<!-- Port to listen on for TLS requests. (5081 will be used if unspecified) -->
<param name="tls-sip-port" value="$${external_tls_port}"/>
<!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
- <param name="tls-cert-dir" value="$${external_ssl_dir}"/>
+ <!--<param name="tls-cert-dir" value=""/>-->
<!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
<param name="tls-passphrase" value=""/>
<!-- Verify the date on TLS certificates -->
<!-- Port to listen on for TLS requests. (5061 will be used if unspecified) -->
<param name="tls-sip-port" value="$${internal_tls_port}"/>
<!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
- <param name="tls-cert-dir" value="$${internal_ssl_dir}"/>
+ <!--<param name="tls-cert-dir" value=""/>-->
<!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
<param name="tls-passphrase" value=""/>
<!-- Verify the date on TLS certificates -->
<X-PRE-PROCESS cmd="set" data="internal_sip_port=5060"/>
<X-PRE-PROCESS cmd="set" data="internal_tls_port=5061"/>
<X-PRE-PROCESS cmd="set" data="internal_ssl_enable=false"/>
- <X-PRE-PROCESS cmd="set" data="internal_ssl_dir=$${base_dir}/conf/ssl"/>
+
<!-- External SIP Profile -->
<X-PRE-PROCESS cmd="set" data="external_auth_calls=false"/>
<X-PRE-PROCESS cmd="set" data="external_sip_port=5080"/>
<X-PRE-PROCESS cmd="set" data="external_tls_port=5081"/>
<X-PRE-PROCESS cmd="set" data="external_ssl_enable=false"/>
- <X-PRE-PROCESS cmd="set" data="external_ssl_dir=$${base_dir}/conf/ssl"/>
+
</include>
ti.configured = path != tbf;
ti.randFile = su_sprintf(autohome, "%s/%s", path, "tls_seed.dat");
ti.key = su_sprintf(autohome, "%s/%s", path, "agent.pem");
+ if (access(ti.key, R_OK) != 0) ti.key = NULL;
+ if (!ti.key) ti.key = su_sprintf(autohome, "%s/%s", path, "tls.pem");
ti.passphrase = su_strdup(autohome, passphrase);
ti.cert = ti.key;
ti.CAfile = su_sprintf(autohome, "%s/%s", path, "cafile.pem");
+ if (access(ti.CAfile, R_OK) != 0) ti.CAfile = NULL;
+ if (!ti.CAfile) ti.CAfile = su_sprintf(autohome, "%s/%s", path, "tls.pem");
ti.version = tls_version;
ti.timeout = tls_timeout;
ti.CApath = su_strdup(autohome, path);
profile->mflags = MFLAG_REFER | MFLAG_REGISTER;
profile->server_rport_level = 1;
profile->client_rport_level = 1;
+ profile->tls_cert_dir = SWITCH_GLOBAL_dirs.certs_dir;
sofia_set_pflag(profile, PFLAG_DISABLE_100REL);
profile->auto_restart = 1;
sofia_set_media_flag(profile, SCMF_AUTOFIX_TIMING);
} else {
profile->tls_sip_port = (switch_port_t) atoi(val);
}
- } else if (!strcasecmp(var, "tls-cert-dir")) {
+ } else if (!strcasecmp(var, "tls-cert-dir") && !zstr(val)) {
profile->tls_cert_dir = switch_core_strdup(profile->pool, val);
- } else if (!strcasecmp(var, "tls-passphrase")) {
+ } else if (!strcasecmp(var, "tls-passphrase") && !zstr(val)) {
profile->tls_passphrase = switch_core_strdup(profile->pool, val);
- } else if (!strcasecmp(var, "tls-verify-in-subjects")) {
+ } else if (!strcasecmp(var, "tls-verify-in-subjects") && !zstr(val)) {
profile->tls_verify_in_subjects_str = switch_core_strdup(profile->pool, val);
- } else if (!strcasecmp(var, "tls-version")) {
+ } else if (!strcasecmp(var, "tls-version") && !zstr(val)) {
if (!strcasecmp(val, "tlsv1")) {
profile->tls_version = 1;
config_sofia_profile_urls(profile);
- if (!profile->tls_cert_dir) {
- profile->tls_cert_dir = switch_core_sprintf(profile->pool, "%s/ssl", SWITCH_GLOBAL_dirs.conf_dir);
