- p = getprotobyname("tcp");
+- if (p) {
+- int arg = 1;
+-
+- if (setsockopt(ser->fd, p->p_proto, TCP_NODELAY, (char *) &arg, sizeof(arg) ) < 0) {
+- ast_log(LOG_WARNING, "Failed to set TCP_NODELAY on HTTP connection: %s\n", strerror(errno));
+- ast_log(LOG_WARNING, "Some HTTP requests may be slow to respond.\n");
+- }
+- } else {
+- ast_log(LOG_WARNING, "Failed to set TCP_NODELAY on HTTP connection, getprotobyname(\"tcp\") failed\n");
++ if (setsockopt(ast_iostream_get_fd(ser->stream), IPPROTO_TCP, TCP_NODELAY, (char *) &arg, sizeof(arg) ) < 0) {
++ ast_log(LOG_WARNING, "Failed to set TCP_NODELAY on HTTP connection: %s\n", strerror(errno));
+ ast_log(LOG_WARNING, "Some HTTP requests may be slow to respond.\n");
+ }
+-
+- /* make sure socket is non-blocking */
+- flags = fcntl(ser->fd, F_GETFL);
+- flags |= O_NONBLOCK;
+- fcntl(ser->fd, F_SETFL, flags);
++ ast_iostream_nonblock(ser->stream);
+
+ /* Setup HTTP worker private data to keep track of request body reading. */
+ ao2_cleanup(ser->private_data);
+@@ -1975,23 +1951,17 @@ static void *httpd_helper_thread(void *data)
+ }
+
+ /* We can let the stream wait for data to arrive. */
+- ast_tcptls_stream_set_exclusive_input(ser->stream_cookie, 1);
++ ast_iostream_set_exclusive_input(ser->stream, 1);
+
+ for (;;) {
+- int ch;
+-
+ /* Wait for next potential HTTP request message. */
+- ast_tcptls_stream_set_timeout_inactivity(ser->stream_cookie, timeout);
+- ch = fgetc(ser->f);
+- if (ch == EOF || ungetc(ch, ser->f) == EOF) {
+- /* Between request idle timeout */
+- ast_debug(1, "HTTP idle timeout or peer closed connection.\n");
++ ast_iostream_set_timeout_idle_inactivity(ser->stream, timeout, session_inactivity);
++ if (httpd_process_request(ser)) {
++ /* Break the connection or the connection closed */
+ break;
+ }
+-
+- ast_tcptls_stream_set_timeout_inactivity(ser->stream_cookie, session_inactivity);
+- if (httpd_process_request(ser) || !ser->f || feof(ser->f)) {
+- /* Break the connection or the connection closed */
++ if (!ser->stream) {
++ /* Web-socket or similar that took the connection */
+ break;
+ }
+
+@@ -2005,10 +1975,9 @@ static void *httpd_helper_thread(void *data)
+ done:
+ ast_atomic_fetchadd_int(&session_count, -1);
+
+- if (ser->f) {
+- ast_debug(1, "HTTP closing session. Top level\n");
+- ast_tcptls_close_session_file(ser);
+- }
++ ast_debug(1, "HTTP closing session. Top level\n");
++ ast_tcptls_close_session_file(ser);
++
+ ao2_ref(ser, -1);
+ return NULL;
+ }
+diff --git a/main/iostream.c b/main/iostream.c
+new file mode 100644
+index 0000000..46abc18
+--- /dev/null
++++ b/main/iostream.c
+@@ -0,0 +1,553 @@
++/*
++ * Asterisk -- An open source telephony toolkit.
++ *
++ * Copyright (C) 1999 - 2015, Digium, Inc.
++ *
++ * Timo Teräs <timo.teras@iki.fi>
++ *
++ * See http://www.asterisk.org for more information about
++ * the Asterisk project. Please do not directly contact
++ * any of the maintainers of this project for assistance;
++ * the project provides a web site, mailing lists and IRC
++ * channels for your use.
++ *
++ * This program is free software, distributed under the terms of
++ * the GNU General Public License Version 2. See the LICENSE file
++ * at the top of the source tree.
++ */
++
++#include <fcntl.h>
++#include <stdarg.h>
++
++#include "asterisk.h"
++#include "asterisk/utils.h"
++#include "asterisk/astobj2.h"
++#include "asterisk/iostream.h"
++
++struct ast_iostream {
++ SSL *ssl;
++ struct timeval start;
++ int fd;
++ int timeout;
++ int timeout_reset;
++ int exclusive_input;
++ int rbuflen;
++ char *rbufhead;
++ char rbuf[2048];
++};
++
++int ast_iostream_get_fd(struct ast_iostream *stream)
++{
++ return stream->fd;
++}
++
++void ast_iostream_nonblock(struct ast_iostream *stream)
++{
++ fcntl(stream->fd, F_SETFL, fcntl(stream->fd, F_GETFL) | O_NONBLOCK);
++}
++
++SSL *ast_iostream_get_ssl(struct ast_iostream *stream)
++{
++ return stream->ssl;
++}
++
++void ast_iostream_set_timeout_disable(struct ast_iostream *stream)
++{
++ ast_assert(stream != NULL);
++
++ stream->timeout = -1;
++ stream->timeout_reset = -1;
++}
++
++void ast_iostream_set_timeout_inactivity(struct ast_iostream *stream, int timeout)
++{
++ ast_assert(stream != NULL);
++
++ stream->start.tv_sec = 0;
++ stream->timeout = timeout;
++ stream->timeout_reset = timeout;
++}
++
++void ast_iostream_set_timeout_idle_inactivity(struct ast_iostream *stream, int timeout, int timeout_reset)
++{
++ ast_assert(stream != NULL);
++
++ stream->start.tv_sec = 0;
++ stream->timeout = timeout;
++ stream->timeout_reset = timeout_reset;
++}
++
++void ast_iostream_set_timeout_sequence(struct ast_iostream *stream, struct timeval start, int timeout)
++{
++ ast_assert(stream != NULL);
++
++ stream->start = start;
++ stream->timeout = timeout;
++ stream->timeout_reset = timeout;
++}
++
++void ast_iostream_set_exclusive_input(struct ast_iostream *stream, int exclusive_input)
++{
++ ast_assert(stream != NULL);
++
++ stream->exclusive_input = exclusive_input;
++}
++
++static ssize_t iostream_read(struct ast_iostream *stream, void *buf, size_t size)
++{
++ struct timeval start;
++ int ms;
++ int res;
++
++ if (stream->start.tv_sec) {
++ start = stream->start;
++ } else {
++ start = ast_tvnow();
++ }
++
++#if defined(DO_SSL)
++ if (stream->ssl) {
++ for (;;) {
++ res = SSL_read(stream->ssl, buf, size);
++ if (0 < res) {
++ /* We read some payload data. */
++ stream->timeout = stream->timeout_reset;
++ return res;
++ }
++ switch (SSL_get_error(stream->ssl, res)) {
++ case SSL_ERROR_ZERO_RETURN:
++ /* Report EOF for a shutdown */
++ ast_debug(1, "TLS clean shutdown alert reading data\n");
++ return 0;
++ case SSL_ERROR_WANT_READ:
++ if (!stream->exclusive_input) {
++ /* We cannot wait for data now. */
++ errno = EAGAIN;
++ return -1;
++ }
++ while ((ms = ast_remaining_ms(start, stream->timeout))) {
++ res = ast_wait_for_input(stream->fd, ms);
++ if (0 < res) {
++ /* Socket is ready to be read. */
++ break;
++ }
++ if (res < 0) {
++ if (errno == EINTR || errno == EAGAIN) {
++ /* Try again. */
++ continue;
++ }
++ ast_debug(1, "TLS socket error waiting for read data: %s\n",
++ strerror(errno));
++ return -1;
++ }
++ }
++ break;
++ case SSL_ERROR_WANT_WRITE:
++ while ((ms = ast_remaining_ms(start, stream->timeout))) {
++ res = ast_wait_for_output(stream->fd, ms);
++ if (0 < res) {
++ /* Socket is ready to be written. */
++ break;
++ }
++ if (res < 0) {
++ if (errno == EINTR || errno == EAGAIN) {
++ /* Try again. */
++ continue;
++ }
++ ast_debug(1, "TLS socket error waiting for write space: %s\n",
++ strerror(errno));
++ return -1;
++ }
++ }
++ break;
++ default:
++ /* Report EOF for an undecoded SSL or transport error. */
++ ast_debug(1, "TLS transport or SSL error reading data\n");
++ return 0;
++ }
++ if (!ms) {
++ /* Report EOF for a timeout */
++ ast_debug(1, "TLS timeout reading data\n");
++ return 0;
++ }
++ }
++ }
++#endif /* defined(DO_SSL) */
++
++ for (;;) {
++ res = read(stream->fd, buf, size);
++ if (0 <= res) {
++ /* Got data or we cannot wait for it. */
++ stream->timeout = stream->timeout_reset;
++ return res;
++ }
++ if (!stream->exclusive_input) {
++ return res;
++ }
++ if (errno != EINTR && errno != EAGAIN) {
++ /* Not a retryable error. */
++ ast_debug(1, "TCP socket error reading data: %s\n",
++ strerror(errno));
++ return -1;
++ }
++ ms = ast_remaining_ms(start, stream->timeout);
++ if (!ms) {
++ /* Report EOF for a timeout */
++ ast_debug(1, "TCP timeout reading data\n");
++ return 0;
++ }
++ ast_wait_for_input(stream->fd, ms);
++ }
++}
++
++ssize_t ast_iostream_read(struct ast_iostream *stream, void *buf, size_t size)
++{
++ if (!size) {
++ /* You asked for no data you got no data. */
++ return 0;
++ }
++
++ if (!stream || stream->fd == -1) {
++ errno = EBADF;
++ return -1;
++ }
++
++ /* Get any remains from the read buffer */
++ if (stream->rbuflen) {
++ size_t r = size;
++ if (r > stream->rbuflen) {
++ r = stream->rbuflen;
++ }
++ memcpy(buf, stream->rbufhead, r);
++ stream->rbuflen -= r;
++ stream->rbufhead += r;
++ return r;
++ }
++
++ return iostream_read(stream, buf, size);
++}
++
++ssize_t ast_iostream_gets(struct ast_iostream *stream, char *buf, size_t count)
++{
++ ssize_t r;
++ char *newline;
++
++ do {
++ /* Search for newline */
++ newline = memchr(stream->rbufhead, '\n', stream->rbuflen);
++ if (newline) {
++ r = newline - stream->rbufhead + 1;
++ if (r > count-1) {
++ r = count-1;
++ }
++ break;
++ }
++
++ /* Enough data? */
++ if (stream->rbuflen >= count - 1) {
++ r = count - 1;
++ break;
++ }
++
++ /* Try to fill in line buffer */
++ if (stream->rbuflen && stream->rbuf != stream->rbufhead) {
++ memmove(&stream->rbuf, stream->rbufhead, stream->rbuflen);
++ }
++ stream->rbufhead = stream->rbuf;
++
++ r = iostream_read(stream, stream->rbufhead + stream->rbuflen, sizeof(stream->rbuf) - stream->rbuflen);
++ if (r <= 0) {
++ return r;
++ }
++ stream->rbuflen += r;
++ } while (1);
++
++ /* Return r bytes with termination byte */
++ memcpy(buf, stream->rbufhead, r);
++ buf[r] = 0;
++ stream->rbuflen -= r;
++ stream->rbufhead += r;
++
++ return r;
++}
++
++ssize_t ast_iostream_discard(struct ast_iostream *stream, size_t size)
++{
++ char buf[1024];
++ size_t remaining = size;
++ ssize_t ret;
++
++ while (remaining) {
++ ret = ast_iostream_read(stream, buf, remaining > sizeof(buf) ? sizeof(buf) : remaining);
++ if (ret < 0) {
++ return ret;
++ }
++ remaining -= ret;
++ }
++
++ return size;
++}
++
