mirror of https://github.com/asterisk/asterisk
master
20
21
22
releases/22
releases/21
releases/20
certified/18.9
certified/20.7
18
releases/certified-20.7
releases/certified-18.9
releases/18
revert-549-master-issue-548
16
19
releases/19
releases/16
20.2
18.17
20.1
19.8
18.16
16.30
20.0
19.7
18.15
16.29
16.19
19.6
18.14
16.28
development/16/python3
development/16/geolocation
19.5
18.13
16.27
19.4
18.12
16.26
19.3
18.11
16.25
certified/16.8
19.2
18.10
16.24
certified/16.3
19.1
18.9
16.23
19.0
18.8
16.22
16.21
18.7
18.6
16.20
18.5
17.9
13.38
17
13
18.4
16.18
18.3
16.17
18.2
16.16
18.1
16.15
jenkinstest-16
18.0
17.8
16.14
13.37
17.7
16.13
13.36
certified/13.21
17.6
16.12
13.35
17.5
16.11
13.34
17.4
16.10
13.33
17.3
16.9
13.32
17.2
16.8
13.31
17.1
16.7
13.30
17.0
16.6
13.29
16.5
15.7
13.28
15
16.4
13.27
16.3
13.26
16.2
13.25
16.1
13.24
16.0
15.6
13.23
14.7
14
certified/13.18
certified/13.13
certified/11.6
11
certified/13.8
certified/13.1
1.8
certified/1.8.28
12
certified/1.8.15
certified/11.2
10-digiumphones
10
certified/1.8.11
certified/1.8.6
1.6.2
1.4
1.6.1
1.6.0
1.2
1.2-netsec
1.0
22.4.0-rc1
21.9.0-rc1
20.14.0-rc1
22.3.0
21.8.0
20.13.0
22.3.0-rc1
21.8.0-rc1
20.13.0-rc1
22.2.0
21.7.0
20.12.0
22.2.0-rc2
21.7.0-rc2
20.12.0-rc2
22.2.0-rc1
21.7.0-rc1
20.12.0-rc1
certified-20.7-cert4
certified-18.9-cert13
22.1.1
21.6.1
20.11.1
18.26.1
22.1.0
21.6.0
20.11.0
18.26.0
22.1.0-rc1
21.6.0-rc1
20.11.0-rc1
18.26.0-rc1
18.25.0
20.10.0
21.5.0
22.0.0
22.0.0-rc2
21.5.0-rc2
20.10.0-rc2
18.25.0-rc2
22.0.0-rc1
21.5.0-rc1
20.10.0-rc1
18.25.0-rc1
certified-20.7-cert3
certified-18.9-cert12
21.4.3
20.9.3
18.24.3
22.0.0-pre1
21.4.2
20.9.2
18.24.2
certified-20.7-cert2
certified-18.9-cert11
21.4.1
20.9.1
18.24.1
21.4.0
20.9.0
18.24.0
certified-20.7-cert1
certified-18.9-cert10
21.4.0-rc1
20.9.0-rc1
18.24.0-rc1
21.3.1
20.8.1
18.23.1
21.3.0
20.8.0
18.23.0
certified-20.7-cert1-rc2
certified-18.9-cert9
20.8.0-rc1
21.3.0-rc1
18.23.0-rc1
certified-20.7-cert1-rc1
certified-20.7-cert1-pre1
21.2.0
20.7.0
18.22.0
certified-18.9-cert8
21.2.0-rc2
20.7.0-rc2
18.22.0-rc2
21.2.0-rc1
20.7.0-rc1
18.22.0-rc1
certified-18.9-cert8-rc2
certified-18.9-cert8-rc1
21.1.0
20.6.0
18.21.0
21.1.0-rc2
20.6.0-rc2
18.21.0-rc2
21.1.0-rc1
20.6.0-rc1
18.21.0-rc1
21.0.2
20.5.2
18.20.2
certified-18.9-cert7
certified-18.9-cert6
21.0.1
20.5.1
18.20.1
21.0.0
20.5.0
18.20.0
21.0.0-rc1
20.5.0-rc1
18.20.0-rc1
21.0.0-pre1
18.19.0
20.4.0
20.4.0-rc2
18.19.0-rc2
20.4.0-rc1
18.19.0-rc1
20.3.1
certified-18.9-cert5
19.8.1
18.18.1
16.30.1
certified-18.9-cert4
20.3.0
18.18.0
20.3.0-rc1
18.18.0-rc1
20.2.1
18.17.1
20.2.0
18.17.0
20.2.0-rc1
18.17.0-rc1
certified/18.9-cert4
20.1.0
19.8.0
18.16.0
16.30.0
20.1.0-rc2
19.8.0-rc2
18.16.0-rc2
16.30.0-rc2
20.1.0-rc1
18.16.0-rc1
19.8.0-rc1
16.30.0-rc1
certified/18.9-cert3
20.0.1
19.7.1
18.15.1
16.29.1
19.7.0
20.0.0
18.15.0
16.29.0
certified/18.9-cert2
20.0.0-rc2
19.7.0-rc2
18.15.0-rc2
16.29.0-rc2
20.0.0-rc1
19.7.0-rc1
18.15.0-rc1
16.29.0-rc1
19.6.0
18.14.0
16.28.0
19.6.0-rc2
18.14.0-rc2
16.28.0-rc2
19.6.0-rc1
18.14.0-rc1
16.28.0-rc1
19.5.0
18.13.0
16.27.0
19.5.0-rc1
18.13.0-rc1
16.27.0-rc1
19.4.1
18.12.1
16.26.1
19.4.0
18.12.0
16.26.0
19.4.0-rc1
18.12.0-rc1
16.26.0-rc1
certified/18.9-cert1
19.3.3
18.11.3
16.25.3
certified/16.8-cert14
19.3.2
18.11.2
16.25.2
19.3.1
18.11.1
16.25.1
19.3.0
18.11.0
16.25.0
19.3.0-rc1
18.11.0-rc1
16.25.0-rc1
certified/16.8-cert13
19.2.1
18.10.1
16.24.1
19.2.0
18.10.0
16.24.0
19.2.0-rc1
18.10.0-rc1
16.24.0-rc1
certified/18.9-cert1-rc1
19.1.0
18.9.0
16.23.0
19.1.0-rc1
18.9.0-rc1
16.23.0-rc1
19.0.0
18.8.0
16.22.0
certified/16.8-cert12
19.0.0-rc1
18.8.0-rc1
16.22.0-rc1
16.21.1
18.7.1
18.7.0
16.21.0
18.7.0-rc3
16.21.0-rc3
18.7.0-rc2
16.21.0-rc2
18.7.0-rc1
16.21.0-rc1
certified/16.8-cert11
18.6.0
16.20.0
18.6.0-rc1
16.20.0-rc1
certified/16.8-cert10
18.5.1
17.9.4
16.19.1
13.38.3
18.5.0
16.19.0
certified/16.8-cert9
18.5.0-rc1
16.19.0-rc1
18.4.0
16.18.0
18.4.0-rc1
16.18.0-rc1
certified/16.8-cert8
18.3.0
16.17.0
18.3.0-rc2
16.17.0-rc2
18.3.0-rc1
16.17.0-rc1
certified/16.8-cert7
18.2.2
17.9.3
16.16.2
certified/16.8-cert6
18.2.1
17.9.2
16.16.1
13.38.2
18.2.0
16.16.0
18.2.0-rc1
16.16.0-rc1
18.1.1
17.9.1
16.15.1
13.38.1
18.1.0
17.9.0
16.15.0
13.38.0
18.1.0-rc1
17.9.0-rc1
16.15.0-rc1
13.38.0-rc1
18.0.1
17.8.1
16.14.1
certified/16.8-cert5
13.37.1
certified/16.8-cert4
certified/16.8-cert4-rc4
18.0.0
17.8.0
16.14.0
13.37.0
18.0.0-rc2
certified/16.8-cert4-rc3
18.0.0-rc1
17.8.0-rc1
16.14.0-rc1
13.37.0-rc1
17.7.0
16.13.0
13.36.0
17.7.0-rc2
16.13.0-rc2
13.36.0-rc2
17.7.0-rc1
16.13.0-rc1
13.36.0-rc1
certified/16.8-cert4-rc2
17.6.0
16.12.0
13.35.0
17.6.0-rc1
16.12.0-rc1
13.35.0-rc1
certified/16.8-cert4-rc1
certified/16.8-cert3
17.5.1
16.11.1
17.5.0
16.11.0
13.34.0
