diff options
author | David Troy <dave@popvox.com> | 2006-04-02 17:32:12 +0000 |
---|---|---|
committer | David Troy <dave@popvox.com> | 2006-04-02 17:32:12 +0000 |
commit | 273e500c262b84c8cd9a2249ba8955e6f3ff8c74 (patch) | |
tree | a8252f62c8e1934a1bb63295a20c82ea0d12b983 /src/astmanproxy.c | |
parent | 08192d2b732eaaff203012c0acda210b40261885 (diff) | |
download | astmanproxy-273e500c262b84c8cd9a2249ba8955e6f3ff8c74.tar.gz astmanproxy-273e500c262b84c8cd9a2249ba8955e6f3ff8c74.tar.xz astmanproxy-273e500c262b84c8cd9a2249ba8955e6f3ff8c74.zip |
git-svn-id: http://svncommunity.digium.com/svn/astmanproxy/branches/1.20pre@59 f02b47b9-160a-0410-81a6-dc3441afb0ec
Diffstat (limited to 'src/astmanproxy.c')
-rw-r--r-- | src/astmanproxy.c | 38 |
1 files changed, 34 insertions, 4 deletions
diff --git a/src/astmanproxy.c b/src/astmanproxy.c index 0a3a172..29259d3 100644 --- a/src/astmanproxy.c +++ b/src/astmanproxy.c @@ -78,7 +78,7 @@ void leave(int sig) { c->output->write(c, &cm); logmsg("Shutdown, closed client %s", ast_inet_ntoa(iabuf, sizeof(iabuf), c->sin.sin_addr)); } - close(c->fd); + close_sock(c->fd); /* close tcp & ssl socket */ pthread_mutex_destroy(&c->lock); free(c); } @@ -95,7 +95,7 @@ void leave(int sig) { if (debug) debugmsg("Closing listener socket"); - close(asock); + close_sock(asock); /* close tcp & ssl socket */ /* unload io handlers */ while (iohandlers) { @@ -154,7 +154,7 @@ void destroy_session(struct mansession *s) sessions = cur->next; debugmsg("Connection closed: %s", ast_inet_ntoa(iabuf, sizeof(iabuf), s->sin.sin_addr)); if (s->fd > -1) - close(s->fd); + close_sock(s->fd); /* close tcp & ssl socket */ pthread_mutex_destroy(&s->lock); free(s); } else @@ -183,7 +183,7 @@ int WriteClients(struct message *m) { } else c->output->write(c, m); if ( c->input->autodisconnect && c->input->autodisconnect() ) - close(c->fd); + close_sock(c->fd); /* close tcp & ssl socket */ } c = c->next; } @@ -517,6 +517,7 @@ static void *accept_thread() int flags; pthread_attr_t attr; char iabuf[INET_ADDRSTRLEN]; + int is_encrypted; pthread_attr_init(&attr); pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED); @@ -534,6 +535,35 @@ static void *accept_thread() logmsg("Failed to set listener tcp connection to TCP_NODELAY mode: %s\n", strerror(errno)); } } + + /* SSL stuff below */ + is_encrypted = is_encrypt_request(pc.sslclhellotimeout, as); + if (is_encrypted > 0) { + if (!pc.acceptencryptedconnection) { + if( debug ) + debugmsg("Accepting encrypted connection disabled, closing the connection \n"); + close_sock(as); + continue; + } else { + if((as = saccept(as)) >= 0 ) { + if( debug ) + debugmsg("Can't accept the ssl connection, since SSL init has failed for certificate reason\n"); + close_sock(as); + continue; + } + } + } else if (is_encrypted == -1) { + logmsg("SSL version 2 is unsecure, we don't support it\n"); + close_sock(as); + continue; + } + if ( (! pc.acceptunencryptedconnection) && (as >= 0)) { + logmsg("Unencrypted connections are not accepted and we received an unencrypted connection request\n"); + close_sock(as); + continue; + } + /* SSL stuff end */ + s = malloc(sizeof(struct mansession)); if ( !s ) { logmsg("Failed to allocate listener session: %s\n", strerror(errno)); |