Halaman utama Jelajahi Bantuan
Daftar Masuk
Apq
/
coturn
cermin dari https://github.com/coturn/coturn.git
1
0
Fork 0
Berkas Masalah 0 Wiki
Jelajahi Sumber

Do not mutate something which the DTLS listener server does not own

Multiple DTLS listener servers are created, and server->dtls_ctx is
the same object shared between them.

Set these callbacks once, and logically this is at the point where the
SSL context is created.
Mark Hills 4 tahun lalu
induk
e2d71ce6bf
melakukan
bdf27616ba
3 mengubah file dengan 23 tambahan dan 30 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 17 30
      src/apps/relay/dtls_listener.c
  2. 4 0
      src/apps/relay/dtls_listener.h
  3. 2 0
      src/apps/relay/mainrelay.c

+ 17 - 30
src/apps/relay/dtls_listener.c
Tampilan Berkas 

@@ -935,36 +935,6 @@ static int init_server(dtls_listener_relay_server_type* server,
 
   server->verbose=verbose;
 
   
   server->e = e;
 
-  
-#if DTLS_SUPPORTED
 
-  if(server->dtls_ctx) {
 
-
 
-#if defined(REQUEST_CLIENT_CERT)
 
-	  /* If client has to authenticate, then  */
 
-	  SSL_CTX_set_verify(server->dtls_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, dtls_verify_callback);
 
-#endif
 
-  
-	  SSL_CTX_set_read_ahead(server->dtls_ctx, 1);
 
-
 
-	  SSL_CTX_set_cookie_generate_cb(server->dtls_ctx, generate_cookie);
 
-	  SSL_CTX_set_cookie_verify_cb(server->dtls_ctx, verify_cookie);
 
-  }
 
-
 
-#if DTLSv1_2_SUPPORTED
 
-  if(server->dtls_ctx_v1_2) {
 
-
 
-  #if defined(REQUEST_CLIENT_CERT)
 
-  	  /* If client has to authenticate, then  */
 
-  	  SSL_CTX_set_verify(server->dtls_ctx_v1_2, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, dtls_verify_callback);
 
-  #endif
 
-
 
-  	  SSL_CTX_set_read_ahead(server->dtls_ctx_v1_2, 1);
 
-
 
-  	  SSL_CTX_set_cookie_generate_cb(server->dtls_ctx_v1_2, generate_cookie);
 
-  	  SSL_CTX_set_cookie_verify_cb(server->dtls_ctx_v1_2, verify_cookie);
 
-    }
 
-#endif
 
-#endif
 
 
   return create_server_socket(server, report_creation);
 
 }
 
@@ -980,6 +950,23 @@ static int clean_server(dtls_listener_relay_server_type* server) {
 
 
 ///////////////////////////////////////////////////////////
 
 
+#if DTLS_SUPPORTED
 
+void setup_dtls_callbacks(SSL_CTX *ctx) {
 
+  if (!ctx)
 
+    return;
 
+
 
+#if defined(REQUEST_CLIENT_CERT)
 
+  /* If client has to authenticate, then  */
 
+  SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, dtls_verify_callback);
 
+#endif
 
+
 
+  SSL_CTX_set_read_ahead(ctx, 1);
 
+
 
+  SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie);
 
+  SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie);
 
+}
 
+#endif
 
+
 
 dtls_listener_relay_server_type* create_dtls_listener_server(const char* ifname,
 
 							     const char *local_address, 
 							     int port,

+ 4 - 0
src/apps/relay/dtls_listener.h
Tampilan Berkas 

@@ -50,6 +50,10 @@ typedef struct dtls_listener_relay_server_info dtls_listener_relay_server_type;
 
 
 ///////////////////////////////////////////
 
 
+#if DTLS_SUPPORTED
 
+void setup_dtls_callbacks(SSL_CTX *ctx);
 
+#endif
 
+
 
 dtls_listener_relay_server_type* create_dtls_listener_server(const char* ifname,
 
 							     const char *local_address, 
 							     int port,

+ 2 - 0
src/apps/relay/mainrelay.c
Tampilan Berkas 

@@ -3198,10 +3198,12 @@ static void openssl_load_certificates(void)
 
 		set_ctx(&turn_params.dtls_ctx,"DTLS",DTLS_server_method());
 
 		set_ctx(&turn_params.dtls_ctx_v1_2,"DTLS1.2",DTLSv1_2_server_method());
 
 		SSL_CTX_set_read_ahead(turn_params.dtls_ctx_v1_2, 1);
 
+		setup_dtls_callbacks(turn_params.dtls_ctx_v1_2);
 
 #else
 
 		set_ctx(&turn_params.dtls_ctx,"DTLS",DTLSv1_server_method());
 
 #endif
 
 		SSL_CTX_set_read_ahead(turn_params.dtls_ctx, 1);
 
+		setup_dtls_callbacks(turn_params.dtls_ctx);
 
 
 		TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "DTLS cipher suite: %s\n",turn_params.cipher_list);