/* reloads data from the db */
static int reload_data(void)
{
int n;
struct tls_domain *tls_client_domains_tmp;
struct tls_domain *tls_server_domains_tmp;
tls_client_domains_tmp = NULL;
tls_server_domains_tmp = NULL;
load_info(&dr_dbf, db_hdl, &tls_db_table, &tls_server_domains_tmp,
&tls_client_domains_tmp);
/*
* now initialize tls virtual domains
*/
if ((n = init_tls_domains(tls_server_domains_tmp))) {
return n;
}
if ((n = init_tls_domains(tls_client_domains_tmp))) {
return n;
}
lock_start_write(dom_lock);
tls_release_all_domains(tls_client_domains);
tls_release_all_domains(tls_server_domains);
tls_client_domains = tls_client_domains_tmp;
tls_server_domains = tls_server_domains_tmp;
lock_stop_write(dom_lock);
return 0;
}
/*
* called once from main.c (main process)
*/
int
init_tls(void)
{
int i;
#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
STACK_OF(SSL_COMP)* comp_methods;
#endif
LM_DBG("entered\n");
#if OPENSSL_VERSION_NUMBER < 0x00907000L
LM_WARN("using an old version of OpenSSL (< 0.9.7). Upgrade!\n");
#endif
/*
* this has to be called before any function calling CRYPTO_malloc,
* CRYPTO_malloc will set allow_customize in openssl to 0
*/
if (!CRYPTO_set_mem_functions(ser_malloc, ser_realloc, ser_free)) {
LM_ERR("unable to set the memory allocation functions\n");
return -1;
}
#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
/* disabling compression */
LM_WARN("disabling compression due ZLIB problems\n");
comp_methods = SSL_COMP_get_compression_methods();
if (comp_methods==0) {
LM_INFO("openssl compression already disabled\n");
} else {
sk_SSL_COMP_zero(comp_methods);
}
#endif
if (tls_init_multithread() < 0) {
LM_ERR("failed to init multi-threading support\n");
return -1;
}
SSL_library_init();
SSL_load_error_strings();
init_ssl_methods();
i = check_for_krb();
if (i==-1) {
LM_ERR("kerberos check failed\n");
return -1;
}
if ( ( i ^
#ifndef OPENSSL_NO_KRB5
1
#else
0
#endif
)!=0 ) {
LM_ERR("compiled agaist an openssl with %s"
"kerberos, but run with one with %skerberos\n",
(i==1)?"":"no ",(i!=1)?"no ":"");
return -1;
}
/*
* now initialize tls default domains
*/
if ( (i=init_tls_domains(tls_default_server_domain)) ) {
return i;
}
if ( (i=init_tls_domains(tls_default_client_domain)) ) {
return i;
}
/*
* now initialize tls virtual domains
*/
if ( (i=init_tls_domains(tls_server_domains)) ) {
return i;
}
if ( (i=init_tls_domains(tls_client_domains)) ) {
return i;
}
/*
* we are all set
*/
return 0;
}
static int mod_init(void){
str s;
int n;
LM_INFO("initializing TLS protocol\n");
if (tls_db_enabled != 0 && tls_db_enabled != 1) {
tls_db_enabled = 1;
}
if (tls_db_enabled) {
/* create & init lock */
if ((dom_lock = lock_init_rw()) == NULL) {
LM_CRIT("failed to init lock\n");
return -1;
}
init_db_url(tls_db_url, 0 /*cannot be null*/);
tls_db_table.len = strlen(tls_db_table.s);
if (tls_db_table.len == 0) {
LM_ERR("db url not specified\n");
return -1;
}
id_col.len = strlen(id_col.s);
address_col.len = strlen(address_col.s);
type_col.len = strlen(type_col.s);
method_col.len = strlen(method_col.s);
verify_cert_col.len = strlen(verify_cert_col.s);
require_cert_col.len = strlen(require_cert_col.s);
certificate_col.len = strlen(certificate_col.s);
pk_col.len = strlen(pk_col.s);
crl_check_col.len = strlen(crl_check_col.s);
calist_col.len = strlen(calist_col.s);
cadir_col.len = strlen(cadir_col.s);
cplist_col.len = strlen(cplist_col.s);
dhparams_col.len = strlen(dhparams_col.s);
eccurve_col.len = strlen(eccurve_col.s);
if (db_bind_mod(&tls_db_url, &dr_dbf)) {
LM_CRIT("cannot bind to database module! "
"Did you forget to load a database module ?\n");
return -1;
}
/* init DB connection */
if ((db_hdl = dr_dbf.init(&tls_db_url)) == 0) {
LM_CRIT("cannot initialize database connection\n");
return -1;
}
if (dr_dbf.use_table(db_hdl, &tls_db_table) < 0) {
LM_ERR("cannot select table \"%.*s\"\n", tls_db_table.len, tls_db_table.s);
return -1;
}
}
if (tls_domain_avp) {
s.s = tls_domain_avp;
s.len = strlen(s.s);
if (parse_avp_spec( &s, &tls_client_domain_avp)) {
