Implement https support.
The changes are not large. Most of the diff comes from putting the
global variables describing an accept session into a structure, so
we can reuse the existing code for running multiple accept threads
on different ports.
Once this is done, and if your system has the funopen() library
function (and ssl, of course), it is just a matter of calling
the appropriate functions to set up the ssl connection on the
existing socket, and everything works on the secure channel now.
At the moment, the code is disabled because i have not implemented yet
the autoconf code to detect the presence of funopen(), and add -lssl
to main/Makefile if ssl libraries are present. And a bit of documentation
on the http.conf arguments, too.
If you want to manually enable https support, that is very simple
(step 0 1 2 will be eventually detected by ./configure, the
rest is something you will have to do anyways).
0. make sure your system has funopen(3). FreeBSD does, linux probably
does too, not sure about other systems.
1. uncomment the following line in main/http.c
// #define DO_SSL /* comment in/out if you want to support ssl */
2. add -lssl to AST_LIBS in main/Makefile
3. add the following options to http.conf
sslenable=yes
sslbindport=4433 ; pick one you like
sslcert=/tmp/foo.pem ; path to your certificate file.
4. generate a suitable certificate e.g. (example from mini_httpd's Makefile:
openssl req -new -x509 -days 365 -nodes -out /tmp/foo.pem -keyout /tmp/foo.pem
and here you go:
https://localhost:4433/asterisk/manager
now works.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@45869
65c4cc65-6c06-0410-ace0-
fbb531ad65f3
projects / thirdparty / asterisk.git / commit
