cleaup of the TCP/TLS socket API:
authorKevin P. Fleming <kpfleming@digium.com>
Sun, 19 Oct 2008 19:11:28 +0000 (19:11 +0000)
committerKevin P. Fleming <kpfleming@digium.com>
Sun, 19 Oct 2008 19:11:28 +0000 (19:11 +0000)
1) rename 'struct server_args' to 'struct ast_tcptls_session_args', to follow coding guidelines

2) make ast_make_file_from_fd() static and rename it to something that indicates what it really is for (again coding guidelines)

3) rename address variables inside 'struct ast_tcptls_session_args' to be more descriptive (dare i say it... coding guidelines)

4) change ast_tcptls_client_start() to use the new 'remote_address' field of the session args for the destination of the connection, and use the 'local_address' field to bind() the socket to the proper source address, if one is supplied

5) in chan_sip, ensure that we pass in the PP address we are bound to when creating outbound (client) connections, so that our connections will appear from the correct address

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@151101 65c4cc65-6c06-0410-ace0-fbb531ad65f3

apps/app_externalivr.c
channels/chan_sip.c
include/asterisk/tcptls.h
main/http.c
main/manager.c
main/tcptls.c

index a73a19d..20eda9b 100644 (file)
@@ -46,6 +46,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
 #include "asterisk/app.h"
 #include "asterisk/utils.h"
 #include "asterisk/tcptls.h"
+#include "asterisk/astobj2.h"
 
 static const char *app = "ExternalIVR";
 
@@ -419,7 +420,7 @@ static int app_exec(struct ast_channel *chan, void *data)
        }
 
        if (!strncmp(app_args[0], "ivr://", 6)) {
-               struct server_args ivr_desc = {
+               struct ast_tcptls_session_args ivr_desc = {
                        .accept_fd = -1,
                        .name = "IVR",
                };
@@ -438,9 +439,9 @@ static int app_exec(struct ast_channel *chan, void *data)
                }
 
                ast_gethostbyname(hostname, &hp);
-               ivr_desc.sin.sin_family = AF_INET;
-               ivr_desc.sin.sin_port = htons(port);
-               memmove(&ivr_desc.sin.sin_addr.s_addr, hp.hp.h_addr, hp.hp.h_length);
+               ivr_desc.local_address.sin_family = AF_INET;
+               ivr_desc.local_address.sin_port = htons(port);
+               memcpy(&ivr_desc.local_address.sin_addr.s_addr, hp.hp.h_addr, hp.hp.h_length);
                ser = ast_tcptls_client_start(&ivr_desc);
 
                if (!ser) {
index db6ac43..c221290 100644 (file)
@@ -2379,7 +2379,7 @@ static struct ast_tls_config sip_tls_cfg;
 static struct ast_tls_config default_tls_cfg;
 
 /*! \brief The TCP server definition */
-static struct server_args sip_tcp_desc = {
+static struct ast_tcptls_session_args sip_tcp_desc = {
        .accept_fd = -1,
        .master = AST_PTHREADT_NULL,
        .tls_cfg = NULL,
@@ -2390,7 +2390,7 @@ static struct server_args sip_tcp_desc = {
 };
 
 /*! \brief The TCP/TLS server definition */
-static struct server_args sip_tls_desc = {
+static struct ast_tcptls_session_args sip_tls_desc = {
        .accept_fd = -1,
        .master = AST_PTHREADT_NULL,
        .tls_cfg = &sip_tls_cfg,
@@ -2544,7 +2544,7 @@ static void *_sip_tcp_helper_thread(struct sip_pvt *pvt, struct ast_tcptls_sessi
                                we receive is not the same - we should generate an error */
 
                req.socket.ser = ser;
-               handle_request_do(&req, &ser->requestor);
+               handle_request_do(&req, &ser->remote_address);
        }
 
 cleanup:
@@ -2588,7 +2588,7 @@ static void *unref_peer(struct sip_peer *peer, char *tag)
 
 static struct sip_peer *ref_peer(struct sip_peer *peer, char *tag)
 {
-       ao2_t_ref(peer, 1,tag);
+       ao2_t_ref(peer, 1, tag);
        return peer;
 }
 
@@ -12838,8 +12838,8 @@ static char *sip_show_tcp(struct ast_cli_entry *e, int cmd, struct ast_cli_args
        ast_cli(a->fd, FORMAT2, "Host", "Port", "Transport", "Type");
        AST_LIST_LOCK(&threadl);
        AST_LIST_TRAVERSE(&threadl, th, list) {
-               ast_cli(a->fd, FORMAT, ast_inet_ntoa(th->ser->requestor.sin_addr), 
-                       ntohs(th->ser->requestor.sin_port), 
+               ast_cli(a->fd, FORMAT, ast_inet_ntoa(th->ser->remote_address.sin_addr), 
+                       ntohs(th->ser->remote_address.sin_port), 
                        get_transport(th->type), 
                        (th->ser->client ? "Client" : "Server"));
 
@@ -14105,16 +14105,16 @@ static char *sip_show_settings(struct ast_cli_entry *e, int cmd, struct ast_cli_
        ast_cli(a->fd, "  UDP SIP Port:           %d\n", ntohs(bindaddr.sin_port));
        ast_cli(a->fd, "  UDP Bindaddress:        %s\n", ast_inet_ntoa(bindaddr.sin_addr));
        ast_cli(a->fd, "  TCP SIP Port:           ");
-       if (sip_tcp_desc.sin.sin_family == AF_INET) {
-               ast_cli(a->fd, "%d\n", ntohs(sip_tcp_desc.sin.sin_port));
-               ast_cli(a->fd, "  TCP Bindaddress:        %s\n", ast_inet_ntoa(sip_tcp_desc.sin.sin_addr));
+       if (sip_tcp_desc.local_address.sin_family == AF_INET) {
+               ast_cli(a->fd, "%d\n", ntohs(sip_tcp_desc.local_address.sin_port));
+               ast_cli(a->fd, "  TCP Bindaddress:        %s\n", ast_inet_ntoa(sip_tcp_desc.local_address.sin_addr));
        } else {
                ast_cli(a->fd, "Disabled\n");
        }
        ast_cli(a->fd, "  TLS SIP Port:           ");
        if (default_tls_cfg.enabled != FALSE) {
-               ast_cli(a->fd, "%d\n", ntohs(sip_tls_desc.sin.sin_port));
-               ast_cli(a->fd, "  TLS Bindaddress:        %s\n", ast_inet_ntoa(sip_tls_desc.sin.sin_addr));
+               ast_cli(a->fd, "%d\n", ntohs(sip_tls_desc.local_address.sin_port));
+               ast_cli(a->fd, "  TLS Bindaddress:        %s\n", ast_inet_ntoa(sip_tls_desc.local_address.sin_addr));
        } else {
                ast_cli(a->fd, "Disabled\n");
        }
@@ -20060,9 +20060,9 @@ static struct ast_tcptls_session_instance *sip_tcp_locate(struct sockaddr_in *s)
 
