improve ssl errors

2014-09-17 02:14:43 +05:00 · 2014-09-17 02:14:43 +05:00 · b2917e06db
parent 47ae1837d5
commit b2917e06db
1 changed files with 74 additions and 25 deletions
--- a/src/mod/endpoints/mod_verto/mod_verto.c
+++ b/src/mod/endpoints/mod_verto/mod_verto.c
@ -137,15 +137,36 @@ static void verto_deinit_ssl(verto_profile_t *profile)
 	}
 }

+static void close_file(int *sock)
+{
+	if (*sock > -1) {
+		close(*sock);
+		*sock = -1;
+	}
+}
+
+static void close_socket(int *sock)
+{
+	if (*sock > -1) {
+		shutdown(*sock, 2);
+		close_file(sock);
+	}
+}
+
+
 static int ssl_init = 0;

-static void verto_init_ssl(verto_profile_t *profile) 
+static int verto_init_ssl(verto_profile_t *profile) 
 {
+	const char *err = "";
+	int i = 0;
+
 	if (!ssl_init) {
 		SSL_library_init();
 		ssl_init = 1;
 	}

+
 	profile->ssl_method = SSLv23_server_method();   /* create server instance */
 	profile->ssl_ctx = SSL_CTX_new(profile->ssl_method);         /* create context */
 	profile->ssl_ready = 1;
@ -162,21 +183,65 @@ static void verto_init_ssl(verto_profile_t *profile)

 	/* set the local certificate from CertFile */
 	if (!zstr(profile->chain)) {
-		SSL_CTX_use_certificate_chain_file(profile->ssl_ctx, profile->chain);
+		if (switch_file_exists(profile->chain, NULL) != SWITCH_STATUS_SUCCESS) {
+			err = "SUPPLIED CHAIN FILE NOT FOUND\n";
+			goto fail;
+		}
+
+		if (!SSL_CTX_use_certificate_chain_file(profile->ssl_ctx, profile->chain)) {
+			err = "CERT CHAIN FILE ERROR";
+			goto fail;
+		}
 	}

-	SSL_CTX_use_certificate_file(profile->ssl_ctx, profile->cert, SSL_FILETYPE_PEM);
+	if (switch_file_exists(profile->cert, NULL) != SWITCH_STATUS_SUCCESS) {
+		err = "SUPPLIED CERT FILE NOT FOUND\n";
+		goto fail;
+	}
+
+	if (!SSL_CTX_use_certificate_file(profile->ssl_ctx, profile->cert, SSL_FILETYPE_PEM)) {
+		err = "CERT FILE ERROR";
+		goto fail;
+	}

 	/* set the private key from KeyFile */
-	SSL_CTX_use_PrivateKey_file(profile->ssl_ctx, profile->key, SSL_FILETYPE_PEM);
+
+	if (switch_file_exists(profile->key, NULL) != SWITCH_STATUS_SUCCESS) {
+		err = "SUPPLIED KEY FILE NOT FOUND\n";
+		goto fail;
+	}
+
+	if (!SSL_CTX_use_PrivateKey_file(profile->ssl_ctx, profile->key, SSL_FILETYPE_PEM)) {
+		err = "PRIVATE KEY FILE ERROR";
+		goto fail;
+	}
+
 	/* verify private key */
 	if ( !SSL_CTX_check_private_key(profile->ssl_ctx) ) {
-		switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "SSL NOT AVAILABLE\n");
-		profile->ssl_ready = 0;
-		verto_deinit_ssl(profile);
-	} else {
-		SSL_CTX_set_cipher_list(profile->ssl_ctx, "HIGH:!DSS:!aNULL@STRENGTH");
+		err = "PRIVATE KEY FILE ERROR";
+		goto fail;
 	}
+
+	SSL_CTX_set_cipher_list(profile->ssl_ctx, "HIGH:!DSS:!aNULL@STRENGTH");
+
+	return 1;
+
+ fail:
+	switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "SSL ERR: %s\n", err);
+
+	profile->ssl_ready = 0;
+	verto_deinit_ssl(profile);
+
+	for (i = 0; i < profile->i; i++) {
+		if (profile->ip[i].secure) {
+			switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "SSL NOT ENABLED FOR LISTENER %s:%d. REVERTING TO WS\n", 
+							  profile->ip[i].local_ip, profile->ip[i].local_port);
+			profile->ip[i].secure = 0;
+		}
+	}
+
+	return 0;
+
 }


@ -385,22 +450,6 @@ static switch_status_t jsock_sub_channel(jsock_t *jsock, const char *event_chann

 static uint32_t ID = 1;

-static void close_file(int *sock)
-{
-	if (*sock > -1) {
-		close(*sock);
-		*sock = -1;
-	}
-}
-
-static void close_socket(int *sock)
-{
-	if (*sock > -1) {
-		shutdown(*sock, 2);
-		close_file(sock);
-	}
-}
-
 static void del_jsock(jsock_t *jsock)
 {
 	jsock_t *p, *last = NULL;