sr-dev September 2010

sr-dev@lists.kamailio.org

25 participants
222 discussions

git:master: tls: doc - notes about filename path

by Andrei Pelinescu-Onciul

Module: sip-router Branch: master Commit: b690ab5236cbe209dd1d80ddcc15bc4c9053c42f URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=b690ab5… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Tue Sep 7 18:06:53 2010 +0200 tls: doc - notes about filename path - notes about how filename path are resolved in function of the first character. - regenerated README. --- modules/tls/README | 30 +++++++++++++++++++ modules/tls/doc/params.xml | 69 ++++++++++++++++++++++++++++++++++++++----- 2 files changed, 91 insertions(+), 8 deletions(-) diff --git a/modules/tls/README b/modules/tls/README index ed9004d..ac64fdc 100644 --- a/modules/tls/README +++ b/modules/tls/README @@ -321,6 +321,12 @@ modparam("tls", "tls_method", "TLSv1") Sets the certificate file name. The certificate file can also contain the private key in PEM format. + If the file name starts with a '.' the path will be relative to the + working directory (at runtime). If it starts with a '/' it will be an + absolute path and if it starts with anything else the path will be + relative to the main config file directory (e.g.: for ser -f + /etc/ser/ser.cfg it will be relative to /etc/ser/). + Warning: try not to use certificate with keys longer then 1024 bytes. Longer keys will severely impact performance, in particular the TLS connection rate. @@ -336,6 +342,12 @@ modparam("tls", "certificate", "/usr/local/etc/ser/my_certificate.pem") Sets the private key file name. + If the file name starts with a '.' the path will be relative to the + working directory (at runtime). If it starts with a '/' it will be an + absolute path and if it starts with anything else the path will be + relative to the main config file directory (e.g.: for ser -f + /etc/ser/ser.cfg it will be relative to /etc/ser/). + Note: the private key can be contained in the same file as the certificate (just append it to the certificate file, e.g.: cat pkey.pem >> cert.pem) @@ -354,6 +366,12 @@ modparam("tls", "private", "/usr/local/etc/ser/my_pkey.pem") to one of the listed CAs, the authentication will succeed. See also verify_certificate, verify_depth and require_certificate. + If the file name starts with a '.' the path will be relative to the + working directory (at runtime). If it starts with a '/' it will be an + absolute path and if it starts with anything else the path will be + relative to the main config file directory (e.g.: for ser -f + /etc/ser/ser.cfg it will be relative to /etc/ser/). + By default the CA file is not set. An easy way to create the CA list is to append each trusted trusted CA @@ -782,6 +800,12 @@ modparam("tls", "tls_force_run", 11) client) and domain basis (for now only IPs). The corresponding module parameters will be ignored. + If the file name starts with a '.' the path will be relative to the + working directory (at runtime). If it starts with a '/' it will be an + absolute path and if it starts with anything else the path will be + relative to the main config file directory (e.g.: for ser -f + /etc/ser/ser.cfg it will be relative to /etc/ser/). + By default no config file is specified. The following parameters can be set in the config file, for each @@ -795,6 +819,12 @@ modparam("tls", "tls_force_run", 11) * ca_list * cipher_list + All the parameters that take filenames as values will be resolved using + the same rules as for the tls config filename itself: starting with a + '.' means relative to the working directory, a '/' means an absolute + path and anything else a path relative to the directory of the current + ser main config file. + SIP-router acts as a server when it accepts a connection and as a client when it initiates a new connection by itself (it connects to something). diff --git a/modules/tls/doc/params.xml b/modules/tls/doc/params.xml index 7416d52..90e5020 100644 --- a/modules/tls/doc/params.xml +++ b/modules/tls/doc/params.xml @@ -62,10 +62,20 @@ modparam("tls", "tls_method", "TLSv1") <section id="certificate"> <title><varname>certificate</varname> (string)</title> <para> - Sets the certificate file name. The certificate file can also contain the private key in PEM format. + Sets the certificate file name. The certificate file can also contain + the private key in PEM format. </para> <para> - <emphasis>Warning:</emphasis> try not to use certificate with keys longer then 1024 bytes. Longer keys will severely impact performance, in particular the TLS connection rate. + If the file name starts with a '.' the path will be relative to the + working directory (<emphasis>at runtime</emphasis>). If it starts + with a '/' it will be an absolute path and if it starts with anything + else the path will be relative to the main config file directory + (e.g.: for ser -f /etc/ser/ser.cfg it will be relative to /etc/ser/). + </para> + <para> + <emphasis>Warning:</emphasis> try not to use certificate with keys + longer then 1024 bytes. Longer keys will severely impact performance, + in particular the TLS connection rate. </para> <para> The default value is [SER_CFG_DIR]/cert.pem. @@ -86,7 +96,16 @@ modparam("tls", "certificate", "/usr/local/etc/ser/my_certificate.pem") Sets the private key file name. </para> <para> - Note: the private key can be contained in the same file as the certificate (just append it to the certificate file, e.g.: cat pkey.pem >> cert.pem) + If the file name starts with a '.' the path will be relative to the + working directory (<emphasis>at runtime</emphasis>). If it starts + with a '/' it will be an absolute path and if it starts with anything + else the path will be relative to the main config file directory + (e.g.: for ser -f /etc/ser/ser.cfg it will be relative to /etc/ser/). + </para> + <para> + Note: the private key can be contained in the same file as the + certificate (just append it to the certificate file, e.g.: + cat pkey.pem >> cert.pem) </para> <para> The default value is [SER_CFG_DIR]/cert.pem. @@ -104,13 +123,27 @@ modparam("tls", "private", "/usr/local/etc/ser/my_pkey.pem") <section id="ca_list"> <title><varname>ca_list</varname> (string)</title> <para> - Sets the CA list file name. This file contains a list of all the trusted CAs certificates. If a signature in a certificate chain belongs to one of the listed CAs, the authentication will succeed. See also <emphasis>verify_certificate</emphasis>, <emphasis>verify_depth</emphasis> and <emphasis>require_certificate</emphasis>. + Sets the CA list file name. This file contains a list of all the + trusted CAs certificates. If a signature in a certificate chain belongs + to one of the listed CAs, the authentication will succeed. See also + <emphasis>verify_certificate</emphasis>, + <emphasis>verify_depth</emphasis> and + <emphasis>require_certificate</emphasis>. + </para> + <para> + If the file name starts with a '.' the path will be relative to the + working directory (<emphasis>at runtime</emphasis>). If it starts + with a '/' it will be an absolute path and if it starts with anything + else the path will be relative to the main config file directory + (e.g.: for ser -f /etc/ser/ser.cfg it will be relative to /etc/ser/). </para> <para> By default the CA file is not set. </para> <para> - An easy way to create the CA list is to append each trusted trusted CA certificate in the PEM format to one file, e.g.: for f in trusted_cas/*.pem ; do cat "$f" >> ca_list.pem ; done . + An easy way to create the CA list is to append each trusted trusted CA + certificate in the PEM format to one file, e.g.: for f in + trusted_cas/*.pem ; do cat "$f" >> ca_list.pem ; done . </para> <example> <title>Set <varname>ca_list</varname> parameter</title> @@ -760,13 +793,24 @@ modparam("tls", "tls_force_run", 11) Sets the name of the TLS specific config file. </para> <para> - If set the TLS module will load a special config file, in which different TLS parameters can be specified on a per role (server or client) and domain basis (for now only IPs). The corresponding module parameters will be ignored. + If set the TLS module will load a special config file, in which + different TLS parameters can be specified on a per role (server or + client) and domain basis (for now only IPs). The corresponding module + parameters will be ignored. + </para> + <para> + If the file name starts with a '.' the path will be relative to the + working directory (<emphasis>at runtime</emphasis>). If it starts + with a '/' it will be an absolute path and if it starts with anything + else the path will be relative to the main config file directory + (e.g.: for ser -f /etc/ser/ser.cfg it will be relative to /etc/ser/). </para> <para> By default no config file is specified. </para> <para> - The following parameters can be set in the config file, for each domain: + The following parameters can be set in the config file, for each + domain: </para> <itemizedlist> <listitem><para>tls_method</para></listitem> @@ -779,7 +823,16 @@ modparam("tls", "tls_force_run", 11) <listitem><para>cipher_list</para></listitem> </itemizedlist> <para> - SIP-router acts as a server when it accepts a connection and as a client when it initiates a new connection by itself (it connects to something). + All the parameters that take filenames as values will be resolved + using the same rules as for the tls config filename itself: starting + with a '.' means relative to the working directory, a '/' means an + absolute path and anything else a path relative to the directory of + the current ser main config file. + </para> + <para> + SIP-router acts as a server when it accepts a connection and as a + client when it initiates a new connection by itself (it connects to + something). </para> <example> <title>Short config file</title>