17.5.0-rc3
16.11.0-rc3
13.34.0-rc3
17.5.0-rc2
16.11.0-rc2
13.34.0-rc2
17.5.0-rc1
16.11.0-rc1
13.34.0-rc1
certified/16.8-cert2
17.4.0
16.10.0
13.33.0
certified/16.8-cert1
17.4.0-rc2
16.10.0-rc2
13.33.0-rc2
17.4.0-rc1
16.10.0-rc1
13.33.0-rc1
certified/16.8-cert1-rc5
certified/16.8-cert1-rc4
17.3.0
16.9.0
13.32.0
17.3.0-rc1
16.9.0-rc1
13.32.0-rc1
certified/16.8-cert1-rc3
certified/16.8-cert1-rc2
certified/16.8-cert1-rc1
17.2.0
16.8.0
13.31.0
17.2.0-rc2
16.8.0-rc2
13.31.0-rc2
17.2.0-rc1
16.8.0-rc1
13.31.0-rc1
certified/16.3-cert1
certified/13.21-cert6
17.1.0
16.7.0
13.30.0
17.1.0-rc2
16.7.0-rc2
13.30.0-rc2
17.1.0-rc1
16.7.0-rc1
13.30.0-rc1
certified/13.21-cert5
17.0.1
16.6.2
13.29.2
17.0.0
17.0.0-rc3
16.6.1
13.29.1
16.6.0
13.29.0
16.6.0-rc2
13.29.0-rc2
17.0.0-rc2
16.6.0-rc1
13.29.0-rc1
16.5.1
15.7.4
13.28.1
17.0.0-rc1
16.5.0
13.28.0
16.5.0-rc1
13.28.0-rc1
certified/13.21-cert4
16.4.1
15.7.3
13.27.1
16.4.0
13.27.0
16.4.0-rc1
13.27.0-rc1
16.3.0
13.26.0
16.3.0-rc1
13.26.0-rc1
16.2.1
15.7.2
16.2.0
13.25.0
13.25.0-rc3
16.2.0-rc2
13.25.0-rc2
16.2.0-rc1
13.25.0-rc1
16.1.1
15.7.1
13.24.1
16.1.0
13.24.0
15.7.0
16.1.0-rc1
15.7.0-rc1
13.24.0-rc1
16.0.1
15.6.2
16.0.0
16.0.0-rc3
certified/13.21-cert3
15.6.1
14.7.8
13.23.1
16.0.0-rc2
15.6.0
13.23.0
15.6.0-rc1
13.23.0-rc1
16.0.0-rc1
15.5.0
13.22.0
15.5.0-rc1
13.22.0-rc1
15.4.1
14.7.7
certified/13.21-cert2
certified/13.18-cert4
13.21.1
certified/13.21-cert1
certified/13.21-cert1-rc2
certified/13.21-cert1-rc1
15.4.0
13.21.0
15.4.0-rc2
15.4.0-rc1
13.21.0-rc1
15.3.0
13.20.0
15.3.0-rc2
13.20.0-rc2
15.3.0-rc1
13.20.0-rc1
15.2.2
certified/13.18-cert3
14.7.6
13.19.2
13.19.1
15.2.1
15.2.0
13.19.0
15.2.0-rc2
13.19.0-rc2
certified/13.18-cert2
15.1.5
14.7.5
13.18.5
certified/13.18-cert1
15.2.0-rc1
13.19.0-rc1
certified/13.18-cert1-rc3
certified/13.13-cert9
15.1.4
14.7.4
13.18.4
15.1.3
certified/13.13-cert8
14.7.3
13.18.3
certified/13.18-cert1-rc2
15.1.2
14.7.2
13.18.2
certified/13.18-cert1-rc1
certified/13.13-cert7
15.1.1
14.7.1
13.18.1
15.1.0
14.7.0
13.18.0
15.1.0-rc2
14.7.0-rc2
13.18.0-rc2
15.1.0-rc1
14.7.0-rc1
13.18.0-rc1
15.0.0
certified/13.13-cert6
certified/11.6-cert18
14.6.2
13.17.2
11.25.3
15.0.0-rc1
14.6.1
certified/13.13-cert5
13.17.1
certified/11.6-cert17
11.25.2
15.0.0-beta1
14.6.0
13.17.0
14.6.0-rc1
13.17.0-rc1
14.5.0
13.16.0
14.5.0-rc2
13.16.0-rc2
14.5.0-rc1
13.16.0-rc1
certified/13.13-cert4
14.4.1
13.15.1
14.4.0
13.15.0
14.4.0-rc3
13.15.0-rc3
14.3.1
13.14.1
certified/13.13-cert3
13.15.0-rc2
14.4.0-rc2
14.4.0-rc1
13.15.0-rc1
certified/13.13-cert2
14.3.0
13.14.0
certified/13.13-cert1
14.3.0-rc2
13.14.0-rc2
certified/13.13-cert1-rc4
14.3.0-rc1
13.14.0-rc1
certified/13.13-cert1-rc3
certified/13.13-cert1-rc2
certified/11.6-cert16
certified/13.8-cert4
14.2.1
13.13.1
11.25.1
certified/13.13-cert1-rc1
14.2.0
13.13.0
14.2.0-rc2
13.13.0-rc2
11.25.0
14.2.0-rc1
13.13.0-rc1
11.25.0-rc1
14.1.2
13.12.2
14.1.1
13.12.1
11.24.1
14.1.0
13.12.0
11.24.0
14.1.0-rc1
13.12.0-rc1
11.24.0-rc1
14.0.2
14.0.1
14.0.0
14.0.0-rc2
14.0.0-rc1
13.11.2
certified/11.6-cert15
certified/13.8-cert3
11.23.1
13.11.1
13.11.0
13.11.0-rc2
14.0.0-beta2
certified/11.6-cert14
certified/11.6-cert14-rc2
certified/13.8-cert2
certified/13.8-cert2-rc1
certified/11.6-cert14-rc1
13.11.0-rc1
14.0.0-beta1
11.23.0
13.10.0
certified/13.1-cert8
13.10.0-rc3
certified/13.8-cert1
13.10.0-rc2
11.23.0-rc1
13.10.0-rc1
certified/13.8-cert1-rc3
13.9.1
13.9.0
certified/13.8-cert1-rc2
13.9.0-rc2
certified/13.1-cert7
13.9.0-rc1
certified/13.1-cert6
13.8.2
13.8.1
certified/13.1-cert5
certified/13.8-cert1-rc1
13.8.0
11.22.0
certified/13.1-cert4
certified/11.6-cert13
11.21.2
13.7.2
11.20.0
13.6.0
13.5.0
11.19.0
certified/13.1-cert3-rc1
13.4.0
11.18.0
0.1.0
0.1.1
0.1.10
0.1.11
0.1.12
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.1.9
0.2.0
0.3.0
0.4.0
0.5.0
0.7.0
0.7.1
0.7.2
0.9.0
1.0.0
1.0.0-rc1
1.0.0-rc2
1.0.1
1.0.10
1.0.11
1.0.11.1
1.0.12
1.0.2
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.2.0
1.2.0-beta1
1.2.0-beta2
1.2.0-rc1
1.2.0-rc2
1.2.1
1.2.10
1.2.10-netsec
1.2.11
1.2.11-netsec
1.2.12
1.2.12-netsec
1.2.12.1
1.2.12.1-netsec
1.2.13
1.2.13-netsec
1.2.14
1.2.14-netsec
1.2.15
1.2.15-netsec
1.2.16
1.2.16-netsec
1.2.17
1.2.17-netsec
1.2.18
1.2.18-netsec
1.2.19
1.2.19-netsec
1.2.2
1.2.2-netsec
1.2.20
1.2.20-netsec
1.2.21
1.2.21-netsec
1.2.21.1
1.2.21.1-netsec
1.2.22
1.2.22-netsec
1.2.23
1.2.23-netsec
1.2.24
1.2.24-netsec
1.2.25
1.2.25-netsec
1.2.26
1.2.26-netsec
1.2.26.1
1.2.26.1-netsec
1.2.26.2
1.2.26.2-netsec
1.2.27
1.2.28
1.2.28.1
1.2.29
1.2.3
1.2.3-netsec
1.2.30
1.2.30.1
1.2.30.2
1.2.30.3
1.2.30.4
1.2.31
1.2.31.1
1.2.31.2
1.2.32
1.2.33
1.2.34
1.2.35
1.2.36
1.2.37
1.2.38
1.2.39
1.2.4
1.2.4-netsec
1.2.40
1.2.5
1.2.5-netsec
1.2.6
1.2.6-netsec
1.2.7