        AST_LIST_LOCK(&threadl);
        AST_LIST_TRAVERSE(&threadl, th, list) {
-               if ((s->sin_family == th->ser->requestor.sin_family) &&
-                       (s->sin_addr.s_addr == th->ser->requestor.sin_addr.s_addr) &&
-                       (s->sin_port == th->ser->requestor.sin_port))  {
+               if ((s->sin_family == th->ser->remote_address.sin_family) &&
+                       (s->sin_addr.s_addr == th->ser->remote_address.sin_addr.s_addr) &&
+                       (s->sin_port == th->ser->remote_address.sin_port))  {
                                AST_LIST_UNLOCK(&threadl);
                                return th->ser;
                        }
@@ -20077,7 +20077,7 @@ static int sip_prepare_socket(struct sip_pvt *p)
        struct sip_socket *s = &p->socket;
        static const char name[] = "SIP socket";
        struct ast_tcptls_session_instance *ser;
-       struct server_args ca = {
+       struct ast_tcptls_session_args ca = {
                .name = name,
                .accept_fd = -1,
        };
@@ -20097,9 +20097,9 @@ static int sip_prepare_socket(struct sip_pvt *p)
                return s->fd;
        }
 
-       ca.sin = *(sip_real_dst(p));
+       ca.remote_address = *(sip_real_dst(p));
 
-       if ((ser = sip_tcp_locate(&ca.sin))) {  /* Check if we have a thread handling a socket connected to this IP/port */
+       if ((ser = sip_tcp_locate(&ca.remote_address))) {       /* Check if we have a thread handling a socket connected to this IP/port */
                s->fd = ser->fd;
                if (s->ser) {
                        ao2_ref(s->ser, -1);
@@ -22048,16 +22048,16 @@ static int reload_config(enum channelreloadreason reason)
        }
 
        /* Initialize tcp sockets */
-       memset(&sip_tcp_desc.sin, 0, sizeof(sip_tcp_desc.sin));
-       memset(&sip_tls_desc.sin, 0, sizeof(sip_tls_desc.sin));
+       memset(&sip_tcp_desc.local_address, 0, sizeof(sip_tcp_desc.local_address));
+       memset(&sip_tls_desc.local_address, 0, sizeof(sip_tls_desc.local_address));
 
        ast_free_ha(global_contact_ha);
        global_contact_ha = NULL;
 
        default_tls_cfg.enabled = FALSE;                /* Default: Disable TLS */
 
-       sip_tcp_desc.sin.sin_port = htons(STANDARD_SIP_PORT);
-       sip_tls_desc.sin.sin_port = htons(STANDARD_TLS_PORT);
+       sip_tcp_desc.local_address.sin_port = htons(STANDARD_SIP_PORT);
+       sip_tls_desc.local_address.sin_port = htons(STANDARD_TLS_PORT);
 
        if (reason != CHANNEL_MODULE_LOAD) {
                ast_debug(4, "--------------- SIP reload started\n");
@@ -22292,17 +22292,17 @@ static int reload_config(enum channelreloadreason reason)
                                }
                        }
                } else if (!strcasecmp(v->name, "tcpenable")) {
-                       sip_tcp_desc.sin.sin_family = ast_false(v->value) ? 0 : AF_INET;
+                       sip_tcp_desc.local_address.sin_family = ast_false(v->value) ? 0 : AF_INET;
                        ast_debug(2, "Enabling TCP socket for listening\n");
                } else if (!strcasecmp(v->name, "tcpbindaddr")) {
-                       int family = sip_tcp_desc.sin.sin_family;
-                       if (ast_parse_arg(v->value, PARSE_INADDR, &sip_tcp_desc.sin))
+                       int family = sip_tcp_desc.local_address.sin_family;
+                       if (ast_parse_arg(v->value, PARSE_INADDR, &sip_tcp_desc.local_address))
                                ast_log(LOG_WARNING, "Invalid %s '%s' at line %d of %s\n", v->name, v->value, v->lineno, config);
-                       sip_tcp_desc.sin.sin_family = family;
+                       sip_tcp_desc.local_address.sin_family = family;
                        ast_debug(2, "Setting TCP socket address to %s\n", v->value);
                } else if (!strcasecmp(v->name, "tlsenable")) {
                        default_tls_cfg.enabled = ast_true(v->value) ? TRUE : FALSE;
-                       sip_tls_desc.sin.sin_family = AF_INET;
+                       sip_tls_desc.local_address.sin_family = AF_INET;
                } else if (!strcasecmp(v->name, "tlscertfile")) {
                        ast_free(default_tls_cfg.certfile);
                        default_tls_cfg.certfile = ast_strdup(v->value);
@@ -22320,7 +22320,7 @@ static int reload_config(enum channelreloadreason reason)
                } else if (!strcasecmp(v->name, "tlsdontverifyserver")) {
                        ast_set2_flag(&default_tls_cfg.flags, ast_true(v->value), AST_SSL_DONT_VERIFY_SERVER);  
                } else if (!strcasecmp(v->name, "tlsbindaddr")) {
-                       if (ast_parse_arg(v->value, PARSE_INADDR, &sip_tls_desc.sin))
+                       if (ast_parse_arg(v->value, PARSE_INADDR, &sip_tls_desc.local_address))
                                ast_log(LOG_WARNING, "Invalid %s '%s' at line %d of %s\n", v->name, v->value, v->lineno, config);
                } else if (!strcasecmp(v->name, "dynamic_exclude_static") || !strcasecmp(v->name, "dynamic_excludes_static")) {
                        global_dynamic_exclude_static = ast_true(v->value);
@@ -22798,10 +22798,10 @@ static int reload_config(enum channelreloadreason reason)
 
