diff --git a/Makefile b/Makefile index 106754c..0f41ad1 100644 --- a/Makefile +++ b/Makefile @@ -89,21 +89,18 @@ $(SOBJS): %.so: %.o SERIAL=`date "+%Y%m%d%H%M%S"` + cert: - if [ ! -f $(PROXYCERT) ]; then \ - umask 77 ; \ - PEM1=`$(MKTEMP) /tmp/openssl.XXXXXX` ; \ - PEM2=`$(MKTEMP) /tmp/openssl.XXXXXX` ; \ - if [ ! -f $(PROXYSSLCONF) ]; then \ - install ./configs/ssl.conf $(PROXYSSLCONF); \ - fi; \ - /usr/bin/openssl req $(UTF8) -newkey rsa:1024 -keyout $$PEM1 -nodes -x509 -days 365 -out $$PEM2 -set_serial $(SERIAL) -config $(PROXYSSLCONF) ; \ + if [ ! -f $(PROXYCERT) ]; then \ + umask 77; \ + if [ ! -f $(PROXYSSLCONF) ]; then \ + install ./configs/ssl.conf $(PROXYSSLCONF); \ + fi; \ mkdir -p $(CERTDIR); \ - cat $$PEM1 > $(PROXYCERT) ; \ - echo "" >> $(PROXYCERT) ; \ - cat $$PEM2 >> $(PROXYCERT) ; \ - rm $$PEM1 $$PEM2; \ - fi + /usr/bin/openssl req -x509 -newkey rsa:4096 -keyout $(CERTDIR)/proxy-server.key -out $(CERTDIR)/proxy-server.crt -days 365 -nodes -subj "/CN=localhost" -config $(PROXYSSLCONF); \ + cat $(CERTDIR)/proxy-server.key $(CERTDIR)/proxy-server.crt > $(PROXYCERT); \ + rm -f $(CERTDIR)/proxy-server.key $(CERTDIR)/proxy-server.crt; \ + fi certificate: createcert="1"; \ @@ -112,7 +109,7 @@ certificate: read answer; \ if [ "$$answer" = "yes" ]; then \ echo "I am creating a new certificate, Old one is copied as server.pem.old ";\ - sudo cp /var/lib/asterisk/certs/server.pem /var/lib/asterisk/certs/server.pem.old; \ + sudo cp $(PROXYCERT) $(PROXYCERT).old; \ elif [ "$$answer" = "no" ]; then \ echo "Certificate already exists, I am not creating a new certificate,";\ createcert="0"; \ @@ -122,18 +119,14 @@ certificate: fi; \ fi; \ if [ "$$createcert" = "1" ]; then \ - umask 77 ; \ - PEM1=`$(MKTEMP) /tmp/openssl.XXXXXX` ; \ - PEM2=`$(MKTEMP) /tmp/openssl.XXXXXX` ; \ - if [ ! -f $(PROXYSSLCONF) ]; then \ - install ./configs/ssl.conf $(PROXYSSLCONF); \ - fi; \ - /usr/bin/openssl req $(UTF8) -newkey rsa:1024 -keyout $$PEM1 -nodes -x509 -days 365 -out $$PEM2 -set_serial $(SERIAL) -config $(PROXYSSLCONF) ; \ + umask 77; \ + if [ ! -f $(PROXYSSLCONF) ]; then \ + install ./configs/ssl.conf $(PROXYSSLCONF); \ + fi; \ mkdir -p $(CERTDIR); \ - cat $$PEM1 > $(PROXYCERT) ; \ - echo "" >> $(PROXYCERT) ; \ - cat $$PEM2 >> $(PROXYCERT) ; \ - rm $$PEM1 $$PEM2; \ + /usr/bin/openssl req -x509 -newkey rsa:4096 -keyout $(CERTDIR)/proxy-server.key -out $(CERTDIR)/proxy-server.crt -days 365 -nodes -subj "/CN=localhost" -config $(PROXYSSLCONF); \ + cat $(CERTDIR)/proxy-server.key $(CERTDIR)/proxy-server.crt > $(PROXYCERT); \ + rm -f $(CERTDIR)/proxy-server.key $(CERTDIR)/proxy-server.crt; \ fi diff --git a/src/include/astmanproxy.h b/src/include/astmanproxy.h index 93fcdff..5c696b8 100644 --- a/src/include/astmanproxy.h +++ b/src/include/astmanproxy.h @@ -134,7 +134,7 @@ struct message { struct mansession *session; }; -struct proxyconfig pc; +extern struct proxyconfig pc; extern int debug; /* Common Function Prototypes */ diff --git a/src/ssl.c b/src/ssl.c index 80ca467..bd917d7 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -50,13 +50,13 @@ static int ssl_initialized; Initializes all the ssl related stuff here. */ int init_secure(char *certfile) { - SSL_METHOD *meth; + const SSL_METHOD *meth; - SSLeay_add_ssl_algorithms(); + /* OpenSSL 1.1.0+ initializes itself, no need for SSLeay_add_ssl_algorithms() */ SSL_load_error_strings(); /* server init */ - meth = SSLv23_server_method(); + meth = TLS_server_method(); sctx = SSL_CTX_new(meth); if (!sctx) { @@ -83,13 +83,13 @@ int init_secure(char *certfile) */ int client_init_secure(void) { - SSL_METHOD *meth; + const SSL_METHOD *meth; /* client init */ - SSLeay_add_ssl_algorithms(); - meth = SSLv23_client_method(); + /* OpenSSL 1.1.0+ initializes itself, no need for SSLeay_add_ssl_algorithms() */ + meth = TLS_client_method(); SSL_load_error_strings(); - cctx = SSL_CTX_new (meth); + cctx = SSL_CTX_new(meth); if (!cctx) debugmsg("Failed to create a client ssl context!");