diff options
Diffstat (limited to 'main/asterisk')
| -rw-r--r-- | main/asterisk/APKBUILD | 6 | ||||
| -rw-r--r-- | main/asterisk/ASTERISK-24517.patch | 405 |
2 files changed, 322 insertions, 89 deletions
diff --git a/main/asterisk/APKBUILD b/main/asterisk/APKBUILD index cdbfb6c455..5a40015d35 100644 --- a/main/asterisk/APKBUILD +++ b/main/asterisk/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Timo Teras <timo.teras@iki.fi> # Maintainer: Timo Teras <timo.teras@iki.fi> pkgname=asterisk -pkgver=14.4.1 +pkgver=14.5.0 pkgrel=0 pkgdesc="Asterisk: A Module Open Source PBX System" pkgusers="asterisk" @@ -227,9 +227,9 @@ sound_en() { chown -R asterisk:asterisk "$subpkgdir"/var/*/asterisk } -sha512sums="c28bfc50bba92bd5ebd497caf8c150d1ab5468cf012a858f0b5d65f92d37e444e93f94212e43fc8ede5d715af21af21477cd8adcf6487431fe65e294e543980d asterisk-14.4.1.tar.gz +sha512sums="04dbea932900ecd3218629b2f19d20ad544cd7c02014fb4bd659e638e4a068ba179e6a4400bed788316fd337102ed8290c95823304567f378f9626361fd18c5e asterisk-14.5.0.tar.gz aacef3f4796fb1abd33266998b53909cb4b36e7cc5ad2f7bac68bdc43e9a9072d9a4e2e7e681bddfa31f3d04575eb248afe6ea95da780c67e4829c1e22adfe1b asterisk-addon-mp3-r201.patch.gz -0edbee56000b06aa1d3ea89f27559ca55d26bcdb714685d4fcc16ee0e5776b6946357e871fb80ffeeab5083303cfc5d29888f2fd326ee85a253092c0e5d10fe6 ASTERISK-24517.patch +fedb0e422cd6acdff6a2ad60bebb174fcbac7a029b68b00116f64b2ecf3c0e577616174996b2fe22ed09061d3d6d917d8bf0b02ca9b6f3488b5958c99f127a6b ASTERISK-24517.patch f72c2e04de80d3ed9ce841308101383a1655e6da7a3c888ad31fffe63d1280993e08aefcf8e638316d439c68b38ee05362c87503fca1f36343976a01af9d6eb1 musl-mutex-init.patch 935c25c7b1cdbd376056e20232a0e8c38dd32c344f50306d99930bf7cb37685c31329ead273b08ac9ab76daa9386adfb05b57440e46a39cb80e5542d65e8e3ed restore-multihomed-module.patch cd5bd1c1d7db0a44b14eb10e6d098af0c6474c8fe1a57395090d6795ac00e9243d004b7d24eba2cfd5bd6d6407c271913e794551a8dfcf3cf93e89fc91349e12 asterisk.initd diff --git a/main/asterisk/ASTERISK-24517.patch b/main/asterisk/ASTERISK-24517.patch index 25d752a892..ad3116639c 100644 --- a/main/asterisk/ASTERISK-24517.patch +++ b/main/asterisk/ASTERISK-24517.patch @@ -1,4 +1,4 @@ -From 2dd17aa5306636e9b400590eb172cbc5bd87eb74 Mon Sep 17 00:00:00 2001 +From 6d511d7ff88ab6020dd5a5d5b02771fb3af9551a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> Date: Thu, 2 Jun 2016 22:10:06 +0300 Subject: [PATCH] Implement internal abstraction for iostreams @@ -16,20 +16,20 @@ ASTERISK-24517 #close Change-Id: Id916aef418b665ced6a7489aef74908b6e376e85 --- - apps/app_externalivr.c | 119 ++++---- + apps/app_externalivr.c | 119 ++++--- channels/chan_sip.c | 61 ++-- configure.ac | 4 - - include/asterisk/iostream.h | 118 ++++++++ + include/asterisk/iostream.h | 118 +++++++ include/asterisk/tcptls.h | 92 +----- - main/http.c | 93 +++--- - main/iostream.c | 553 ++++++++++++++++++++++++++++++++++ - main/manager.c | 131 ++++---- - main/tcptls.c | 717 ++++++-------------------------------------- - main/utils.c | 68 ----- + main/http.c | 109 ++----- + main/iostream.c | 553 ++++++++++++++++++++++++++++++++ + main/manager.c | 137 ++++---- + main/tcptls.c | 767 ++++++-------------------------------------- + main/utils.c | 68 ---- res/res_http_post.c | 10 +- - res/res_http_websocket.c | 116 ++++--- + res/res_http_websocket.c | 116 +++---- res/res_phoneprov.c | 2 +- - 13 files changed, 994 insertions(+), 1090 deletions(-) + 13 files changed, 993 insertions(+), 1163 deletions(-) create mode 100644 include/asterisk/iostream.h create mode 100644 main/iostream.c @@ -255,7 +255,7 @@ index 2bb1d8b535..129f29b924 100644 static int unload_module(void) diff --git a/channels/chan_sip.c b/channels/chan_sip.c -index 86c4bea982..1691285227 100644 +index 5affee6ebc..50ab521f8d 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -2546,7 +2546,7 @@ static struct sip_threadinfo *sip_threadinfo_create(struct ast_tcptls_session_in @@ -414,7 +414,7 @@ index 86c4bea982..1691285227 100644 cleanup: if (tcptls_session && !tcptls_session->client && !authenticated) { -@@ -29202,9 +29191,8 @@ static int sip_prepare_socket(struct sip_pvt *p) +@@ -29229,9 +29218,8 @@ static int sip_prepare_socket(struct sip_pvt *p) return s->fd; } if ((s->type & (AST_TRANSPORT_TCP | AST_TRANSPORT_TLS)) && @@ -426,7 +426,7 @@ index 86c4bea982..1691285227 100644 } if ((s->type & (AST_TRANSPORT_WS | AST_TRANSPORT_WSS))) { return s->ws_session ? ast_websocket_fd(s->ws_session) : -1; -@@ -29234,7 +29222,7 @@ static int sip_prepare_socket(struct sip_pvt *p) +@@ -29261,7 +29249,7 @@ static int sip_prepare_socket(struct sip_pvt *p) /* 1. check for existing threads */ ast_sockaddr_copy(&sa_tmp, sip_real_dst(p)); if ((tcptls_session = sip_tcp_locate(&sa_tmp))) { @@ -435,7 +435,7 @@ index 86c4bea982..1691285227 100644 if (s->tcptls_session) { ao2_ref(s->tcptls_session, -1); s->tcptls_session = NULL; -@@ -29281,7 +29269,7 @@ static int sip_prepare_socket(struct sip_pvt *p) +@@ -29319,7 +29307,7 @@ static int sip_prepare_socket(struct sip_pvt *p) goto create_tcptls_session_fail; } @@ -444,7 +444,7 @@ index 86c4bea982..1691285227 100644 /* client connections need to have the sip_threadinfo object created before * the thread is detached. This ensures the alert_pipe is up before it will -@@ -30083,8 +30071,7 @@ static int sip_send_keepalive(const void *data) +@@ -30121,8 +30109,7 @@ static int sip_send_keepalive(const void *data) if ((peer->socket.fd != -1) && (peer->socket.type == AST_TRANSPORT_UDP)) { res = ast_sendto(peer->socket.fd, keepalive, sizeof(keepalive), 0, &peer->addr); } else if ((peer->socket.type & (AST_TRANSPORT_TCP | AST_TRANSPORT_TLS)) && @@ -455,10 +455,10 @@ index 86c4bea982..1691285227 100644 } else if (peer->socket.type == AST_TRANSPORT_UDP) { res = ast_sendto(sipsock, keepalive, sizeof(keepalive), 0, &peer->addr); diff --git a/configure.ac b/configure.ac -index bc54de7591..e0b0b85ec5 100644 +index 4c6c0f21b3..b2d678cc67 100644 --- a/configure.ac +++ b/configure.ac -@@ -822,10 +822,6 @@ AC_ARG_ENABLE([asteriskssl], +@@ -823,10 +823,6 @@ AC_ARG_ENABLE([asteriskssl], esac], [AST_ASTERISKSSL=yes]) AC_SUBST(AST_ASTERISKSSL) @@ -724,7 +724,7 @@ index d19ec529a9..1e3a7524bf 100644 - #endif /* _ASTERISK_TCPTLS_H */ diff --git a/main/http.c b/main/http.c -index 7565523deb..74dfdb9ef6 100644 +index 907f10223b..7a61249114 100644 --- a/main/http.c +++ b/main/http.c @@ -451,11 +451,13 @@ void ast_http_send(struct ast_tcptls_session_instance *ser, @@ -751,10 +751,14 @@ index 7565523deb..74dfdb9ef6 100644 "HTTP/1.1 %d %s\r\n" "%s" "Date: %s\r\n" -@@ -526,18 +528,16 @@ void ast_http_send(struct ast_tcptls_session_instance *ser, +@@ -526,26 +528,16 @@ void ast_http_send(struct ast_tcptls_session_instance *ser, /* send content */ if (method != AST_HTTP_HEAD || status_code >= 400) { if (out && ast_str_strlen(out)) { +- /* +- * NOTE: Because ser->f is a non-standard FILE *, fwrite() will probably not +- * behave exactly as documented. +- */ - if (fwrite(ast_str_buffer(out), ast_str_strlen(out), 1, ser->f) != 1) { + len = ast_str_strlen(out); + if (ast_iostream_write(ser->stream, ast_str_buffer(out), len) != len) { @@ -768,12 +772,16 @@ index 7565523deb..74dfdb9ef6 100644 - int len; - while ((len = read(fd, buf, sizeof(buf))) > 0) { +- /* +- * NOTE: Because ser->f is a non-standard FILE *, fwrite() will probably not +- * behave exactly as documented. +- */ - if (fwrite(buf, len, 1, ser->f) != 1) { + if (ast_iostream_write(ser->stream, buf, len) != len) { ast_log(LOG_WARNING, "fwrite() failed: %s\n", strerror(errno)); close_connection = 1; break; -@@ -569,7 +569,7 @@ void ast_http_create_response(struct ast_tcptls_session_instance *ser, int statu +@@ -577,7 +569,7 @@ void ast_http_create_response(struct ast_tcptls_session_instance *ser, int statu ast_free(http_header_data); ast_free(server_address); ast_free(out); @@ -782,10 +790,15 @@ index 7565523deb..74dfdb9ef6 100644 ast_debug(1, "HTTP closing session. OOM.\n"); ast_tcptls_close_session_file(ser); } -@@ -923,9 +923,9 @@ static int http_body_read_contents(struct ast_tcptls_session_instance *ser, char +@@ -931,14 +923,9 @@ static int http_body_read_contents(struct ast_tcptls_session_instance *ser, char { int res; +- /* +- * NOTE: Because ser->f is a non-standard FILE *, fread() does not behave as +- * documented. +- */ +- - /* Stay in fread until get all the expected data or timeout. */ - res = fread(buf, length, 1, ser->f); - if (res < 1) { @@ -795,13 +808,19 @@ index 7565523deb..74dfdb9ef6 100644 ast_log(LOG_WARNING, "Short HTTP request %s (Wanted %d)\n", what_getting, length); return -1; -@@ -947,23 +947,12 @@ static int http_body_read_contents(struct ast_tcptls_session_instance *ser, char +@@ -960,28 +947,12 @@ static int http_body_read_contents(struct ast_tcptls_session_instance *ser, char */ static int http_body_discard_contents(struct ast_tcptls_session_instance *ser, int length, const char *what_getting) { - int res; - char buf[MAX_HTTP_LINE_LENGTH];/* Discard buffer */ - +- /* +- * NOTE: Because ser->f is a non-standard FILE *, fread() does not behave as +- * documented. +- */ ++ ssize_t res; + - /* Stay in fread until get all the expected data or timeout. */ - while (sizeof(buf) < length) { - res = fread(buf, sizeof(buf), 1, ser->f); @@ -816,8 +835,6 @@ index 7565523deb..74dfdb9ef6 100644 - if (res < 1) { - ast_log(LOG_WARNING, "Short HTTP request %s (Wanted %d of remaining %d)\n", - what_getting, length, length); -+ ssize_t res; -+ + res = ast_iostream_discard(ser->stream, length); + if (res < length) { + ast_log(LOG_WARNING, "Short HTTP request %s (Wanted %d but got %zd)\n", @@ -825,7 +842,7 @@ index 7565523deb..74dfdb9ef6 100644 return -1; } return 0; -@@ -1039,7 +1028,7 @@ static int http_body_get_chunk_length(struct ast_tcptls_session_instance *ser) +@@ -1057,7 +1028,7 @@ static int http_body_get_chunk_length(struct ast_tcptls_session_instance *ser) char header_line[MAX_HTTP_LINE_LENGTH]; /* get the line of hexadecimal giving chunk-size w/ optional chunk-extension */ @@ -834,8 +851,8 @@ index 7565523deb..74dfdb9ef6 100644 ast_log(LOG_WARNING, "Short HTTP read of chunked header\n"); return -1; } -@@ -1067,8 +1056,8 @@ static int http_body_check_chunk_sync(struct ast_tcptls_session_instance *ser) - char chunk_sync[2]; +@@ -1090,8 +1061,8 @@ static int http_body_check_chunk_sync(struct ast_tcptls_session_instance *ser) + */ /* Stay in fread until get the expected CRLF or timeout. */ - res = fread(chunk_sync, sizeof(chunk_sync), 1, ser->f); @@ -845,7 +862,7 @@ index 7565523deb..74dfdb9ef6 100644 ast_log(LOG_WARNING, "Short HTTP chunk sync read (Wanted %zu)\n", sizeof(chunk_sync)); return -1; -@@ -1097,7 +1086,7 @@ static int http_body_discard_chunk_trailer_headers(struct ast_tcptls_session_ins +@@ -1120,7 +1091,7 @@ static int http_body_discard_chunk_trailer_headers(struct ast_tcptls_session_ins char header_line[MAX_HTTP_LINE_LENGTH]; for (;;) { @@ -854,7 +871,7 @@ index 7565523deb..74dfdb9ef6 100644 ast_log(LOG_WARNING, "Short HTTP read of chunked trailer header\n"); return -1; } -@@ -1760,7 +1749,7 @@ static int http_request_headers_get(struct ast_tcptls_session_instance *ser, str +@@ -1783,7 +1754,7 @@ static int http_request_headers_get(struct ast_tcptls_session_instance *ser, str char *name; char *value; @@ -863,7 +880,7 @@ index 7565523deb..74dfdb9ef6 100644 ast_http_error(ser, 400, "Bad Request", "Timeout"); return -1; } -@@ -1834,7 +1823,7 @@ static int httpd_process_request(struct ast_tcptls_session_instance *ser) +@@ -1857,7 +1828,7 @@ static int httpd_process_request(struct ast_tcptls_session_instance *ser) int res; char request_line[MAX_HTTP_LINE_LENGTH]; @@ -872,7 +889,7 @@ index 7565523deb..74dfdb9ef6 100644 return -1; } -@@ -1918,7 +1907,7 @@ static void *httpd_helper_thread(void *data) +@@ -1941,7 +1912,7 @@ static void *httpd_helper_thread(void *data) int flags = 1; int timeout; @@ -881,7 +898,7 @@ index 7565523deb..74dfdb9ef6 100644 ao2_cleanup(ser); return NULL; } -@@ -1935,14 +1924,11 @@ static void *httpd_helper_thread(void *data) +@@ -1958,14 +1929,11 @@ static void *httpd_helper_thread(void *data) * This is necessary to prevent delays (caused by buffering) as we * write to the socket in bits and pieces. */ @@ -899,7 +916,7 @@ index 7565523deb..74dfdb9ef6 100644 /* Setup HTTP worker private data to keep track of request body reading. */ ao2_cleanup(ser->private_data); -@@ -1965,23 +1951,17 @@ static void *httpd_helper_thread(void *data) +@@ -1988,23 +1956,17 @@ static void *httpd_helper_thread(void *data) } /* We can let the stream wait for data to arrive. */ @@ -929,7 +946,7 @@ index 7565523deb..74dfdb9ef6 100644 break; } -@@ -1995,10 +1975,9 @@ static void *httpd_helper_thread(void *data) +@@ -2018,10 +1980,9 @@ static void *httpd_helper_thread(void *data) done: ast_atomic_fetchadd_int(&session_count, -1); @@ -1503,7 +1520,7 @@ index 0000000000..46abc18a5c +#endif +} diff --git a/main/manager.c b/main/manager.c -index c7f4092ac0..e7067f5c07 100644 +index 6604f6f2bf..9d67f5e47b 100644 --- a/main/manager.c +++ b/main/manager.c @@ -1551,8 +1551,7 @@ static void acl_change_stasis_unsubscribe(void) @@ -1629,16 +1646,22 @@ index c7f4092ac0..e7067f5c07 100644 ao2_lock(s->session); s->session->waiting_thread = AST_PTHREADT_NULL; -@@ -6500,7 +6496,7 @@ static int