[sr-dev] git:andrei/tcp_tls_changes: tls: added tls.options rpc

Andrei Pelinescu-Onciul andrei at iptel.org
Fri May 28 13:44:57 CEST 2010 

Module: sip-router
Branch: andrei/tcp_tls_changes
Commit: 7ac98ae71a7b0ffe157200362971df9006347986
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=7ac98ae71a7b0ffe157200362971df9006347986

Author: Andrei Pelinescu-Onciul <andrei at iptel.org>
Committer: Andrei Pelinescu-Onciul <andrei at iptel.org>
Date:   Fri May 28 13:18:57 2010 +0200

tls: added tls.options rpc

- fixed ca list string initializer
- removed fixups from read-only config variables
- added a new tls.options rpc that dumps the entire tls config.
 E.g.:
sercmd> tls.options
{
	force_run: 0
	method: TLSv1
	verify_certificate: 0
	verify_depth: 9
	require_certificate: 0
	private_key: /home/andrei/sr.git/modules/tls/sip-router-selfsigned.key
	ca_list:
	certificate: /home/andrei/sr.git/modules/tls/sip-router-selfsigned.pem
	cipher_list:
	session_cache: 0
	session_id: sip-router-tls-3.1
	config:
	log: 0
	connection_timeout: 600
	disable_compression: 1
	ssl_release_buffers: 0
	ssl_freelist_max: 0
	ssl_max_send_fragment: -1
	ssl_read_ahead: 1
	low_mem_threshold1: 15204352
	low_mem_threshold2: 7602176
}

---

 modules/tls/tls_cfg.c |   14 +++++++++-----
 modules/tls/tls_rpc.c |   37 +++++++++++++++++++++++++++++++++++++
 2 files changed, 46 insertions(+), 5 deletions(-)

diff --git a/modules/tls/tls_cfg.c b/modules/tls/tls_cfg.c
index 32c37a6..e3d7b00 100644
--- a/modules/tls/tls_cfg.c
+++ b/modules/tls/tls_cfg.c
@@ -40,7 +40,11 @@ struct cfg_group_tls default_tls_cfg = {
 	9, /* verify_depth */
 	0, /* require_certificate */
 	STR_STATIC_INIT(TLS_PKEY_FILE), /* private_key */
+#if TLS_CA_FILE == 0
+	STR_NULL,
+#else
 	STR_STATIC_INIT(TLS_CA_FILE),   /* ca_list */
+#endif
 	STR_STATIC_INIT(TLS_CERT_FILE), /* certificate */
 	STR_NULL, /* cipher_list */
 	0, /* session_cache */
@@ -96,7 +100,7 @@ static int fix_rel_pathname(void* cfg_h, str* gname, str* name, void** val)
 	static char path_buf[MAX_PATH_SIZE];
 
 	f = *val;
-	if (f && f->s) {
+	if (f && f->s && f->len) {
 		new_f.s = get_abs_pathname(0, f);
 		if (new_f.s == 0)
 			return -1;
@@ -130,12 +134,12 @@ cfg_def_t	tls_cfg_def[] = {
 		" verification go in the search for a trusted CA" },
 	{"require_certificate", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0,
 		"if enabled a certificate will be required from clients" },
-	{"private_key", CFG_VAR_STR | CFG_READONLY, 0, 0, fix_rel_pathname, 0,
+	{"private_key", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
 		"name of the file containing the private key (pem format), if not"
 		" contained in the certificate file" },
-	{"ca_list", CFG_VAR_STR | CFG_READONLY, 0, 0, fix_rel_pathname, 0,
+	{"ca_list", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
 		"name of the file containing the trusted CA list (pem format)" },
-	{"certificate", CFG_VAR_STR | CFG_READONLY, 0, 0, fix_rel_pathname, 0,
+	{"certificate", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
 		"name of the file containing the certificate (pem format)" },
 	{"cipher_list", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
 		"list of the accepted ciphers (strings separated by colons)" },
@@ -180,7 +184,7 @@ cfg_def_t	tls_cfg_def[] = {
 static int fix_initial_pathname(str* path)
 {
 	str new_path;
-	if (path->s) {
+	if (path->s && path->len) {
 		new_path.s = get_abs_pathname(0, path);
 		if (new_path.s == 0) return -1;
 		new_path.len = strlen(new_path.s);
diff --git a/modules/tls/tls_rpc.c b/modules/tls/tls_rpc.c
index d5176ac..826f12c 100644
--- a/modules/tls/tls_rpc.c
+++ b/modules/tls/tls_rpc.c
@@ -161,10 +161,47 @@ static void tls_info(rpc_t* rpc, void* c)
 
 
 
+static const char* tls_options_doc[2] = {
+	"Dumps all the tls config options.",
+	0 };
+
+static void tls_options(rpc_t* rpc, void* c)
+{
+	void* handle;
+	rpc->add(c, "{", &handle);
+	rpc->struct_add(handle, "dSdddSSSSdSSddddddddd",
+		"force_run",	cfg_get(tls, tls_cfg, force_run),
+		"method",		&cfg_get(tls, tls_cfg, method),
+		"verify_certificate", cfg_get(tls, tls_cfg, verify_cert),
+
+		"verify_depth",		cfg_get(tls, tls_cfg, verify_depth),
+		"require_certificate",	cfg_get(tls, tls_cfg, require_cert),
+		"private_key",		&cfg_get(tls, tls_cfg, private_key),
+		"ca_list",			&cfg_get(tls, tls_cfg, ca_list),
+		"certificate",		&cfg_get(tls, tls_cfg, certificate),
+		"cipher_list",		&cfg_get(tls, tls_cfg, cipher_list),
+		"session_cache",	cfg_get(tls, tls_cfg, session_cache),
+		"session_id",		&cfg_get(tls, tls_cfg, session_id),
+		"config",			&cfg_get(tls, tls_cfg, config_file),
+		"log",				cfg_get(tls, tls_cfg, log),
+		"connection_timeout", TICKS_TO_S(cfg_get(tls, tls_cfg, con_lifetime)),
+		"disable_compression",	cfg_get(tls, tls_cfg, disable_compression),
+		"ssl_release_buffers",	cfg_get(tls, tls_cfg, ssl_release_buffers),
+		"ssl_freelist_max",		cfg_get(tls, tls_cfg, ssl_freelist_max),
+		"ssl_max_send_fragment", cfg_get(tls, tls_cfg, ssl_max_send_fragment),
+		"ssl_read_ahead",		cfg_get(tls, tls_cfg, ssl_read_ahead),
+		"low_mem_threshold1",	cfg_get(tls, tls_cfg, low_mem_threshold1),
+		"low_mem_threshold2",	cfg_get(tls, tls_cfg, low_mem_threshold2)
+		);
+}
+
+
+
 
 rpc_export_t tls_rpc[] = {
 	{"tls.reload", tls_reload, tls_reload_doc, 0},
 	{"tls.list",   tls_list,   tls_list_doc,   RET_ARRAY},
 	{"tls.info",   tls_info,   tls_info_doc, 0},
+	{"tls.options",tls_options, tls_options_doc, 0},
 	{0, 0, 0, 0}
 };

More information about the sr-dev mailing list