++ssize_t ast_iostream_write(struct ast_iostream *stream, const void *buf, size_t size)
++{
++ struct timeval start;
++ int ms;
++ int res;
++ int written;
++ int remaining;
++
++ if (!size) {
++ /* You asked to write no data you wrote no data. */
++ return 0;
++ }
++
++ if (!stream || stream->fd == -1) {
++ errno = EBADF;
++ return -1;
++ }
++
++ if (stream->start.tv_sec) {
++ start = stream->start;
++ } else {
++ start = ast_tvnow();
++ }
++
++#if defined(DO_SSL)
++ if (stream->ssl) {
++ written = 0;
++ remaining = size;
++ for (;;) {
++ res = SSL_write(stream->ssl, buf + written, remaining);
++ if (res == remaining) {
++ /* Everything was written. */
++ return size;
++ }
++ if (0 < res) {
++ /* Successfully wrote part of the buffer. Try to write the rest. */
++ written += res;
++ remaining -= res;
++ continue;
++ }
++ switch (SSL_get_error(stream->ssl, res)) {
++ case SSL_ERROR_ZERO_RETURN:
++ ast_debug(1, "TLS clean shutdown alert writing data\n");
++ if (written) {
++ /* Report partial write. */
++ return written;
++ }
++ errno = EBADF;
++ return -1;
++ case SSL_ERROR_WANT_READ:
++ ms = ast_remaining_ms(start, stream->timeout);
++ if (!ms) {
++ /* Report partial write. */
++ ast_debug(1, "TLS timeout writing data (want read)\n");
++ return written;
++ }
++ ast_wait_for_input(stream->fd, ms);
++ break;
++ case SSL_ERROR_WANT_WRITE:
++ ms = ast_remaining_ms(start, stream->timeout);
++ if (!ms) {
++ /* Report partial write. */
++ ast_debug(1, "TLS timeout writing data (want write)\n");
++ return written;
++ }
++ ast_wait_for_output(stream->fd, ms);
++ break;
++ default:
++ /* Undecoded SSL or transport error. */
++ ast_debug(1, "TLS transport or SSL error writing data\n");
++ if (written) {
++ /* Report partial write. */
++ return written;
++ }
++ errno = EBADF;
++ return -1;
++ }
++ }
++ }
++#endif /* defined(DO_SSL) */
++
++ written = 0;
++ remaining = size;
++ for (;;) {
++ res = write(stream->fd, buf + written, remaining);
++ if (res == remaining) {
++ /* Yay everything was written. */
++ return size;
++ }
++ if (0 < res) {
++ /* Successfully wrote part of the buffer. Try to write the rest. */
++ written += res;
++ remaining -= res;
++ continue;
++ }
++ if (errno != EINTR && errno != EAGAIN) {
++ /* Not a retryable error. */
++ ast_debug(1, "TCP socket error writing: %s\n", strerror(errno));
++ if (written) {
++ return written;
++ }
++ return -1;
++ }
++ ms = ast_remaining_ms(start, stream->timeout);
++ if (!ms) {
++ /* Report partial write. */
++ ast_debug(1, "TCP timeout writing data\n");
++ return written;
++ }
++ ast_wait_for_output(stream->fd, ms);
++ }
++}
++
++ssize_t ast_iostream_printf(struct ast_iostream *stream, const void *fmt, ...)
++{
++ char sbuf[256], *buf = sbuf;
++ int len, len2, ret = -1;
++ va_list va;
++
++ va_start(va, fmt);
++ len = vsnprintf(buf, sizeof(sbuf), fmt, va);
++ va_end(va);
++
++ if (len > sizeof(sbuf)) {
++ buf = ast_malloc(len);
++ if (!buf) {
++ return -1;
++ }
++ va_start(va, fmt);
++ len2 = vsnprintf(buf, len, fmt, va);
++ va_end(va);
++ if (len2 > len) {
++ goto error;
++ }
++ }
++
++ if (ast_iostream_write(stream, buf, len) == len)
++ ret = len;
++
++error:
++ if (buf != sbuf) {
++ ast_free(buf);
++ }
++
++ return ret;
++}
++
++int ast_iostream_close(struct ast_iostream *stream)
++{
++ if (!stream) {
++ errno = EBADF;
++ return -1;
++ }
++
++ if (stream->fd != -1) {
++#if defined(DO_SSL)
++ if (stream->ssl) {
++ int res;
++
++ /*
++ * According to the TLS standard, it is acceptable for an
++ * application to only send its shutdown alert and then
++ * close the underlying connection without waiting for
++ * the peer's response (this way resources can be saved,
++ * as the process can already terminate or serve another
++ * connection).
++ */
++ res = SSL_shutdown(stream->ssl);
++ if (res < 0) {
++ ast_log(LOG_ERROR, "SSL_shutdown() failed: %d\n",
++ SSL_get_error(stream->ssl, res));
++ }
++
++ if (!stream->ssl->server) {
++ /* For client threads, ensure that the error stack is cleared */
++ ERR_remove_state(0);
++ }
++
++ SSL_free(stream->ssl);
++ stream->ssl = NULL;
++ }
++#endif /* defined(DO_SSL) */
++
++ /*
++ * Issuing shutdown() is necessary here to avoid a race
++ * condition where the last data written may not appear
++ * in the TCP stream. See ASTERISK-23548
++ */
++ shutdown(stream->fd, SHUT_RDWR);
++ if (close(stream->fd)) {
++ ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno));
++ }
++ stream->fd = -1;
++ }
++ ao2_t_ref(stream, -1, "Closed ast_iostream");
++
++ return 0;
++}
++
++static void iostream_dtor(void *cookie)
++{
++#ifdef AST_DEVMODE
++ /* Since the ast_assert below is the only one using stream,
++ * and ast_assert is only available with AST_DEVMODE, we
++ * put this in a conditional to avoid compiler warnings. */
++ struct ast_iostream *stream = cookie;
++#endif
++
++ ast_assert(stream->fd == -1);
++}
++
++struct ast_iostream *ast_iostream_from_fd(int *fd)
++{
++ struct ast_iostream *stream;
++
++ stream = ao2_alloc_options(sizeof(*stream), iostream_dtor,
++ AO2_ALLOC_OPT_LOCK_NOLOCK);
++ if (stream) {
++ stream->timeout = -1;
++ stream->timeout_reset = -1;
++ stream->fd = *fd;
++ *fd = -1;
++ }
++
++ return stream;
++}
++
++int ast_iostream_start_tls(struct ast_iostream **pstream, SSL_CTX *ssl_ctx, int client)
++{
++#ifdef DO_SSL
++ struct ast_iostream *stream = *pstream;
++ int (*ssl_setup)(SSL *) = client ? SSL_connect : SSL_accept;
++ char err[256];
++
++ stream->ssl = SSL_new(ssl_ctx);
++ if (!stream->ssl) {
++ ast_log(LOG_ERROR, "Unable to create new SSL connection\n");
++ errno = ENOMEM;
++ return -1;
++ }
++
++ /*
++ * This function takes struct ast_iostream **, so it can chain
++ * SSL over any ast_iostream. For now we assume it's a file descriptor.
++ * But later this should instead use BIO wrapper to tie SSL to another
++ * ast_iostream.
++ */
++ SSL_set_fd(stream->ssl, stream->fd);
++
++ if (ssl_setup(stream->ssl) <= 0) {
++ ast_log(LOG_ERROR, "Problem setting up ssl connection: %s\n",
++ ERR_error_string(ERR_get_error(), err));
++ errno = EIO;
++ return -1;
++ }
++
++ return 0;
++#else
++ ast_log(LOG_ERROR, "SSL not enabled in this build\n");
++ errno = ENOTSUP;
++ return -1;
++#endif
++}
+diff --git a/main/manager.c b/main/manager.c
+index 32322b8..8c3220e 100644
+--- a/main/manager.c
++++ b/main/manager.c
+@@ -1551,8 +1551,7 @@ static void acl_change_stasis_unsubscribe(void)
+ struct mansession_session {
+ /*! \todo XXX need to document which fields it is protecting */
+ struct ast_sockaddr addr; /*!< address we are connecting from */
+- FILE *f; /*!< fdopen() on the underlying fd */
+- int fd; /*!< descriptor used for output. Either the socket (AMI) or a temporary file (HTTP) */
++ struct ast_iostream *stream; /*!< AMI stream */
+ int inuse; /*!< number of HTTP sessions using this entry */
+ int needdestroy; /*!< Whether an HTTP session should be destroyed */
+ pthread_t waiting_thread; /*!< Sleeping thread using this descriptor */
+@@ -1594,9 +1593,8 @@ enum mansession_message_parsing {
+ */
+ struct mansession {
+ struct mansession_session *session;
++ struct ast_iostream *stream;
+ struct ast_tcptls_session_instance *tcptls_session;
+- FILE *f;
+- int fd;
+ enum mansession_message_parsing parsing;
+ int write_error:1;
+ struct manager_custom_hook *hook;
+@@ -2168,10 +2166,6 @@ static void session_destructor(void *obj)
+ ast_datastore_free(datastore);
+ }
+
+- if (session->f != NULL) {
+- fflush(session->f);
+- fclose(session->f);
+- }
+ if (eqe) {
+ ast_atomic_fetchadd_int(&eqe->usecount, -1);
+ }
+@@ -2206,7 +2200,6 @@ static struct mansession_session *build_mansession(const struct ast_sockaddr *ad
+ return NULL;
+ }
+
+- newsession->fd = -1;
+ newsession->waiting_thread = AST_PTHREADT_NULL;
+ newsession->writetimeout = 100;
+ newsession->send_events = -1;
+@@ -2619,7 +2612,7 @@ static char *handle_showmanconn(struct ast_cli_entry *e, int cmd, struct ast_cli
+ ast_sockaddr_stringify_addr(&session->addr),
+ (int) (session->sessionstart),
+ (int) (now - session->sessionstart),
+- session->fd,
++ session->stream ? ast_iostream_get_fd(session->stream) : -1,
+ session->inuse,
+ session->readperm,
+ session->writeperm);
+@@ -2891,7 +2884,6 @@ int ast_hook_send_action(struct manager_custom_hook *hook, const char *msg)
+ * This is necessary to meet the previous design of manager.c
+ */
+ s.hook = hook;
+- s.f = (void*)1; /* set this to something so our request will make it through all functions that test it*/
+
+ ao2_lock(act_found);
+ if (act_found->registered && act_found->func) {
+@@ -2922,9 +2914,8 @@ int ast_hook_send_action(struct manager_custom_hook *hook, const char *msg)
+ */
+ static int send_string(struct mansession *s, char *string)
+ {
+- int res;
+- FILE *f = s->f ? s->f : s->session->f;
+- int fd = s->f ? s->fd : s->session->fd;
++ struct ast_iostream *stream = s->stream ? s->stream : s->session->stream;
++ int len, res;
+
+ /* It's a result from one of the hook's action invocation */
+ if (s->hook) {
+@@ -2936,7 +2927,12 @@ static int send_string(struct mansession *s, char *string)
+ return 0;
+ }
+
+- if ((res = ast_careful_fwrite(f, fd, string, strlen(string), s->session->writetimeout))) {
++ len = strlen(string);
++ ast_iostream_set_timeout_inactivity(stream, s->session->writetimeout);
++ res = ast_iostream_write(stream, string, len);
++ ast_iostream_set_timeout_disable(stream);
++
++ if (res < len) {
+ s->write_error = 1;
+ }
+
+@@ -2977,10 +2973,10 @@ void astman_append(struct mansession *s, const char *fmt, ...)