get_input(struct mansession *s, char *output) +@@ -6500,13 +6496,7 @@ static int get_input(struct mansession *s, char *output) } ao2_lock(s->session); +- /* +- * It is worth noting here that you can all but ignore fread()'s documentation +- * for the purposes of this call. The FILE * we are working with here was created +- * as a result of a call to fopencookie() (or equivalent) in tcptls.c, and as such +- * the behavior of fread() is not as documented. Frankly, I think this is gross. +- */ - res = fread(src + s->session->inlen, 1, maxlen - s->session->inlen, s->session->f); + res = ast_iostream_read(s->session->stream, src + s->session->inlen, maxlen - s->session->inlen); if (res < 1) { res = -1; /* error return */ } else { -@@ -6638,7 +6634,7 @@ static void *session_do(void *data) +@@ -6644,7 +6634,7 @@ static void *session_do(void *data) struct ast_sockaddr ser_remote_address_tmp; if (ast_atomic_fetchadd_int(&unauth_sessions, +1) >= authlimit) { @@ -1647,7 +1670,7 @@ index c7f4092ac0..e7067f5c07 100644 ast_atomic_fetchadd_int(&unauth_sessions, -1); goto done; } -@@ -6647,7 +6643,7 @@ static void *session_do(void *data) +@@ -6653,7 +6643,7 @@ static void *session_do(void *data) session = build_mansession(&ser_remote_address_tmp); if (session == NULL) { @@ -1656,7 +1679,7 @@ index c7f4092ac0..e7067f5c07 100644 ast_atomic_fetchadd_int(&unauth_sessions, -1); goto done; } -@@ -6655,14 +6651,10 @@ static void *session_do(void *data) +@@ -6661,14 +6651,10 @@ static void *session_do(void *data) /* here we set TCP_NODELAY on the socket to disable Nagle's algorithm. * This is necessary to prevent delays (caused by buffering) as we * write to the socket in bits and pieces. */ @@ -1673,7 +1696,7 @@ index c7f4092ac0..e7067f5c07 100644 ao2_lock(session); /* Hook to the tail of the event queue */ -@@ -6671,8 +6663,7 @@ static void *session_do(void *data) +@@ -6677,8 +6663,7 @@ static void *session_do(void *data) ast_mutex_init(&s.lock); /* these fields duplicate those in the 'ser' structure */ @@ -1683,7 +1706,7 @@ index c7f4092ac0..e7067f5c07 100644 ast_sockaddr_copy(&session->addr, &ser_remote_address_tmp); s.session = session; -@@ -6691,9 +6682,9 @@ static void *session_do(void *data) +@@ -6697,9 +6682,9 @@ static void *session_do(void *data) * We cannot let the stream exclusively wait for data to arrive. * We have to wake up the task to send async events. */ @@ -1695,7 +1718,7 @@ index c7f4092ac0..e7067f5c07 100644 ast_tvnow(), authtimeout * 1000); astman_append(&s, "Asterisk Call Manager/%s\r\n", AMI_VERSION); /* welcome prompt */ -@@ -6702,7 +6693,7 @@ static void *session_do(void *data) +@@ -6708,7 +6693,7 @@ static void *session_do(void *data) break; } if (session->authenticated) { @@ -1704,7 +1727,7 @@ index c7f4092ac0..e7067f5c07 100644 } } /* session is over, explain why and terminate */ -@@ -7562,23 +7553,9 @@ static void xml_translate(struct ast_str **out, char *in, struct ast_variable *g +@@ -7568,23 +7553,9 @@ static void xml_translate(struct ast_str **out, char *in, struct ast_variable *g static void close_mansession_file(struct mansession *s) { @@ -1731,7 +1754,7 @@ index c7f4092ac0..e7067f5c07 100644 } else { ast_log(LOG_ERROR, "Attempted to close file/file descriptor on mansession without a valid file or file descriptor.\n"); } -@@ -7587,17 +7564,20 @@ static void close_mansession_file(struct mansession *s) +@@ -7593,17 +7564,20 @@ static void close_mansession_file(struct mansession *s) static void process_output(struct mansession *s, struct ast_str **out, struct ast_variable *params, enum output_format format) { char *buf; @@ -1747,18 +1770,18 @@ index c7f4092ac0..e7067f5c07 100644 - fprintf(s->f, "%c", 0); - fflush(s->f); + ast_iostream_write(s->stream, "", 1); ++ ++ fd = ast_iostream_get_fd(s->stream); - if ((l = ftell(s->f)) > 0) { - if (MAP_FAILED == (buf = mmap(NULL, l, PROT_READ | PROT_WRITE, MAP_PRIVATE, s->fd, 0))) { -+ fd = ast_iostream_get_fd(s->stream); -+ + l = lseek(fd, SEEK_CUR, 0); + if (l > 0) { + if (MAP_FAILED == (buf = mmap(NULL, l, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0))) { ast_log(LOG_WARNING, "mmap failed. Manager output was not processed\n"); } else { if (format == FORMAT_XML || format == FORMAT_HTML) { -@@ -7624,6 +7604,7 @@ static int generic_http_callback(struct ast_tcptls_session_instance *ser, +@@ -7630,6 +7604,7 @@ static int generic_http_callback(struct ast_tcptls_session_instance *ser, struct mansession s = { .session = NULL, .tcptls_session = ser }; struct mansession_session *session = NULL; uint32_t ident; @@ -1766,7 +1789,7 @@ index c7f4092ac0..e7067f5c07 100644 int blastaway = 0; struct ast_variable *v; struct ast_variable *params = get_params; -@@ -7679,17 +7660,17 @@ static int generic_http_callback(struct ast_tcptls_session_instance *ser, +@@ -7685,17 +7660,17 @@ static int generic_http_callback(struct ast_tcptls_session_instance *ser, } s.session = session; @@ -1789,7 +1812,7 @@ index c7f4092ac0..e7067f5c07 100644 goto generic_callback_out; } -@@ -7829,9 +7810,9 @@ generic_callback_out: +@@ -7835,9 +7810,9 @@ generic_callback_out: if (blastaway) { session_destroy(session); } else { @@ -1802,7 +1825,7 @@ index c7f4092ac0..e7067f5c07 100644 } unref_mansession(session); } -@@ -7856,6 +7837,7 @@ static int auth_http_callback(struct ast_tcptls_session_instance *ser, +@@ -7862,6 +7837,7 @@ static int auth_http_callback(struct ast_tcptls_session_instance *ser, struct message m = { 0 }; unsigned int idx; size_t hdrlen; @@ -1810,7 +1833,7 @@ index c7f4092ac0..e7067f5c07 100644 time_t time_now = time(NULL); unsigned long nonce = 0, nc; -@@ -8034,17 +8016,17 @@ static int auth_http_callback(struct ast_tcptls_session_instance *ser, +@@ -8040,17 +8016,17 @@ static int auth_http_callback(struct ast_tcptls_session_instance *ser, ast_mutex_init(&s.lock); s.session = session; @@ -1833,7 +1856,7 @@ index c7f4092ac0..e7067f5c07 100644 goto auth_callback_out; } -@@ -8095,7 +8077,7 @@ static int auth_http_callback(struct ast_tcptls_session_instance *ser, +@@ -8101,7 +8077,7 @@ static int auth_http_callback(struct ast_tcptls_session_instance *ser, m.headers[idx] = NULL; } @@ -1842,7 +1865,7 @@ index c7f4092ac0..e7067f5c07 100644 http_header = ast_str_create(80); out = ast_str_create(result_size * 2 + 512); -@@ -8147,11 +8129,10 @@ auth_callback_out: +@@ -8153,11 +8129,10 @@ auth_callback_out: ast_free(out); ao2_lock(session); @@ -1858,10 +1881,10 @@ index c7f4092ac0..e7067f5c07 100644 if (session->needdestroy) { diff --git a/main/tcptls.c b/main/tcptls.c -index 5abaa4cb99..86bb262469 100644 +index 1f99d7b923..ca9a447868 100644 --- a/main/tcptls.c +++ b/main/tcptls.c -@@ -51,512 +51,13 @@ ASTERISK_REGISTER_FILE() +@@ -51,559 +51,13 @@ ASTERISK_REGISTER_FILE() #include "asterisk/pbx.h" #include "asterisk/app.h" @@ -1896,6 +1919,39 @@ index 5abaa4cb99..86bb262469 100644 - int exclusive_input; -}; - +-#if defined(DO_SSL) +-AST_THREADSTORAGE(err2str_threadbuf); +-#define ERR2STR_BUFSIZE 128 +- +-static const char *ssl_error_to_string(int sslerr, int ret) +-{ +- switch (sslerr) { +- case SSL_ERROR_SSL: +- return "Internal SSL error"; +- case SSL_ERROR_SYSCALL: +- if (!ret) { +- return "System call EOF"; +- } else if (ret == -1) { +- char *buf; +- +- buf = ast_threadstorage_get(&err2str_threadbuf, ERR2STR_BUFSIZE); +- if (!buf) { +- return "Unknown"; +- } +- +- snprintf(buf, ERR2STR_BUFSIZE, "Underlying BIO error: %s", strerror(errno)); +- return buf; +- } else { +- return "System call other"; +- } +- default: +- break; +- } +- +- return "Unknown"; +-} +-#endif +- -void ast_tcptls_stream_set_timeout_disable(struct ast_tcptls_stream *stream) -{ - ast_assert(stream != NULL); @@ -1964,12 +2020,17 @@ index 5abaa4cb99..86bb262469 100644 -#if defined(DO_SSL) - if (stream->ssl) { - for (;;) { +- int sslerr; +- char err[256]; +- - res = SSL_read(stream->ssl, buf, size); - if (0 < res) { - /* We read some payload data. */ - return res; - } -- switch (SSL_get_error(stream->ssl, res)) { +- +- sslerr = SSL_get_error(stream->ssl, res); +- switch (sslerr) { - case SSL_ERROR_ZERO_RETURN: - /* Report EOF for a shutdown */ - ast_debug(1, "TLS clean shutdown alert reading data\n"); @@ -2017,7 +2078,8 @@ index 5abaa4cb99..86bb262469 100644 - break; - default: - /* Report EOF for an undecoded SSL or transport error. */ -- ast_debug(1, "TLS transport or SSL error reading data\n"); +- ast_debug(1, "TLS transport or SSL error reading data: %s, %s\n", ERR_error_string(sslerr, err), +- ssl_error_to_string(sslerr, res)); - return 0; - } - if (!ms) { @@ -2092,6 +2154,9 @@ index 5abaa4cb99..86bb262469 100644 - written = 0; - remaining = size; - for (;;) { +- int sslerr; +- char err[256]; +- - res = SSL_write(stream->ssl, buf + written, remaining); - if (res == remaining) { - /* Everything was written. */ @@ -2103,7 +2168,8 @@ index 5abaa4cb99..86bb262469 100644 - remaining -= res; - continue; - } -- switch (SSL_get_error(stream->ssl, res)) { +- sslerr = SSL_get_error(stream->ssl, res); +- switch (sslerr) { - case SSL_ERROR_ZERO_RETURN: - ast_debug(1, "TLS clean shutdown alert writing data\n"); - if (written) { @@ -2132,7 +2198,8 @@ index 5abaa4cb99..86bb262469 100644 - break; - default: - /* Undecoded SSL or transport error. */ -- ast_debug(1, "TLS transport or SSL error writing data\n"); +- ast_debug(1, "TLS transport or SSL error writing data: %s, %s\n", ERR_error_string(sslerr, err), +- ssl_error_to_string(sslerr, res)); - if (written) { - /* Report partial write. */ - return written; @@ -2209,8 +2276,11 @@ index 5abaa4cb99..86bb262469 100644 - */ - res = SSL_shutdown(stream->ssl); - if (res < 0) { -- ast_log(LOG_ERROR, "SSL_shutdown() failed: %d\n", -- SSL_get_error(stream->ssl, res)); +- int sslerr = SSL_get_error(stream->ssl, res); +- char err[256]; +- +- ast_log(LOG_ERROR, "SSL_shutdown() failed: %s, %s\n", +- ERR_error_string(sslerr, err), ssl_error_to_string(sslerr, res)); - } - -#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L @@ -2377,18 +2447,17 @@ index 5abaa4cb99..86bb262469 100644 } ast_free(i->overflow_buf); ao2_cleanup(i->private_data); -@@ -601,9 +102,7 @@ static void *handle_tcptls_connection(void *data) +@@ -649,8 +103,7 @@ static void *handle_tcptls_connection(void *data) { struct ast_tcptls_session_instance *tcptls_session = data; #ifdef DO_SSL - int (*ssl_setup)(SSL *) = (tcptls_session->client) ? SSL_connect : SSL_accept; - int ret; -- char err[256]; + SSL *ssl; #endif /* TCP/TLS connections are associated with external protocols, and -@@ -618,123 +117,94 @@ static void *handle_tcptls_connection(void *data) +@@ -665,127 +118,94 @@ static void *handle_tcptls_connection(void *data) return NULL; } @@ -2432,7 +2501,11 @@ index 5abaa4cb99..86bb262469 100644 - else if ( (tcptls_session->ssl = SSL_new(tcptls_session->parent->tls_cfg->ssl_ctx)) ) { - SSL_set_fd(tcptls_session->ssl, tcptls_session->fd); - if ((ret = ssl_setup(tcptls_session->ssl)) <= 0) { -- ast_log(LOG_ERROR, "Problem setting up ssl connection: %s\n", ERR_error_string(ERR_get_error(), err)); +- char err[256]; +- int sslerr = SSL_get_error(tcptls_session->ssl, ret); +- +- ast_log(LOG_ERROR, "Problem setting up ssl connection: %s, %s\n", ERR_error_string(sslerr, err), +- ssl_error_to_string(sslerr, ret)); - } else if ((tcptls_session->f = tcptls_stream_fopen(tcptls_session->stream_cookie, - tcptls_session->ssl, tcptls_session->fd, -1))) { - if ((tcptls_session->client && !ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_DONT_VERIFY_SERVER)) @@ -2446,7 +2519,7 @@ index 5abaa4cb99..86bb262469 100644 - ao2_ref(tcptls_session, -1); - return NULL; - } - +- - res = SSL_get_verify_result(tcptls_session->ssl); - if (res != X509_V_OK) { - ast_log(LOG_ERROR, "Certificate did not verify: %s\n", X509_verify_cert_error_string(res)); @@ -2469,7 +2542,7 @@ index 5abaa4cb99..86bb262469 100644 - if (pos < 0) { - break; - } -- + - str = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, pos)); - if (!check_tcptls_cert_name(str, tcptls_session->parent->hostname, "common name")) { - found = 1; @@ -2581,7 +2654,7 @@ index 5abaa4cb99..86bb262469 100644 } if (tcptls_session->parent->worker_fn) { -@@ -784,7 +254,13 @@ void *ast_tcptls_server_root(void *data) +@@ -844,7 +264,13 @@ void *ast_tcptls_server_root(void *data) } flags = fcntl(fd, F_GETFL); fcntl(fd, F_SETFL, flags & ~O_NONBLOCK); @@ -2596,7 +2669,7 @@ index 5abaa4cb99..86bb262469 100644 tcptls_session->parent = desc; ast_sockaddr_copy(&tcptls_session->remote_address, &addr); -@@ -1052,7 +528,7 @@ client_start_error: +@@ -1122,7 +548,7 @@ client_start_error: struct ast_tcptls_session_instance *ast_tcptls_client_create(struct ast_tcptls_session_args *desc) { @@ -2605,7 +2678,7 @@ index 5abaa4cb99..86bb262469 100644 struct ast_tcptls_session_instance *tcptls_session = NULL; /* Do nothing if nothing has changed */ -@@ -1068,8 +544,8 @@ struct ast_tcptls_session_instance *ast_tcptls_client_create(struct ast_tcptls_s +@@ -1138,8 +564,8 @@ struct ast_tcptls_session_instance *ast_tcptls_client_create(struct ast_tcptls_s close(desc->accept_fd); } @@ -2616,7 +2689,7 @@ index 5abaa4cb99..86bb262469 100644 if (desc->accept_fd < 0) { ast_log(LOG_ERROR, "Unable to allocate socket for %s: %s\n", desc->name, strerror(errno)); -@@ -1099,7 +575,11 @@ struct ast_tcptls_session_instance *ast_tcptls_client_create(struct ast_tcptls_s +@@ -1169,7 +595,11 @@ struct ast_tcptls_session_instance *ast_tcptls_client_create(struct ast_tcptls_s goto error; } tcptls_session->client = 1; @@ -2629,7 +2702,7 @@ index 5abaa4cb99..86bb262469 100644 tcptls_session->parent = desc; tcptls_session->parent->worker_fn = NULL; ast_sockaddr_copy(&tcptls_session->remote_address, -@@ -1259,24 +739,9 @@ error: +@@ -1329,24 +759,9 @@ error: void ast_tcptls_close_session_file(struct ast_tcptls_session_instance *tcptls_session) { @@ -2658,10 +2731,10 @@ index 5abaa4cb99..86bb262469 100644 ast_log(LOG_ERROR, "ast_tcptls_close_session_file invoked on session instance without file or file descriptor\n"); } diff --git a/main/utils.c b/main/utils.c -index 14d529cf44..c72fdac923 100644 +index cfe2e4c427..12aaf68094 100644 --- a/main/utils.c +++ b/main/utils.c -@@ -1429,74 +1429,6 @@ int ast_carefulwrite(int fd, char *s, int len, int timeoutms) +@@ -1432,74 +1432,6 @@ int ast_carefulwrite(int fd, char *s, int len, int timeoutms) return res; } @@ -2779,7 +2852,7 @@ index 37fc4fa091..907ee56fbd 100644 fclose(f); ast_http_error(ser, 400, "Bad Request", "Cannot find boundary marker in POST request."); diff --git a/res/res_http_websocket.c b/res/res_http_websocket.c -index 8476e26312..ce6430ff1d 100644 +index 9f5d931d6a..5f59c2c8cb 100644 --- a/res/res_http_websocket.c +++ b/res/res_http_websocket.c @@ -88,8 +88,7 @@ ASTERISK_REGISTER_FILE() @@ -3079,10 +3152,10 @@ index 2e4f873623..1b77b9f48b 100644 } else { struct extension *exten_iter; -- -2.12.2 +2.13.0 -From 4719882b6ab4bcfff54c36a2b4d48424b65d3a6f Mon Sep 17 00:00:00 2001 +From 68e88eb869144be992ff3eec77271fc3d55481e5 Mon Sep 17 00:00:00 2001 From: Joshua Colp <jcolp@digium.com> Date: Mon, 28 Nov 2016 13:36:18 +0000 Subject: [PATCH] iostream: Move include of asterisk.h @@ -3115,10 +3188,10 @@ index 46abc18a5c..008888142b 100644 #include "asterisk/astobj2.h" #include "asterisk/iostream.h" -- -2.12.2 +2.13.0 -From ce5b51c6366021d44b2aabc3c0ffd4e4c7d25b77 Mon Sep 17 00:00:00 2001 +From 16b1e62dd8ee8efba0dfe9ec561ff60914d0e3ff Mon Sep 17 00:00:00 2001 From: Mark Michelson <mmichelson@digium.com> Date: Tue, 6 Dec 2016 10:56:06 -0600 Subject: [PATCH] Iostreams: Correct off-by-one error. @@ -3181,10 +3254,10 @@ index 008888142b..9fa39cce59 100644 } } -- -2.12.2 +2.13.0 -From 942c9de5be6f36271acbddc661047095fecb7130 Mon Sep 17 00:00:00 2001 +From 229fe7f6026aaf41f35c06afaa836225e4f9577d Mon Sep 17 00:00:00 2001 From: Mark Michelson <mmichelson@digium.com> Date: Thu, 1 Dec 2016 16:49:03 -0600 Subject: [PATCH] http: Send headers and body in one write. @@ -3215,7 +3288,7 @@ Change-Id: Idc2d2fb3d9b3db14b8631a1e302244fa18b0e518 1 file changed, 12 insertions(+), 17 deletions(-) diff --git a/main/http.c b/main/http.c -index 74dfdb9ef6..c4c6747751 100644 +index 7a61249114..ddae0df2b7 100644 --- a/main/http.c +++ b/main/http.c @@ -456,6 +456,7 @@ void ast_http_send(struct ast_tcptls_session_instance *ser, @@ -3279,10 +3352,10 @@ index 74dfdb9ef6..c4c6747751 100644 } } -- -2.12.2 +2.13.0 -From 926637ce05e5ad5d9f775049d03d133f84506a59 Mon Sep 17 00:00:00 2001 +From b1af0a7d5d4bc05fcf13cd535a5959dbe63bd49b Mon Sep 17 00:00:00 2001 From: Badalyan Vyacheslav <v.badalyan@open-bs.ru> Date: Thu, 8 Dec 2016 18:34:28 +0000 Subject: [PATCH] Fix IO conversion bug @@ -3296,7 +3369,7 @@ Change-Id: Id9f393ff25b009a6c4a6e40b95f561a9369e4585 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/res/res_http_websocket.c b/res/res_http_websocket.c -index ce6430ff1d..80f965ec05 100644 +index 5f59c2c8cb..293685205f 100644 --- a/res/res_http_websocket.c +++ b/res/res_http_websocket.c @@ -492,7 +492,7 @@ const char * AST_OPTIONAL_API_NAME(ast_websocket_session_id)(struct ast_websocke @@ -3309,5 +3382,165 @@ index ce6430ff1d..80f965ec05 100644 char *rbuf = buf; int sanity = 10; -- -2.12.2 +2.13.0 + + +From 42cca2dfae6bddd946ab07221328eafdcc6c7534 Mon Sep 17 00:00:00 2001 +From: Joshua Colp <jcolp@digium.com> +Date: Tue, 9 May 2017 15:34:49 +0000 +Subject: [PATCH] tcptls: Improve error messages for TLS connections. + +This change uses the functions provided by OpenSSL to query +and better construct error messages for situations where +the connection encounters a problem. + +ASTERISK-26606 + +Change-Id: I7ae40ce88c0dc4e185c4df1ceb3a6ccc198f075b +--- + main/iostream.