13 years, 8 months

git:master: sip-router*.cfg: defines, links, test run support

by Andrei Pelinescu-Onciul

Module: sip-router Branch: master Commit: 99fab38dd345a28262221d1af220933697c1c53d URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=99fab38… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Tue Sep 7 18:20:40 2010 +0200 sip-router*.cfg: defines, links, test run support - added links to docs, ser_ctl, serweb and sr-users mailing list address - feature defines compatible with kamailio.cfg: WITH_DEBUG, WITH_TLS, WITH_XMLRPC (can be enabled by uncommenting the corresponding #!define or by starting ser with -A WITH_XXXX) - XMLRPC_TLS_ONLY define: when enabled XMLRPC will be allowed only on TLS and only from clients with valid certificates. - XMLRPC_ALLOW_NET1, XMLRPC_ALLOW_NET2, XMLRPC_ALLOW_NET3 defines: when enabled they must contain a valid network address (e.g. 10.0.0.0/8). xmlrpc requests will be accepted only from localhost (always) and from clients with source addresses matching one of the XMLRPC_ALLOW_NET[1-3] defines. E.g.: ser -A WITH_XMLRPC -A XMLRPC_ALLOW_NET1=10.0.0.0/8 .... - LOCAL_TEST_RUN define: when enabled ser will assume it is not installed and that it is started from the source/compile directory (as opposed to an installed version). All the modules will be searched in modules*/modulename/modulename.so and all the other files referenced in the config will be relative to the working directory (and not the ser config file directory). - multicast replication listen address set to udp only (avoids warnings on startup) - load sl after tm (the new merged sl prints a warning if tm is not loaded first) - use ser instead of sip-router for the DB names/uris and ctl sockets - use a XMLRPC specific route - XMLRPC bug workaround for xmlrpclib (which waits for an EOF before interpreting the response). --- etc/sip-router-basic.cfg | 74 +++++++++++++++++++++---- etc/sip-router-oob.cfg | 135 +++++++++++++++++++++++++++++++++++++++------ etc/sip-router.cfg | 80 +++++++++++++++++++++++++-- 3 files changed, 254 insertions(+), 35 deletions(-) Diff: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commitdiff;h=99f…

13 years, 8 months

git:master: ldap(s): cfg_parser api update

by Andrei Pelinescu-Onciul

Module: sip-router Branch: master Commit: 14d6f347f72515e88f790fe11906c86af35a20f9 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=14d6f34… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Tue Sep 7 17:09:35 2010 +0200 ldap(s): cfg_parser api update Update cfg_parser_init() use. --- modules_s/ldap/ld_cfg.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/modules_s/ldap/ld_cfg.c b/modules_s/ldap/ld_cfg.c index e442758..7c8bf23 100644 --- a/modules_s/ldap/ld_cfg.c +++ b/modules_s/ldap/ld_cfg.c @@ -484,7 +484,7 @@ int ld_load_cfg(str* filename) cfg_parser_t* parser; cfg = NULL; - if ((parser = cfg_parser_init(filename)) == NULL) { + if ((parser = cfg_parser_init(0, filename)) == NULL) { ERR("ldap: Error while initializing configuration file parser.\n"); return -1; }

13 years, 8 months

git:master: iptrtpproxy: cfg_parser api update

by Andrei Pelinescu-Onciul

Module: sip-router Branch: master Commit: 0a4f422278f2807c955e0613af09f05d4c0d51c2 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=0a4f422… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Tue Sep 7 17:10:44 2010 +0200 iptrtpproxy: cfg_parser api update Update cfg_parser_init() usage. --- modules/iptrtpproxy/iptrtpproxy.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/modules/iptrtpproxy/iptrtpproxy.c b/modules/iptrtpproxy/iptrtpproxy.c index 3f9fb7a..670285b 100644 --- a/modules/iptrtpproxy/iptrtpproxy.c +++ b/modules/iptrtpproxy/iptrtpproxy.c @@ -1046,7 +1046,7 @@ skip: static int parse_iptrtpproxy_cfg() { cfg_parser_t* parser = NULL; struct switchboard_item *si; - if ((parser = cfg_parser_init(&iptrtpproxy_cfg_filename)) == NULL) { + if ((parser = cfg_parser_init(0, &iptrtpproxy_cfg_filename)) == NULL) { ERR(MODULE_NAME"parse_iptrtpproxy_cfg: Error while initializing configuration file parser.\n"); return -1; }

