static void tls_reload(rpc_t* rpc, void* ctx)
{
tls_domains_cfg_t* cfg;
str tls_domains_cfg_file;
tls_domains_cfg_file = cfg_get(tls, tls_cfg, config_file);
if (!tls_domains_cfg_file.s) {
rpc->fault(ctx, 500, "No TLS configuration file configured");
return;
}
/* Try to delete old configurations first */
collect_garbage();
cfg = tls_load_config(&tls_domains_cfg_file);
if (!cfg) {
rpc->fault(ctx, 500, "Error while loading TLS configuration file"
" (consult server log)");
return;
}
if (tls_fix_domains_cfg(cfg, &srv_defaults, &cli_defaults) < 0) {
rpc->fault(ctx, 500, "Error while fixing TLS configuration"
" (consult server log)");
goto error;
}
if (tls_check_sockets(cfg) < 0) {
rpc->fault(ctx, 500, "No server listening socket found for one of"
" TLS domains (consult server log)");
goto error;
}
DBG("TLS configuration successfuly loaded");
cfg->next = (*tls_domains_cfg);
*tls_domains_cfg = cfg;
return;
error:
tls_free_cfg(cfg);
}
static int mod_init(void)
{
int method;
if (tls_disable){
LOG(L_WARN, "tls support is disabled "
"(set enable_tls=1 in the config to enable it)\n");
return 0;
}
if (fix_tls_cfg(&default_tls_cfg) < 0 ) {
ERR("initial tls configuration fixup failed\n");
return -1;
}
/* declare configuration */
if (cfg_declare("tls", tls_cfg_def, &default_tls_cfg,
cfg_sizeof(tls), (void **)&tls_cfg)) {
ERR("failed to register the configuration\n");
return -1;
}
/* Convert tls_method parameter to integer */
method = tls_parse_method(&cfg_get(tls, tls_cfg, method));
if (method < 0) {
ERR("Invalid tls_method parameter value\n");
return -1;
}
/* fill mod_params */
mod_params.method = method;
mod_params.verify_cert = cfg_get(tls, tls_cfg, verify_cert);
mod_params.verify_depth = cfg_get(tls, tls_cfg, verify_depth);
mod_params.require_cert = cfg_get(tls, tls_cfg, require_cert);
mod_params.pkey_file = cfg_get(tls, tls_cfg, private_key);
mod_params.ca_file = cfg_get(tls, tls_cfg, ca_list);
mod_params.crl_file = cfg_get(tls, tls_cfg, crl);
mod_params.cert_file = cfg_get(tls, tls_cfg, certificate);
mod_params.cipher_list = cfg_get(tls, tls_cfg, cipher_list);
mod_params.server_name = cfg_get(tls, tls_cfg, server_name);
tls_domains_cfg =
(tls_domains_cfg_t**)shm_malloc(sizeof(tls_domains_cfg_t*));
if (!tls_domains_cfg) {
ERR("Not enough shared memory left\n");
goto error;
}
*tls_domains_cfg = NULL;
register_select_table(tls_sel);
/* register the rpc interface */
if (rpc_register_array(tls_rpc)!=0) {
LOG(L_ERR, "failed to register RPC commands\n");
goto error;
}
/* if (init_tls() < 0) return -1; */
tls_domains_cfg_lock = lock_alloc();
if (tls_domains_cfg_lock == 0) {
ERR("Unable to create TLS configuration lock\n");
goto error;
}
if (lock_init(tls_domains_cfg_lock) == 0) {
lock_dealloc(tls_domains_cfg_lock);
ERR("Unable to initialize TLS configuration lock\n");
goto error;
}
if (tls_ct_wq_init() < 0) {
ERR("Unable to initialize TLS buffering\n");
goto error;
}
if (cfg_get(tls, tls_cfg, config_file).s) {
*tls_domains_cfg =
tls_load_config(&cfg_get(tls, tls_cfg, config_file));
if (!(*tls_domains_cfg)) goto error;
} else {
*tls_domains_cfg = tls_new_cfg();
if (!(*tls_domains_cfg)) goto error;
}
if (tls_check_sockets(*tls_domains_cfg) < 0)
goto error;
#ifndef OPENSSL_NO_ECDH
LM_INFO("With ECDH-Support!\n");
#endif
#ifndef OPENSSL_NO_DH
LM_INFO("With Diffie Hellman\n");
#endif
tls_lookup_event_routes();
return 0;
error:
destroy_tls_h();
return -1;
}
static int mod_init(void)
{
int method;
if (tls_disable){
LOG(L_WARN, "WARNING: tls: mod_init: tls support is disabled "
"(set enable_tls=1 in the config to enable it)\n");
return 0;
}
if (cfg_get(tcp, tcp_cfg, async) && !tls_force_run){
ERR("tls does not support tcp in async mode, please use"
" tcp_async=no in the config file\n");
return -1;
}
/* Convert tls_method parameter to integer */
method = tls_parse_method(&tls_method);
if (method < 0) {
ERR("Invalid tls_method parameter value\n");
return -1;
}
mod_params.method = method;
/* Update relative paths of files configured through modparams, relative
* pathnames will be converted to absolute and the directory of the main
* SER configuration file will be used as reference.
*/
if (fix_rel_pathnames() < 0) return -1;
tls_cfg = (tls_cfg_t**)shm_malloc(sizeof(tls_cfg_t*));
if (!tls_cfg) {
ERR("Not enough shared memory left\n");
return -1;
}
*tls_cfg = NULL;
register_tls_hooks(&tls_h);
register_select_table(tls_sel);
/* if (init_tls() < 0) return -1; */
tls_cfg_lock = lock_alloc();
if (tls_cfg_lock == 0) {
ERR("Unable to create TLS configuration lock\n");
return -1;
}
if (lock_init(tls_cfg_lock) == 0) {
lock_dealloc(tls_cfg_lock);
ERR("Unable to initialize TLS configuration lock\n");
return -1;
}
if (tls_cfg_file.s) {
*tls_cfg = tls_load_config(&tls_cfg_file);
if (!(*tls_cfg)) return -1;
} else {
*tls_cfg = tls_new_cfg();
if (!(*tls_cfg)) return -1;
}
if (tls_check_sockets(*tls_cfg) < 0) return -1;
/* fix the timeouts from s to ticks */
if (tls_con_lifetime<0){
/* set to max value (~ 1/2 MAX_INT) */
tls_con_lifetime=MAX_TLS_CON_LIFETIME;
}else{
if ((unsigned)tls_con_lifetime >
(unsigned)TICKS_TO_S(MAX_TLS_CON_LIFETIME)){
LOG(L_WARN, "tls: mod_init: tls_con_lifetime too big (%u s), "
" the maximum value is %u\n", tls_con_lifetime,
TICKS_TO_S(MAX_TLS_CON_LIFETIME));
tls_con_lifetime=MAX_TLS_CON_LIFETIME;
}else{
tls_con_lifetime=S_TO_TICKS(tls_con_lifetime);
}
}
return 0;
}
