git:andrei/tcp_tls_changes: tls: added tls.options rpc - sr-dev

28 May 2010

Module: sip-router
Branch: andrei/tcp_tls_changes
Commit: 7ac98ae71a7b0ffe157200362971df9006347986
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=7ac98ae7...
Author: Andrei Pelinescu-Onciul andrei@iptel.org
Committer: Andrei Pelinescu-Onciul andrei@iptel.org
Date:   Fri May 28 13:18:57 2010 +0200
tls: added tls.options rpc
- fixed ca list string initializer
- removed fixups from read-only config variables
- added a new tls.options rpc that dumps the entire tls config.
 E.g.:
sercmd> tls.options
{
    force_run: 0
    method: TLSv1
    verify_certificate: 0
    verify_depth: 9
    require_certificate: 0
    private_key: /home/andrei/sr.git/modules/tls/sip-router-selfsigned.key
    ca_list:
    certificate: /home/andrei/sr.git/modules/tls/sip-router-selfsigned.pem
    cipher_list:
    session_cache: 0
    session_id: sip-router-tls-3.1
    config:
    log: 0
    connection_timeout: 600
    disable_compression: 1
    ssl_release_buffers: 0
    ssl_freelist_max: 0
    ssl_max_send_fragment: -1
    ssl_read_ahead: 1
    low_mem_threshold1: 15204352
    low_mem_threshold2: 7602176
}
---
modules/tls/tls_cfg.c |   14 +++++++++-----
 modules/tls/tls_rpc.c |   37 +++++++++++++++++++++++++++++++++++++
 2 files changed, 46 insertions(+), 5 deletions(-)

diff --git a/modules/tls/tls_cfg.c b/modules/tls/tls_cfg.c
index 32c37a6..e3d7b00 100644
--- a/modules/tls/tls_cfg.c
+++ b/modules/tls/tls_cfg.c
@@ -40,7 +40,11 @@ struct cfg_group_tls default_tls_cfg = {
    9, /* verify_depth */
    0, /* require_certificate */
    STR_STATIC_INIT(TLS_PKEY_FILE), /* private_key */
+#if TLS_CA_FILE == 0
+	STR_NULL,
+#else
    STR_STATIC_INIT(TLS_CA_FILE),   /* ca_list */
+#endif
    STR_STATIC_INIT(TLS_CERT_FILE), /* certificate */
    STR_NULL, /* cipher_list */
    0, /* session_cache */
@@ -96,7 +100,7 @@ static int fix_rel_pathname(void* cfg_h, str* gname, str* name, void** val)
    static char path_buf[MAX_PATH_SIZE];
f = *val;
-	if (f && f->s) {
+	if (f && f->s && f->len) {
    	new_f.s = get_abs_pathname(0, f);
    	if (new_f.s == 0)
    		return -1;
@@ -130,12 +134,12 @@ cfg_def_t	tls_cfg_def[] = {
    	" verification go in the search for a trusted CA" },
    {"require_certificate", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0,
    	"if enabled a certificate will be required from clients" },
-	{"private_key", CFG_VAR_STR | CFG_READONLY, 0, 0, fix_rel_pathname, 0,
+	{"private_key", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
    	"name of the file containing the private key (pem format), if not"
    	" contained in the certificate file" },
-	{"ca_list", CFG_VAR_STR | CFG_READONLY, 0, 0, fix_rel_pathname, 0,
+	{"ca_list", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
    	"name of the file containing the trusted CA list (pem format)" },
-	{"certificate", CFG_VAR_STR | CFG_READONLY, 0, 0, fix_rel_pathname, 0,
+	{"certificate", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
    	"name of the file containing the certificate (pem format)" },
    {"cipher_list", CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
    	"list of the accepted ciphers (strings separated by colons)" },
@@ -180,7 +184,7 @@ cfg_def_t	tls_cfg_def[] = {
 static int fix_initial_pathname(str* path)
 {
    str new_path;
-	if (path->s) {
+	if (path->s && path->len) {
    	new_path.s = get_abs_pathname(0, path);
    	if (new_path.s == 0) return -1;
    	new_path.len = strlen(new_path.s);
diff --git a/modules/tls/tls_rpc.c b/modules/tls/tls_rpc.c
index d5176ac..826f12c 100644
--- a/modules/tls/tls_rpc.c
+++ b/modules/tls/tls_rpc.c
@@ -161,10 +161,47 @@ static void tls_info(rpc_t* rpc, void* c)
+static const char* tls_options_doc[2] = {
+	"Dumps all the tls config options.",
+	0 };
+
+static void tls_options(rpc_t* rpc, void* c)
+{
+	void* handle;
+	rpc->add(c, "{", &handle);
+	rpc->struct_add(handle, "dSdddSSSSdSSddddddddd",
+		"force_run",	cfg_get(tls, tls_cfg, force_run),
+		"method",		&cfg_get(tls, tls_cfg, method),
+		"verify_certificate", cfg_get(tls, tls_cfg, verify_cert),
+
+		"verify_depth",		cfg_get(tls, tls_cfg, verify_depth),
+		"require_certificate",	cfg_get(tls, tls_cfg, require_cert),
+		"private_key",		&cfg_get(tls, tls_cfg, private_key),
+		"ca_list",			&cfg_get(tls, tls_cfg, ca_list),
+		"certificate",		&cfg_get(tls, tls_cfg, certificate),
+		"cipher_list",		&cfg_get(tls, tls_cfg, cipher_list),
+		"session_cache",	cfg_get(tls, tls_cfg, session_cache),
+		"session_id",		&cfg_get(tls, tls_cfg, session_id),
+		"config",			&cfg_get(tls, tls_cfg, config_file),
+		"log",				cfg_get(tls, tls_cfg, log),
+		"connection_timeout", TICKS_TO_S(cfg_get(tls, tls_cfg, con_lifetime)),
+		"disable_compression",	cfg_get(tls, tls_cfg, disable_compression),
+		"ssl_release_buffers",	cfg_get(tls, tls_cfg, ssl_release_buffers),
+		"ssl_freelist_max",		cfg_get(tls, tls_cfg, ssl_freelist_max),
+		"ssl_max_send_fragment", cfg_get(tls, tls_cfg, ssl_max_send_fragment),
+		"ssl_read_ahead",		cfg_get(tls, tls_cfg, ssl_read_ahead),
+		"low_mem_threshold1",	cfg_get(tls, tls_cfg, low_mem_threshold1),
+		"low_mem_threshold2",	cfg_get(tls, tls_cfg, low_mem_threshold2)
+		);
+}
+
+
+
rpc_export_t tls_rpc[] = {
    {"tls.reload", tls_reload, tls_reload_doc, 0},
    {"tls.list",   tls_list,   tls_list_doc,   RET_ARRAY},
    {"tls.info",   tls_info,   tls_info_doc, 0},
+	{"tls.options",tls_options, tls_options_doc, 0},
    {0, 0, 0, 0}
 };

    