13 years, 8 months

git:master: tls: relative file path support & license changes

by Andrei Pelinescu-Onciul

Module: sip-router Branch: master Commit: 629cba2015ecf837a972070a55c5f02bdefed107 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=629cba2… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Tue Sep 7 17:43:26 2010 +0200 tls: relative file path support & license changes - support relative path for private_key, ca_list and certificate. If the filename starts with '.' or '..' the path will be considered to be relative to the working directory (otherwise if it does not start with '/' it will be relative to the main ser.cfg file directory). The relative path is supported both for modparam and for value loaded from the tls.cfg file. - BSDed and removed FSF (c) from tls_domain.[ch] (the only code remaining somewhat similar with the tls experimental module is 1 typedef). --- modules/tls/tls_cfg.c | 16 ++++++- modules/tls/tls_config.c | 5 ++- modules/tls/tls_domain.c | 102 +++++++++++++++++++++++++++++++--------------- modules/tls/tls_domain.h | 39 ++++++----------- 4 files changed, 100 insertions(+), 62 deletions(-) Diff: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commitdiff;h=629…

13 years, 8 months

git:master: cfg_parser: allow relative paths for the cfg file

by Andrei Pelinescu-Onciul

Module: sip-router Branch: master Commit: 139913192cb9e9616680a3a430a4039da9beb718 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=1399131… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Tue Sep 7 17:03:53 2010 +0200 cfg_parser: allow relative paths for the cfg file Allow relative parhs in the cfg_parser framework (used by the tls module, ldap(s) and iptrtpproxy), by adding a new "basedir" parameter to cfg_parser_init(). If basedir == 0 and the filename does not start with '/', the filename path will be considered to be relative to the main ser config file (e.g. ser -f /etc/ser/ser.cfg => relative to /etc/ser/ ). This was the previous behaviour. If basedir == "" the filename path will be considered to be relative to the working directory (ser -w /tmp => relative to /tmp). For other basedir values, the filename path will be considered to be relative to basedir. --- cfg_parser.c | 32 +++++++++++++++++++++++--------- cfg_parser.h | 2 +- 2 files changed, 24 insertions(+), 10 deletions(-) diff --git a/cfg_parser.c b/cfg_parser.c index 0827939..fa8721b 100644 --- a/cfg_parser.c +++ b/cfg_parser.c @@ -612,19 +612,33 @@ static char* get_base_name(str* filename) } -cfg_parser_t* cfg_parser_init(str* filename) + +/** intialize the config parser. + * @param basedir - path to the config file name. If 0 the path + * (base directory) of the main ser.cfg file will be used, else + * basedir will be concatenated to the filename. It will be + * used only if filename is not an absolute path. + * @param filename - config filename (can include path elements). + * @return 0 on error, !=0 on success. + */ +cfg_parser_t* cfg_parser_init(str* basedir, str* filename) { cfg_parser_t* st; - char* pathname, *base; + char* pathname, *base, *abs_pathname; - pathname = NULL; + abs_pathname = NULL; + pathname = filename->s; st = NULL; base = NULL; - if ((pathname = get_abs_pathname(NULL, filename)) == NULL) { - ERR("cfg_parser: Error while converting %.*s to absolute pathname\n", - STR_FMT(filename)); - goto error; + /* if basedir == 0 or != "" get_abs_pathname */ + if (basedir == 0 || basedir->len != 0) { + if ((abs_pathname = get_abs_pathname(basedir, filename)) == NULL) { + ERR("cfg_parser: Error while converting %.*s to absolute" + " pathname\n", STR_FMT(filename)); + goto error; + } + pathname = abs_pathname; } if ((base = get_base_name(filename)) == NULL) goto error; @@ -640,7 +654,7 @@ cfg_parser_t* cfg_parser_init(str* filename) goto error; } - pkg_free(pathname); + if (abs_pathname) pkg_free(abs_pathname); st->file = base; st->line = 1; @@ -653,7 +667,7 @@ cfg_parser_t* cfg_parser_init(str* filename) pkg_free(st); } if (base) pkg_free(base); - if (pathname) pkg_free(pathname); + if (abs_pathname) pkg_free(abs_pathname); return NULL; } diff --git a/cfg_parser.h b/cfg_parser.h index 4399b6c..11296c5 100644 --- a/cfg_parser.h +++ b/cfg_parser.h @@ -151,7 +151,7 @@ typedef struct cfg_parser { extern struct cfg_option cfg_bool_values[]; -struct cfg_parser* cfg_parser_init(str* filename); +struct cfg_parser* cfg_parser_init(str* basedir, str* filename); void cfg_section_parser(struct cfg_parser* st, cfg_func_f parser, void* param);