        /* Start TCP server */
        ast_tcptls_server_start(&sip_tcp_desc);
-       if (sip_tcp_desc.accept_fd == -1 &&  sip_tcp_desc.sin.sin_family == AF_INET) {
+       if (sip_tcp_desc.accept_fd == -1 &&  sip_tcp_desc.local_address.sin_family == AF_INET) {
                /* TCP server start failed. Tell the admin */
                ast_log(LOG_ERROR, "SIP TCP Server start failed. Not listening on TCP socket.\n");
-               sip_tcp_desc.sin.sin_family = 0;
+               sip_tcp_desc.local_address.sin_family = 0;
        } else {
                ast_debug(2, "SIP TCP server started\n");
        }
@@ -22836,12 +22836,12 @@ static int reload_config(enum channelreloadreason reason)
                        ast_log(LOG_NOTICE, "Can't add wildcard IP address to domain list, please add IP address to domain manually.\n");
 
                /* If TCP is running on a different IP than UDP, then add it too */
-               if (sip_tcp_desc.sin.sin_addr.s_addr && !inaddrcmp(&bindaddr, &sip_tcp_desc.sin))
-                       add_sip_domain(ast_inet_ntoa(sip_tcp_desc.sin.sin_addr), SIP_DOMAIN_AUTO, NULL);
+               if (sip_tcp_desc.local_address.sin_addr.s_addr && !inaddrcmp(&bindaddr, &sip_tcp_desc.local_address))
+                       add_sip_domain(ast_inet_ntoa(sip_tcp_desc.local_address.sin_addr), SIP_DOMAIN_AUTO, NULL);
 
                /* If TLS is running on a differen IP than UDP and TCP, then add that too */
-               if (sip_tls_desc.sin.sin_addr.s_addr && !inaddrcmp(&bindaddr, &sip_tls_desc.sin) && inaddrcmp(&sip_tcp_desc.sin, &sip_tls_desc.sin))
-                       add_sip_domain(ast_inet_ntoa(sip_tls_desc.sin.sin_addr), SIP_DOMAIN_AUTO, NULL);
+               if (sip_tls_desc.local_address.sin_addr.s_addr && !inaddrcmp(&bindaddr, &sip_tls_desc.local_address) && inaddrcmp(&sip_tcp_desc.local_address, &sip_tls_desc.local_address))
+                       add_sip_domain(ast_inet_ntoa(sip_tls_desc.local_address.sin_addr), SIP_DOMAIN_AUTO, NULL);
 
                /* Our extern IP address, if configured */
                if (externip.sin_addr.s_addr)
index a345200..6fb6d4b 100644 (file)
  *
  */
 
-
-#ifndef _ASTERISK_SERVER_H
-#define _ASTERISK_SERVER_H
+#ifndef _ASTERISK_TCPTLS_H
+#define _ASTERISK_TCPTLS_H
 
 #include "asterisk/utils.h"
-#include "asterisk/astobj2.h"
 
 #if defined(HAVE_OPENSSL) && (defined(HAVE_FUNOPEN) || defined(HAVE_FOPENCOOKIE))
 #define DO_SSL  /* comment in/out if you want to support ssl */
@@ -90,7 +88,7 @@ struct ast_tls_config {
 /*!
  * The following code implements a generic mechanism for starting
  * services on a TCP or TLS socket.
- * The service is configured in the struct server_args, and
+ * The service is configured in the struct session_args, and
  * then started by calling server_start(desc) on the descriptor.
  * server_start() first verifies if an instance of the service is active,
  * and in case shuts it down. Then, if the service must be started, creates
@@ -105,38 +103,19 @@ struct ast_tls_config {
  * running the session, whose body is desc->worker_fn(). The argument of
  * worker_fn() is a struct ast_tcptls_session_instance, which contains the address
  * of the other party, a pointer to desc, the file descriptors (fd) on which
- * we can do a select/poll (but NOT IO/, and a FILE *on which we can do I/O.
+ * we can do a select/poll (but NOT I/O), and a FILE *on which we can do I/O.
  * We have both because we want to support plain and SSL sockets, and
- * going through a FILE *lets us provide the encryption/decryption
+ * going through a FILE * lets us provide the encryption/decryption
  * on the stream without using an auxiliary thread.
- *
- * NOTE: in order to let other parts of asterisk use these services,
- * we need to do the following:
- * + move struct ast_tcptls_session_instance and struct server_args to
- * a common header file, together with prototypes for
- * server_start() and server_root().
  */
 
 /*! \brief
- * describes a server instance
- */
-struct ast_tcptls_session_instance {
-       FILE *f;    /* fopen/funopen result */
-       int fd;     /* the socket returned by accept() */
-       SSL *ssl;   /* ssl state */
-/*     iint (*ssl_setup)(SSL *); */
-       int client;
-       struct sockaddr_in requestor;
-       struct server_args *parent;
-       ast_mutex_t lock;
-};
-
-/*! \brief
  * arguments for the accepting thread
  */
-struct server_args {
-       struct sockaddr_in sin;
-       struct sockaddr_in oldsin;
+struct ast_tcptls_session_args {
+       struct sockaddr_in local_address;
+       struct sockaddr_in old_local_address;
+       struct sockaddr_in remote_address;
        char hostname[MAXHOSTNAMELEN]; /*!< only necessary for SSL clients so we can compare to common name */
        struct ast_tls_config *tls_cfg; /*!< points to the SSL configuration if any */
        int accept_fd;
@@ -148,6 +127,20 @@ struct server_args {
        const char *name;
 };
 
+/*
+ * describes a server instance
+ */
+struct ast_tcptls_session_instance {
+       FILE *f;    /* fopen/funopen result */
+       int fd;     /* the socket returned by accept() */
+       SSL *ssl;   /* ssl state */
+/*     iint (*ssl_setup)(SSL *); */
+       int client;
+       struct sockaddr_in remote_address;
+       struct ast_tcptls_session_args *parent;
+       ast_mutex_t lock;
+};
+
 #if defined(HAVE_FUNOPEN)
 #define HOOK_T int
 #define LEN_T int
@@ -156,16 +149,14 @@ struct server_args {
 #define LEN_T size_t
 #endif
 
-struct ast_tcptls_session_instance *ast_tcptls_client_start(struct server_args *desc);
+struct ast_tcptls_session_instance *ast_tcptls_client_start(struct ast_tcptls_session_args *desc);
 
 void *ast_tcptls_server_root(void *);
-void ast_tcptls_server_start(struct server_args *desc);
-void ast_tcptls_server_stop(struct server_args *desc);
+void ast_tcptls_server_start(struct ast_tcptls_session_args *desc);
+void ast_tcptls_server_stop(struct ast_tcptls_session_args *desc);
 int ast_ssl_setup(struct ast_tls_config *cfg);
 
