From: Joshua Elson <joshelson@gmail.com>
Date: Wed, 15 Feb 2017 20:44:32 +0000 (-0700)
Subject: http: Ensure capath is defined on all http creations
X-Git-Tag: 13.15.0-rc1~83^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0fc27fa364353079bb1ad5873ff601ce410563ca;p=thirdparty%2Fasterisk.git

http: Ensure capath is defined on all http creations

ASTERISK-26794 #close

Change-Id: I9cbc3b6b6a8aab590f5ccde9c262a98e4d5253a1
---

diff --git a/main/http.c b/main/http.c
index ac5aae1501..155b04b780 100644
--- a/main/http.c
+++ b/main/http.c
@@ -2094,22 +2094,20 @@ static int __ast_http_load(int reload)
 	http_tls_was_enabled = (reload && http_tls_cfg.enabled);
 
 	http_tls_cfg.enabled = 0;
-	if (http_tls_cfg.certfile) {
-		ast_free(http_tls_cfg.certfile);
-	}
+
+	ast_free(http_tls_cfg.certfile);
 	http_tls_cfg.certfile = ast_strdup(AST_CERTFILE);
 
-	if (http_tls_cfg.pvtfile) {
-		ast_free(http_tls_cfg.pvtfile);
-	}
+	ast_free(http_tls_cfg.capath);
+	http_tls_cfg.capath = ast_strdup("");
+
+	ast_free(http_tls_cfg.pvtfile);
 	http_tls_cfg.pvtfile = ast_strdup("");
 
 	/* Apply modern intermediate settings according to the Mozilla OpSec team as of July 30th, 2015 but disable TLSv1 */
 	ast_set_flag(&http_tls_cfg.flags, AST_SSL_DISABLE_TLSV1 | AST_SSL_SERVER_CIPHER_ORDER);
 
-	if (http_tls_cfg.cipher) {
-		ast_free(http_tls_cfg.cipher);
-	}
+	ast_free(http_tls_cfg.cipher);
 	http_tls_cfg.cipher = ast_strdup("ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA");
 
 	AST_RWLIST_WRLOCK(&uri_redirects);
@@ -2323,6 +2321,7 @@ static void http_shutdown(void)
 		ast_tcptls_server_stop(&https_desc);
 	}
 	ast_free(http_tls_cfg.certfile);
+	ast_free(http_tls_cfg.capath);
 	ast_free(http_tls_cfg.pvtfile);
 	ast_free(http_tls_cfg.cipher);