13 years, 8 months

git:master: tls: fix wrong string variable length overwrite

by Andrei Pelinescu-Onciul

Module: sip-router Branch: master Commit: e63610186803cfcc0ff14d8871df8ae70df83103 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=e636101… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Tue Sep 7 16:57:33 2010 +0200 tls: fix wrong string variable length overwrite Some per-domain config string variables (cert_file, ca_file, pkey_file & cipher_list) had their length truncated to that of the corresponding variable in the parent domain. Mostly invisible since the string length was in general ignored (asciiz strings). --- modules/tls/tls_domain.c | 37 +++++++++++++++++++++++-------------- 1 files changed, 23 insertions(+), 14 deletions(-) diff --git a/modules/tls/tls_domain.c b/modules/tls/tls_domain.c index 34fc23a..cbb1306 100644 --- a/modules/tls/tls_domain.c +++ b/modules/tls/tls_domain.c @@ -172,7 +172,7 @@ char* tls_domain_str(tls_domain_t* d) /* * Initialize parameters that have not been configured from - * parent domain (usualy one of default domains + * parent domain (usually one of default domains */ static int fill_missing(tls_domain_t* d, tls_domain_t* parent) { @@ -184,27 +184,36 @@ static int fill_missing(tls_domain_t* d, tls_domain_t* parent) return -1; } - if (!d->cert_file.s && - shm_asciiz_dup(&d->cert_file.s, parent->cert_file.s) < 0) return -1; - d->cert_file.len = parent->cert_file.len; + if (!d->cert_file.s) { + if (shm_asciiz_dup(&d->cert_file.s, parent->cert_file.s) < 0) + return -1; + d->cert_file.len = parent->cert_file.len; + } LOG(L_INFO, "%s: certificate='%s'\n", tls_domain_str(d), d->cert_file.s); - if (!d->ca_file.s && - shm_asciiz_dup(&d->ca_file.s, parent->ca_file.s) < 0) return -1; - d->ca_file.len = parent->ca_file.len; + if (!d->ca_file.s){ + if (shm_asciiz_dup(&d->ca_file.s, parent->ca_file.s) < 0) + return -1; + d->ca_file.len = parent->ca_file.len; + } LOG(L_INFO, "%s: ca_list='%s'\n", tls_domain_str(d), d->ca_file.s); if (d->require_cert == -1) d->require_cert = parent->require_cert; - LOG(L_INFO, "%s: require_certificate=%d\n", tls_domain_str(d), d->require_cert); + LOG(L_INFO, "%s: require_certificate=%d\n", tls_domain_str(d), + d->require_cert); - if (!d->cipher_list.s && - shm_asciiz_dup(&d->cipher_list.s, parent->cipher_list.s) < 0) return -1; - d->cipher_list.len = parent->cipher_list.len; + if (!d->cipher_list.s) { + if ( shm_asciiz_dup(&d->cipher_list.s, parent->cipher_list.s) < 0) + return -1; + d->cipher_list.len = parent->cipher_list.len; + } LOG(L_INFO, "%s: cipher_list='%s'\n", tls_domain_str(d), d->cipher_list.s); - if (!d->pkey_file.s && - shm_asciiz_dup(&d->pkey_file.s, parent->pkey_file.s) < 0) return -1; - d->pkey_file.len = parent->pkey_file.len; + if (!d->pkey_file.s) { + if (shm_asciiz_dup(&d->pkey_file.s, parent->pkey_file.s) < 0) + return -1; + d->pkey_file.len = parent->pkey_file.len; + } LOG(L_INFO, "%s: private_key='%s'\n", tls_domain_str(d), d->pkey_file.s); if (d->verify_cert == -1) d->verify_cert = parent->verify_cert;