+ return;
+ }
+
+- if (s->f != NULL || s->session->f != NULL) {
++ if (s->tcptls_session != NULL && s->tcptls_session->stream != NULL) {
+ send_string(s, ast_str_buffer(buf));
+ } else {
+- ast_verbose("fd == -1 in astman_append, should not happen\n");
++ ast_verbose("No connection stream in astman_append, should not happen\n");
+ }
+ }
+
+@@ -4121,7 +4117,7 @@ static int action_waitevent(struct mansession *s, const struct message *m)
+ break;
+ }
+ if (s->session->managerid == 0) { /* AMI session */
+- if (ast_wait_for_input(s->session->fd, 1000)) {
++ if (ast_wait_for_input(ast_iostream_get_fd(s->session->stream), 1000)) {
+ break;
+ }
+ } else { /* HTTP session */
+@@ -5926,7 +5922,7 @@ static int process_events(struct mansession *s)
+ int ret = 0;
+
+ ao2_lock(s->session);
+- if (s->session->f != NULL) {
++ if (s->session->stream != NULL) {
+ struct eventqent *eqe = s->session->last_ev;
+
+ while ((eqe = advance_event(eqe))) {
+@@ -6468,7 +6464,7 @@ static int get_input(struct mansession *s, char *output)
+ s->session->waiting_thread = pthread_self();
+ ao2_unlock(s->session);
+
+- res = ast_wait_for_input(s->session->fd, timeout);
++ res = ast_wait_for_input(ast_iostream_get_fd(s->session->stream), timeout);
+
+ ao2_lock(s->session);
+ s->session->waiting_thread = AST_PTHREADT_NULL;
+@@ -6486,7 +6482,7 @@ static int get_input(struct mansession *s, char *output)
+ }
+
+ ao2_lock(s->session);
+- res = fread(src + s->session->inlen, 1, maxlen - s->session->inlen, s->session->f);
++ res = ast_iostream_read(s->session->stream, src + s->session->inlen, maxlen - s->session->inlen);
+ if (res < 1) {
+ res = -1; /* error return */
+ } else {
+@@ -6619,13 +6615,12 @@ static void *session_do(void *data)
+ struct mansession s = {
+ .tcptls_session = data,
+ };
+- int flags;
+ int res;
++ int arg = 1;
+ struct ast_sockaddr ser_remote_address_tmp;
+- struct protoent *p;
+
+ if (ast_atomic_fetchadd_int(&unauth_sessions, +1) >= authlimit) {
+- fclose(ser->f);
++ ast_iostream_close(ser->stream);
+ ast_atomic_fetchadd_int(&unauth_sessions, -1);
+ goto done;
+ }
+@@ -6634,7 +6629,7 @@ static void *session_do(void *data)
+ session = build_mansession(&ser_remote_address_tmp);
+
+ if (session == NULL) {
+- fclose(ser->f);
++ ast_iostream_close(ser->stream);
+ ast_atomic_fetchadd_int(&unauth_sessions, -1);
+ goto done;
+ }
+@@ -6642,20 +6637,10 @@ static void *session_do(void *data)
+ /* here we set TCP_NODELAY on the socket to disable Nagle's algorithm.
+ * This is necessary to prevent delays (caused by buffering) as we
+ * write to the socket in bits and pieces. */
+- p = getprotobyname("tcp");
+- if (p) {
+- int arg = 1;
+- if( setsockopt(ser->fd, p->p_proto, TCP_NODELAY, (char *)&arg, sizeof(arg) ) < 0 ) {
+- ast_log(LOG_WARNING, "Failed to set manager tcp connection to TCP_NODELAY mode: %s\nSome manager actions may be slow to respond.\n", strerror(errno));
+- }
+- } else {
+- ast_log(LOG_WARNING, "Failed to set manager tcp connection to TCP_NODELAY, getprotobyname(\"tcp\") failed\nSome manager actions may be slow to respond.\n");
++ if (setsockopt(ast_iostream_get_fd(ser->stream), IPPROTO_TCP, TCP_NODELAY, (char *)&arg, sizeof(arg) ) < 0) {
++ ast_log(LOG_WARNING, "Failed to set manager tcp connection to TCP_NODELAY mode: %s\nSome manager actions may be slow to respond.\n", strerror(errno));
+ }
+-
+- /* make sure socket is non-blocking */
+- flags = fcntl(ser->fd, F_GETFL);
+- flags |= O_NONBLOCK;
+- fcntl(ser->fd, F_SETFL, flags);
++ ast_iostream_nonblock(ser->stream);
+
+ ao2_lock(session);
+ /* Hook to the tail of the event queue */
+@@ -6664,8 +6649,7 @@ static void *session_do(void *data)
+ ast_mutex_init(&s.lock);
+
+ /* these fields duplicate those in the 'ser' structure */
+- session->fd = s.fd = ser->fd;
+- session->f = s.f = ser->f;
++ session->stream = s.stream = ser->stream;
+ ast_sockaddr_copy(&session->addr, &ser_remote_address_tmp);
+ s.session = session;
+
+@@ -6684,9 +6668,9 @@ static void *session_do(void *data)
+ * We cannot let the stream exclusively wait for data to arrive.
+ * We have to wake up the task to send async events.
+ */
+- ast_tcptls_stream_set_exclusive_input(ser->stream_cookie, 0);
++ ast_iostream_set_exclusive_input(ser->stream, 0);
+
+- ast_tcptls_stream_set_timeout_sequence(ser->stream_cookie,
++ ast_iostream_set_timeout_sequence(ser->stream,
+ ast_tvnow(), authtimeout * 1000);
+
+ astman_append(&s, "Asterisk Call Manager/%s\r\n", AMI_VERSION); /* welcome prompt */
+@@ -6695,7 +6679,7 @@ static void *session_do(void *data)
+ break;
+ }
+ if (session->authenticated) {
+- ast_tcptls_stream_set_timeout_disable(ser->stream_cookie);
++ ast_iostream_set_timeout_disable(ser->stream);
+ }
+ }
+ /* session is over, explain why and terminate */
+@@ -7554,23 +7538,9 @@ static void xml_translate(struct ast_str **out, char *in, struct ast_variable *g
+
+ static void close_mansession_file(struct mansession *s)
+ {
+- if (s->f) {
+- if (fclose(s->f)) {
+- ast_log(LOG_ERROR, "fclose() failed: %s\n", strerror(errno));
+- }
+- s->f = NULL;
+- s->fd = -1;
+- } else if (s->fd != -1) {
+- /*
+- * Issuing shutdown() is necessary here to avoid a race
+- * condition where the last data written may not appear
+- * in the TCP stream. See ASTERISK-23548
+- */
+- shutdown(s->fd, SHUT_RDWR);
+- if (close(s->fd)) {
+- ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno));
+- }
+- s->fd = -1;
++ if (s->stream) {
++ ast_iostream_close(s->stream);
++ s->stream = NULL;
+ } else {
+ ast_log(LOG_ERROR, "Attempted to close file/file descriptor on mansession without a valid file or file descriptor.\n");
+ }
+@@ -7579,17 +7549,20 @@ static void close_mansession_file(struct mansession *s)
+ static void process_output(struct mansession *s, struct ast_str **out, struct ast_variable *params, enum output_format format)
+ {
+ char *buf;
+- size_t l;
++ off_t l;
++ int fd;
+
+- if (!s->f)
++ if (!s->stream)
+ return;
+
+ /* Ensure buffer is NULL-terminated */
+- fprintf(s->f, "%c", 0);
+- fflush(s->f);
++ ast_iostream_write(s->stream, "", 1);
++
++ fd = ast_iostream_get_fd(s->stream);
+
+- if ((l = ftell(s->f)) > 0) {
+- if (MAP_FAILED == (buf = mmap(NULL, l, PROT_READ | PROT_WRITE, MAP_PRIVATE, s->fd, 0))) {
++ l = lseek(fd, SEEK_CUR, 0);
++ if (l > 0) {
++ if (MAP_FAILED == (buf = mmap(NULL, l, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0))) {
+ ast_log(LOG_WARNING, "mmap failed. Manager output was not processed\n");
+ } else {
+ if (format == FORMAT_XML || format == FORMAT_HTML) {
+@@ -7616,6 +7589,7 @@ static int generic_http_callback(struct ast_tcptls_session_instance *ser,
+ struct mansession s = { .session = NULL, .tcptls_session = ser };
+ struct mansession_session *session = NULL;
+ uint32_t ident;
++ int fd;
+ int blastaway = 0;
+ struct ast_variable *v;
+ struct ast_variable *params = get_params;
+@@ -7671,17 +7645,17 @@ static int generic_http_callback(struct ast_tcptls_session_instance *ser,
+ }
+
+ s.session = session;
+- s.fd = mkstemp(template); /* create a temporary file for command output */
++ fd = mkstemp(template); /* create a temporary file for command output */
+ unlink(template);
+- if (s.fd <= -1) {
++ if (fd <= -1) {
+ ast_http_error(ser, 500, "Server Error", "Internal Server Error (mkstemp failed)");
+ goto generic_callback_out;
+ }
+- s.f = fdopen(s.fd, "w+");
+- if (!s.f) {
++ s.stream = ast_iostream_from_fd(&fd);
++ if (!s.stream) {