LM_ERR("cannot parse tls_client_avp");
return -1;
}
}
/*
* this has to be called before any function calling CRYPTO_malloc,
* CRYPTO_malloc will set allow_customize in openssl to 0
*/
if (!CRYPTO_set_mem_functions(os_malloc, os_realloc, os_free)) {
LM_ERR("unable to set the memory allocation functions\n");
LM_ERR("NOTE: check if you have openssl 1.0.1e-fips, as this "
"version is know to be broken; if so, you need to upgrade or "
"downgrade to a differen openssl version !!\n");
return -1;
}
#if !defined(OPENSSL_NO_COMP)
STACK_OF(SSL_COMP)* comp_methods;
/* disabling compression */
LM_WARN("disabling compression due ZLIB problems\n");
comp_methods = SSL_COMP_get_compression_methods();
if (comp_methods==0) {
LM_INFO("openssl compression already disabled\n");
} else {
sk_SSL_COMP_zero(comp_methods);
}
#endif
if (tls_init_multithread() < 0) {
LM_ERR("failed to init multi-threading support\n");
return -1;
}
SSL_library_init();
SSL_load_error_strings();
init_ssl_methods();
n = check_for_krb();
if (n==-1) {
LM_ERR("kerberos check failed\n");
return -1;
}
if ( ( n ^
#ifndef OPENSSL_NO_KRB5
1
#else
0
#endif
)!=0 ) {
LM_ERR("compiled agaist an openssl with %s"
"kerberos, but run with one with %skerberos\n",
(n==1)?"":"no ",(n!=1)?"no ":"");
return -1;
}
/*
* finish setting up the tls default domains
*/
tls_default_client_domain.type = TLS_DOMAIN_DEF|TLS_DOMAIN_CLI ;
tls_default_client_domain.addr.af = AF_INET;
tls_default_server_domain.type = TLS_DOMAIN_DEF|TLS_DOMAIN_SRV;
tls_default_server_domain.addr.af = AF_INET;
/*
* now initialize tls default domains
*/
if ( (n=init_tls_domains(&tls_default_server_domain)) ) {
return n;
}
if ( (n=init_tls_domains(&tls_default_client_domain)) ) {
return n;
}
/*
* now initialize tls virtual domains
*/
if (tls_db_enabled && load_info(&dr_dbf, db_hdl, &tls_db_table, &tls_server_domains,
&tls_client_domains)){
return -1;
}
if ( (n=init_tls_domains(tls_server_domains)) ) {
return n;
}
if ( (n=init_tls_domains(tls_client_domains)) ) {
return n;
}
/*
* we are all set
*/
return 0;
}
static int mod_init(void)
{
str s;
int n;
LM_INFO("initializing TLS protocol\n");
if (tls_domain_avp) {
s.s = tls_domain_avp;
s.len = strlen(s.s);
if (parse_avp_spec( &s, &tls_client_domain_avp)) {
LM_ERR("cannot parse tls_client_avp");
return -1;
}
}
/*
* this has to be called before any function calling CRYPTO_malloc,
* CRYPTO_malloc will set allow_customize in openssl to 0
*/
if (!CRYPTO_set_mem_functions(os_malloc, os_realloc, os_free)) {
LM_ERR("unable to set the memory allocation functions\n");
return -1;
}
#if !defined(OPENSSL_NO_COMP)
STACK_OF(SSL_COMP)* comp_methods;
/* disabling compression */
LM_WARN("disabling compression due ZLIB problems\n");
comp_methods = SSL_COMP_get_compression_methods();
if (comp_methods==0) {
LM_INFO("openssl compression already disabled\n");
} else {
sk_SSL_COMP_zero(comp_methods);
}
#endif
if (tls_init_multithread() < 0) {
LM_ERR("failed to init multi-threading support\n");
return -1;
}
SSL_library_init();
SSL_load_error_strings();
init_ssl_methods();
n = check_for_krb();
if (n==-1) {
LM_ERR("kerberos check failed\n");
return -1;
}
if ( ( n ^
#ifndef OPENSSL_NO_KRB5
1
#else
0
#endif
)!=0 ) {
LM_ERR("compiled agaist an openssl with %s"
"kerberos, but run with one with %skerberos\n",
(n==1)?"":"no ",(n!=1)?"no ":"");
return -1;
}
/*
* finish setting up the tls default domains
*/
tls_default_client_domain.type = TLS_DOMAIN_DEF|TLS_DOMAIN_CLI ;
tls_default_client_domain.addr.af = AF_INET;
tls_default_server_domain.type = TLS_DOMAIN_DEF|TLS_DOMAIN_SRV;
tls_default_server_domain.addr.af = AF_INET;
/*
* now initialize tls default domains
*/
if ( (n=init_tls_domains(&tls_default_server_domain)) ) {
return n;
}
if ( (n=init_tls_domains(&tls_default_client_domain)) ) {
return n;
}
/*
* now initialize tls virtual domains
*/
if ( (n=init_tls_domains(tls_server_domains)) ) {
return n;
}
if ( (n=init_tls_domains(tls_client_domains)) ) {
return n;
}
/*
* we are all set
*/
return 0;
}