1.2.7-netsec
1.2.7.1
1.2.7.1-netsec
1.2.8
1.2.8-netsec
1.2.9
1.2.9-netsec
1.2.9.1
1.2.9.1-netsec
1.4.0
1.4.0-beta1
1.4.0-beta2
1.4.0-beta3
1.4.0-beta4
1.4.1
1.4.10
1.4.10.1
1.4.11
1.4.12
1.4.12.1
1.4.13
1.4.14
1.4.15
1.4.16
1.4.16.1
1.4.16.2
1.4.17
1.4.18
1.4.18.1
1.4.19
1.4.19-rc1
1.4.19-rc2
1.4.19-rc3
1.4.19-rc4
1.4.19.1
1.4.19.2
1.4.2
1.4.20
1.4.20-rc1
1.4.20-rc2
1.4.20-rc3
1.4.20.1
1.4.21
1.4.21-rc1
1.4.21-rc2
1.4.21.1
1.4.21.2
1.4.22
1.4.22-rc1
1.4.22-rc2
1.4.22-rc3
1.4.22-rc4
1.4.22-rc5
1.4.22.1
1.4.22.2
1.4.23
1.4.23-rc1
1.4.23-rc2
1.4.23-rc3
1.4.23-rc4
1.4.23-testing
1.4.23.1
1.4.23.2
1.4.24
1.4.24-rc1
1.4.24.1
1.4.25
1.4.25-rc1
1.4.25.1
1.4.26
1.4.26-rc1
1.4.26-rc2
1.4.26-rc3
1.4.26-rc4
1.4.26-rc5
1.4.26-rc6
1.4.26.1
1.4.26.2
1.4.26.3
1.4.27
1.4.27-rc1
1.4.27-rc2
1.4.27-rc3
1.4.27-rc4
1.4.27-rc5
1.4.27.1
1.4.28
1.4.28-rc1
1.4.29
1.4.29-rc1
1.4.29.1
1.4.3
1.4.30
1.4.30-rc1
1.4.30-rc2
1.4.30-rc3
1.4.31
1.4.31-rc1
1.4.31-rc2
1.4.32
1.4.32-rc1
1.4.32-rc2
1.4.33
1.4.33-rc1
1.4.33-rc2
1.4.33.1
1.4.34
1.4.34-rc1
1.4.34-rc2
1.4.35
1.4.35-rc1
1.4.36
1.4.36-rc1
1.4.37
1.4.37-rc1
1.4.37.1
1.4.38
1.4.38-rc1
1.4.38.1
1.4.39
1.4.39-rc1
1.4.39.1
1.4.39.2
1.4.4
1.4.40
1.4.40-rc1
1.4.40-rc2
1.4.40-rc3
1.4.40.1
1.4.40.2
1.4.41
1.4.41-rc1
1.4.41.1
1.4.41.2
1.4.42
1.4.42-rc1
1.4.42-rc2
1.4.43
1.4.44
1.4.5
1.4.6
1.4.7
1.4.7.1
1.4.8
1.4.9
1.6.0
1.6.0-beta1
1.6.0-beta2
1.6.0-beta3
1.6.0-beta4
1.6.0-beta5
1.6.0-beta6
1.6.0-beta7
1.6.0-beta7.1
1.6.0-beta8
1.6.0-beta9
1.6.0-rc1
1.6.0-rc2
1.6.0-rc3
1.6.0-rc4
1.6.0-rc5
1.6.0-rc6
1.6.0.1
1.6.0.10
1.6.0.11-rc1
1.6.0.11-rc2
1.6.0.12
1.6.0.13
1.6.0.13-rc1
1.6.0.14
1.6.0.14-rc1
1.6.0.15
1.6.0.16
1.6.0.16-rc1
1.6.0.16-rc2
1.6.0.17
1.6.0.18
1.6.0.18-rc1
1.6.0.18-rc2
1.6.0.18-rc3
1.6.0.19
1.6.0.2
1.6.0.20
1.6.0.20-rc1
1.6.0.21
1.6.0.21-rc1
1.6.0.22
1.6.0.23
1.6.0.23-rc1
1.6.0.23-rc2
1.6.0.24
1.6.0.25
1.6.0.26
1.6.0.26-rc1
1.6.0.27
1.6.0.27-rc1
1.6.0.27-rc2
1.6.0.27-rc3
1.6.0.28
1.6.0.28-rc1
1.6.0.28-rc2
1.6.0.3
1.6.0.3-rc1
1.6.0.3.1
1.6.0.4-rc1
1.6.0.4-testing
1.6.0.5
1.6.0.6
1.6.0.6-rc1
1.6.0.7
1.6.0.7-rc1
1.6.0.7-rc2
1.6.0.8
1.6.0.9
1.6.1-beta1
1.6.1-beta2
1.6.1-beta3
1.6.1-beta4
1.6.1-rc1
1.6.1.0
1.6.1.0-rc2
1.6.1.0-rc3
1.6.1.0-rc4
1.6.1.0-rc5
1.6.1.1
1.6.1.10
1.6.1.10-rc1
1.6.1.10-rc2
1.6.1.10-rc3
1.6.1.11
1.6.1.12
1.6.1.12-rc1
1.6.1.13
1.6.1.13-rc1
1.6.1.14
1.6.1.15-rc1
1.6.1.15-rc2
1.6.1.16
1.6.1.17
1.6.1.18
1.6.1.18-rc1
1.6.1.18-rc2
1.6.1.19
1.6.1.19-rc1
1.6.1.19-rc2
1.6.1.19-rc3
1.6.1.2
1.6.1.20
1.6.1.20-rc1
1.6.1.20-rc2
1.6.1.21
1.6.1.22
1.6.1.23
1.6.1.24
1.6.1.25
1.6.1.3-rc1
1.6.1.4
1.6.1.5
1.6.1.5-rc1
1.6.1.6
1.6.1.7-rc1
1.6.1.7-rc2
1.6.1.8
1.6.1.9
1.6.2.0
1.6.2.0-beta1
1.6.2.0-beta2
1.6.2.0-beta3
1.6.2.0-beta4
1.6.2.0-rc1
1.6.2.0-rc2
1.6.2.0-rc3
1.6.2.0-rc4
1.6.2.0-rc5
1.6.2.0-rc6
1.6.2.0-rc7
1.6.2.0-rc8
1.6.2.1
1.6.2.1-rc1
1.6.2.10
1.6.2.10-rc1
1.6.2.10-rc2
1.6.2.11
1.6.2.11-rc1
1.6.2.11-rc2
1.6.2.12
1.6.2.12-rc1
1.6.2.13
1.6.2.14
1.6.2.14-rc1
1.6.2.15
1.6.2.15-rc1
1.6.2.15.1
1.6.2.16
1.6.2.16-rc1
1.6.2.16.1
1.6.2.16.2
1.6.2.17
1.6.2.17-rc1
1.6.2.17-rc2
1.6.2.17-rc3
1.6.2.17.1
1.6.2.17.2
1.6.2.17.3
1.6.2.18
1.6.2.18-rc1
1.6.2.18.1
1.6.2.18.2
1.6.2.19
1.6.2.19-rc1
1.6.2.2
1.6.2.20
1.6.2.21
1.6.2.22
1.6.2.23
1.6.2.24
1.6.2.3-rc1
1.6.2.3-rc2
1.6.2.4
1.6.2.5
1.6.2.6
1.6.2.6-rc1
1.6.2.6-rc2
1.6.2.7
1.6.2.7-rc1
1.6.2.7-rc2
1.6.2.7-rc3
1.6.2.8
1.6.2.8-rc1
1.6.2.8-rc2
1.6.2.9
1.6.2.9-rc1
1.6.2.9-rc2
1.6.2.9-rc3
1.8.0
1.8.0-beta1
1.8.0-beta2
1.8.0-beta3
1.8.0-beta4
1.8.0-beta5
1.8.0-rc1
1.8.0-rc2
1.8.0-rc3
1.8.0-rc4
1.8.0-rc5
1.8.1
1.8.1-rc1
1.8.1.1
1.8.1.2
1.8.10.0
1.8.10.0-rc1
1.8.10.0-rc2
1.8.10.0-rc3
1.8.10.0-rc4
1.8.10.1
1.8.11.0
1.8.11.0-rc1
1.8.11.0-rc2
1.8.11.0-rc3
1.8.11.1
1.8.12.0
1.8.12.0-rc1
1.8.12.0-rc2
1.8.12.0-rc3
1.8.12.1
1.8.12.2
1.8.13.0
1.8.13.0-rc1
1.8.13.0-rc2
1.8.13.1
1.8.14.0
1.8.14.0-rc1
1.8.14.0-rc2
1.8.14.1
1.8.15-cert4
1.8.15.0
1.8.15.0-rc1
1.8.15.1
1.8.16.0
1.8.16.0-rc1
1.8.16.0-rc2
1.8.17.0
1.8.17.0-rc1
1.8.17.0-rc2
1.8.17.0-rc3
1.8.18.0
1.8.18.0-rc1
1.8.18.1
1.8.19.0
1.8.19.0-rc1
1.8.19.0-rc2
1.8.19.0-rc3
1.8.19.0-tc1
1.8.19.1
1.8.2
1.8.2-rc1
1.8.2.1
1.8.2.2
1.8.2.3
1.8.2.4
1.8.20.0
1.8.20.0-rc1
1.8.20.0-rc2
1.8.20.1
1.8.20.2
1.8.21.0
1.8.21.0-rc1
1.8.21.0-rc2
1.8.22.0
1.8.22.0-rc1
1.8.22.0-rc2
1.8.23.0
1.8.23.0-rc1
1.8.23.0-rc2
1.8.23.1
1.8.24.0
1.8.24.0-rc1
1.8.24.0-rc2
1.8.24.1
1.8.25.0
1.8.25.0-rc1
1.8.25.0-rc2
1.8.26.0
1.8.26.0-rc1
1.8.26.0-rc2
1.8.26.1
1.8.27.0
1.8.27.0-rc1
1.8.27.0-rc2
1.8.28-cert5
1.8.28.0
1.8.28.0-rc1
1.8.28.1
1.8.28.2
1.8.29.0
1.8.29.0-rc1
1.8.3
1.8.3-rc1
1.8.3-rc2
1.8.3-rc3
1.8.3.1
1.8.3.2
1.8.3.3
1.8.30.0
1.8.30.0-rc1
1.8.31.0
1.8.31.0-rc1
1.8.31.1
1.8.32.0
1.8.32.0-rc1
1.8.32.0-rc2
1.8.32.1
1.8.32.2
1.8.32.3
1.8.4
1.8.4-rc1
1.8.4-rc2
1.8.4-rc3