-void *ast_make_file_from_fd(void *data);
-
 HOOK_T ast_tcptls_server_read(struct ast_tcptls_session_instance *ser, void *buf, size_t count);
 HOOK_T ast_tcptls_server_write(struct ast_tcptls_session_instance *ser, void *buf, size_t count);
 
-#endif /* _ASTERISK_SERVER_H */
+#endif /* _ASTERISK_TCPTLS_H */
index b1bb878..f7a1e18 100644 (file)
@@ -50,6 +50,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
 #include "asterisk/ast_version.h"
 #include "asterisk/manager.h"
 #include "asterisk/_private.h"
+#include "asterisk/astobj2.h"
 
 #define MAX_PREFIX 80
 
@@ -65,7 +66,7 @@ static void *httpd_helper_thread(void *arg);
 /*!
  * we have up to two accepting threads, one for http, one for https
  */
-static struct server_args http_desc = {
+static struct ast_tcptls_session_args http_desc = {
        .accept_fd = -1,
        .master = AST_PTHREADT_NULL,
        .tls_cfg = NULL,
@@ -75,7 +76,7 @@ static struct server_args http_desc = {
        .worker_fn = httpd_helper_thread,
 };
 
-static struct server_args https_desc = {
+static struct ast_tcptls_session_args https_desc = {
        .accept_fd = -1,
        .master = AST_PTHREADT_NULL,
        .tls_cfg = &http_tls_cfg,
@@ -254,13 +255,13 @@ static struct ast_str *httpstatus_callback(struct ast_tcptls_session_instance *s
                       "<h2>&nbsp;&nbsp;Asterisk&trade; HTTP Status</h2></td></tr>\r\n");
        ast_str_append(&out, 0, "<tr><td><i>Prefix</i></td><td><b>%s</b></td></tr>\r\n", prefix);
        ast_str_append(&out, 0, "<tr><td><i>Bind Address</i></td><td><b>%s</b></td></tr>\r\n",
-                      ast_inet_ntoa(http_desc.oldsin.sin_addr));
+                      ast_inet_ntoa(http_desc.old_local_address.sin_addr));
        ast_str_append(&out, 0, "<tr><td><i>Bind Port</i></td><td><b>%d</b></td></tr>\r\n",
-                      ntohs(http_desc.oldsin.sin_port));
+                      ntohs(http_desc.old_local_address.sin_port));
 
        if (http_tls_cfg.enabled) {
                ast_str_append(&out, 0, "<tr><td><i>SSL Bind Port</i></td><td><b>%d</b></td></tr>\r\n",
-                              ntohs(https_desc.oldsin.sin_port));
+                              ntohs(https_desc.old_local_address.sin_port));
        }
 
        ast_str_append(&out, 0, "<tr><td colspan=\"2\"><hr></td></tr>\r\n");
@@ -857,11 +858,11 @@ static int __ast_http_load(int reload)
        }
 
        /* default values */
-       memset(&http_desc.sin, 0, sizeof(http_desc.sin));
-       http_desc.sin.sin_port = htons(8088);
+       memset(&http_desc.local_address, 0, sizeof(http_desc.local_address));
+       http_desc.local_address.sin_port = htons(8088);
 
-       memset(&https_desc.sin, 0, sizeof(https_desc.sin));
-       https_desc.sin.sin_port = htons(8089);
+       memset(&https_desc.local_address, 0, sizeof(https_desc.local_address));
+       https_desc.local_address.sin_port = htons(8089);
 
        http_tls_cfg.enabled = 0;
        if (http_tls_cfg.certfile) {
@@ -887,7 +888,7 @@ static int __ast_http_load(int reload)
                        } else if (!strcasecmp(v->name, "sslenable")) {
                                http_tls_cfg.enabled = ast_true(v->value);
                        } else if (!strcasecmp(v->name, "sslbindport")) {
-                               https_desc.sin.sin_port = htons(atoi(v->value));
+                               https_desc.local_address.sin_port = htons(atoi(v->value));
                        } else if (!strcasecmp(v->name, "sslcert")) {
                                ast_free(http_tls_cfg.certfile);
                                http_tls_cfg.certfile = ast_strdup(v->value);
@@ -897,17 +898,17 @@ static int __ast_http_load(int reload)
                        } else if (!strcasecmp(v->name, "enablestatic")) {
                                newenablestatic = ast_true(v->value);
                        } else if (!strcasecmp(v->name, "bindport")) {
-                               http_desc.sin.sin_port = htons(atoi(v->value));
+                               http_desc.local_address.sin_port = htons(atoi(v->value));
                        } else if (!strcasecmp(v->name, "sslbindaddr")) {
                                if ((hp = ast_gethostbyname(v->value, &ahp))) {
-                                       memcpy(&https_desc.sin.sin_addr, hp->h_addr, sizeof(https_desc.sin.sin_addr));
+                                       memcpy(&https_desc.local_address.sin_addr, hp->h_addr, sizeof(https_desc.local_address.sin_addr));
                                        have_sslbindaddr = 1;
                                } else {
                                        ast_log(LOG_WARNING, "Invalid bind address '%s'\n", v->value);
                                }
                        } else if (!strcasecmp(v->name, "bindaddr")) {
                                if ((hp = ast_gethostbyname(v->value, &ahp))) {
-                                       memcpy(&http_desc.sin.sin_addr, hp->h_addr, sizeof(http_desc.sin.sin_addr));
+                                       memcpy(&http_desc.local_address.sin_addr, hp->h_addr, sizeof(http_desc.local_address.sin_addr));
                                } else {
                                        ast_log(LOG_WARNING, "Invalid bind address '%s'\n", v->value);
                                }
@@ -929,10 +930,10 @@ static int __ast_http_load(int reload)
        }
 