+ if (profile->tls_cert_dir) {
+ if (profile->wss_ip) {
+ char *key, *cert;
+ key = switch_core_sprintf(profile->pool, "%s/%s", profile->tls_cert_dir, "wss.key");
+ if (switch_file_exists(key, profile->pool) != SWITCH_STATUS_SUCCESS) key = NULL;
+ cert = switch_core_sprintf(profile->pool, "%s/%s", profile->tls_cert_dir, "wss.crt");
+ if (switch_file_exists(cert, profile->pool) != SWITCH_STATUS_SUCCESS) cert = NULL;
+ if ( !key || !cert) {
+ key = switch_core_sprintf(profile->pool, "%s/%s", profile->tls_cert_dir, "wss.pem");
+ if ( switch_file_exists(key, profile->pool) != SWITCH_STATUS_SUCCESS ) {
+ switch_core_gen_certs(key);
+ }
+ }
+ }
+ if (sofia_test_pflag(profile, PFLAG_TLS)) {
+ char *key = switch_core_sprintf(profile->pool, "%s/%s", profile->tls_cert_dir, "agent.pem");
+ char *ca = switch_core_sprintf(profile->pool, "%s/%s", profile->tls_cert_dir, "cafile.pem");;
+ if (switch_file_exists(key, profile->pool) != SWITCH_STATUS_SUCCESS) key = NULL;
+ if (switch_file_exists(ca, profile->pool) != SWITCH_STATUS_SUCCESS) ca = NULL;
+ if ( !key || !ca ) {
+ key = switch_core_sprintf(profile->pool, "%s/%s", profile->tls_cert_dir, "tls.pem");
+ if ( switch_file_exists(key, profile->pool) != SWITCH_STATUS_SUCCESS ) {
+ switch_core_gen_certs(key);
+ }
+ }
+ }
}
-
}
if (profile) {
EVP_PKEY *pkey = NULL;
char *rsa = NULL, *pvt = NULL;
FILE *fp;
+ char *pem = NULL;
- pvt = switch_mprintf("%s%s%s.key", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix);
- rsa = switch_mprintf("%s%s%s.crt", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix);
+ if (switch_stristr(".pem", prefix)) {
- if (switch_file_exists(pvt, NULL) == SWITCH_STATUS_SUCCESS || switch_file_exists(rsa, NULL) == SWITCH_STATUS_SUCCESS) {
- goto end;
+ if (switch_is_file_path(prefix)) {
+ pem = strdup(prefix);
+ } else {
+ pem = switch_mprintf("%s%s%s", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix);
+ }
+
+ if (switch_file_exists(pem, NULL) == SWITCH_STATUS_SUCCESS) {
+ goto end;
+ }
+ } else {
+ if (switch_is_file_path(prefix)) {
+ pvt = switch_mprintf("%s.key", prefix);
+ rsa = switch_mprintf("%s.crt", prefix);
+ } else {
+ pvt = switch_mprintf("%s%s%s.key", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix);
+ rsa = switch_mprintf("%s%s%s.crt", SWITCH_GLOBAL_dirs.certs_dir, SWITCH_PATH_SEPARATOR, prefix);
+ }
+
+ if (switch_file_exists(pvt, NULL) == SWITCH_STATUS_SUCCESS || switch_file_exists(rsa, NULL) == SWITCH_STATUS_SUCCESS) {
+ goto end;
+ }
}
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
//RSA_print_fp(stdout, pkey->pkey.rsa, 0);
//X509_print_fp(stdout, x509);
+ if (pem) {
+ if ((fp = fopen(pem, "w"))) {
+ PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
+ PEM_write_X509(fp, x509);
+ fclose(fp);
+ }
- if ((fp = fopen(pvt, "w"))) {
- PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
- }
+ } else {
+ if ((fp = fopen(pvt, "w"))) {
+ PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
+ }
- fclose(fp);
+ fclose(fp);
- if ((fp = fopen(rsa, "w"))) {
- PEM_write_X509(fp, x509);
- }
+ if ((fp = fopen(rsa, "w"))) {
+ PEM_write_X509(fp, x509);
+ }
- fclose(fp);
+ fclose(fp);
+ }
X509_free(x509);
EVP_PKEY_free(pkey);
switch_safe_free(pvt);
switch_safe_free(rsa);
+ switch_safe_free(pem);
return(0);
}
projects / thirdparty / freeswitch.git / commitdiff