1.8.4.1
1.8.4.2
1.8.4.3
1.8.4.4
1.8.5-rc1
1.8.5.0
1.8.5.1
1.8.6.0
1.8.6.0-rc1
1.8.6.0-rc2
1.8.6.0-rc3
1.8.7.0
1.8.7.0-rc1
1.8.7.0-rc2
1.8.7.1
1.8.7.2
1.8.8.0
1.8.8.0-rc1
1.8.8.0-rc2
1.8.8.0-rc3
1.8.8.0-rc4
1.8.8.0-rc5
1.8.8.1
1.8.8.2
1.8.9.0
1.8.9.0-rc1
1.8.9.0-rc2
1.8.9.0-rc3
1.8.9.1
1.8.9.2
1.8.9.3
10.0.0
10.0.0-beta1
10.0.0-beta2
10.0.0-rc1
10.0.0-rc2
10.0.0-rc3
10.0.0-rc4
10.0.1
10.1.0
10.1.0-rc1
10.1.0-rc2
10.1.1
10.1.2
10.1.3
10.10.0
10.10.0-digiumphones
10.10.0-digiumphones-rc1
10.10.0-digiumphones-rc2
10.10.0-rc1
10.10.0-rc2
10.10.1
10.10.1-digiumphones
10.11.0
10.11.0-digiumphones
10.11.0-digiumphones-rc1
10.11.0-digiumphones-rc2
10.11.0-digiumphones-rc3
10.11.0-rc1
10.11.0-rc2
10.11.0-rc3
10.11.1
10.11.1-digiumphones
10.12.0
10.12.0-digiumphones
10.12.0-digiumphones-rc1
10.12.0-digiumphones-rc2
10.12.0-rc1
10.12.0-rc2
10.12.1
10.12.1-digiumphones
10.12.2
10.12.2-digiumphones
10.12.3
10.12.3-digiumphones
10.12.4
10.12.4-digiumphones
10.2.0
10.2.0-rc1
10.2.0-rc2
10.2.0-rc3
10.2.0-rc4
10.2.1
10.3.0
10.3.0-rc1
10.3.0-rc2
10.3.0-rc3
10.3.1
10.4.0
10.4.0-digiumphones-rc1
10.4.0-digiumphones-rc2
10.4.0-rc1
10.4.0-rc2
10.4.0-rc3
10.4.1
10.4.2
10.5.0
10.5.0-digiumphones
10.5.0-digiumphones-rc1
10.5.0-digiumphones-rc2
10.5.0-rc1
10.5.0-rc2
10.5.1
10.5.1-digiumphones
10.5.2
10.5.2-digiumphones
10.6.0
10.6.0-digiumphones
10.6.0-digiumphones-rc1
10.6.0-digiumphones-rc2
10.6.0-rc1
10.6.0-rc2
10.6.1
10.6.1-digiumphones
10.7.0
10.7.0-digiumphones
10.7.0-digiumphones-rc1
10.7.0-rc1
10.7.1
10.7.1-digiumphones
10.8.0
10.8.0-digiumphones
10.8.0-digiumphones-rc1
10.8.0-digiumphones-rc2
10.8.0-rc1
10.8.0-rc2
10.9.0
10.9.0-digiumphones
10.9.0-digiumphones-rc1
10.9.0-digiumphones-rc2
10.9.0-digiumphones-rc3
10.9.0-rc1
10.9.0-rc2
10.9.0-rc3
11.0.0
11.0.0-beta1
11.0.0-beta2
11.0.0-rc1
11.0.0-rc2
11.0.1
11.0.2
11.1.0
11.1.0-rc1
11.1.0-rc2
11.1.0-rc3
11.1.1
11.1.2
11.10.0
11.10.0-rc1
11.10.1
11.10.2
11.11.0
11.11.0-rc1
11.12.0
11.12.0-rc1
11.12.1
11.13.0
11.13.0-rc1
11.13.1
11.14.0
11.14.0-rc1
11.14.0-rc2
11.14.1
11.14.2
11.15.0
11.15.0-rc1
11.15.0-rc2
11.15.1
11.16.0
11.16.0-rc1
11.17.0
11.17.0-rc1
11.17.1
11.18.0-rc1
11.19.0-rc1
11.2.0
11.2.0-rc1
11.2.0-rc2
11.2.1
11.2.2
11.20.0-rc1
11.20.0-rc2
11.20.0-rc3
11.21.0
11.21.0-rc1
11.21.0-rc2
11.21.0-rc3
11.21.1
11.22.0-rc1
11.3.0
11.3.0-rc1
11.3.0-rc2
11.4.0
11.4.0-rc1
11.4.0-rc2
11.4.0-rc3
11.5.0
11.5.0-rc1
11.5.0-rc2
11.5.1
11.6-cert11
11.6.0
11.6.0-rc1
11.6.0-rc2
11.6.1
11.7.0
11.7.0-rc1
11.7.0-rc2
11.8.0
11.8.0-rc1
11.8.0-rc2
11.8.0-rc3
11.8.1
11.9.0
11.9.0-rc1
11.9.0-rc2
11.9.0-rc3
12.0.0
12.0.0-alpha1
12.0.0-alpha2
12.0.0-beta1
12.0.0-beta2
12.1.0
12.1.0-rc1
12.1.0-rc2
12.1.0-rc3
12.1.1
12.2.0
12.2.0-rc1
12.2.0-rc2
12.2.0-rc3
12.3.0
12.3.0-rc1
12.3.0-rc2
12.3.1
12.3.2
12.4.0
12.4.0-rc1
12.5.0
12.5.0-rc1
12.5.1
12.6.0
12.6.0-rc1
12.6.1
12.7.0
12.7.0-rc1
12.7.0-rc2
12.7.1
12.7.2
12.8.0
12.8.0-rc1
12.8.0-rc2
12.8.1
12.8.2
13.0.0
13.0.0-beta1
13.0.0-beta2
13.0.0-beta3
13.0.1
13.0.2
13.1-cert2
13.1.0
13.1.0-rc1
13.1.0-rc2
13.1.1
13.2.0
13.2.0-rc1
13.2.1
13.3.0
13.3.0-rc1
13.3.1
13.3.2
13.4.0-rc1
13.5.0-rc1
13.6.0-rc1
13.6.0-rc2
13.6.0-rc3
13.7.0
13.7.0-rc1
13.7.0-rc2
13.7.0-rc3
13.7.1
13.8.0-rc1
certified/1.8.11-cert1
certified/1.8.11-cert10
certified/1.8.11-cert2
certified/1.8.11-cert3-rc1
certified/1.8.11-cert3-rc2
certified/1.8.11-cert4
certified/1.8.11-cert5
certified/1.8.11-cert5-rc1
certified/1.8.11-cert5-rc2
certified/1.8.11-cert6
certified/1.8.11-cert7
certified/1.8.11-cert8
certified/1.8.11-cert9
certified/1.8.11-cert9-rc1
certified/1.8.15-cert1
certified/1.8.15-cert1-rc1
certified/1.8.15-cert1-rc2
certified/1.8.15-cert1-rc3
certified/1.8.15-cert2
certified/1.8.15-cert3
certified/1.8.15-cert4
certified/1.8.15-cert5
certified/1.8.15-cert6
certified/1.8.15-cert7
certified/1.8.28-cert1
certified/1.8.28-cert1-rc1
certified/1.8.28-cert2
certified/1.8.28-cert3
certified/1.8.28-cert4
certified/1.8.28-cert5
certified/1.8.6-cert1
certified/11.2-cert1
certified/11.2-cert1-rc1
certified/11.2-cert1-rc2
certified/11.2-cert2
certified/11.2-cert3
certified/11.6-cert1
certified/11.6-cert1-rc1
certified/11.6-cert1-rc2
certified/11.6-cert10
certified/11.6-cert11
certified/11.6-cert12
certified/11.6-cert2
certified/11.6-cert3
certified/11.6-cert4
certified/11.6-cert5
certified/11.6-cert6
certified/11.6-cert7
certified/11.6-cert8
certified/11.6-cert9
certified/13.1-cert1
certified/13.1-cert1-rc1
certified/13.1-cert1-rc2
certified/13.1-cert1-rc3
certified/13.1-cert2
certified/13.1-cert3
${ noResults }
71 Commits (aa5707b8891119741baae98cf7b51a00c0f99438)
| Author | SHA1 | Message | Date |
|---|---|---|---|
Joerg Sonnenberger
|
5f712e82ac |
tcptls.c: Don't use OpenSSL functions when no SSL support is present.