+ ast_log(LOG_WARNING, "HTTP Manager, fdopen failed: %s!\n", strerror(errno));
+ ast_http_error(ser, 500, "Server Error", "Internal Server Error (fdopen failed)");
+- close(s.fd);
++ close(fd);
+ goto generic_callback_out;
+ }
+
+@@ -7821,9 +7795,9 @@ generic_callback_out:
+ if (blastaway) {
+ session_destroy(session);
+ } else {
+- if (session->f) {
+- fclose(session->f);
+- session->f = NULL;
++ if (session->stream) {
++ ast_iostream_close(session->stream);
++ session->stream = NULL;
+ }
+ unref_mansession(session);
+ }
+@@ -7848,6 +7822,7 @@ static int auth_http_callback(struct ast_tcptls_session_instance *ser,
+ struct message m = { 0 };
+ unsigned int idx;
+ size_t hdrlen;
++ int fd;
+
+ time_t time_now = time(NULL);
+ unsigned long nonce = 0, nc;
+@@ -8026,17 +8001,17 @@ static int auth_http_callback(struct ast_tcptls_session_instance *ser,
+
+ ast_mutex_init(&s.lock);
+ s.session = session;
+- s.fd = mkstemp(template); /* create a temporary file for command output */
++ fd = mkstemp(template); /* create a temporary file for command output */
+ unlink(template);
+- if (s.fd <= -1) {
++ if (fd <= -1) {
+ ast_http_error(ser, 500, "Server Error", "Internal Server Error (mkstemp failed)");
+ goto auth_callback_out;
+ }
+- s.f = fdopen(s.fd, "w+");
+- if (!s.f) {
++ s.stream = ast_iostream_from_fd(&fd);
++ if (!s.stream) {
+ ast_log(LOG_WARNING, "HTTP Manager, fdopen failed: %s!\n", strerror(errno));
+ ast_http_error(ser, 500, "Server Error", "Internal Server Error (fdopen failed)");
+- close(s.fd);
++ close(fd);
+ goto auth_callback_out;
+ }
+
+@@ -8087,7 +8062,7 @@ static int auth_http_callback(struct ast_tcptls_session_instance *ser,
+ m.headers[idx] = NULL;
+ }
+
+- result_size = ftell(s.f); /* Calculate approx. size of result */
++ result_size = lseek(ast_iostream_get_fd(s.stream), SEEK_CUR, 0); /* Calculate approx. size of result */
+
+ http_header = ast_str_create(80);
+ out = ast_str_create(result_size * 2 + 512);
+@@ -8139,11 +8114,10 @@ auth_callback_out:
+ ast_free(out);
+
+ ao2_lock(session);
+- if (session->f) {
+- fclose(session->f);
++ if (session->stream) {
++ ast_iostream_close(session->stream);
++ session->stream = NULL;
+ }
+- session->f = NULL;
+- session->fd = -1;
+ ao2_unlock(session);
+
+ if (session->needdestroy) {
+diff --git a/main/tcptls.c b/main/tcptls.c
+index 046501b..44b609f 100644
+--- a/main/tcptls.c
++++ b/main/tcptls.c
+@@ -49,506 +49,13 @@ ASTERISK_REGISTER_FILE()
+ #include "asterisk/astobj2.h"
+ #include "asterisk/pbx.h"
+
+-/*! ao2 object used for the FILE stream fopencookie()/funopen() cookie. */
+-struct ast_tcptls_stream {
+- /*! SSL state if not NULL */
+- SSL *ssl;
+- /*!
+- * \brief Start time from when an I/O sequence must complete
+- * by struct ast_tcptls_stream.timeout.
+- *
+- * \note If struct ast_tcptls_stream.start.tv_sec is zero then
+- * start time is the current I/O request.
+- */
+- struct timeval start;
+- /*!
+- * \brief The socket returned by accept().
+- *
+- * \note Set to -1 if the stream is closed.
+- */
+- int fd;
+- /*!
+- * \brief Timeout in ms relative to struct ast_tcptls_stream.start
+- * to wait for an event on struct ast_tcptls_stream.fd.
+- *
+- * \note Set to -1 to disable timeout.
+- * \note The socket needs to be set to non-blocking for the timeout
+- * feature to work correctly.
+- */
+- int timeout;
+- /*! TRUE if stream can exclusively wait for fd input. */
+- int exclusive_input;
+-};
+-
+-void ast_tcptls_stream_set_timeout_disable(struct ast_tcptls_stream *stream)
+-{
+- ast_assert(stream != NULL);
+-
+- stream->timeout = -1;
+-}
+-
+-void ast_tcptls_stream_set_timeout_inactivity(struct ast_tcptls_stream *stream, int timeout)
+-{
+- ast_assert(stream != NULL);
+-
+- stream->start.tv_sec = 0;
+- stream->timeout = timeout;
+-}
+-
+-void ast_tcptls_stream_set_timeout_sequence(struct ast_tcptls_stream *stream, struct timeval start, int timeout)
+-{
+- ast_assert(stream != NULL);
+-
+- stream->start = start;
+- stream->timeout = timeout;
+-}
+-
+-void ast_tcptls_stream_set_exclusive_input(struct ast_tcptls_stream *stream, int exclusive_input)
+-{
+- ast_assert(stream != NULL);
+-
+- stream->exclusive_input = exclusive_input;
+-}
+-
+-/*!
+- * \internal
+- * \brief fopencookie()/funopen() stream read function.
+- *
+- * \param cookie Stream control data.
+- * \param buf Where to put read data.
+- * \param size Size of the buffer.
+- *
+- * \retval number of bytes put into buf.
+- * \retval 0 on end of file.
+- * \retval -1 on error.
+- */
+-static HOOK_T tcptls_stream_read(void *cookie, char *buf, LEN_T size)
+-{
+- struct ast_tcptls_stream *stream = cookie;
+- struct timeval start;
+- int ms;
+- int res;
+-
+- if (!size) {
+- /* You asked for no data you got no data. */
+- return 0;
+- }
+-
+- if (!stream || stream->fd == -1) {
+- errno = EBADF;
+- return -1;
+- }
+-
+- if (stream->start.tv_sec) {
+- start = stream->start;
+- } else {
+- start = ast_tvnow();
+- }
+-
+-#if defined(DO_SSL)
+- if (stream->ssl) {
+- for (;;) {
+- res = SSL_read(stream->ssl, buf, size);
+- if (0 < res) {
+- /* We read some payload data. */
+- return res;
+- }
+- switch (SSL_get_error(stream->ssl, res)) {
+- case SSL_ERROR_ZERO_RETURN:
+- /* Report EOF for a shutdown */
+- ast_debug(1, "TLS clean shutdown alert reading data\n");
+- return 0;
+- case SSL_ERROR_WANT_READ:
+- if (!stream->exclusive_input) {
+- /* We cannot wait for data now. */
+- errno = EAGAIN;
+- return -1;
+- }
+- while ((ms = ast_remaining_ms(start, stream->timeout))) {
+- res = ast_wait_for_input(stream->fd, ms);
+- if (0 < res) {
+- /* Socket is ready to be read. */
+- break;
+- }
+- if (res < 0) {
+- if (errno == EINTR || errno == EAGAIN) {
+- /* Try again. */
+- continue;
+- }
+- ast_debug(1, "TLS socket error waiting for read data: %s\n",
+- strerror(errno));
+- return -1;
+- }
+- }
+- break;
+- case SSL_ERROR_WANT_WRITE:
+- while ((ms = ast_remaining_ms(start, stream->timeout))) {
+- res = ast_wait_for_output(stream->fd, ms);
+- if (0 < res) {
+- /* Socket is ready to be written. */
+- break;
+- }
+- if (res < 0) {
+- if (errno == EINTR || errno == EAGAIN) {
+- /* Try again. */
+- continue;
+- }
+- ast_debug(1, "TLS socket error waiting for write space: %s\n",
+- strerror(errno));
+- return -1;
+- }
+- }
+- break;
+- default:
+- /* Report EOF for an undecoded SSL or transport error. */
+- ast_debug(1, "TLS transport or SSL error reading data\n");
+- return 0;
+- }
+- if (!ms) {
+- /* Report EOF for a timeout */
+- ast_debug(1, "TLS timeout reading data\n");
+- return 0;
+- }
+- }
+- }
+-#endif /* defined(DO_SSL) */
+-
+- for (;;) {
+- res = read(stream->fd, buf, size);
+- if (0 <= res || !stream->exclusive_input) {
+- /* Got data or we cannot wait for it. */
+- return res;
+- }
+- if (errno != EINTR && errno != EAGAIN) {
+- /* Not a retryable error. */
+- ast_debug(1, "TCP socket error reading data: %s\n",
+- strerror(errno));
+- return -1;
+- }
+- ms = ast_remaining_ms(start, stream->timeout);
+- if (!ms) {
+- /* Report EOF for a timeout */
+- ast_debug(1, "TCP timeout reading data\n");
+- return 0;
+- }
+- ast_wait_for_input(stream->fd, ms);
+- }
+-}
+-
+-/*!
+- * \internal
+- * \brief fopencookie()/funopen() stream write function.
+- *
+- * \param cookie Stream control data.
+- * \param buf Where to get data to write.
+- * \param size Size of the buffer.
+- *
+- * \retval number of bytes written from buf.
+- * \retval -1 on error.