        if (!have_sslbindaddr) {
-               https_desc.sin.sin_addr = http_desc.sin.sin_addr;
+               https_desc.local_address.sin_addr = http_desc.local_address.sin_addr;
        }
        if (enabled) {
-               http_desc.sin.sin_family = https_desc.sin.sin_family = AF_INET;
+               http_desc.local_address.sin_family = https_desc.local_address.sin_family = AF_INET;
        }
        if (strcmp(prefix, newprefix)) {
                ast_copy_string(prefix, newprefix, sizeof(prefix));
@@ -967,16 +968,16 @@ static char *handle_show_http(struct ast_cli_entry *e, int cmd, struct ast_cli_a
        }
        ast_cli(a->fd, "HTTP Server Status:\n");
        ast_cli(a->fd, "Prefix: %s\n", prefix);
-       if (!http_desc.oldsin.sin_family) {
+       if (!http_desc.old_local_address.sin_family) {
                ast_cli(a->fd, "Server Disabled\n\n");
        } else {
                ast_cli(a->fd, "Server Enabled and Bound to %s:%d\n\n",
-                       ast_inet_ntoa(http_desc.oldsin.sin_addr),
-                       ntohs(http_desc.oldsin.sin_port));
+                       ast_inet_ntoa(http_desc.old_local_address.sin_addr),
+                       ntohs(http_desc.old_local_address.sin_port));
                if (http_tls_cfg.enabled) {
                        ast_cli(a->fd, "HTTPS Server Enabled and Bound to %s:%d\n\n",
-                               ast_inet_ntoa(https_desc.oldsin.sin_addr),
-                               ntohs(https_desc.oldsin.sin_port));
+                               ast_inet_ntoa(https_desc.old_local_address.sin_addr),
+                               ntohs(https_desc.old_local_address.sin_port));
                }
        }
 
index a865e0f..71e97b8 100644 (file)
@@ -3105,7 +3105,7 @@ static void *session_do(void *data)
        /* these fields duplicate those in the 'ser' structure */
        s->fd = ser->fd;
        s->f = ser->f;
-       s->sin = ser->requestor;
+       s->sin = ser->remote_address;
 
        AST_LIST_HEAD_INIT_NOLOCK(&s->datastores);
 
@@ -3696,7 +3696,7 @@ static void xml_translate(struct ast_str **out, char *in, struct ast_variable *v
 }
 
 static struct ast_str *generic_http_callback(enum output_format format,
-                                            struct sockaddr_in *requestor, const char *uri, enum ast_http_method method,
+                                            struct sockaddr_in *remote_address, const char *uri, enum ast_http_method method,
                                             struct ast_variable *params, int *status,
                                             char **title, int *contentlength)
 {
@@ -3725,7 +3725,7 @@ static struct ast_str *generic_http_callback(enum output_format format,
                        *status = 500;
                        goto generic_callback_out;
                }
-               s->sin = *requestor;
+               s->sin = *remote_address;
                s->fd = -1;
                s->waiting_thread = AST_PTHREADT_NULL;
                s->send_events = 0;
@@ -3871,17 +3871,17 @@ generic_callback_out:
 
 static struct ast_str *manager_http_callback(struct ast_tcptls_session_instance *ser, const struct ast_http_uri *urih, const char *uri, enum ast_http_method method, struct ast_variable *params, struct ast_variable *headers, int *status, char **title, int *contentlength)
 {
-       return generic_http_callback(FORMAT_HTML, &ser->requestor, uri, method, params, status, title, contentlength);
+       return generic_http_callback(FORMAT_HTML, &ser->remote_address, uri, method, params, status, title, contentlength);
 }
 
 static struct ast_str *mxml_http_callback(struct ast_tcptls_session_instance *ser, const struct ast_http_uri *urih, const char *uri, enum ast_http_method method, struct ast_variable *params, struct ast_variable *headers, int *status, char **title, int *contentlength)
 {
-       return generic_http_callback(FORMAT_XML, &ser->requestor, uri, method, params, status, title, contentlength);
+       return generic_http_callback(FORMAT_XML, &ser->remote_address, uri, method, params, status, title, contentlength);
 }
 
 static struct ast_str *rawman_http_callback(struct ast_tcptls_session_instance *ser, const struct ast_http_uri *urih, const char *uri, enum ast_http_method method, struct ast_variable *params, struct ast_variable *headers, int *status, char **title, int *contentlength)
 {
-       return generic_http_callback(FORMAT_RAW, &ser->requestor, uri, method, params, status, title, contentlength);
+       return generic_http_callback(FORMAT_RAW, &ser->remote_address, uri, method, params, status, title, contentlength);
 }
 
 struct ast_http_uri rawmanuri = {
@@ -3924,7 +3924,7 @@ static void purge_old_stuff(void *data)
 }
 
 struct ast_tls_config ami_tls_cfg;
-static struct server_args ami_desc = {
+static struct ast_tcptls_session_args ami_desc = {
        .accept_fd = -1,
        .master = AST_PTHREADT_NULL,
        .tls_cfg = NULL, 
@@ -3935,7 +3935,7 @@ static struct server_args ami_desc = {
        .worker_fn = session_do,        /* thread handling the session */
 };
 
-static struct server_args amis_desc = {
+static struct ast_tcptls_session_args amis_desc = {
        .accept_fd = -1,
        .master = AST_PTHREADT_NULL,
        .tls_cfg = &ami_tls_cfg, 
@@ -4011,10 +4011,10 @@ static int __init_manager(int reload)
        }
 
        /* default values */
-       memset(&ami_desc.sin, 0, sizeof(struct sockaddr_in));
-       memset(&amis_desc.sin, 0, sizeof(amis_desc.sin));
-       amis_desc.sin.sin_port = htons(5039);
-       ami_desc.sin.sin_port = htons(DEFAULT_MANAGER_PORT);
+       memset(&ami_desc.local_address, 0, sizeof(struct sockaddr_in));
+       memset(&amis_desc.local_address, 0, sizeof(amis_desc.local_address));
+       amis_desc.local_address.sin_port = htons(5039);
+       ami_desc.local_address.sin_port = htons(DEFAULT_MANAGER_PORT);
 