Change-Id: I68a85a7fcbdb282140ff333c6274b6763d5f82a3 |
10 years ago |
Joshua Colp
|
e7124a3002 |
Merge "Add X.509 subject alternative name support to TLS certificate verification."
|
10 years ago |
Alexander Traud
|
8f3f414d8c |
tcptls: Enable multiple TLS certificate chains (RSA+ECC+DSA) for server socket.
When a client connects to a server via SSL/TLS, the server commonly utilizes an RSA key-pair. However, other such algorithms exist (i.e. DSA and ECDSA), and if the server socket is configured with a certificate for either one of those, it would lose its compatibility with RSA-only clients. Now, the server socket can be configured with up to one RSA, ECDSA and DSA key each. For example, if a client is not compatible with SHA-2 hashed certificates like Nokia mobile phones, the server socket still can use RSA/SHA-1 for legacy clients and ECDSA/SHA-2 for everyone else. ASTERISK-24815 #close Reported by: Alexander Traud patches: tls_rsa_ecc_dsa.patch uploaded by Alexander Traud (License 6520) Change-Id: Iada5e00d326db5ef86e0af7069b4dfa1b979da9a |
10 years ago |
Maciej Szmigiero
|
2415a14ce9 |
Add X.509 subject alternative name support to TLS certificate
verification. This way one X.509 certificate can be used for hosts that can be reached under multiple DNS names or for multiple hosts. Signed-off-by: Maciej Szmigiero <mail@maciej.szmigiero.name> ASTERISK-25063 #close Change-Id: I13302c80490a0b44c43f1b45376c9bd7b15a538f |
10 years ago |
|
Alexander Traud
|
247fef6653 |
tcptls: Avoiding ERR_remove_state in OpenSSL.
ERR_remove_state was deprecated with OpenSSL 1.0.0 and was replaced by ERR_remove_thread_state. ERR_load_SSL_strings and ERR_load_BIO_strings were called by SSL_load_error_strings already and got removed. These changes allow OpenSSL forks like BoringSSL to be used with Asterisk. ASTERISK-25043 #close Reported by: Alexander Traud patches: asterisk_with_BoringSSL.patch uploaded by Alexander Traud (License 6520) Change-Id: If1c0871ece21a7e0763fafbd2fa023ae49d4d629 |
10 years ago |
Matt Jordan
|
4a58261694 |
git migration: Refactor the ASTERISK_FILE_VERSION macro
Git does not support the ability to replace a token with a version
string during check-in. While it does have support for replacing a
token on clone, this is somewhat sub-optimal: the token is replaced
with the object hash, which is not particularly easy for human
consumption. What's more, in practice, the source file version was often
not terribly useful. Generally, when triaging bugs, the overall version
of Asterisk is far more useful than an individual SVN version of a file. As a
result, this patch removes Asterisk's support for showing source file
versions.
Specifically, it does the following:
* Rename ASTERISK_FILE_VERSION macro to ASTERISK_REGISTER_FILE, and
remove passing the version in with the macro. Other facilities
than 'core show file version' make use of the file names, such as
setting a debug level only on a specific file. As such, the act of
registering source files with the Asterisk core still has use. The
macro rename now reflects the new macro purpose.
* main/asterisk:
- Refactor the file_version structure to reflect that it no longer
tracks a version field.
- Remove the "core show file version" CLI command. Without the file
version, it is no longer useful.
- Remove the ast_file_version_find function. The file version is no
longer tracked.
- Rename ast_register_file_version/ast_unregister_file_version to
ast_register_file/ast_unregister_file, respectively.
* main/manager: Remove value from the Version key of the ModuleCheck
Action. The actual key itself has not been removed, as doing so would
absolutely constitute a backwards incompatible change. However, since
the file version is no longer tracked, there is no need to attempt to
include it in the Version key.
* UPGRADE: Add notes for:
- Modification to the ModuleCheck AMI Action
- Removal of the "core show file version" CLI command
Change-Id: I6cf0ff280e1668bf4957dc21f32a5ff43444a40e
|
10 years ago |
Jonathan Rose
|
8ec9a82b9a |
Security/tcptls: MitM Attack potential from certificate with NULL byte in CN.
When registering to a SIP server with TLS, Asterisk will accept CA signed certificates with a common name that was signed for a domain other than the one requested if it contains a null character in the common name portion of the cert. This patch fixes that by checking that the common name length matches the the length of the content we actually read from the common name segment. Some certificate authorities automatically sign CA requests when the requesting CN isn't already taken, so an attacker could potentially register a CN with something like www.google.com\x00www.secretlyevil.net and have their certificate signed and Asterisk would accept that certificate as though it had been for www.google.com - this is a security fix and is noted in AST-2015-003. ASTERISK-24847 #close Reported by: Maciej Szmigiero Patches: asterisk-null-in-cn.patch submitted by mhej (license 6085) ........ Merged revisions 434337 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 434338 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 434384 from http://svn.asterisk.org/svn/asterisk/branches/13 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@434385 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
10 years ago |
|
Matthew Jordan
|
e3fd826cdb |
tcptls: Handle new OpenSSL compile time option to disable SSLv3
Some distributions are going to disable SSLv3 at compile time. This option can be checked using the directive OPENSSL_NO_SSL3_METHOD. This patch updates the TCP/TLS handling in Asterisk to look for that directive before attempting to use the SSLv3 specific methods. ASTERISK-24799 #close Reported by: Alexander Traud patches: no-ssl3-method.patch uploaded by Alexander Traud (License 6520) ........ Merged revisions 431936 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 431937 from http://svn.asterisk.org/svn/asterisk/branches/13 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@431938 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
10 years ago |
Kevin Harwell
|
c7591ef6bc |
tcptls: Bad file descriptor error when reloading chan_sip
While running through some scenarios using chan_sip and tcp a problem would occur that resulted in a flood of bad file descriptor messages on the cli: tcptls.c:712 ast_tcptls_server_root: Accept failed: Bad file descriptor The message is received because the underlying socket has been closed, so is valid. This is probably happening because unloading of chan_sip is not atomic. That however is outside the scope of this patch. This patch simply stops the logging of multiple occurrences of that message. ASTERISK-24728 #close Reported by: Thomas Thompson Review: https://reviewboard.asterisk.org/r/4380/ ........ Merged revisions 431218 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 431219 from http://svn.asterisk.org/svn/asterisk/branches/13 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@431220 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
10 years ago |
|
Matthew Jordan
|
dad0334cf1 |
AST-2014-011: Fix POODLE security issues
There are two aspects to the vulnerability:
(1) res_jabber/res_xmpp use SSLv3 only. This patch updates the module to use
TLSv1+. At this time, it does not refactor res_jabber/res_xmpp to use the
TCP/TLS core, which should be done as an improvement at a latter date.
(2) The TCP/TLS core, when tlsclientmethod/sslclientmethod is left unspecified,
will default to the OpenSSL SSLv23_method. This method allows for all
ecnryption methods, including SSLv2/SSLv3. A MITM can exploit this by
forcing a fallback to SSLv3, which leaves the server vulnerable to POODLE.
This patch adds WARNINGS if a user uses SSLv2/SSLv3 in their configuration,
and explicitly disables SSLv2/SSLv3 if using SSLv23_method.
