add SSL certs validation options for robust to allow simple certificates, possible only for encriptation without any peer autentification. disable validation by default for the small grids case

author: UbitUmarov 2016-12-07 12:23:40 +0000
committer: UbitUmarov 2016-12-07 12:23:40 +0000
commit: 049dd374e9becc12b3e36e42d217f79ebf09ad45 (patch)
tree: 4fd68978cad7248cfe87585e62a5cb8d589069e2 /OpenSim/Server
parent: Merge branch 'master' into httptests (diff)
download: opensim-SC-049dd374e9becc12b3e36e42d217f79ebf09ad45.zip
opensim-SC-049dd374e9becc12b3e36e42d217f79ebf09ad45.tar.gz
opensim-SC-049dd374e9becc12b3e36e42d217f79ebf09ad45.tar.bz2
opensim-SC-049dd374e9becc12b3e36e42d217f79ebf09ad45.tar.xz
1 files changed, 27 insertions, 0 deletions
diff --git a/OpenSim/Server/ServerMain.cs b/OpenSim/Server/ServerMain.cs
index ed5a481..190f60f 100644
--- a/OpenSim/Server/ServerMain.cs
+++ b/OpenSim/Server/ServerMain.cs
@@ -30,6 +30,8 @@ using log4net;
 using System.Reflection;
 using System;
 using System.Net;
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
 using System.Collections.Generic;
 using OpenSim.Framework.Servers;
 using OpenSim.Framework.Servers.HttpServer;
@@ -51,6 +53,26 @@ namespace OpenSim.Server
                new List<IServiceConnector>();
        protected static PluginLoader loader;
+        private static bool m_NoVerifyCertChain = false;
+        private static bool m_NoVerifyCertHostname = false;
+        public static bool ValidateServerCertificate(
+            object sender,
+            X509Certificate certificate,
+            X509Chain chain,
+            SslPolicyErrors sslPolicyErrors)
+        {
+            if (m_NoVerifyCertChain)
+                sslPolicyErrors &= ~SslPolicyErrors.RemoteCertificateChainErrors;
+ 
+            if (m_NoVerifyCertHostname)
+                sslPolicyErrors &= ~SslPolicyErrors.RemoteCertificateNameMismatch;
+            if (sslPolicyErrors == SslPolicyErrors.None)
+                return true;
+            return false;
+        }
        public static int Main(string[] args)
        {
@@ -69,6 +91,11 @@ namespace OpenSim.Server
                throw new Exception("Configuration error");
            }
+            m_NoVerifyCertChain = serverConfig.GetBoolean("NoVerifyCertChain", m_NoVerifyCertChain);
+            m_NoVerifyCertHostname = serverConfig.GetBoolean("NoVerifyCertHostname", m_NoVerifyCertHostname);
+            ServicePointManager.ServerCertificateValidationCallback = ValidateServerCertificate;
            string connList = serverConfig.GetString("ServiceConnectors", String.Empty);
            
            registryLocation = serverConfig.GetString("RegistryLocation",".");
author	UbitUmarov	2016-12-07 12:23:40 +0000
committer	UbitUmarov	2016-12-07 12:23:40 +0000
commit	049dd374e9becc12b3e36e42d217f79ebf09ad45 (patch)
tree	4fd68978cad7248cfe87585e62a5cb8d589069e2 /OpenSim/Server
parent	Merge branch 'master' into httptests (diff)
download	opensim-SC-049dd374e9becc12b3e36e42d217f79ebf09ad45.zip opensim-SC-049dd374e9becc12b3e36e42d217f79ebf09ad45.tar.gz opensim-SC-049dd374e9becc12b3e36e42d217f79ebf09ad45.tar.bz2 opensim-SC-049dd374e9becc12b3e36e42d217f79ebf09ad45.tar.xz

diff --git a/OpenSim/Server/ServerMain.cs b/OpenSim/Server/ServerMain.cs index ed5a481..190f60f 100644 --- a/OpenSim/Server/ServerMain.cs +++ b/OpenSim/Server/ServerMain.cs
@@ -30,6 +30,8 @@ using log4net;
30	using System.Reflection;	30	using System.Reflection;
31	using System;	31	using System;
32	using System.Net;	32	using System.Net;
		33	using System.Net.Security;
		34	using System.Security.Cryptography.X509Certificates;
33	using System.Collections.Generic;	35	using System.Collections.Generic;
34	using OpenSim.Framework.Servers;	36	using OpenSim.Framework.Servers;
35	using OpenSim.Framework.Servers.HttpServer;	37	using OpenSim.Framework.Servers.HttpServer;
@@ -51,6 +53,26 @@ namespace OpenSim.Server
51	new List<IServiceConnector>();	53	new List<IServiceConnector>();
52		54
53	protected static PluginLoader loader;	55	protected static PluginLoader loader;
		56	private static bool m_NoVerifyCertChain = false;
		57	private static bool m_NoVerifyCertHostname = false;
		58
		59	public static bool ValidateServerCertificate(
		60	object sender,
		61	X509Certificate certificate,
		62	X509Chain chain,
		63	SslPolicyErrors sslPolicyErrors)
		64	{
		65	if (m_NoVerifyCertChain)
		66	sslPolicyErrors &= ~SslPolicyErrors.RemoteCertificateChainErrors;
		67
		68	if (m_NoVerifyCertHostname)
		69	sslPolicyErrors &= ~SslPolicyErrors.RemoteCertificateNameMismatch;
		70
		71	if (sslPolicyErrors == SslPolicyErrors.None)
		72	return true;
		73
		74	return false;
		75	}
54		76
55	public static int Main(string[] args)	77	public static int Main(string[] args)
56	{	78	{
@@ -69,6 +91,11 @@ namespace OpenSim.Server
69	throw new Exception("Configuration error");	91	throw new Exception("Configuration error");
70	}	92	}
71		93
		94	m_NoVerifyCertChain = serverConfig.GetBoolean("NoVerifyCertChain", m_NoVerifyCertChain);
		95	m_NoVerifyCertHostname = serverConfig.GetBoolean("NoVerifyCertHostname", m_NoVerifyCertHostname);
		96
		97	ServicePointManager.ServerCertificateValidationCallback = ValidateServerCertificate;
		98
72	string connList = serverConfig.GetString("ServiceConnectors", String.Empty);	99	string connList = serverConfig.GetString("ServiceConnectors", String.Empty);
73		100
74	registryLocation = serverConfig.GetString("RegistryLocation",".");	101	registryLocation = serverConfig.GetString("RegistryLocation",".");