diff --git a/configs/http.conf.sample b/configs/http.conf.sample
index 8a63148ffdeb72d208289dd74ae9a3025dcaeae9..5b9c9a76fcf31821a544907e5150a0edd5926b6b 100644
--- a/configs/http.conf.sample
+++ b/configs/http.conf.sample
@@ -56,8 +56,7 @@ bindaddr=127.0.0.1
; explicitly enable tls, define the port to use,
; and have a certificate somewhere.
;tlsenable=yes ; enable tls - default no.
-;tlsbindport=4433 ; port to use - default is 8089
-;tlsbindaddr=0.0.0.0 ; address to bind to - default is bindaddr.
+;tlsbindaddr=0.0.0.0:8089 ; address and port to bind to - default is bindaddr and port 8089.
;
;tlscertfile=</path/to/certificate.pem> ; path to the certificate file (*.pem) only.
;tlsprivatekey=</path/to/private.pem> ; path to private key file (*.pem) only.
diff --git a/configs/manager.conf.sample b/configs/manager.conf.sample
index 2d43360f6a883307f6ecc6d204c7a66df6171d61..fb44e74d4d3958cb76d5ae27f7d45078d3c4d6ac 100644
--- a/configs/manager.conf.sample
+++ b/configs/manager.conf.sample
@@ -33,8 +33,7 @@ bindaddr = 0.0.0.0
; openssl s_client -connect my_host:5039
;
;tlsenable=no ; set to YES to enable it
-;tlsbindport=5039 ; the port to bind to
-;tlsbindaddr=0.0.0.0 ; address to bind to, default to bindaddr
+;tlsbindaddr=0.0.0.0:5039 ; address and port to bind to, default to bindaddr and port 5039
;tlscertfile=/tmp/asterisk.pem ; path to the certificate.
;tlsprivatekey=/tmp/private.pem ; path to the private key, if no private given,
; if no tlsprivatekey is given, default is to search
diff --git a/include/asterisk/manager.h b/include/asterisk/manager.h
index eaf48cecf43465fd835f6d73e2cfece86bebea86..534e43f90266bec9d100d0da9f6d0140028d6cf6 100644
--- a/include/asterisk/manager.h
+++ b/include/asterisk/manager.h
@@ -56,6 +56,7 @@
#define AMI_VERSION "1.2"
#define DEFAULT_MANAGER_PORT 5038 /* Default port for Asterisk management via TCP */
+#define DEFAULT_MANAGER_TLS_PORT 5039 /* Default port for Asterisk management via TCP */
/*! \name Constant return values
*\note Currently, returning anything other than zero causes the session to terminate.
diff --git a/main/http.c b/main/http.c
index 724a58fdcfeb1c4225764680a3f68669a97bc48c..c7e3ceb15a7b507a59182b593538193035528157 100644
--- a/main/http.c
+++ b/main/http.c
@@ -1005,13 +1005,15 @@ static int __ast_http_load(int reload)
uint32_t bindport = DEFAULT_PORT;
struct ast_sockaddr *addrs = NULL;
int num_addrs = 0;
+ int http_tls_was_enabled = 0;
cfg = ast_config_load2("http.conf", "http", config_flags);
if (cfg == CONFIG_STATUS_FILEMISSING || cfg == CONFIG_STATUS_FILEUNCHANGED || cfg == CONFIG_STATUS_FILEINVALID) {
return 0;
}
- /* default values */
+ http_tls_was_enabled = (reload && http_tls_cfg.enabled);
+
http_tls_cfg.enabled = 0;
if (http_tls_cfg.certfile) {
ast_free(http_tls_cfg.certfile);
@@ -1034,6 +1036,8 @@ static int __ast_http_load(int reload)
}
AST_RWLIST_UNLOCK(&uri_redirects);
+ ast_sockaddr_setnull(&https_desc.local_address);
+
if (cfg) {
v = ast_variable_browse(cfg, "general");
for (; v; v = v->next) {
