mirrors/coturn
1
0
Fork 0
mirror of https://github.com/coturn/coturn.git synced 2025-10-31 23:11:28 +01:00
Code Issues Projects Releases Wiki Activity

Do not mutate something which the DTLS listener server does not own

Browse Source 
Multiple DTLS listener servers are created, and server->dtls_ctx is
the same object shared between them.

Set these callbacks once, and logically this is at the point where the
SSL context is created.
This commit is contained in:
Mark Hills 2021-02-03 15:37:43 +00:00
parent e2d71ce6bf
commit bdf27616ba
3 changed files with 23 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
src/apps/relay/dtls_listener.c
View File

@ -936,36 +936,6 @@ static int init_server(dtls_listener_relay_server_type* server,
server->e = e;
#if DTLS_SUPPORTED
if(server->dtls_ctx) {
#if defined(REQUEST_CLIENT_CERT)
/* If client has to authenticate, then */
SSL_CTX_set_verify(server->dtls_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, dtls_verify_callback);
#endif
SSL_CTX_set_read_ahead(server->dtls_ctx, 1);
SSL_CTX_set_cookie_generate_cb(server->dtls_ctx, generate_cookie);
SSL_CTX_set_cookie_verify_cb(server->dtls_ctx, verify_cookie);
}
#if DTLSv1_2_SUPPORTED
if(server->dtls_ctx_v1_2) {
#if defined(REQUEST_CLIENT_CERT)
/* If client has to authenticate, then */
SSL_CTX_set_verify(server->dtls_ctx_v1_2, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, dtls_verify_callback);
#endif
SSL_CTX_set_read_ahead(server->dtls_ctx_v1_2, 1);
SSL_CTX_set_cookie_generate_cb(server->dtls_ctx_v1_2, generate_cookie);
SSL_CTX_set_cookie_verify_cb(server->dtls_ctx_v1_2, verify_cookie);
}
#endif
#endif
return create_server_socket(server, report_creation);
}
@ -980,6 +950,23 @@ static int clean_server(dtls_listener_relay_server_type* server) {
///////////////////////////////////////////////////////////
#if DTLS_SUPPORTED
void setup_dtls_callbacks(SSL_CTX *ctx) {
if (!ctx)
return;
#if defined(REQUEST_CLIENT_CERT)
/* If client has to authenticate, then */
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, dtls_verify_callback);
#endif
SSL_CTX_set_read_ahead(ctx, 1);
SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie);
SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie);
}
#endif
dtls_listener_relay_server_type* create_dtls_listener_server(const char* ifname,
const char *local_address,
int port,

4
src/apps/relay/dtls_listener.h
View File

@ -50,6 +50,10 @@ typedef struct dtls_listener_relay_server_info dtls_listener_relay_server_type;
///////////////////////////////////////////
#if DTLS_SUPPORTED
void setup_dtls_callbacks(SSL_CTX *ctx);
#endif
dtls_listener_relay_server_type* create_dtls_listener_server(const char* ifname,
const char *local_address,
int port,

2
src/apps/relay/mainrelay.c
View File

@ -3198,10 +3198,12 @@ static void openssl_load_certificates(void)
set_ctx(&turn_params.dtls_ctx,"DTLS",DTLS_server_method());
set_ctx(&turn_params.dtls_ctx_v1_2,"DTLS1.2",DTLSv1_2_server_method());
SSL_CTX_set_read_ahead(turn_params.dtls_ctx_v1_2, 1);
setup_dtls_callbacks(turn_params.dtls_ctx_v1_2);
#else
set_ctx(&turn_params.dtls_ctx,"DTLS",DTLSv1_server_method());
#endif
SSL_CTX_set_read_ahead(turn_params.dtls_ctx, 1);
setup_dtls_callbacks(turn_params.dtls_ctx);
TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "DTLS cipher suite: %s\n",turn_params.cipher_list);