For TLS clients, Asterisk will default to TLSv1+ and WARN if SSLv2 or SSLv3 is
explicitly chosen. For TLS servers, Asterisk will no longer support SSLv2 or
SSLv3.
Much thanks to abelbeck for reporting the vulnerability and providing a patch
for the res_jabber/res_xmpp modules.
Review: https://reviewboard.asterisk.org/r/4096/
ASTERISK-24425 #close
Reported by: abelbeck
Tested by: abelbeck, opsmonitor, gtjoseph
patches:
asterisk-1.8-jabber-tls.patch uploaded by abelbeck (License 5903)
asterisk-11-jabber-xmpp-tls.patch uploaded by abelbeck (License 5903)
AST-2014-011-1.8.diff uploaded by mjordan (License 6283)
AST-2014-011-11.diff uploaded by mjordan (License 6283)
........
Merged revisions 425987 from http://svn.asterisk.org/svn/asterisk/branches/12
........
Merged revisions 425991 from http://svn.asterisk.org/svn/asterisk/branches/13
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@426003 65c4cc65-6c06-0410-ace0-fbb531ad65f3
|
11 years ago |
Walter Doekes
|
b2afbc48e4 |
tcptls: Avoid compiler warning on non-dev-mode.
........ Merged revisions 420654 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 420655 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 420656 from http://svn.asterisk.org/svn/asterisk/branches/12 ........ Merged revisions 420657 from http://svn.asterisk.org/svn/asterisk/branches/13 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@420658 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
11 years ago |
Richard Mudgett
|
dbec5e0d8d |
HTTP: Add persistent connection support.
Persistent HTTP connection support is needed due to the increased usage of the Asterisk core HTTP transport and the frequency at which REST API calls are going to be issued. * Add http.conf session_keep_alive option to enable persistent connections. * Parse and discard optional chunked body extension information and trailing request headers. * Increased the maximum application/json and application/x-www-form-urlencoded body size allowed to 4k. The previous 1k was kind of small. * Removed a couple inlined versions of ast_http_manid_from_vars() by calling the function. manager.c:generic_http_callback() and res_http_post.c:http_post_callback() * Add missing va_end() in ast_ari_response_error(). * Eliminated unnecessary RAII_VAR() use in http.c:auth_create(). ASTERISK-23552 #close Reported by: Scott Griepentrog Review: https://reviewboard.asterisk.org/r/3691/ ........ Merged revisions 417880 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@417901 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
11 years ago |
|
Matthew Jordan
|
758b13858b |
main/tcptls: Add checks for OpenSSL Elliptic Curve support
The patch for ASTERISK-23905 that added PFS support in Asterisk depends on the elliptic curve library support being present in OpenSSL. As it turns out, some versions of OpenSSL don't have this library - notably the version running on our build agents. This patch fixes the build by providing a configure check for the specific library calls that the PFS patch relies on. Review: https://reviewboard.asterisk.org/r/3709/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@417900 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
11 years ago |
|
Matthew Jordan
|
eaee92198d |
main/tcptls: Add support for Perfect Forward Secrecy
This patch enables Perfect Forward Secrecy (PFS) in Asterisk's core TLS API. Modules that wish to enable PFS should consider the following: - Ephemeral ECDH (ECDHE) is enabled by default. To disable it, do not specify a ECDHE cipher suite in a module's configuration, for example: tlscipher=AES128-SHA:DES-CBC3-SHA - Ephemeral DH (DHE) is disabled by default. To enable it, add DH parameters into the private key file, i.e., tlsprivatekey. For an example, see the default dh2048.pem at http://www.opensource.apple.com/source/OpenSSL098/OpenSSL098-35.1/src/apps/dh2048.pem?txt - Because clients expect the server to prefer PFS, and because OpenSSL sorts its cipher suites by bit strength, (see "openssl ciphers -v DEFAULT") consider re-ordering your cipher suites in the conf file. For example: tlscipher=AES128+kEECDH:AES128+kEDH:3DES+kEDH:AES128-SHA:DES-CBC3-SHA:-ADH:-AECDH will use PFS when offered by the client. Clients which do not offer PFS fall-back to AES-128 (or even 3DES as recommend by RFC 3261). Review: https://reviewboard.asterisk.org/r/3647/ ASTERISK-23905 #close Reported by: Alexander Traud patches: tlsPFS_for_HEAD.patch uploaded by Alexander Traud (License 6520) tlsPFS.patch uploaded by Alexander Traud (License 6520) git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@417803 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
11 years ago |
|
Richard Mudgett
|
13e697f8c0 |
AST-2014-007: Fix of fix to allow AMI and SIP TCP to send messages.
ASTERISK-23673 #close Reported by: Richard Mudgett Review: https://reviewboard.asterisk.org/r/3617/ ........ Merged revisions 416066 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 416067 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 416070 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@416071 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
11 years ago |
|
Richard Mudgett
|
4ca5745dbe |
AST-2014-007: Fix DOS by consuming the number of allowed HTTP connections.
Simply establishing a TCP connection and never sending anything to the configured HTTP port in http.conf will tie up a HTTP connection. Since there is a maximum number of open HTTP sessions allowed at a time you can block legitimate connections. A similar problem exists if a HTTP request is started but never finished. * Added http.conf session_inactivity timer option to close HTTP connections that aren't doing anything. Defaults to 30000 ms. * Removed the undocumented manager.conf block-sockets option. It interferes with TCP/TLS inactivity timeouts. * AMI and SIP TLS connections now have better authentication timeout protection. Though I didn't remove the bizzare TLS timeout polling code from chan_sip. * chan_sip can now handle SSL certificate renegotiations in the middle of a session. It couldn't do that before because the socket was non-blocking and the SSL calls were not restarted as documented by the OpenSSL documentation. * Fixed an off nominal leak of the ssl struct in handle_tcptls_connection() if the FILE stream failed to open and the SSL certificate negotiations failed. The patch creates a custom FILE stream handler to give the created FILE streams inactivity timeout and timeout after a specific moment in time capability. This approach eliminates the need for code using the FILE stream to be redesigned to deal with the timeouts. This patch indirectly fixes most of ASTERISK-18345 by fixing the usage of the SSL_read/SSL_write operations. ASTERISK-23673 #close Reported by: Richard Mudgett ........ Merged revisions 415841 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 415854 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 415896 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@415907 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
11 years ago |
Olle Johansson
|
7c276f9fef |
tcptls.c : Log errors as ERROR, not warning or something else.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@413036 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
11 years ago |
Scott Griepentrog
|
0d057e6791 |
http: response body often missing after specific request
This patch works around a problem with the HTTP body being dropped from the response to a specific client and under specific circumstances: a) Client request comes from node.js user agent "Shred" via use of swagger-client library. b) Asterisk and Client are *not* on the same host or TCP/IP stack In testing this problem, it has been determined that the write of the HTTP body is lost, even if the data is written using low level write function. The only solution found is to instruct the TCP stack with the shutdown function to flush the last write and finish the transmission. See review for more details. ASTERISK-23548 #close (closes issue ASTERISK-23548) Reported by: Sam Galarneau Review: https://reviewboard.asterisk.org/r/3402/ ........ Merged revisions 411462 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 411463 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 411465 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@411469 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
11 years ago |
|
Richard Mudgett
|
12668b6659 |
tcptls.c: Made TLS handle a certificate chain file.
Thanks to Guillaume Martres for doing the necessary research to validate
the change.
(closes issue ASTERISK-17727)
Reported by: LN
Patches:
use_certificate_chain.patch (license #5864) patch uploaded by st
documente_certificate_chain.patch (license #6576) patch uploaded by Guillaume Martres
........
Merged revisions 407272 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 407273 from http://svn.asterisk.org/svn/asterisk/branches/11
........
Merged revisions 407274 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@407275 65c4cc65-6c06-0410-ace0-fbb531ad65f3
|
11 years ago |
|
Richard Mudgett
|
45261449ec |
tcptls.c: Add missing cleanup on off nominal path.