        ami_tls_cfg.enabled = 0;
        if (ami_tls_cfg.certfile)
@@ -4029,10 +4029,10 @@ static int __init_manager(int reload)
                if (!strcasecmp(var->name, "sslenable"))
                        ami_tls_cfg.enabled = ast_true(val);
                else if (!strcasecmp(var->name, "sslbindport"))
-                       amis_desc.sin.sin_port = htons(atoi(val));
+                       amis_desc.local_address.sin_port = htons(atoi(val));
                else if (!strcasecmp(var->name, "sslbindaddr")) {
                        if ((hp = ast_gethostbyname(val, &ahp))) {
-                               memcpy(&amis_desc.sin.sin_addr, hp->h_addr, sizeof(amis_desc.sin.sin_addr));
+                               memcpy(&amis_desc.local_address.sin_addr, hp->h_addr, sizeof(amis_desc.local_address.sin_addr));
                                have_sslbindaddr = 1;
                        } else {
                                ast_log(LOG_WARNING, "Invalid bind address '%s'\n", val);
@@ -4050,11 +4050,11 @@ static int __init_manager(int reload)
                } else if (!strcasecmp(var->name, "webenabled")) {
                        webmanager_enabled = ast_true(val);
                } else if (!strcasecmp(var->name, "port")) {
-                       ami_desc.sin.sin_port = htons(atoi(val));
+                       ami_desc.local_address.sin_port = htons(atoi(val));
                } else if (!strcasecmp(var->name, "bindaddr")) {
-                       if (!inet_aton(val, &ami_desc.sin.sin_addr)) {
+                       if (!inet_aton(val, &ami_desc.local_address.sin_addr)) {
                                ast_log(LOG_WARNING, "Invalid address '%s' specified, using 0.0.0.0\n", val);
-                               memset(&ami_desc.sin.sin_addr, 0, sizeof(ami_desc.sin.sin_addr));
+                               memset(&ami_desc.local_address.sin_addr, 0, sizeof(ami_desc.local_address.sin_addr));
                        }
                } else if (!strcasecmp(var->name, "allowmultiplelogin")) { 
                        allowmultiplelogin = ast_true(val);
@@ -4073,11 +4073,11 @@ static int __init_manager(int reload)
        }
 
        if (manager_enabled)
-               ami_desc.sin.sin_family = AF_INET;
+               ami_desc.local_address.sin_family = AF_INET;
        if (!have_sslbindaddr)
-               amis_desc.sin.sin_addr = ami_desc.sin.sin_addr;
+               amis_desc.local_address.sin_addr = ami_desc.local_address.sin_addr;
        if (ami_tls_cfg.enabled)
-               amis_desc.sin.sin_family = AF_INET;
+               amis_desc.local_address.sin_family = AF_INET;
 
        
        AST_RWLIST_WRLOCK(&users);
index 3a2c026..a314105 100644 (file)
@@ -42,6 +42,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
 #include "asterisk/strings.h"
 #include "asterisk/options.h"
 #include "asterisk/manager.h"
+#include "asterisk/astobj2.h"
 
 /*! \brief
  * replacement read/write functions for SSL support.
@@ -117,9 +118,110 @@ static void session_instance_destructor(void *obj)
        ast_mutex_destroy(&i->lock);
 }
 
+/*! \brief
+* creates a FILE * from the fd passed by the accept thread.
+* This operation is potentially expensive (certificate verification),
+* so we do it in the child thread context.
+*/
+static void *handle_tls_connection(void *data)
+{
+       struct ast_tcptls_session_instance *ser = data;
+#ifdef DO_SSL
+       int (*ssl_setup)(SSL *) = (ser->client) ? SSL_connect : SSL_accept;
+       int ret;
+       char err[256];
+#endif
+
+       /*
+       * open a FILE * as appropriate.
+       */
+       if (!ser->parent->tls_cfg)
+               ser->f = fdopen(ser->fd, "w+");
+#ifdef DO_SSL
+       else if ( (ser->ssl = SSL_new(ser->parent->tls_cfg->ssl_ctx)) ) {
+               SSL_set_fd(ser->ssl, ser->fd);
+               if ((ret = ssl_setup(ser->ssl)) <= 0) {
+                       ast_verb(2, "Problem setting up ssl connection: %s\n", ERR_error_string(ERR_get_error(), err));
+               } else {
+#if defined(HAVE_FUNOPEN)      /* the BSD interface */
+                       ser->f = funopen(ser->ssl, ssl_read, ssl_write, NULL, ssl_close);
+
+#elif defined(HAVE_FOPENCOOKIE)        /* the glibc/linux interface */
+                       static const cookie_io_functions_t cookie_funcs = {
+                               ssl_read, ssl_write, NULL, ssl_close
+                       };
+                       ser->f = fopencookie(ser->ssl, "w+", cookie_funcs);
+#else
+                       /* could add other methods here */
+                       ast_debug(2, "no ser->f methods attempted!");
+#endif
+                       if ((ser->client && !ast_test_flag(&ser->parent->tls_cfg->flags, AST_SSL_DONT_VERIFY_SERVER))
+                               || (!ser->client && ast_test_flag(&ser->parent->tls_cfg->flags, AST_SSL_VERIFY_CLIENT))) {
+                               X509 *peer;
+                               long res;
+                               peer = SSL_get_peer_certificate(ser->ssl);
+                               if (!peer)
+                                       ast_log(LOG_WARNING, "No peer SSL certificate\n");
+                               res = SSL_get_verify_result(ser->ssl);
+                               if (res != X509_V_OK)
+                                       ast_log(LOG_ERROR, "Certificate did not verify: %s\n", X509_verify_cert_error_string(res));
+                               if (!ast_test_flag(&ser->parent->tls_cfg->flags, AST_SSL_IGNORE_COMMON_NAME)) {
+                                       ASN1_STRING *str;
+                                       unsigned char *str2;
+                                       X509_NAME *name = X509_get_subject_name(peer);
+                                       int pos = -1;
+                                       int found = 0;
+                               
+                                       for (;;) {
+                                               /* Walk the certificate to check all available "Common Name" */
+                                               /* XXX Probably should do a gethostbyname on the hostname and compare that as well */
+                                               pos = X509_NAME_get_index_by_NID(name, NID_commonName, pos);
+                                               if (pos < 0)
+                                                       break;
+                                               str = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, pos));
+                                               ASN1_STRING_to_UTF8(&str2, str);
+                                               if (str2) {
+                                                       if (!strcasecmp(ser->parent->hostname, (char *) str2))
+                                                               found = 1;
+                                                       ast_debug(3, "SSL Common Name compare s1='%s' s2='%s'\n", ser->parent->hostname, str2);
+                                                       OPENSSL_free(str2);
+                                               }
+                                               if (found)
+                                                       break;
+                                       }
+                                       if (!found) {
+                                               ast_log(LOG_ERROR, "Certificate common name did not match (%s)\n", ser->parent->hostname);
+                                               if (peer)
+                                                       X509_free(peer);
+                                               fclose(ser->f);
+                                               return NULL;
+                                       }
+                               }
+                               if (peer)
+                                       X509_free(peer);
+                       }
+               }
+               if (!ser->f)    /* no success opening descriptor stacking */
+                       SSL_free(ser->ssl);
+   }
+#endif /* DO_SSL */
+
+       if (!ser->f) {
+               close(ser->fd);
+               ast_log(LOG_WARNING, "FILE * open failed!\n");
+               ao2_ref(ser, -1);
+               return NULL;
+       }
+
+       if (ser && ser->parent->worker_fn)
+               return ser->parent->worker_fn(ser);
+       else
+               return ser;
+}
+
 void *ast_tcptls_server_root(void *data)
 {
-       struct server_args *desc = data;
+       struct ast_tcptls_session_args *desc = data;
        int fd;
        struct sockaddr_in sin;
        socklen_t sinlen;
@@ -135,7 +237,7 @@ void *ast_tcptls_server_root(void *data)
                if (i <= 0)
                        continue;
                sinlen = sizeof(sin);
-               fd = accept(desc->accept_fd, (struct sockaddr *)&sin, &sinlen);
+               fd = accept(desc->accept_fd, (struct sockaddr *) &sin, &sinlen);
                if (fd < 0) {
                        if ((errno != EAGAIN) && (errno != EINTR))
                                ast_log(LOG_WARNING, "Accept failed: %s\n", strerror(errno));
@@ -154,11 +256,11 @@ void *ast_tcptls_server_root(void *data)
                fcntl(fd, F_SETFL, flags & ~O_NONBLOCK);
                ser->fd = fd;
                ser->parent = desc;
-               memcpy(&ser->requestor, &sin, sizeof(ser->requestor));
+               memcpy(&ser->remote_address, &sin, sizeof(ser->remote_address));
 
