diff options
| author | Evgeniy Khramtsov <ekhramtsov@process-one.net> | 2017-12-24 12:27:51 +0300 |
|---|---|---|
| committer | Evgeniy Khramtsov <ekhramtsov@process-one.net> | 2017-12-24 12:27:51 +0300 |
| commit | 1698956f34fda67f815c66c26f1e0abe6ad139bc (patch) | |
| tree | 1f717a292b6f3b840653104e8fa17481995b964c /src/ejabberd_sip.erl | |
| parent | Don't let privacy list prevent local roster update (diff) | |
Rely on Server Name Indication for incoming Direct-TLS connections
This commit also deprecates `certfile` option for ejabberd_http
listener.
Diffstat (limited to 'src/ejabberd_sip.erl')
| -rw-r--r-- | src/ejabberd_sip.erl | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/src/ejabberd_sip.erl b/src/ejabberd_sip.erl index 01bb7ffcc..ffd5c059a 100644 --- a/src/ejabberd_sip.erl +++ b/src/ejabberd_sip.erl @@ -44,12 +44,14 @@ start(_, _) -> -export([tcp_init/2, udp_init/2, udp_recv/5, start/2, socket_type/0, listen_opt_type/1]). +-include("ejabberd.hrl"). + %%%=================================================================== %%% API %%%=================================================================== tcp_init(Socket, Opts) -> ejabberd:start_app(esip), - esip_socket:tcp_init(Socket, Opts). + esip_socket:tcp_init(Socket, set_certfile(Opts)). udp_init(Socket, Opts) -> ejabberd:start_app(esip), @@ -64,8 +66,28 @@ start(Opaque, Opts) -> socket_type() -> raw. +set_certfile(Opts) -> + case lists:keymember(certfile, 1, Opts) of + true -> + Opts; + false -> + case ejabberd_pkix:get_certfile(?MYNAME) of + {ok, CertFile} -> + [{certfile, CertFile}|Opts]; + error -> + case ejabberd_config:get_option({domain_certfile, ?MYNAME}) of + undefined -> + Opts; + CertFile -> + [{certfile, CertFile}|Opts] + end + end + end. + listen_opt_type(certfile) -> fun(S) -> + %% We cannot deprecate the option for now: + %% I think STUN/TURN clients are too stupid to set SNI ejabberd_pkix:add_certfile(S), iolist_to_binary(S) end; |