FS-9729 remove hard coded path for cert and key from msrp and add config params for it

author Brian West <brian@freeswitch.org>

Fri, 11 Nov 2016 18:15:08 +0000 (12:15 -0600)

committer Brian West <brian@freeswitch.org>

Fri, 11 Nov 2016 18:15:14 +0000 (12:15 -0600)
author Brian West <brian@freeswitch.org>
Fri, 11 Nov 2016 18:15:08 +0000 (12:15 -0600)
committer Brian West <brian@freeswitch.org>
Fri, 11 Nov 2016 18:15:14 +0000 (12:15 -0600)
diff --git a/conf/vanilla/autoload_configs/msrp.conf.xml b/conf/vanilla/autoload_configs/msrp.conf.xml

index ad5dbace8cc8e8a9683a3e460f9ef6d5d6ee8868..8b9e03e300f305fdebfdd67165288dfb20707176 100644 (file)
--- a/conf/vanilla/autoload_configs/msrp.conf.xml
+++ b/conf/vanilla/autoload_configs/msrp.conf.xml
@@ -5,6 +5,8 @@
      <param name="listen-ssl-port" value="2856"/>
      <!-- <param name="message-buffer-size" value="50"/> -->
      <!-- <param name="debug" value="true"/> -->
+    <!-- <param name="secure-cert" value="$${certs_dir}/wss.pem"/> -->
+    <!-- <param name="secure-key" value="$${certs_dir}/wss.pem"/> -->
    </settings>
  </configuration>
  
diff --git a/src/switch_msrp.c b/src/switch_msrp.c

index 8832dd741b124669a3e7071850cedc78c95a1923..72ae76348850216710de12bcf259e1aa2bd98bd0 100644 (file)
--- a/src/switch_msrp.c
+++ b/src/switch_msrp.c
@@ -40,10 +40,13 @@
  static struct {
         int running;
         int debug;
+       switch_memory_pool_t *pool;
         // switch_mutex_t *mutex;
         char *ip;
         int message_buffer_size;
  
+       char *cert;
+       char *key;
         const SSL_METHOD *ssl_method;
         SSL_CTX *ssl_ctx;
         SSL *ssl;
@@ -70,9 +73,6 @@ static void msrp_deinit_ssl()
  static int msrp_init_ssl()
  {
         const char *err = "";
-       char *cert = "/usr/local/freeswitch/certs/wss.pem";
-       char *key = cert;
-
  
         SSL_library_init();
  
@@ -103,24 +103,24 @@ static int msrp_init_ssl()
         //      }
         // }
  
-       if (switch_file_exists(cert, NULL) != SWITCH_STATUS_SUCCESS) {
+       if (switch_file_exists(globals.cert, NULL) != SWITCH_STATUS_SUCCESS) {
                 err = "SUPPLIED CERT FILE NOT FOUND\n";
                 goto fail;
         }
  
-       if (!SSL_CTX_use_certificate_file(globals.ssl_ctx, cert, SSL_FILETYPE_PEM)) {
+       if (!SSL_CTX_use_certificate_file(globals.ssl_ctx, globals.cert, SSL_FILETYPE_PEM)) {
                 err = "CERT FILE ERROR";
                 goto fail;
         }
  
         /* set the private key from KeyFile */
  
-       if (switch_file_exists(key, NULL) != SWITCH_STATUS_SUCCESS) {
+       if (switch_file_exists(globals.key, NULL) != SWITCH_STATUS_SUCCESS) {
                 err = "SUPPLIED KEY FILE NOT FOUND\n";
                 goto fail;
         }
  
-       if (!SSL_CTX_use_PrivateKey_file(globals.ssl_ctx, key, SSL_FILETYPE_PEM)) {
+       if (!SSL_CTX_use_PrivateKey_file(globals.ssl_ctx, globals.key, SSL_FILETYPE_PEM)) {
                 err = "PRIVATE KEY FILE ERROR";
                 goto fail;
         }
@@ -140,7 +140,7 @@ static int msrp_init_ssl()
  
         globals.ssl_ready = 0;
         msrp_deinit_ssl();
-
+       
         return 0;
  }
  
@@ -170,6 +170,10 @@ static switch_status_t load_config()
                                 globals.msock_ssl.port = atoi(val);
                         } else if (!strcasecmp(var, "debug")) {
                                 globals.debug = switch_true(val);
+                       } else if (!strcasecmp(var, "secure-cert")) {
+                               globals.cert = switch_core_strdup(globals.pool, val);
+                       } else if (!strcasecmp(var, "secure-key")) {
+                               globals.key = switch_core_strdup(globals.pool, val);
                         } else if (!strcasecmp(var, "message-buffer-size") && val) {
                                 globals.message_buffer_size = atoi(val);
                                 if (globals.message_buffer_size == 0) globals.message_buffer_size = 50;
@@ -177,6 +181,18 @@ static switch_status_t load_config()
                 }
         }
  
+       if (!globals.cert) {
+               globals.cert = switch_core_sprintf(globals.pool, "%s%swss.pem", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR);
+       }
+
+       if (!globals.key) {
+               globals.key = globals.cert;
+       }
+
+       if ( switch_file_exists(globals.key, globals.pool) != SWITCH_STATUS_SUCCESS ) {
+               switch_core_gen_certs(globals.key);
+       }
+
         switch_xml_free(xml);
  
         return status;
@@ -237,6 +253,7 @@ SWITCH_DECLARE(switch_status_t) switch_msrp_init()
  
         memset(&globals, 0, sizeof(globals));
         set_global_ip("0.0.0.0");
+       globals.pool = pool;
         globals.msock.port = (switch_port_t)MSRP_LISTEN_PORT;
         globals.msock_ssl.port = (switch_port_t)MSRP_SSL_LISTEN_PORT;
         globals.msock_ssl.secure = 1;
author	Brian West <brian@freeswitch.org>
	Fri, 11 Nov 2016 18:15:08 +0000 (12:15 -0600)
committer	Brian West <brian@freeswitch.org>
	Fri, 11 Nov 2016 18:15:14 +0000 (12:15 -0600)
conf/vanilla/autoload_configs/msrp.conf.xml		patch \| blob \| blame \| history
src/switch_msrp.c		patch \| blob \| blame \| history