                ser->client = 0;
                        
-               if (ast_pthread_create_detached_background(&launched, NULL, ast_make_file_from_fd, ser)) {
+               if (ast_pthread_create_detached_background(&launched, NULL, handle_tls_connection, ser)) {
                        ast_log(LOG_WARNING, "Unable to launch helper thread: %s\n", strerror(errno));
                        close(ser->fd);
                        ao2_ref(ser, -1);
@@ -225,18 +327,19 @@ int ast_ssl_setup(struct ast_tls_config *cfg)
 /*! \brief A generic client routine for a TCP client
  *  and starts a thread for handling accept()
  */
-struct ast_tcptls_session_instance *ast_tcptls_client_start(struct server_args *desc)
+struct ast_tcptls_session_instance *ast_tcptls_client_start(struct ast_tcptls_session_args *desc)
 {
        int flags;
+       int x = 1;
        struct ast_tcptls_session_instance *ser = NULL;
 
        /* Do nothing if nothing has changed */
-       if(!memcmp(&desc->oldsin, &desc->sin, sizeof(desc->oldsin))) {
+       if(!memcmp(&desc->old_local_address, &desc->local_address, sizeof(desc->old_local_address))) {
                ast_debug(1, "Nothing changed in %s\n", desc->name);
                return NULL;
        }
 
-       desc->oldsin = desc->sin;
+       desc->old_local_address = desc->local_address;
 
        if (desc->accept_fd != -1)
                close(desc->accept_fd);
@@ -248,10 +351,23 @@ struct ast_tcptls_session_instance *ast_tcptls_client_start(struct server_args *
                return NULL;
        }
 
-       if (connect(desc->accept_fd, (const struct sockaddr *)&desc->sin, sizeof(desc->sin))) {
+       /* if a local address was specified, bind to it so the connection will
+          originate from the desired address */
+       if (desc->local_address.sin_family != 0) {
+               setsockopt(desc->accept_fd, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x));
+               if (bind(desc->accept_fd, (struct sockaddr *) &desc->local_address, sizeof(desc->local_address))) {
+                       ast_log(LOG_ERROR, "Unable to bind %s to %s:%d: %s\n",
+                       desc->name,
+                               ast_inet_ntoa(desc->local_address.sin_addr), ntohs(desc->local_address.sin_port),
+                               strerror(errno));
+                       goto error;
+               }
+       }
+
+       if (connect(desc->accept_fd, (const struct sockaddr *) &desc->remote_address, sizeof(desc->remote_address))) {
                ast_log(LOG_ERROR, "Unable to connect %s to %s:%d: %s\n",
                        desc->name,
-                       ast_inet_ntoa(desc->sin.sin_addr), ntohs(desc->sin.sin_port),
+                       ast_inet_ntoa(desc->remote_address.sin_addr), ntohs(desc->remote_address.sin_port),
                        strerror(errno));
                goto error;
        }
@@ -267,7 +383,7 @@ struct ast_tcptls_session_instance *ast_tcptls_client_start(struct server_args *
        ser->fd = desc->accept_fd;
        ser->parent = desc;
        ser->parent->worker_fn = NULL;
-       memcpy(&ser->requestor, &desc->sin, sizeof(ser->requestor));
+       memcpy(&ser->remote_address, &desc->local_address, sizeof(ser->remote_address));
 
        ser->client = 1;
 
@@ -277,7 +393,7 @@ struct ast_tcptls_session_instance *ast_tcptls_client_start(struct server_args *
        }
 
        ao2_ref(ser, +1);
-       if (!ast_make_file_from_fd(ser))
+       if (!handle_tls_connection(ser))
                goto error;
 
        return ser;
@@ -295,18 +411,18 @@ error:
  * which does the socket/bind/listen and starts a thread for handling
  * accept().
  */
-void ast_tcptls_server_start(struct server_args *desc)
+void ast_tcptls_server_start(struct ast_tcptls_session_args *desc)
 {
        int flags;
        int x = 1;
        
        /* Do nothing if nothing has changed */
-       if (!memcmp(&desc->oldsin, &desc->sin, sizeof(desc->oldsin))) {
+       if (!memcmp(&desc->old_local_address, &desc->local_address, sizeof(desc->old_local_address))) {
                ast_debug(1, "Nothing changed in %s\n", desc->name);
                return;
        }
        
-       desc->oldsin = desc->sin;
+       desc->old_local_address = desc->local_address;
        
        /* Shutdown a running server if there is one */
        if (desc->master != AST_PTHREADT_NULL) {
@@ -319,7 +435,7 @@ void ast_tcptls_server_start(struct server_args *desc)
                close(desc->accept_fd);
 
