Commit 2bd6f0116b for freeswitch.com
commit 2bd6f0116bc704f36a839c9149739b33f8af29cf
Author: Andrey Volk <andywolk@gmail.com>
Date: Tue May 26 01:12:37 2026 +0300
[mod_sofia] Reload certificates on the fly without disconnects using reloadcert API. (#3034)
diff --git a/src/mod/endpoints/mod_sofia/mod_sofia.c b/src/mod/endpoints/mod_sofia/mod_sofia.c
index 4fd5d57c1f..0bf07b57be 100644
--- a/src/mod/endpoints/mod_sofia/mod_sofia.c
+++ b/src/mod/endpoints/mod_sofia/mod_sofia.c
@@ -6528,6 +6528,42 @@ char *sofia_stir_shaken_as_create_identity_header(switch_core_session_t *session
}
+#ifdef HAVE_NUA_RELOAD_TLS
+static void sofia_cert_reload_handler(switch_event_t *event)
+{
+ switch_hash_index_t *hi;
+ const void *vvar;
+ void *val;
+
+ switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_INFO, "Certificate reload event received, processing\n");
+
+ switch_mutex_lock(mod_sofia_globals.hash_mutex);
+
+ for (hi = switch_core_hash_first(mod_sofia_globals.profile_hash); hi; hi = switch_core_hash_next(&hi)) {
+ sofia_profile_t *profile;
+
+ switch_core_hash_this(hi, &vvar, NULL, &val);
+ profile = (sofia_profile_t *) val;
+
+ if (!sofia_test_pflag(profile, PFLAG_RUNNING) || !profile->nua || !profile->tls_cert_dir) {
+ continue;
+ }
+
+ if (strcmp(vvar, profile->name)) {
+ continue;
+ }
+
+ nua_reload_tls(profile->nua, profile->tls_cert_dir);
+
+ switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_INFO, "TLS certificate reload signaled for sofia profile %s\n", profile->name);
+ }
+
+ switch_mutex_unlock(mod_sofia_globals.hash_mutex);
+
+ switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_INFO, "Certificate reload event processed\n");
+}
+#endif
+
SWITCH_MODULE_LOAD_FUNCTION(mod_sofia_load)
{
switch_chat_interface_t *chat_interface;
@@ -6694,6 +6730,10 @@ SWITCH_MODULE_LOAD_FUNCTION(mod_sofia_load)
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Waiting for profiles to start\n");
switch_yield(1500000);
+#ifdef HAVE_NUA_RELOAD_TLS
+ switch_event_bind(modname, SWITCH_EVENT_CERT_RELOAD, SWITCH_EVENT_SUBCLASS_ANY, sofia_cert_reload_handler, NULL);
+#endif
+
if (switch_event_bind(modname, SWITCH_EVENT_CUSTOM, MULTICAST_EVENT, event_handler, NULL) != SWITCH_STATUS_SUCCESS) {
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Couldn't bind!\n");
switch_goto_status(SWITCH_STATUS_TERM, err);
@@ -6876,6 +6916,9 @@ void mod_sofia_shutdown_cleanup(void) {
}
switch_mutex_unlock(mod_sofia_globals.mutex);
+#ifdef HAVE_NUA_RELOAD_TLS
+ switch_event_unbind_callback(sofia_cert_reload_handler);
+#endif
switch_event_unbind_callback(sofia_presence_event_handler);
switch_event_unbind_callback(general_queue_event_handler);
diff --git a/w32/download_sofia-sip.props b/w32/download_sofia-sip.props
index 52c1e6fe27..a4cdf6a2d9 100644
--- a/w32/download_sofia-sip.props
+++ b/w32/download_sofia-sip.props
@@ -29,7 +29,7 @@
<Target Name="SofiaSipDownloadTarget" BeforeTargets="CustomBuild;PreBuildEvent;" DependsOnTargets="7za">
<DownloadPackageTask
- package="https://github.com/freeswitch/sofia-sip/archive/master.zip"
+ package="https://github.com/freeswitch/sofia-sip/archive/$(SofiaSipVersion).zip"
expectfileordirectory="$(BaseDir)libs\sofia-sip\configure.ac"
outputfolder=""
outputfilename="sofia-sip-$(SofiaSipVersion).zip"