........ Merged revisions 406514 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 406515 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 406516 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@406517 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
11 years ago |
David M. Lee
|
744556c01d |
security: Inhibit execution of privilege escalating functions
This patch allows individual dialplan functions to be marked as 'dangerous', to inhibit their execution from external sources. A 'dangerous' function is one which results in a privilege escalation. For example, if one were to read the channel variable SHELL(rm -rf /) Bad Things(TM) could happen; even if the external source has only read permissions. Execution from external sources may be enabled by setting 'live_dangerously' to 'yes' in the [options] section of asterisk.conf. Although doing so is not recommended. Also, the ABI was changed to something more reasonable, since Asterisk 12 does not yet have a public release. (closes issue ASTERISK-22905) Review: http://reviewboard.digium.internal/r/432/ ........ Merged revisions 403913 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 403917 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 403959 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@403960 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
12 years ago |
Kinsey Moore
|
ad5f3a5759 |
tcptls: Prevent unsupported options from being set
AMI, HTTP, and chan_sip all support TLS in some way, but none of them support all the options that Asterisk's TLS core is capable of interpreting. This prevents consumers of the TLS/SSL layer from setting TLS/SSL options that they do not support. This also gets tlsverifyclient closer to a working state by requesting the client certificate when tlsverifyclient is set. Currently, there is no consumer of main/tcptls.c in Asterisk that supports this feature and so it can not be properly tested. Review: https://reviewboard.asterisk.org/r/2370/ Reported-by: John Bigelow Patch-by: Kinsey Moore (closes issue AST-1093) ........ Merged revisions 383165 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 383166 from http://svn.asterisk.org/svn/asterisk/branches/11 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383167 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
12 years ago |
|
Kinsey Moore
|
372e29620c |
Ensure Asterisk fails TCP/TLS SIP calls when certificate checking fails
When placing a call to a TCP/TLS SIP endpoint whose certificate is not signed by a configured CA certificate, Asterisk would issue a warning and continue to process the call as if there was not an issue with the certificate. Asterisk now properly fails the call if the certificate fails verification or if the certificate does not exist when certificate checking is enabled (the default behavior). (closes issue ASTERISK-20559) Reported by: kmoore Review: https://reviewboard.asterisk.org/r/2163/ ........ Merged revisions 375146 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 375147 from http://svn.asterisk.org/svn/asterisk/branches/10 ........ Merged revisions 375148 from http://svn.asterisk.org/svn/asterisk/branches/11 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@375149 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
13 years ago |
Mark Michelson
|
c7b23cbb0a |
Do not use a FILE handle when doing SIP TCP reads.
This is used to solve an issue where a poll on a file descriptor does not necessarily correspond to the readiness of a FILE handle to be read. This change makes it so that for TCP connections, we do a recv() on the file descriptor instead. Because TCP does not guarantee that an entire message or even just one single message will arrive during a read, a loop has been introduced to ensure that we only attempt to handle a single message at a time. The tcptls_session_instance structure has also had an overflow buffer added to it so that if more than one TCP message arrives in one go, there is a place to throw the excess. Huge thanks goes out to Walter Doekes for doing extensive review on this change and finding edge cases where code could fail. (closes issue ASTERISK-20212) reported by Phil Ciccone Review: https://reviewboard.asterisk.org/r/2123 ........ Merged revisions 374905 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 374906 from http://svn.asterisk.org/svn/asterisk/branches/10 ........ Merged revisions 374914 from http://svn.asterisk.org/svn/asterisk/branches/11 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@374924 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
13 years ago |
|
Matthew Jordan
|
f92bb6265c |
Resolve memory leaks in TLS initialization and TLS client connections
This patch resolves two sources of memory leaks when using TLS in Asterisk: 1) It removes improper initialization (and multiple re-initializations) of portions of the SSL library. Asterisk calls SSL_library_init and SSL_load_error_strings during SSL initialization; collectively this obviates the need for calling any of the following during initialization or client connection handling: * ERR_load_crypto_strings (handled by SSL_load_error_strings) * OpenSSL_add_all_algorithms (synonym for SSL_library_init) * SSLeay_add_ssl_algorithms (synonym for SSL_library_init) 2) Failure to completely clean up all memory allocated by Asterisk and by the SSL library for TLS clients. This included not freeing the SSL_CTX object in the SIP channel driver, as well as not clearing the error stack when the TLS client exited. Note that these memory leaks were found by Thomas Arimont, and this patch was essentially written by him with some minor tweaks. (closes issue AST-889) Reported by: Thomas Arimont Tested by: Thomas Arimont patches: (bugAST-889.patch) by Thomas Arimont (license 5525) Review: https://reviewboard.asterisk.org/r/2105 ........ Merged revisions 373061 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 373062 from http://svn.asterisk.org/svn/asterisk/branches/10 ........ Merged revisions 373079 from http://svn.asterisk.org/svn/asterisk/branches/11 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@373080 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
13 years ago |
|
Kinsey Moore
|
9b16c8b0f6 |
Clean up and ensure proper usage of alloca()
This replaces all calls to alloca() with ast_alloca() which calls gcc's __builtin_alloca() to avoid BSD semantics and removes all NULL checks on memory allocated via ast_alloca() and ast_strdupa(). (closes issue ASTERISK-20125) Review: https://reviewboard.asterisk.org/r/2032/ Patch-by: Walter Doekes (wdoekes) ........ Merged revisions 370642 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 370643 from http://svn.asterisk.org/svn/asterisk/branches/10 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@370655 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
13 years ago |
|
Mark Michelson
|
8260fdfdd1 |
Remove a superfluous and dangerous freeing of an SSL_CTX.
The problem here is that multiple server sessions share a SSL_CTX. When one session ended, the SSL_CTX would be freed and set NULL, leaving the other sessions unable to function. The code being removed is superfluous because the SSL_CTX structures for servers will be properly freed when ast_ssl_teardown is called. (closes issue ASTERISK-20074) Reported by Trevor Helmsley Patches: ASTERISK-20074.diff uploaded by Mark Michelson (license #5049) Testers: Trevor Helmsley ........ Merged revisions 369731 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 369732 from http://svn.asterisk.org/svn/asterisk/branches/10 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@369733 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
13 years ago |
Kevin P. Fleming
|
166b4e2b30 |
Multiple revisions 369001-369002
........ r369001 | kpfleming | 2012-06-15 10:56:08 -0500 (Fri, 15 Jun 2012) | 11 lines Add support-level indications to many more source files. Since we now have tools that scan through the source tree looking for files with specific support levels, we need to ensure that every file that is a component of a 'core' or 'extended' module (or the main Asterisk binary) is explicitly marked with its support level. This patch adds support-level indications to many more source files in tree, but avoids adding them to third-party libraries that are included in the tree and to source files that don't end up involved in Asterisk itself. ........ r369002 | kpfleming | 2012-06-15 10:57:14 -0500 (Fri, 15 Jun 2012) | 3 lines Add a script to enable finding source files without support-levels defined. ........ Merged revisions 369001-369002 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 369005 from http://svn.asterisk.org/svn/asterisk/branches/10 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@369013 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
13 years ago |
|
Richard Mudgett
|
dd2427c141 |
Coverity Report: Fix issues for error type REVERSE_INULL (core modules)
* Fixes findings: 0-2,5,7-15,24-26,28-31 (issue ASTERISK-19648) Reported by: Matt Jordan ........ Merged revisions 368039 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 368042 from http://svn.asterisk.org/svn/asterisk/branches/10 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@368052 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
13 years ago |
|
Mark Michelson
|
30666bf67d |
Only call SSL_CTX_free if DO_SSL is defined.
Thanks to Paul Belanger for pointing out this error. ........ Merged revisions 367416 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 367417 from http://svn.asterisk.org/svn/asterisk/branches/10 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@367418 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
13 years ago |
|
Mark Michelson
|
5c576aa3c2 |
Fix memory leak of SSL_CTX structures in TLS core.
SSL_CTX structures were allocated but never freed. This was a bigger issue for clients than servers since new SSL_CTX structures could be allocated for each connection. Servers, on the other hand, typically set up a single SSL_CTX for their lifetime. This is solved in two ways: 1. In __ssl_setup(), if a tcptls_cfg has an ssl_ctx on it, it is freed so that a new one can take its place. 2. A companion to ast_ssl_setup() called ast_ssl_teardown() has been added so that servers can properly free their SSL_CTXs. (issue ASTERISK-19278) ........ Merged revisions 367002 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 367003 from http://svn.asterisk.org/svn/asterisk/branches/10 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@367010 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
13 years ago |
|
Kinsey Moore
|
dd81b047db |
Resolve FORWARD_NULL static analysis warnings
This resolves core findings from ASTERISK-19650 numbers 0-2, 6, 7, 9-11, 14-20, 22-24, 28, 30-32, 34-36, 42-56, 82-84, 87, 89-90, 93-102, 104, 105, 109-111, and 115. Finding numbers 26, 33, and 29 were already resolved. Those skipped were either extended/deprecated or in areas of code that shouldn't be disturbed. (Closes issue ASTERISK-19650) ........ Merged revisions 366167 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 366168 from http://svn.asterisk.org/svn/asterisk/branches/10 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@366169 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
13 years ago |
|
Kinsey Moore
|
a485f44022 |
Add missing newlines to CLI logging
........ Merged revisions 361471 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 361472 from http://svn.asterisk.org/svn/asterisk/branches/10 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@361476 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
13 years ago |
|
Richard Mudgett
|
85ea4277f1 |
Convert struct ast_tcptls_session_instance to finally use the ao2 object lock.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@357317 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
13 years ago |
Tilghman Lesher
|
56b21b4683 |
Remove the few places where we try to ast_verbose() without a newline.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@346655 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
14 years ago |
|
Jonathan Rose
|
9ef171ffe0 |
r346525 | jrose | 2011-11-30 15:10:38 -0600 (Wed, 30 Nov 2011) | 18 lines
Cleaning up chan_sip/tcptls file descriptor closing. This patch attempts to eliminate various possible instances of undefined behavior caused by invoking close/fclose in situations where fclose may have already been issued on a tcptls_session_instance and/or closing file descriptors that don't have a valid index for fd (-1). Thanks for more than a little help from wdoekes. (closes issue ASTERISK-18700) Reported by: Erik Wallin (issue ASTERISK-18345) Reported by: Stephane Cazelas (issue ASTERISK-18342) Reported by: Stephane Chazelas Review: https://reviewboard.asterisk.org/r/1576/ ........ Merged revisions 346564 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 346565 from http://svn.asterisk.org/svn/asterisk/branches/10 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@346566 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
14 years ago |
|
Jonathan Rose
|
fb4c483eb7 |
Reverting 346525 due to accidental patch against trunk instead of 1.8
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@346563 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
14 years ago |
|
Jonathan Rose
|
6fa827b5d0 |
Cleaning up chan_sip/tcptls file descriptor closing.