+- */
+-static HOOK_T tcptls_stream_write(void *cookie, const char *buf, LEN_T size)
+-{
+- struct ast_tcptls_stream *stream = cookie;
+- struct timeval start;
+- int ms;
+- int res;
+- int written;
+- int remaining;
+-
+- if (!size) {
+- /* You asked to write no data you wrote no data. */
+- return 0;
+- }
+-
+- if (!stream || stream->fd == -1) {
+- errno = EBADF;
+- return -1;
+- }
+-
+- if (stream->start.tv_sec) {
+- start = stream->start;
+- } else {
+- start = ast_tvnow();
+- }
+-
+-#if defined(DO_SSL)
+- if (stream->ssl) {
+- written = 0;
+- remaining = size;
+- for (;;) {
+- res = SSL_write(stream->ssl, buf + written, remaining);
+- if (res == remaining) {
+- /* Everything was written. */
+- return size;
+- }
+- if (0 < res) {
+- /* Successfully wrote part of the buffer. Try to write the rest. */
+- written += res;
+- remaining -= res;
+- continue;
+- }
+- switch (SSL_get_error(stream->ssl, res)) {
+- case SSL_ERROR_ZERO_RETURN:
+- ast_debug(1, "TLS clean shutdown alert writing data\n");
+- if (written) {
+- /* Report partial write. */
+- return written;
+- }
+- errno = EBADF;
+- return -1;
+- case SSL_ERROR_WANT_READ:
+- ms = ast_remaining_ms(start, stream->timeout);
+- if (!ms) {
+- /* Report partial write. */
+- ast_debug(1, "TLS timeout writing data (want read)\n");
+- return written;
+- }
+- ast_wait_for_input(stream->fd, ms);
+- break;
+- case SSL_ERROR_WANT_WRITE:
+- ms = ast_remaining_ms(start, stream->timeout);
+- if (!ms) {
+- /* Report partial write. */
+- ast_debug(1, "TLS timeout writing data (want write)\n");
+- return written;
+- }
+- ast_wait_for_output(stream->fd, ms);
+- break;
+- default:
+- /* Undecoded SSL or transport error. */
+- ast_debug(1, "TLS transport or SSL error writing data\n");
+- if (written) {
+- /* Report partial write. */
+- return written;
+- }
+- errno = EBADF;
+- return -1;
+- }
+- }
+- }
+-#endif /* defined(DO_SSL) */
+-
+- written = 0;
+- remaining = size;
+- for (;;) {
+- res = write(stream->fd, buf + written, remaining);
+- if (res == remaining) {
+- /* Yay everything was written. */
+- return size;
+- }
+- if (0 < res) {
+- /* Successfully wrote part of the buffer. Try to write the rest. */
+- written += res;
+- remaining -= res;
+- continue;
+- }
+- if (errno != EINTR && errno != EAGAIN) {
+- /* Not a retryable error. */
+- ast_debug(1, "TCP socket error writing: %s\n", strerror(errno));
+- if (written) {
+- return written;
+- }
+- return -1;
+- }
+- ms = ast_remaining_ms(start, stream->timeout);
+- if (!ms) {
+- /* Report partial write. */
+- ast_debug(1, "TCP timeout writing data\n");
+- return written;
+- }
+- ast_wait_for_output(stream->fd, ms);
+- }
+-}
+-
+-/*!
+- * \internal
+- * \brief fopencookie()/funopen() stream close function.
+- *
+- * \param cookie Stream control data.
+- *
+- * \retval 0 on success.
+- * \retval -1 on error.
+- */
+-static int tcptls_stream_close(void *cookie)
+-{
+- struct ast_tcptls_stream *stream = cookie;
+-
+- if (!stream) {
+- errno = EBADF;
+- return -1;
+- }
+-
+- if (stream->fd != -1) {
+-#if defined(DO_SSL)
+- if (stream->ssl) {
+- int res;
+-
+- /*
+- * According to the TLS standard, it is acceptable for an
+- * application to only send its shutdown alert and then
+- * close the underlying connection without waiting for
+- * the peer's response (this way resources can be saved,
+- * as the process can already terminate or serve another
+- * connection).
+- */
+- res = SSL_shutdown(stream->ssl);
+- if (res < 0) {
+- ast_log(LOG_ERROR, "SSL_shutdown() failed: %d\n",
+- SSL_get_error(stream->ssl, res));
+- }
+-
+- if (!stream->ssl->server) {
+- /* For client threads, ensure that the error stack is cleared */
+-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+- ERR_remove_thread_state(NULL);
+-#else
+- ERR_remove_state(0);
+-#endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L */
+- }
+-
+- SSL_free(stream->ssl);
+- stream->ssl = NULL;
+- }
+-#endif /* defined(DO_SSL) */
+-
+- /*
+- * Issuing shutdown() is necessary here to avoid a race
+- * condition where the last data written may not appear
+- * in the TCP stream. See ASTERISK-23548
+- */
+- shutdown(stream->fd, SHUT_RDWR);
+- if (close(stream->fd)) {
+- ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno));
+- }
+- stream->fd = -1;
+- }
+- ao2_t_ref(stream, -1, "Closed tcptls stream cookie");
+-
+- return 0;
+-}
+-
+-/*!
+- * \internal
+- * \brief fopencookie()/funopen() stream destructor function.
+- *
+- * \param cookie Stream control data.
+- *
+- * \return Nothing
+- */
+-static void tcptls_stream_dtor(void *cookie)
+-{
+-#ifdef AST_DEVMODE
+- /* Since the ast_assert below is the only one using stream,
+- * and ast_assert is only available with AST_DEVMODE, we
+- * put this in a conditional to avoid compiler warnings. */
+- struct ast_tcptls_stream *stream = cookie;
+-#endif
+-
+- ast_assert(stream->fd == -1);
+-}
+-
+-/*!
+- * \internal
+- * \brief fopencookie()/funopen() stream allocation function.
+- *
+- * \retval stream_cookie on success.
+- * \retval NULL on error.
+- */
+-static struct ast_tcptls_stream *tcptls_stream_alloc(void)
+-{
+- struct ast_tcptls_stream *stream;
+-
+- stream = ao2_alloc_options(sizeof(*stream), tcptls_stream_dtor,
+- AO2_ALLOC_OPT_LOCK_NOLOCK);
+- if (stream) {
+- stream->fd = -1;
+- stream->timeout = -1;
+- }
+- return stream;
+-}
+-
+-/*!
+- * \internal
+- * \brief Open a custom FILE stream for tcptls.
+- *
+- * \param stream Stream cookie control data.
+- * \param ssl SSL state if not NULL.
+- * \param fd Socket file descriptor.
+- * \param timeout ms to wait for an event on fd. -1 if timeout disabled.
+- *
+- * \retval fp on success.
+- * \retval NULL on error.
+- */
+-static FILE *tcptls_stream_fopen(struct ast_tcptls_stream *stream, SSL *ssl, int fd, int timeout)
+-{
+- FILE *fp;
+-
+-#if defined(HAVE_FOPENCOOKIE) /* the glibc/linux interface */
+- static const cookie_io_functions_t cookie_funcs = {
+- tcptls_stream_read,
+- tcptls_stream_write,
+- NULL,
+- tcptls_stream_close
+- };
+-#endif /* defined(HAVE_FOPENCOOKIE) */
+-
+- if (fd == -1) {
+- /* Socket not open. */
+- return NULL;
+- }
+-
+- stream->ssl = ssl;
+- stream->fd = fd;
+- stream->timeout = timeout;
+- ao2_t_ref(stream, +1, "Opening tcptls stream cookie");
+-
+-#if defined(HAVE_FUNOPEN) /* the BSD interface */
+- fp = funopen(stream, tcptls_stream_read, tcptls_stream_write, NULL,
+- tcptls_stream_close);
+-#elif defined(HAVE_FOPENCOOKIE) /* the glibc/linux interface */
+- fp = fopencookie(stream, "w+", cookie_funcs);
+-#else
+- /* could add other methods here */
+- ast_debug(2, "No stream FILE methods attempted!\n");
+- fp = NULL;
+-#endif
+-
+- if (!fp) {
+- stream->fd = -1;
+- ao2_t_ref(stream, -1, "Failed to open tcptls stream cookie");
+- }
+- return fp;
+-}
+-
+-HOOK_T ast_tcptls_server_read(struct ast_tcptls_session_instance *tcptls_session, void *buf, size_t count)
+-{
+- if (!tcptls_session->stream_cookie || tcptls_session->stream_cookie->fd == -1) {
+- ast_log(LOG_ERROR, "TCP/TLS read called on invalid stream.\n");
+- errno = EIO;
+- return -1;
+- }
+-
+- return tcptls_stream_read(tcptls_session->stream_cookie, buf, count);
+-}
+-
+-HOOK_T ast_tcptls_server_write(struct ast_tcptls_session_instance *tcptls_session, const void *buf, size_t count)
+-{
+- if (!tcptls_session->stream_cookie || tcptls_session->stream_cookie->fd == -1) {
+- ast_log(LOG_ERROR, "TCP/TLS write called on invalid stream.\n");
+- errno = EIO;
+- return -1;
+- }
+-
+- return tcptls_stream_write(tcptls_session->stream_cookie, buf, count);
+-}
+-
+ static void session_instance_destructor(void *obj)
+ {
+ struct ast_tcptls_session_instance *i = obj;
+
+- if (i->stream_cookie) {
+- ao2_t_ref(i->stream_cookie, -1, "Destroying tcptls session instance");
+- i->stream_cookie = NULL;
++ if (i->stream) {
++ ast_iostream_close(i->stream);
++ i->stream = NULL;
+ }
+ ast_free(i->overflow_buf);
+ ao2_cleanup(i->private_data);
+@@ -593,9 +100,7 @@ static void *handle_tcptls_connection(void *data)
+ {
+ struct ast_tcptls_session_instance *tcptls_session = data;
+ #ifdef DO_SSL
+- int (*ssl_setup)(SSL *) = (tcptls_session->client) ? SSL_connect : SSL_accept;
+- int ret;
+- char err[256];
++ SSL *ssl;
+ #endif
+
+ /* TCP/TLS connections are associated with external protocols, and
+@@ -610,123 +115,94 @@ static void *handle_tcptls_connection(void *data)
+ return NULL;
+ }
+
+- tcptls_session->stream_cookie = tcptls_stream_alloc();
+- if (!tcptls_session->stream_cookie) {
+- ast_tcptls_close_session_file(tcptls_session);
+- ao2_ref(tcptls_session, -1);
+- return NULL;
+- }
++ if (tcptls_session->parent->tls_cfg) {
++#ifdef DO_SSL
++ if (ast_iostream_start_tls(&tcptls_session->stream, tcptls_session->parent->tls_cfg->ssl_ctx, tcptls_session->client) < 0) {
++ ast_tcptls_close_session_file(tcptls_session);
++ ao2_ref(tcptls_session, -1);
++ return NULL;
++ }
+
+- /*
+- * open a FILE * as appropriate.