13 years, 8 months

git:master: tls: fix default file names startup bug

by Andrei Pelinescu-Onciul

Module: sip-router Branch: master Commit: b8c939b440682de3da29f91d71ae07d5ff0fd93f URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=b8c939b… Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org> Date: Tue Sep 7 16:51:29 2010 +0200 tls: fix default file names startup bug When the default file names for private_key, ca_list and certificate were not changed, the tls module crashed on startup when attempting to free() the static default values (when attempting to replace them with absolute paths). Reported-by: Daniel-Constantin Mierla <miconda(a)gmail.com> --- modules/tls/tls_cfg.c | 30 +++++++++++++++++------------- 1 files changed, 17 insertions(+), 13 deletions(-) diff --git a/modules/tls/tls_cfg.c b/modules/tls/tls_cfg.c index 046e202..a75769f 100644 --- a/modules/tls/tls_cfg.c +++ b/modules/tls/tls_cfg.c @@ -39,14 +39,10 @@ struct cfg_group_tls default_tls_cfg = { 0, /* verify_certificate */ 9, /* verify_depth */ 0, /* require_certificate */ - STR_STATIC_INIT(TLS_PKEY_FILE), /* private_key */ -#if TLS_CA_FILE == 0 - STR_NULL, -#else - STR_STATIC_INIT(TLS_CA_FILE), /* ca_list */ -#endif - STR_STATIC_INIT(TLS_CERT_FILE), /* certificate */ - STR_NULL, /* cipher_list */ + STR_NULL, /* private_key (default value set in fix_tls_cfg) */ + STR_NULL, /* ca_list (default value set in fix_tls_cfg) */ + STR_NULL, /* certificate (default value set in fix_tls_cfg) */ + STR_NULL, /* cipher_list (default value set in fix_tls_cfg) */ 0, /* session_cache */ STR_STATIC_INIT("sip-router-tls-3.1"), /* session_id */ STR_NULL, /* config_file */ @@ -216,7 +212,7 @@ cfg_def_t tls_cfg_def[] = { /* to be used on start-up, with pkg_alloc'ed path names (path->s)*/ -static int fix_initial_pathname(str* path) +static int fix_initial_pathname(str* path, char* def) { str new_path; if (path->s && path->len) { @@ -225,6 +221,14 @@ static int fix_initial_pathname(str* path) new_path.len = strlen(new_path.s); pkg_free(path->s); *path = new_path; + } else if (path->s == 0 && def) { + /* use defaults */ + new_path.len = strlen(def); + new_path.s = def; + new_path.s = get_abs_pathname(0, &new_path); + if (new_path.s == 0) return -1; + new_path.len = strlen(new_path.s); + *path = new_path; } return 0; } @@ -243,13 +247,13 @@ int fix_tls_cfg(struct cfg_group_tls* cfg) * pathnames will be converted to absolute and the directory of the main * SER configuration file will be used as reference. */ - if (fix_initial_pathname(&cfg->config_file) < 0) + if (fix_initial_pathname(&cfg->config_file, 0) < 0) return -1; - if (fix_initial_pathname(&cfg->private_key) < 0) + if (fix_initial_pathname(&cfg->private_key, TLS_PKEY_FILE) < 0) return -1; - if (fix_initial_pathname(&cfg->ca_list) < 0 ) + if (fix_initial_pathname(&cfg->ca_list, TLS_CA_FILE) < 0 ) return -1; - if (fix_initial_pathname(&cfg->certificate) < 0) + if (fix_initial_pathname(&cfg->certificate, TLS_CERT_FILE) < 0) return -1; return 0;

13 years, 8 months

[tracker] Comment added: make install fails with a bash syntax error

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task has a new comment added: FS#87 - make install fails with a bash syntax error User who did this - Daniel-Constantin Mierla (miconda) ---------- What is the change? Just moving the 'do' on a new line? There are many such 'for' statements, did you get error only here? What is the error message? ---------- More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=87#comment117 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

13 years, 8 months

[tracker] Comment added: make install fails with a bash syntax error (Attachment added)

by sip-router

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task has a new comment added: FS#87 - make install fails with a bash syntax error User who did this - Dmitry Goncharov (Dmitry) ---------- The first patch is bit defective. It wont work if C_INSTALL_CFGS is not empty. Please, consider this patch. ---------- One or more files have been attached. More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=87#comment116 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

13 years, 8 months

← Newer
1
...
16
17
18
19
20
21
22
23
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev September 2010