Fix the following build failure with libressl by using SSL_is_server
which is available since version 2.7.0 and
d7ec516916:
iostream.c: In function 'ast_iostream_close':
iostream.c:559:41: error: invalid use of incomplete typedef 'SSL' {aka 'struct ssl_st'}
559 | if (!stream->ssl->server) {
| ^~
ASTERISK-30107 #close
Fixes: - http://autobuild.buildroot.org/results/ce4d62d00bb77ba5b303cacf6be7e350581a62f9
Change-Id: Iea7f34970297f2fb50285d73462d0174ba7e9587
When TLS is in use, checking the readiness of the underlying FD is insufficient
for determining if there is data available to be read. So before polling the
FD, check if there is any buffered data in the TLS layer and use that first.
ASTERISK-28562 #close
Reported by: Robert Sutton
Change-Id: I95fcb3e2004700d5cf8e5ee04943f0115b15e10d
Providing a buffer larger than the internal buffer of ast_iostream_gets()
fails to get lines longer than the internal buffer.
* Made ast_iostream_gets() fill the supplied buffer with read data until
either a '\n' is found or the supplied buffer is filled just like fgets().
Change-Id: If18b3f6ee500e22f0633a68779ed09f7e0f305ed
Before Asterisk sends an HTTP response (at least in the case of errors),
it attempts to read & discard the content of the request. If the client
lies about the Content-Length, or the connection is closed from the
client side before "Content-Length" bytes are sent, the request handling
thread will busy loop.
ASTERISK-27807
Change-Id: I945c5fc888ed92be625b8c35039fc6d2aa89c762
asterisk/tcptls.h was included (explicitly, implicitly, or transitively). Those
inclusions got replaced by forward declarations. As side effect, the inclusions
got completed.
ASTERISK-27878
Change-Id: I9d102728e30336d6522e5e4ae9e964013a0835f7
There are many places in the code base where we ignore the return value
of fcntl() when getting/setting file descriptior flags. This patch
introduces a convenience function that allows setting or clearing file
descriptor flags and will also log an error on failure for later
analysis.
Change-Id: I8b81901e1b1bd537ca632567cdb408931c6eded7
This adds the printf attribute and changes 'fmt' from 'const void *' to
'const char *'. This resolves a warning from some compiler for
vsnprintf needing a literal string for format.
Change-Id: I71c33a8262590042ee451e1146760c10bb22fb78
This change uses the functions provided by OpenSSL to query
and better construct error messages for situations where
the connection encounters a problem.
ASTERISK-26606
Change-Id: I7ae40ce88c0dc4e185c4df1ceb3a6ccc198f075b
ast_iostream_printf() attempts first to use a fixed-size buffer to
perform its printf-like operation. If the fixed-size buffer is too
small, then a heap allocation is used instead. The heap allocation in
this case was exactly the length of the string to print. The issue here
is that the ensuing call to vsnprintf() will print a NULL byte in the
final space of the string. This meant that the final character was being
chopped off the string and replaced with a NULL byte. For HTTP in
particular, this caused problems because HTTP publishes the expected
Contact-Length. This meant HTTP was publishing a length one character
larger than what was actually present in the message.
This patch corrects the issue by adding one to the allocation length.
ASTERISK-26629
Reported by Joshua Colp
Change-Id: Ib3c5f41e96833d0415cf000656ac368168add639
OpenSSL 1.1.0 includes some major changes in the interface. See
https://wiki.openssl.org/index.php/1.1_API_Changes .
Status: Right now there are still a few deprecation notes with OpenSSL
1.1.0. But it's a start.
Changes:
* CRYPTO_LOCK is no longer available. Replace it with its value for now.
I don't completely understand what it is used for there.
* Remove several functions from libasteriskssl that seem to no longer be
needed.
* Structures have become opaque and are accesses with accessors.
* ERR_remove_thread_state() no longer needed.
* SSLv2 code now could no longer be used in 1.1.
ASTERISK-26109 #close
Change-Id: I5e29d477d486ca29b6aae0dc2f5dff960c1cb82b
The asterisk.h header file needs to be included first or else
some things go awry, such as:
implicit declaration of function 'vasprintf'
Change-Id: I981dc2a77a1ba791888e4f1726644d4656c0407c
fopencookie/funclose is a non-standard API and should not be used
in portable software. Additionally, the way FILE's fd is used in
non-blocking mode is undefined behaviour and cannot be relied on.
This introduces internal abstraction for io streams, that allows
implementing the desired virtualization of read/write operations
with necessary timeout handling.
ASTERISK-24515 #close
ASTERISK-24517 #close
Change-Id: Id916aef418b665ced6a7489aef74908b6e376e85