+- */
+- if (!tcptls_session->parent->tls_cfg) {
+- tcptls_session->f = tcptls_stream_fopen(tcptls_session->stream_cookie, NULL,
+- tcptls_session->fd, -1);
+- if (tcptls_session->f) {
+- if (setvbuf(tcptls_session->f, NULL, _IONBF, 0)) {
++ ssl = ast_iostream_get_ssl(tcptls_session->stream);
++ if ((tcptls_session->client && !ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_DONT_VERIFY_SERVER))
++ || (!tcptls_session->client && ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_VERIFY_CLIENT))) {
++ X509 *peer;
++ long res;
++ peer = SSL_get_peer_certificate(ssl);
++ if (!peer) {
++ ast_log(LOG_ERROR, "No peer SSL certificate to verify\n");
+ ast_tcptls_close_session_file(tcptls_session);
++ ao2_ref(tcptls_session, -1);
++ return NULL;
+ }
+- }
+- }
+-#ifdef DO_SSL
+- else if ( (tcptls_session->ssl = SSL_new(tcptls_session->parent->tls_cfg->ssl_ctx)) ) {
+- SSL_set_fd(tcptls_session->ssl, tcptls_session->fd);
+- if ((ret = ssl_setup(tcptls_session->ssl)) <= 0) {
+- ast_log(LOG_ERROR, "Problem setting up ssl connection: %s\n", ERR_error_string(ERR_get_error(), err));
+- } else if ((tcptls_session->f = tcptls_stream_fopen(tcptls_session->stream_cookie,
+- tcptls_session->ssl, tcptls_session->fd, -1))) {
+- if ((tcptls_session->client && !ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_DONT_VERIFY_SERVER))
+- || (!tcptls_session->client && ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_VERIFY_CLIENT))) {
+- X509 *peer;
+- long res;
+- peer = SSL_get_peer_certificate(tcptls_session->ssl);
+- if (!peer) {
+- ast_log(LOG_ERROR, "No peer SSL certificate to verify\n");
+- ast_tcptls_close_session_file(tcptls_session);
+- ao2_ref(tcptls_session, -1);
+- return NULL;
+- }
+
+- res = SSL_get_verify_result(tcptls_session->ssl);
+- if (res != X509_V_OK) {
+- ast_log(LOG_ERROR, "Certificate did not verify: %s\n", X509_verify_cert_error_string(res));
+- X509_free(peer);
+- ast_tcptls_close_session_file(tcptls_session);
+- ao2_ref(tcptls_session, -1);
+- return NULL;
+- }
+- if (!ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_IGNORE_COMMON_NAME)) {
+- ASN1_STRING *str;
+- X509_NAME *name = X509_get_subject_name(peer);
+- STACK_OF(GENERAL_NAME) *alt_names;
+- int pos = -1;
+- int found = 0;
+-
+- for (;;) {
+- /* Walk the certificate to check all available "Common Name" */
+- /* XXX Probably should do a gethostbyname on the hostname and compare that as well */
+- pos = X509_NAME_get_index_by_NID(name, NID_commonName, pos);
+- if (pos < 0) {
+- break;
+- }
+-
+- str = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, pos));
+- if (!check_tcptls_cert_name(str, tcptls_session->parent->hostname, "common name")) {
+- found = 1;
+- break;
+- }
++ res = SSL_get_verify_result(ssl);
++ if (res != X509_V_OK) {
++ ast_log(LOG_ERROR, "Certificate did not verify: %s\n", X509_verify_cert_error_string(res));
++ X509_free(peer);
++ ast_tcptls_close_session_file(tcptls_session);
++ ao2_ref(tcptls_session, -1);
++ return NULL;
++ }
++ if (!ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_IGNORE_COMMON_NAME)) {
++ ASN1_STRING *str;
++ X509_NAME *name = X509_get_subject_name(peer);
++ STACK_OF(GENERAL_NAME) *alt_names;
++ int pos = -1;
++ int found = 0;
++
++ for (;;) {
++ /* Walk the certificate to check all available "Common Name" */
++ /* XXX Probably should do a gethostbyname on the hostname and compare that as well */
++ pos = X509_NAME_get_index_by_NID(name, NID_commonName, pos);
++ if (pos < 0) {
++ break;
+ }
++ str = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, pos));
++ if (!check_tcptls_cert_name(str, tcptls_session->parent->hostname, "common name")) {
++ found = 1;
++ break;
++ }
++ }
+
+- if (!found) {
+- alt_names = X509_get_ext_d2i(peer, NID_subject_alt_name, NULL, NULL);
+- if (alt_names != NULL) {
+- int alt_names_count = sk_GENERAL_NAME_num(alt_names);
+-
+- for (pos = 0; pos < alt_names_count; pos++) {
+- const GENERAL_NAME *alt_name = sk_GENERAL_NAME_value(alt_names, pos);
++ if (!found) {
++ alt_names = X509_get_ext_d2i(peer, NID_subject_alt_name, NULL, NULL);
++ if (alt_names != NULL) {
++ int alt_names_count = sk_GENERAL_NAME_num(alt_names);
+
+- if (alt_name->type != GEN_DNS) {
+- continue;
+- }
++ for (pos = 0; pos < alt_names_count; pos++) {
++ const GENERAL_NAME *alt_name = sk_GENERAL_NAME_value(alt_names, pos);
+
+- if (!check_tcptls_cert_name(alt_name->d.dNSName, tcptls_session->parent->hostname, "alt name")) {
+- found = 1;
+- break;
+- }
++ if (alt_name->type != GEN_DNS) {
++ continue;
+ }
+
+- sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
++ if (!check_tcptls_cert_name(alt_name->d.dNSName, tcptls_session->parent->hostname, "alt name")) {
++ found = 1;
++ break;
++ }
+ }
+- }
+
+- if (!found) {
+- ast_log(LOG_ERROR, "Certificate common name did not match (%s)\n", tcptls_session->parent->hostname);
+- X509_free(peer);
+- ast_tcptls_close_session_file(tcptls_session);
+- ao2_ref(tcptls_session, -1);
+- return NULL;
++ sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
+ }
+ }
+- X509_free(peer);
++
++ if (!found) {
++ ast_log(LOG_ERROR, "Certificate common name did not match (%s)\n", tcptls_session->parent->hostname);
++ X509_free(peer);
++ ast_tcptls_close_session_file(tcptls_session);
++ ao2_ref(tcptls_session, -1);
++ return NULL;
++ }
+ }
++ X509_free(peer);
+ }
+- if (!tcptls_session->f) { /* no success opening descriptor stacking */
+- SSL_free(tcptls_session->ssl);
+- }
+- }
+-#endif /* DO_SSL */
+-
+- if (!tcptls_session->f) {
++#else
++ ast_log(LOG_ERROR, "Attempted a TLS connection without OpenSSL support. This will not work!\n");
+ ast_tcptls_close_session_file(tcptls_session);
+- ast_log(LOG_WARNING, "FILE * open failed!\n");
+-#ifndef DO_SSL
+- if (tcptls_session->parent->tls_cfg) {
+- ast_log(LOG_ERROR, "Attempted a TLS connection without OpenSSL support. This will not work!\n");
+- }
+-#endif
+ ao2_ref(tcptls_session, -1);
+ return NULL;
++#endif /* DO_SSL */
+ }
+
+ if (tcptls_session->parent->worker_fn) {
+@@ -774,7 +250,13 @@ void *ast_tcptls_server_root(void *data)
+ tcptls_session->overflow_buf = ast_str_create(128);
+ flags = fcntl(fd, F_GETFL);
+ fcntl(fd, F_SETFL, flags & ~O_NONBLOCK);
+- tcptls_session->fd = fd;
++
++ tcptls_session->stream = ast_iostream_from_fd(&fd);
++ if (!tcptls_session->stream) {
++ ast_log(LOG_WARNING, "No memory for new session iostream\n");
++ continue;
++ }
++
+ tcptls_session->parent = desc;
+ ast_sockaddr_copy(&tcptls_session->remote_address, &addr);
+
+@@ -1038,7 +520,7 @@ client_start_error:
+
+ struct ast_tcptls_session_instance *ast_tcptls_client_create(struct ast_tcptls_session_args *desc)
+ {
+- int x = 1;
++ int fd, x = 1;
+ struct ast_tcptls_session_instance *tcptls_session = NULL;
+
+ /* Do nothing if nothing has changed */
+@@ -1054,8 +536,8 @@ struct ast_tcptls_session_instance *ast_tcptls_client_create(struct ast_tcptls_s
+ close(desc->accept_fd);
+ }
+
+- desc->accept_fd = socket(ast_sockaddr_is_ipv6(&desc->remote_address) ?
+- AF_INET6 : AF_INET, SOCK_STREAM, IPPROTO_TCP);
++ fd = desc->accept_fd = socket(ast_sockaddr_is_ipv6(&desc->remote_address) ?
++ AF_INET6 : AF_INET, SOCK_STREAM, IPPROTO_TCP);
+ if (desc->accept_fd < 0) {
+ ast_log(LOG_ERROR, "Unable to allocate socket for %s: %s\n",
+ desc->name, strerror(errno));
+@@ -1081,7 +563,11 @@ struct ast_tcptls_session_instance *ast_tcptls_client_create(struct ast_tcptls_s
+
+ tcptls_session->overflow_buf = ast_str_create(128);
+ tcptls_session->client = 1;
+- tcptls_session->fd = desc->accept_fd;
++ tcptls_session->stream = ast_iostream_from_fd(&fd);
++ if (!tcptls_session->stream) {
++ goto error;
++ }
++
+ tcptls_session->parent = desc;
+ tcptls_session->parent->worker_fn = NULL;
+ ast_sockaddr_copy(&tcptls_session->remote_address,
+@@ -1172,24 +658,9 @@ error:
+
+ void ast_tcptls_close_session_file(struct ast_tcptls_session_instance *tcptls_session)
+ {
+- if (tcptls_session->f) {
+- fflush(tcptls_session->f);
+- if (fclose(tcptls_session->f)) {
+- ast_log(LOG_ERROR, "fclose() failed: %s\n", strerror(errno));
+- }
+- tcptls_session->f = NULL;
+- tcptls_session->fd = -1;
+- } else if (tcptls_session->fd != -1) {
+- /*
+- * Issuing shutdown() is necessary here to avoid a race
+- * condition where the last data written may not appear
+- * in the TCP stream. See ASTERISK-23548
+- */
+- shutdown(tcptls_session->fd, SHUT_RDWR);
+- if (close(tcptls_session->fd)) {
+- ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno));
+- }
+- tcptls_session->fd = -1;
++ if (tcptls_session->stream) {
++ ast_iostream_close(tcptls_session->stream);
++ tcptls_session->stream = NULL;
+ } else {
+ ast_log(LOG_ERROR, "ast_tcptls_close_session_file invoked on session instance without file or file descriptor\n");
+ }
+diff --git a/main/utils.c b/main/utils.c
+index 3dfc02c..f406dbe 100644
+--- a/main/utils.c
++++ b/main/utils.c
+@@ -1429,68 +1429,6 @@ int ast_carefulwrite(int fd, char *s, int len, int timeoutms)
+ return res;
+ }
+
+-int ast_careful_fwrite(FILE *f, int fd, const char *src, size_t len, int timeoutms)
+-{
+- struct timeval start = ast_tvnow();
+- int n = 0;
+- int elapsed = 0;
+-
+- while (len) {
+- if (wait_for_output(fd, timeoutms - elapsed)) {
+- /* poll returned a fatal error, so bail out immediately. */
+- return -1;
+- }
+-
+- /* Clear any errors from a previous write */
+- clearerr(f);
+-
+- n = fwrite(src, 1, len, f);
+-
+- if (ferror(f) && errno != EINTR && errno != EAGAIN) {
+- /* fatal error from fwrite() */
+- if (!feof(f)) {
+- /* Don't spam the logs if it was just that the connection is closed. */
+- ast_log(LOG_ERROR, "fwrite() returned error: %s\n", strerror(errno));
+- }
+- n = -1;
+- break;
+- }
+-
+- /* Update for data already written to the socket */
+- len -= n;
+- src += n;
+-
+- elapsed = ast_tvdiff_ms(ast_tvnow(), start);
+- if (elapsed >= timeoutms) {
+- /* We've taken too long to write
+- * This is only an error condition if we haven't finished writing. */
+- n = len ? -1 : 0;
+- break;
+- }
+- }
+-
+- errno = 0;
+- while (fflush(f)) {
+- if (errno == EAGAIN || errno == EINTR) {
+- /* fflush() does not appear to reset errno if it flushes
+- * and reaches EOF at the same time. It returns EOF with
+- * the last seen value of errno, causing a possible loop.