@@ -1113,8 +1117,9 @@ static int __ast_http_load(int reload)
ast_sockaddr_set_port(&https_desc.local_address, DEFAULT_TLS_PORT);
}
}
-
- if (enabled && !ast_sockaddr_isnull(&https_desc.local_address)) {
+ if (http_tls_was_enabled && !http_tls_cfg.enabled) {
+ ast_tcptls_server_stop(&https_desc);
+ } else if (http_tls_cfg.enabled && !ast_sockaddr_isnull(&https_desc.local_address)) {
/* We can get here either because a TLS-specific address was specified
* or because we copied the non-TLS address here. In the case where
* we read an explicit address from the config, there may have been
diff --git a/main/manager.c b/main/manager.c
index 727df26473c0feb70e3107286e16891d86178823..3558697cb05d2e0c5d1860470d9aaa44dc23aa01 100644
--- a/main/manager.c
+++ b/main/manager.c
@@ -6645,6 +6645,7 @@ static int __init_manager(int reload)
char a1_hash[256];
struct sockaddr_in ami_desc_local_address_tmp = { 0, };
struct sockaddr_in amis_desc_local_address_tmp = { 0, };
+ int tls_was_enabled = 0;
manager_enabled = 0;
@@ -6708,11 +6709,16 @@ static int __init_manager(int reload)
/* default values */
ast_copy_string(global_realm, S_OR(ast_config_AST_SYSTEM_NAME, DEFAULT_REALM), sizeof(global_realm));
- memset(&ami_desc.local_address, 0, sizeof(struct sockaddr_in));
- memset(&amis_desc.local_address, 0, sizeof(amis_desc.local_address));
- amis_desc_local_address_tmp.sin_port = htons(5039);
+ ast_sockaddr_setnull(&ami_desc.local_address);
+ ast_sockaddr_setnull(&amis_desc.local_address);
+
+ ami_desc_local_address_tmp.sin_family = AF_INET;
+ amis_desc_local_address_tmp.sin_family = AF_INET;
+
ami_desc_local_address_tmp.sin_port = htons(DEFAULT_MANAGER_PORT);
+ tls_was_enabled = (reload && ami_tls_cfg.enabled);
+
ami_tls_cfg.enabled = 0;
if (ami_tls_cfg.certfile) {
ast_free(ami_tls_cfg.certfile);
@@ -6786,8 +6792,7 @@ static int __init_manager(int reload)
}
}
- ami_desc_local_address_tmp.sin_family = AF_INET;
- amis_desc_local_address_tmp.sin_family = AF_INET;
+ ast_sockaddr_to_sin(&amis_desc.local_address, &amis_desc_local_address_tmp);
/* if the amis address has not been set, default is the same as non secure ami */
if (!amis_desc_local_address_tmp.sin_addr.s_addr) {
@@ -6795,6 +6800,10 @@ static int __init_manager(int reload)
ami_desc_local_address_tmp.sin_addr;
}
+ if (!amis_desc_local_address_tmp.sin_port) {
+ amis_desc_local_address_tmp.sin_port = htons(DEFAULT_MANAGER_TLS_PORT);
+ }
+
if (manager_enabled) {
ast_sockaddr_from_sin(&ami_desc.local_address, &ami_desc_local_address_tmp);
ast_sockaddr_from_sin(&amis_desc.local_address, &amis_desc_local_address_tmp);
@@ -7031,7 +7040,9 @@ static int __init_manager(int reload)
manager_event(EVENT_FLAG_SYSTEM, "Reload", "Module: Manager\r\nStatus: %s\r\nMessage: Manager reload Requested\r\n", manager_enabled ? "Enabled" : "Disabled");
ast_tcptls_server_start(&ami_desc);
- if (ast_ssl_setup(amis_desc.tls_cfg)) {
+ if (tls_was_enabled && !ami_tls_cfg.enabled) {
+ ast_tcptls_server_stop(&amis_desc);
+ } else if (ast_ssl_setup(amis_desc.tls_cfg)) {
ast_tcptls_server_start(&amis_desc);
}
return 0;