add a new http.conf option, sslbindaddr.

Because https is more secure than http, it usually
makes sense to keep this service more open than the
one on the unencrypted port.

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@48071 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/configs/http.conf.sample b/configs/http.conf.sample
index 7ee1de9..cf5224f 100644 (file)
--- a/configs/http.conf.sample
+++ b/configs/http.conf.sample
@@ -28,10 +28,13 @@ bindaddr=127.0.0.1
 ;
 ;prefix=asterisk
 
-; HTTPS support: you need to enable it, define the port to use,
+; HTTPS support. In addition to enabled=yes, you need to
+; explicitly enable ssl, define the port to use,
 ; and have a certificate somewhere.
 ; sslenable=yes                ; enable ssl - default no.
 ; sslbindport=4433     ; port to use - default is 8089
+; sslbindaddr=0.0.0.0  ; address to bind to - default is bindaddr.
+;
 ; sslcert=/tmp/foo.pem ; path to the certificate
 ;
 ; To produce a certificate you can e.g. use openssl

diff --git a/main/http.c b/main/http.c
index da8c3af..96cb8d1 100644 (file)
--- a/main/http.c
+++ b/main/http.c
@@ -824,6 +824,7 @@ static int __ast_http_load(int reload)
        struct hostent *hp;
        struct ast_hostent ahp;
        char newprefix[MAX_PREFIX];
+       int have_sslbindaddr = 0;
 
        /* default values */
        memset(&http_desc.sin, 0, sizeof(http_desc.sin));
@@ -862,10 +863,16 @@ static int __ast_http_load(int reload)
                                newenablestatic = ast_true(v->value);
                        else if (!strcasecmp(v->name, "bindport"))
                                http_desc.sin.sin_port = htons(atoi(v->value));
-                       else if (!strcasecmp(v->name, "bindaddr")) {
+                       else if (!strcasecmp(v->name, "sslbindaddr")) {
                                if ((hp = ast_gethostbyname(v->value, &ahp))) {
-                                       memcpy(&http_desc.sin.sin_addr, hp->h_addr, sizeof(http_desc.sin.sin_addr));
                                        memcpy(&https_desc.sin.sin_addr, hp->h_addr, sizeof(https_desc.sin.sin_addr));
+                                       have_sslbindaddr = 1;
+                               } else {
+                                       ast_log(LOG_WARNING, "Invalid bind address '%s'\n", v->value);
+                               }
+                       } else if (!strcasecmp(v->name, "bindaddr")) {
+                               if ((hp = ast_gethostbyname(v->value, &ahp))) {
+                                       memcpy(&http_desc.sin.sin_addr, hp->h_addr, sizeof(http_desc.sin.sin_addr));
                                } else {
                                        ast_log(LOG_WARNING, "Invalid bind address '%s'\n", v->value);
                                }
@@ -882,6 +889,8 @@ static int __ast_http_load(int reload)
                }
                ast_config_destroy(cfg);
        }
+       if (!have_sslbindaddr)
+               https_desc.sin.sin_addr = http_desc.sin.sin_addr;
        if (enabled)
                http_desc.sin.sin_family = https_desc.sin.sin_family = AF_INET;
        if (strcmp(prefix, newprefix))