This patch attempts to eliminate various possible instances of undefined behavior caused by invoking close/fclose in situations where fclose may have already been issued on a tcptls_session_instance and/or closing file descriptors that don't have a valid index for fd (-1). Thanks for more than a little help from wdoekes. (closes issue ASTERISK-18700) Reported by: Erik Wallin (issue ASTERISK-18345) Reported by: Stephane Cazelas (issue ASTERISK-18342) Reported by: Stephane Chazelas Review: https://reviewboard.asterisk.org/r/1576/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@346525 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
14 years ago |
|
Olle Johansson
|
816dc295c2 |
Formatting and doxygen improvements
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@343492 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
14 years ago |
David Vossel
|
181e91a213 |
Merged revisions 320568 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.8 ................ r320568 | dvossel | 2011-05-23 11:18:33 -0500 (Mon, 23 May 2011) | 14 lines Merged revisions 320562 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.6.2 ........ r320562 | dvossel | 2011-05-23 11:15:18 -0500 (Mon, 23 May 2011) | 9 lines Adds missing part to the ast_tcptls_server_start fails second attempt to bind patch. (closes issue #19289) Reported by: wdoekes Patches: issue19289_delay_old_address_setting_tcptls_2.patch uploaded by wdoekes (license 717) ........ ................ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@320606 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
14 years ago |
|
David Vossel
|
67637652f4 |
Merged revisions 320338 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.8 ................ r320338 | dvossel | 2011-05-20 16:39:36 -0500 (Fri, 20 May 2011) | 14 lines Merged revisions 320271 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.6.2 ........ r320271 | dvossel | 2011-05-20 16:24:48 -0500 (Fri, 20 May 2011) | 8 lines Fixes issue with ast_tcptls_server_start failing on second attempt to bind. (closes issue #19289) Reported by: wdoekes Patches: issue19289_delay_old_address_setting_tcptls.patch uploaded by wdoekes (license 717) ........ ................ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@320340 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
14 years ago |
Leif Madsen
|
02821fc5b4 |
Merged revisions 314251 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.8 ........ r314251 | lmadsen | 2011-04-19 10:42:10 -0500 (Tue, 19 Apr 2011) | 8 lines Use SSLv23_client_method instead of old SSLv2 only. (closes issue #19095) (closes issue #19138) Reported by: tzafrir Patches: no_ssl2.diff uploaded by tzafrir (license 46) Tested by: russell, chazzam ........ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@314252 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
14 years ago |
Terry Wilson
|
4ae1cb9456 |
Merged revisions 310999 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.8 ................ r310999 | twilson | 2011-03-16 14:47:59 -0500 (Wed, 16 Mar 2011) | 18 lines Merged revisions 310998 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.6.2 ........ r310998 | twilson | 2011-03-16 14:46:36 -0500 (Wed, 16 Mar 2011) | 11 lines Fix crash on fdopen failure See security advisory AST-2011-004 (closes issue #18845) Reported by: cmaj Patches: patch-main-tcptls-1.8.3-rc2-open-session-crash-take2.diff.txt uploaded by cmaj (license 830) patch-main-tcptls-1.8.3-rc2-open-session-crash-take3.diff.txt uploaded by cmaj (license 830) Tested by: cmaj, twilson ........ ................ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@311001 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
14 years ago |
Jason Parker
|
14c1585645 |
Merged revisions 305247 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.8 ........ r305247 | qwell | 2011-01-31 16:25:23 -0600 (Mon, 31 Jan 2011) | 7 lines Add alternative name for config option. The SIP sample configuration had "tlscadir" as the option name, but chan_sip used the more correct "tlscapath". Now both are accepted. Discovered (sort of) by a user on IRC in #asterisk ........ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@305248 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
14 years ago |
|
Mark Michelson
|
cd4ebd336f |
Add IPv6 to Asterisk.
This adds a generic API for accommodating IPv6 and IPv4 addresses within Asterisk. While many files have been updated to make use of the API, chan_sip and the RTP code are the files which actually support IPv6 addresses at the time of this commit. The way has been paved for easier upgrading for other files in the near future, though. Big thanks go to Simon Perrault, Marc Blanchet, and Jean-Philippe Dionne for their hard work on this. (closes issue #17565) Reported by: russell Patches: asteriskv6-test-report.pdf uploaded by russell (license 2) Review: https://reviewboard.asterisk.org/r/743 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@274783 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
15 years ago |
Russell Bryant
|
3da9f8ed19 |
Resolve more compiler warnings on FreeBSD.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@253540 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
15 years ago |
|
David Vossel
|
0f9e5ab557 |
swap openssl with OpenSSL in warning message.
(issue #16673) git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@246981 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
15 years ago |
|
David Vossel
|
d693767226 |
warning message if openssl support is missing while attempting tls connection
(closes issue #16673) Reported by: michaesc Patches: tls_error_msg.diff uploaded by dvossel (license 671) git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@246980 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
15 years ago |
|
David Vossel
|
776a14386a |
SIP TCP/TLS: move client connection setup/write into tcp helper thread, various related locking/memory fixes.
What this patch fixes 1.Moves sip TCP/TLS connection setup into the TCP helper thread: Connection setup takes awhile and before this it was being done while holding the monitor lock. 2.Moves TCP/TLS writing to the TCP helper thread: Through the use of a packet queue and an alert pipe, the TCP helper thread can now be woken up to write data as well as read data. 3.Locking error: sip_xmit returned an XMIT_ERROR without giving up the tcptls_session lock. This lock has been completely removed from sip_xmit and placed in the new sip_tcptls_write() function. 4.Memory leak: When creating a tcptls_client the tls_cfg was alloced but never freed unless the tcptls_session failed to start. Now the session_args for a sip client are an ao2 object which frees the tls_cfg on destruction. 5.Pointer to stack variable: During sip_prepare_socket the creation of a client's ast_tcptls_session_args was done on the stack and stored as a pointer in the newly created tcptls_session. Depending on the events that followed, there was a slight possibility that pointer could have been accessed after the stack returned. Given the new changes, it is always accessed after the stack returns which is why I found it. Notable code changes 1.I broke tcptls.c's ast_tcptls_client_start() function into two functions. One for creating and allocating the new tcptls_session, and a separate one for starting and handling the new connection. This allowed me to create the tcptls_session, launch the helper thread, and then establish the connection within the helper thread. 2.Writes to a tcptls_session are now done within the helper thread. This is done by using an alert pipe to wake up the thread if new data needs to be sent. The thread's sip_threadinfo object contains the alert pipe as well as the packet queue. 3.Since the threadinfo object contains the alert pipe, it must now be accessed outside of the helper thread for every write (queuing of a packet). For easy lookup, I moved the threadinfo objects from a linked list to an ao2_container. (closes issue #13136) Reported by: pabelanger Tested by: dvossel, whys (closes issue #15894) Reported by: dvossel Tested by: dvossel Review: https://reviewboard.asterisk.org/r/380/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@225445 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
16 years ago |
|
David Vossel
|
90746d26f3 |
fixes tcptls_session memory leak caused by ref count error
(closes issue #15939) Reported by: dvossel Review: https://reviewboard.asterisk.org/r/375/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@220365 65c4cc65-6c06-0410-ace0-fbb531ad65f3 |
16 years ago |