        /* If there's no new server, stop here */
-       if (desc->sin.sin_family == 0) {
+       if (desc->local_address.sin_family == 0) {
                ast_debug(2, "Server disabled:  %s\n", desc->name);
                return;
        }
@@ -331,10 +447,10 @@ void ast_tcptls_server_start(struct server_args *desc)
        }
        
        setsockopt(desc->accept_fd, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x));
-       if (bind(desc->accept_fd, (struct sockaddr *)&desc->sin, sizeof(desc->sin))) {
+       if (bind(desc->accept_fd, (struct sockaddr *) &desc->local_address, sizeof(desc->local_address))) {
                ast_log(LOG_ERROR, "Unable to bind %s to %s:%d: %s\n",
                        desc->name,
-                       ast_inet_ntoa(desc->sin.sin_addr), ntohs(desc->sin.sin_port),
+                       ast_inet_ntoa(desc->local_address.sin_addr), ntohs(desc->local_address.sin_port),
                        strerror(errno));
                goto error;
        }
@@ -347,7 +463,7 @@ void ast_tcptls_server_start(struct server_args *desc)
        if (ast_pthread_create_background(&desc->master, NULL, desc->accept_fn, desc)) {
                ast_log(LOG_ERROR, "Unable to launch thread for %s on %s:%d: %s\n",
                        desc->name,
-                       ast_inet_ntoa(desc->sin.sin_addr), ntohs(desc->sin.sin_port),
+                       ast_inet_ntoa(desc->local_address.sin_addr), ntohs(desc->local_address.sin_port),
                        strerror(errno));
                goto error;
        }
@@ -359,7 +475,7 @@ error:
 }
 
 /*! \brief Shutdown a running server if there is one */
-void ast_tcptls_server_stop(struct server_args *desc)
+void ast_tcptls_server_stop(struct ast_tcptls_session_args *desc)
 {
        if (desc->master != AST_PTHREADT_NULL) {
                pthread_cancel(desc->master);
@@ -371,105 +487,3 @@ void ast_tcptls_server_stop(struct server_args *desc)
        desc->accept_fd = -1;
        ast_debug(2, "Stopped server :: %s\n", desc->name);
 }
-
-/*! \brief
-* creates a FILE * from the fd passed by the accept thread.
-* This operation is potentially expensive (certificate verification),
-* so we do it in the child thread context.
-*/
-void *ast_make_file_from_fd(void *data)
-{
-       struct ast_tcptls_session_instance *ser = data;
-#ifdef DO_SSL
-       int (*ssl_setup)(SSL *) = (ser->client) ? SSL_connect : SSL_accept;
-       int ret;
-       char err[256];
-#endif
-
-       /*
-       * open a FILE * as appropriate.
-       */
-       if (!ser->parent->tls_cfg)
-               ser->f = fdopen(ser->fd, "w+");
-#ifdef DO_SSL
-       else if ( (ser->ssl = SSL_new(ser->parent->tls_cfg->ssl_ctx)) ) {
-               SSL_set_fd(ser->ssl, ser->fd);
-               if ((ret = ssl_setup(ser->ssl)) <= 0) {
-                       ast_verb(2, "Problem setting up ssl connection: %s\n", ERR_error_string(ERR_get_error(), err));
-               } else {
-#if defined(HAVE_FUNOPEN)      /* the BSD interface */
-                       ser->f = funopen(ser->ssl, ssl_read, ssl_write, NULL, ssl_close);
-
-#elif defined(HAVE_FOPENCOOKIE)        /* the glibc/linux interface */
-                       static const cookie_io_functions_t cookie_funcs = {
-                               ssl_read, ssl_write, NULL, ssl_close
-                       };
-                       ser->f = fopencookie(ser->ssl, "w+", cookie_funcs);
-#else
-                       /* could add other methods here */
-                       ast_debug(2, "no ser->f methods attempted!");
-#endif
-                       if ((ser->client && !ast_test_flag(&ser->parent->tls_cfg->flags, AST_SSL_DONT_VERIFY_SERVER))
-                               || (!ser->client && ast_test_flag(&ser->parent->tls_cfg->flags, AST_SSL_VERIFY_CLIENT))) {
-                               X509 *peer;
-                               long res;
-                               peer = SSL_get_peer_certificate(ser->ssl);
-                               if (!peer)
-                                       ast_log(LOG_WARNING, "No peer SSL certificate\n");
-                               res = SSL_get_verify_result(ser->ssl);
-                               if (res != X509_V_OK)
-                                       ast_log(LOG_ERROR, "Certificate did not verify: %s\n", X509_verify_cert_error_string(res));
-                               if (!ast_test_flag(&ser->parent->tls_cfg->flags, AST_SSL_IGNORE_COMMON_NAME)) {
-                                       ASN1_STRING *str;
-                                       unsigned char *str2;
-                                       X509_NAME *name = X509_get_subject_name(peer);
-                                       int pos = -1;
-                                       int found = 0;
-                               
-                                       for (;;) {
-                                               /* Walk the certificate to check all available "Common Name" */
-                                               /* XXX Probably should do a gethostbyname on the hostname and compare that as well */
-                                               pos = X509_NAME_get_index_by_NID(name, NID_commonName, pos);
-                                               if (pos < 0)
-                                                       break;
-                                               str = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, pos));
-                                               ASN1_STRING_to_UTF8(&str2, str);
-                                               if (str2) {
-                                                       if (!strcasecmp(ser->parent->hostname, (char *) str2))
-                                                               found = 1;
-                                                       ast_debug(3, "SSL Common Name compare s1='%s' s2='%s'\n", ser->parent->hostname, str2);
-                                                       OPENSSL_free(str2);
-                                               }
-                                               if (found)
-                                                       break;
-                                       }
-                                       if (!found) {
-                                               ast_log(LOG_ERROR, "Certificate common name did not match (%s)\n", ser->parent->hostname);
-                                               if (peer)
-                                                       X509_free(peer);
-                                               fclose(ser->f);
-                                               return NULL;
-                                       }
-                               }
-                               if (peer)
-                                       X509_free(peer);
-                       }
-               }
-               if (!ser->f)    /* no success opening descriptor stacking */
-                       SSL_free(ser->ssl);
-   }
-#endif /* DO_SSL */
-
-       if (!ser->f) {
-               close(ser->fd);
-               ast_log(LOG_WARNING, "FILE * open failed!\n");
-               ao2_ref(ser, -1);
-               return NULL;
-       }
-
-       if (ser && ser->parent->worker_fn)
-               return ser->parent->worker_fn(ser);
-       else
-               return ser;
-}
-