+- * Also usleep() to reduce CPU eating if it does loop */
+- errno = 0;
+- usleep(1);
+- continue;
+- }
+- if (errno && !feof(f)) {
+- /* Don't spam the logs if it was just that the connection is closed. */
+- ast_log(LOG_ERROR, "fflush() returned error: %s\n", strerror(errno));
+- }
+- n = -1;
+- break;
+- }
+-
+- return n < 0 ? -1 : 0;
+-}
+-
+ char *ast_strip_quoted(char *s, const char *beg_quotes, const char *end_quotes)
+ {
+ char *e;
+diff --git a/res/res_http_post.c b/res/res_http_post.c
+index 37fc4fa..907ee56 100644
+--- a/res/res_http_post.c
++++ b/res/res_http_post.c
+@@ -213,7 +213,7 @@ static int find_sequence(char * inbuf, int inlen, char * matchbuf, int matchlen)
+ * This function has two modes. The first to find a boundary marker. The
+ * second is to find the filename immediately after the boundary.
+ */
+-static int readmimefile(FILE *fin, FILE *fout, char *boundary, int contentlen)
++static int readmimefile(struct ast_iostream *in, FILE *fout, char *boundary, int contentlen)
+ {
+ int find_filename = 0;
+ char buf[4096];
+@@ -224,7 +224,7 @@ static int readmimefile(FILE *fin, FILE *fout, char *boundary, int contentlen)
+ int boundary_len;
+ char * path_end, * path_start, * filespec;
+
+- if (NULL == fin || NULL == fout || NULL == boundary || 0 >= contentlen) {
++ if (NULL == in || NULL == fout || NULL == boundary || 0 >= contentlen) {
+ return -1;
+ }
+
+@@ -238,8 +238,8 @@ static int readmimefile(FILE *fin, FILE *fout, char *boundary, int contentlen)
+ }
+
+ if (0 < num_to_read) {
+- if (fread(&(buf[char_in_buf]), 1, num_to_read, fin) < num_to_read) {
+- ast_log(LOG_WARNING, "fread() failed: %s\n", strerror(errno));
++ if (ast_iostream_read(in, &(buf[char_in_buf]), num_to_read) < num_to_read) {
++ ast_log(LOG_WARNING, "read failed: %s\n", strerror(errno));
+ num_to_read = 0;
+ }
+ contentlen -= num_to_read;
+@@ -380,7 +380,7 @@ static int http_post_callback(struct ast_tcptls_session_instance *ser, const str
+ */
+ ast_http_body_read_status(ser, 0);
+
+- if (0 > readmimefile(ser->f, f, boundary_marker, content_len)) {
++ if (0 > readmimefile(ser->stream, f, boundary_marker, content_len)) {
+ ast_debug(1, "Cannot find boundary marker in POST request.\n");
+ fclose(f);
+ ast_http_error(ser, 400, "Bad Request", "Cannot find boundary marker in POST request.");
+diff --git a/res/res_http_websocket.c b/res/res_http_websocket.c
+index 8476e26..ce6430f 100644
+--- a/res/res_http_websocket.c
++++ b/res/res_http_websocket.c
+@@ -88,8 +88,7 @@ ASTERISK_REGISTER_FILE()
+
+ /*! \brief Structure definition for session */
+ struct ast_websocket {
+- FILE *f; /*!< Pointer to the file instance used for writing and reading */
+- int fd; /*!< File descriptor for the session, only used for polling */
++ struct ast_iostream *stream; /*!< iostream of the connection */
+ struct ast_sockaddr address; /*!< Address of the remote client */
+ enum ast_websocket_opcode opcode; /*!< Cached opcode for multi-frame messages */
+ size_t payload_len; /*!< Length of the payload */
+@@ -180,10 +179,11 @@ static void session_destroy_fn(void *obj)
+ {
+ struct ast_websocket *session = obj;
+
+- if (session->f) {
++ if (session->stream) {
+ ast_websocket_close(session, 0);
+- if (session->f) {
+- fclose(session->f);
++ if (session->stream) {
++ ast_iostream_close(session->stream);
++ session->stream = NULL;
+ ast_verb(2, "WebSocket connection %s '%s' closed\n", session->client ? "to" : "from",
+ ast_sockaddr_stringify(&session->address));
+ }
+@@ -309,20 +309,22 @@ int AST_OPTIONAL_API_NAME(ast_websocket_close)(struct ast_websocket *session, ui
+ session->close_sent = 1;
+
+ ao2_lock(session);
+- res = ast_careful_fwrite(session->f, session->fd, frame, 4, session->timeout);
++ ast_iostream_set_timeout_inactivity(session->stream, session->timeout);
++ res = ast_iostream_write(session->stream, frame, sizeof(frame));
++ ast_iostream_set_timeout_disable(session->stream);
+
+ /* If an error occurred when trying to close this connection explicitly terminate it now.
+ * Doing so will cause the thread polling on it to wake up and terminate.
+ */
+- if (res) {
+- fclose(session->f);
+- session->f = NULL;
++ if (res != sizeof(frame)) {
++ ast_iostream_close(session->stream);
++ session->stream = NULL;
+ ast_verb(2, "WebSocket connection %s '%s' forcefully closed due to fatal write error\n",
+ session->client ? "to" : "from", ast_sockaddr_stringify(&session->address));
+ }
+
+ ao2_unlock(session);
+- return res;
++ return res == sizeof(frame);
+ }
+
+ static const char *opcode_map[] = {
+@@ -390,7 +392,8 @@ int AST_OPTIONAL_API_NAME(ast_websocket_write)(struct ast_websocket *session, en
+ return -1;
+ }
+
+- if (ast_careful_fwrite(session->f, session->fd, frame, frame_size, session->timeout)) {
++ ast_iostream_set_timeout_sequence(session->stream, ast_tvnow(), session->timeout);
++ if (ast_iostream_write(session->stream, frame, frame_size) != frame_size) {
+ ao2_unlock(session);
+ /* 1011 - server terminating connection due to not being able to fulfill the request */
+ ast_debug(1, "Closing WS with 1011 because we can't fulfill a write request\n");
+@@ -398,7 +401,7 @@ int AST_OPTIONAL_API_NAME(ast_websocket_write)(struct ast_websocket *session, en
+ return -1;
+ }
+
+- fflush(session->f);
++ ast_iostream_set_timeout_disable(session->stream);
+ ao2_unlock(session);
+
+ return 0;
+@@ -426,7 +429,7 @@ void AST_OPTIONAL_API_NAME(ast_websocket_unref)(struct ast_websocket *session)
+
+ int AST_OPTIONAL_API_NAME(ast_websocket_fd)(struct ast_websocket *session)
+ {
+- return session->closing ? -1 : session->fd;
++ return session->closing ? -1 : ast_iostream_get_fd(session->stream);
+ }
+
+ struct ast_sockaddr * AST_OPTIONAL_API_NAME(ast_websocket_remote_address)(struct ast_websocket *session)
+@@ -441,18 +444,8 @@ int AST_OPTIONAL_API_NAME(ast_websocket_is_secure)(struct ast_websocket *session
+
+ int AST_OPTIONAL_API_NAME(ast_websocket_set_nonblock)(struct ast_websocket *session)
+ {
+- int flags;
+-
+- if ((flags = fcntl(session->fd, F_GETFL)) == -1) {
+- return -1;
+- }
+-
+- flags |= O_NONBLOCK;
+-
+- if ((flags = fcntl(session->fd, F_SETFL, flags)) == -1) {
+- return -1;
+- }
+-
++ ast_iostream_nonblock(session->stream);
++ ast_iostream_set_exclusive_input(session->stream, 0);
+ return 0;
+ }
+
+@@ -505,17 +498,16 @@ static inline int ws_safe_read(struct ast_websocket *session, char *buf, int len
+ int sanity = 10;
+
+ ao2_lock(session);
+- if (!session->f) {
++ if (!session->stream) {
+ ao2_unlock(session);
+ errno = ECONNABORTED;
+ return -1;
+ }
+
+ for (;;) {
+- clearerr(session->f);
+- rlen = fread(rbuf, 1, xlen, session->f);
+- if (!rlen) {
+- if (feof(session->f)) {
++ rlen = ast_iostream_read(session->stream, rbuf, xlen);
++ if (rlen != xlen) {
++ if (rlen == 0) {
+ ast_log(LOG_WARNING, "Web socket closed abruptly\n");
+ *opcode = AST_WEBSOCKET_OPCODE_CLOSE;
+ session->closing = 1;
+@@ -523,7 +515,7 @@ static inline int ws_safe_read(struct ast_websocket *session, char *buf, int len
+ return -1;
+ }
+
+- if (ferror(session->f) && errno != EAGAIN) {
++ if (rlen < 0 && errno != EAGAIN) {
+ ast_log(LOG_ERROR, "Error reading from web socket: %s\n", strerror(errno));
+ *opcode = AST_WEBSOCKET_OPCODE_CLOSE;
+ session->closing = 1;
+@@ -544,7 +536,7 @@ static inline int ws_safe_read(struct ast_websocket *session, char *buf, int len
+ if (!xlen) {
+ break;
+ }
+- if (ast_wait_for_input(session->fd, 1000) < 0) {
++ if (ast_wait_for_input(ast_iostream_get_fd(session->stream), 1000) < 0) {
+ ast_log(LOG_ERROR, "ast_wait_for_input returned err: %s\n", strerror(errno));
+ *opcode = AST_WEBSOCKET_OPCODE_CLOSE;
+ session->closing = 1;
+@@ -839,7 +831,7 @@ int AST_OPTIONAL_API_NAME(ast_websocket_uri_cb)(struct ast_tcptls_session_instan
+ ao2_ref(protocol_handler, -1);
+ return 0;
+ }
+- session->timeout = AST_DEFAULT_WEBSOCKET_WRITE_TIMEOUT;
++ session->timeout = AST_DEFAULT_WEBSOCKET_WRITE_TIMEOUT;
+
+ /* Generate the session id */
+ if (!ast_uuid_generate_str(session->session_id, sizeof(session->session_id))) {
+@@ -869,7 +861,8 @@ int AST_OPTIONAL_API_NAME(ast_websocket_uri_cb)(struct ast_tcptls_session_instan
+ * Connection_.