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++--------- + 1 file changed, 57 insertions(+), 10 deletions(-) + +diff --git a/main/iostream.c b/main/iostream.c +index 9fa39cce59..1013c6d9b9 100644 +--- a/main/iostream.c ++++ b/main/iostream.c +@@ -37,6 +37,39 @@ struct ast_iostream { + char rbuf[2048]; + }; + ++#if defined(DO_SSL) ++AST_THREADSTORAGE(err2str_threadbuf); ++#define ERR2STR_BUFSIZE 128 ++ ++static const char *ssl_error_to_string(int sslerr, int ret) ++{ ++ switch (sslerr) { ++ case SSL_ERROR_SSL: ++ return "Internal SSL error"; ++ case SSL_ERROR_SYSCALL: ++ if (!ret) { ++ return "System call EOF"; ++ } else if (ret == -1) { ++ char *buf; ++ ++ buf = ast_threadstorage_get(&err2str_threadbuf, ERR2STR_BUFSIZE); ++ if (!buf) { ++ return "Unknown"; ++ } ++ ++ snprintf(buf, ERR2STR_BUFSIZE, "Underlying BIO error: %s", strerror(errno)); ++ return buf; ++ } else { ++ return "System call other"; ++ } ++ default: ++ break; ++ } ++ ++ return "Unknown"; ++} ++#endif ++ + int ast_iostream_get_fd(struct ast_iostream *stream) + { + return stream->fd; +@@ -109,13 +142,16 @@ static ssize_t iostream_read(struct ast_iostream *stream, void *buf, size_t size + #if defined(DO_SSL) + if (stream->ssl) { + for (;;) { ++ int sslerr; ++ char err[256]; + res = SSL_read(stream->ssl, buf, size); + if (0 < res) { + /* We read some payload data. */ + stream->timeout = stream->timeout_reset; + return res; + } +- switch (SSL_get_error(stream->ssl, res)) { ++ sslerr = SSL_get_error(stream->ssl, res); ++ switch (sslerr) { + case SSL_ERROR_ZERO_RETURN: + /* Report EOF for a shutdown */ + ast_debug(1, "TLS clean shutdown alert reading data\n"); +@@ -163,7 +199,8 @@ static ssize_t iostream_read(struct ast_iostream *stream, void *buf, size_t size + break; + default: + /* Report EOF for an undecoded SSL or transport error. */ +- ast_debug(1, "TLS transport or SSL error reading data\n"); ++ ast_debug(1, "TLS transport or SSL error reading data: %s, %s\n", ERR_error_string(sslerr, err), ++ ssl_error_to_string(sslerr, res)); + return 0; + } + if (!ms) { +@@ -318,6 +355,8 @@ ssize_t ast_iostream_write(struct ast_iostream *stream, const void *buf, size_t + written = 0; + remaining = size; + for (;;) { ++ int sslerr; ++ char err[256]; + res = SSL_write(stream->ssl, buf + written, remaining); + if (res == remaining) { + /* Everything was written. */ +@@ -329,7 +368,8 @@ ssize_t ast_iostream_write(struct ast_iostream *stream, const void *buf, size_t + remaining -= res; + continue; + } +- switch (SSL_get_error(stream->ssl, res)) { ++ sslerr = SSL_get_error(stream->ssl, res); ++ switch (sslerr) { + case SSL_ERROR_ZERO_RETURN: + ast_debug(1, "TLS clean shutdown alert writing data\n"); + if (written) { +@@ -358,7 +398,8 @@ ssize_t ast_iostream_write(struct ast_iostream *stream, const void *buf, size_t + break; + default: + /* Undecoded SSL or transport error. */ +- ast_debug(1, "TLS transport or SSL error writing data\n"); ++ ast_debug(1, "TLS transport or SSL error writing data: %s, %s\n", ERR_error_string(sslerr, err), ++ ssl_error_to_string(sslerr, res)); + if (written) { + /* Report partial write. */ + return written; +@@ -461,8 +502,10 @@ int ast_iostream_close(struct ast_iostream *stream) + */ + res = SSL_shutdown(stream->ssl); + if (res < 0) { +- ast_log(LOG_ERROR, "SSL_shutdown() failed: %d\n", +- SSL_get_error(stream->ssl, res)); ++ int sslerr = SSL_get_error(stream->ssl, res); ++ char err[256]; ++ ast_log(LOG_ERROR, "SSL_shutdown() failed: %s, %s\n", ++ ERR_error_string(sslerr, err), ssl_error_to_string(sslerr, res)); + } + + if (!stream->ssl->server) { +@@ -524,7 +567,7 @@ int ast_iostream_start_tls(struct ast_iostream **pstream, SSL_CTX *ssl_ctx, int + #ifdef DO_SSL + struct ast_iostream *stream = *pstream; + int (*ssl_setup)(SSL *) = client ? SSL_connect : SSL_accept; +- char err[256]; ++ int res; + + stream->ssl = SSL_new(ssl_ctx); + if (!stream->ssl) { +@@ -541,9 +584,13 @@ int ast_iostream_start_tls(struct ast_iostream **pstream, SSL_CTX *ssl_ctx, int + */ + SSL_set_fd(stream->ssl, stream->fd); + +- if (ssl_setup(stream->ssl) <= 0) { +- ast_log(LOG_ERROR, "Problem setting up ssl connection: %s\n", +- ERR_error_string(ERR_get_error(), err)); ++ res = ssl_setup(stream->ssl); ++ if (res <= 0) { ++ int sslerr = SSL_get_error(stream->ssl, res); ++ char err[256]; ++ ++ ast_log(LOG_ERROR, "Problem setting up ssl connection: %s, %s\n", ++ ERR_error_string(sslerr, err), ssl_error_to_string(sslerr, res)); + errno = EIO; + return -1; + } +-- +2.13.0 |