+ */
+ if (protocol) {
+- fprintf(ser->f, "HTTP/1.1 101 Switching Protocols\r\n"
++ ast_iostream_printf(ser->stream,
++ "HTTP/1.1 101 Switching Protocols\r\n"
+ "Upgrade: %s\r\n"
+ "Connection: Upgrade\r\n"
+ "Sec-WebSocket-Accept: %s\r\n"
+@@ -878,15 +871,14 @@ int AST_OPTIONAL_API_NAME(ast_websocket_uri_cb)(struct ast_tcptls_session_instan
+ websocket_combine_key(key, base64, sizeof(base64)),
+ protocol);
+ } else {
+- fprintf(ser->f, "HTTP/1.1 101 Switching Protocols\r\n"
++ ast_iostream_printf(ser->stream,
++ "HTTP/1.1 101 Switching Protocols\r\n"
+ "Upgrade: %s\r\n"
+ "Connection: Upgrade\r\n"
+ "Sec-WebSocket-Accept: %s\r\n\r\n",
+ upgrade,
+ websocket_combine_key(key, base64, sizeof(base64)));
+ }
+-
+- fflush(ser->f);
+ } else {
+
+ /* Specification defined in http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-75 or completely unknown */
+@@ -898,7 +890,7 @@ int AST_OPTIONAL_API_NAME(ast_websocket_uri_cb)(struct ast_tcptls_session_instan
+ }
+
+ /* Enable keepalive on all sessions so the underlying user does not have to */
+- if (setsockopt(ser->fd, SOL_SOCKET, SO_KEEPALIVE, &flags, sizeof(flags))) {
++ if (setsockopt(ast_iostream_get_fd(ser->stream), SOL_SOCKET, SO_KEEPALIVE, &flags, sizeof(flags))) {
+ ast_log(LOG_WARNING, "WebSocket connection from '%s' could not be accepted - failed to enable keepalive\n",
+ ast_sockaddr_stringify(&ser->remote_address));
+ websocket_bad_request(ser);
+@@ -910,25 +902,23 @@ int AST_OPTIONAL_API_NAME(ast_websocket_uri_cb)(struct ast_tcptls_session_instan
+ ast_verb(2, "WebSocket connection from '%s' for protocol '%s' accepted using version '%d'\n", ast_sockaddr_stringify(&ser->remote_address), protocol ? : "", version);
+
+ /* Populate the session with all the needed details */
+- session->f = ser->f;
+- session->fd = ser->fd;
++ session->stream = ser->stream;
+ ast_sockaddr_copy(&session->address, &ser->remote_address);
+ session->opcode = -1;
+ session->reconstruct = DEFAULT_RECONSTRUCTION_CEILING;
+- session->secure = ser->ssl ? 1 : 0;
++ session->secure = ast_iostream_get_ssl(ser->stream) ? 1 : 0;
+
+ /* Give up ownership of the socket and pass it to the protocol handler */
+- ast_tcptls_stream_set_exclusive_input(ser->stream_cookie, 0);
++ ast_iostream_set_exclusive_input(session->stream, 0);
+ protocol_handler->session_established(session, get_vars, headers);
+ ao2_ref(protocol_handler, -1);
+
+ /*
+- * By dropping the FILE* and fd from the session the connection
++ * By dropping the stream from the session the connection
+ * won't get closed when the HTTP server cleans up because we
+ * passed the connection to the protocol handler.
+ */
+- ser->f = NULL;
+- ser->fd = -1;
++ ser->stream = NULL;
+
+ return 0;
+ }
+@@ -1262,7 +1252,7 @@ static enum ast_websocket_result websocket_client_handshake_get_response(
+ int has_accept = 0;
+ int has_protocol = 0;
+
+- if (!fgets(buf, sizeof(buf), client->ser->f)) {
++ if (ast_iostream_gets(client->ser->stream, buf, sizeof(buf)) <= 0) {
+ ast_log(LOG_ERROR, "Unable to retrieve HTTP status line.");
+ return WS_BAD_STATUS;
+ }
+@@ -1275,7 +1265,7 @@ static enum ast_websocket_result websocket_client_handshake_get_response(
+
+ /* Ignoring line folding - assuming header field values are contained
+ within a single line */
+- while (fgets(buf, sizeof(buf), client->ser->f)) {
++ while (ast_iostream_gets(client->ser->stream, buf, sizeof(buf)) > 0) {
+ char *name, *value;
+ int parsed = ast_http_header_parse(buf, &name, &value);
+
+@@ -1328,19 +1318,19 @@ static enum ast_websocket_result websocket_client_handshake(
+ client->protocols);
+ }
+
+- if (fprintf(client->ser->f,
+- "GET /%s HTTP/1.1\r\n"
+- "Sec-WebSocket-Version: %d\r\n"
+- "Upgrade: websocket\r\n"
+- "Connection: Upgrade\r\n"
+- "Host: %s\r\n"
+- "Sec-WebSocket-Key: %s\r\n"
+- "%s\r\n",
+- client->resource_name ? ast_str_buffer(client->resource_name) : "",
+- client->version,
+- client->host,
+- client->key,
+- protocols) < 0) {
++ if (ast_iostream_printf(client->ser->stream,
++ "GET /%s HTTP/1.1\r\n"
++ "Sec-WebSocket-Version: %d\r\n"
++ "Upgrade: websocket\r\n"
++ "Connection: Upgrade\r\n"
++ "Host: %s\r\n"
++ "Sec-WebSocket-Key: %s\r\n"
++ "%s\r\n",
++ client->resource_name ? ast_str_buffer(client->resource_name) : "",
++ client->version,
++ client->host,
++ client->key,
++ protocols) < 0) {
+ ast_log(LOG_ERROR, "Failed to send handshake.\n");
+ return WS_WRITE_ERROR;
+ }
+@@ -1364,9 +1354,9 @@ static enum ast_websocket_result websocket_client_connect(struct ast_websocket *
+ return res;
+ }
+
+- ws->f = ws->client->ser->f;
+- ws->fd = ws->client->ser->fd;
+- ws->secure = ws->client->ser->ssl ? 1 : 0;
++ ws->stream = ws->client->ser->stream;
++ ws->secure = ast_iostream_get_ssl(ws->stream) ? 1 : 0;
++ ws->client->ser->stream = NULL;
+ ast_sockaddr_copy(&ws->address, &ws->client->ser->remote_address);
+ return WS_OK;
+ }
+diff --git a/res/res_phoneprov.c b/res/res_phoneprov.c
+index 2e4f873..1b77b9f 100644
+--- a/res/res_phoneprov.c
++++ b/res/res_phoneprov.c
+@@ -950,7 +950,7 @@ static int phoneprov_callback(struct ast_tcptls_session_instance *ser, const str
+ socklen_t namelen = sizeof(name.sa);
+ int res;
+
+- if ((res = getsockname(ser->fd, &name.sa, &namelen))) {
++ if ((res = getsockname(ast_iostream_get_fd(ser->stream), &name.sa, &namelen))) {
+ ast_log(LOG_WARNING, "Could not get server IP, breakage likely.\n");
+ } else {
+ struct extension *exten_iter;
+--
+2.10.2
+
diff --git a/main/asterisk/fix-strerror_r.patch b/main/asterisk/fix-strerror_r.patch
new file mode 100644
index 0000000000..97894309bd
--- /dev/null
+++ b/main/asterisk/fix-strerror_r.patch
@@ -0,0 +1,72 @@
+From 3d7089121731a1122e1306e631adaf5004ac323c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Fri, 11 Nov 2016 08:29:40 +0200
+Subject: [PATCH] addons/chan_mobile: do not use strerror_r
+
+The two reasons why it might be used are that some systems do not
+implement strerror in thread safe manner, and that strerror_r returns
+the error code in the string in case there's no error message.
+
+However, all of asterisk elsewhere uses strerror() and assumes it
+to be thread safe. And in chan_mobile the errno is also explicitly
+printed so neither of the above reasons are valid.
+
+The reasoning to remove usage is that there are actually two versions
+of strerror_r: XSI and GNU. They are incompatible in their return
+value, and there's no easy way to figure out which one is being
+used. glibc gives you the GNU version if _GNU_SOURCE is defined,
+but the same feature test macro is needed for other symbols. On
+all other systems you assumedly get XSI symbol, and compilation warnings
+as well as non-working error printing.
+
+Thus the easiest solution is to just remove strerror_r and use
+strerror as rest of the code. Alternative is to introduce ast_strerror
+in separate translation unit so it can request the XSI symbol in
+glibc case, and replace all usage of strerror.
+
+Change-Id: I84d35225b5642d85d48bc35fdf399afbae28a91d
+---
+ addons/chan_mobile.c | 13 +++----------
+ 1 file changed, 3 insertions(+), 10 deletions(-)
+
+diff --git a/addons/chan_mobile.c b/addons/chan_mobile.c
+index 64d53b7..8d13c96 100644
+--- a/addons/chan_mobile.c
++++ b/addons/chan_mobile.c
+@@ -3855,10 +3855,7 @@ static void *do_monitor_phone(void *data)
+ }
+
+ if ((at_msg = at_read_full(hfp->rsock, buf, sizeof(buf))) < 0) {
+- /* XXX gnu specific strerror_r is assummed here, this
+- * is not really safe. See the strerror(3) man page
+- * for more info. */
+- ast_debug(1, "[%s] error reading from device: %s (%d)\n", pvt->id, strerror_r(errno, buf, sizeof(buf)), errno);
++ ast_debug(1, "[%s] error reading from device: %s (%d)\n", pvt->id, strerror(errno), errno);
+ break;
+ }
+
+@@ -3995,7 +3992,7 @@ static void *do_monitor_phone(void *data)
+ ast_debug(1, "[%s] error parsing message\n", pvt->id);
+ goto e_cleanup;
+ case AT_READ_ERROR:
+- ast_debug(1, "[%s] error reading from device: %s (%d)\n", pvt->id, strerror_r(errno, buf, sizeof(buf)), errno);
++ ast_debug(1, "[%s] error reading from device: %s (%d)\n", pvt->id, strerror(errno), errno);
+ goto e_cleanup;
+ default:
+ break;
+@@ -4073,11 +4070,7 @@ static void *do_monitor_headset(void *data)
+ continue;
+
+ if ((at_msg = at_read_full(pvt->rfcomm_socket, buf, sizeof(buf))) < 0) {
+- if (strerror_r(errno, buf, sizeof(buf)))
+- ast_debug(1, "[%s] error reading from device\n", pvt->id);
+- else
+- ast_debug(1, "[%s] error reading from device: %s (%d)\n", pvt->id, buf, errno);
+-
++ ast_debug(1, "[%s] error reading from device: %s (%d)\n", pvt->id, strerror(errno), errno);
+ goto e_cleanup;
+ }
+ ast_debug(1, "[%s] %s\n", pvt->id, buf);
+--
+2.10.2
+