add SSL certs validation options for regions to allow simple encriptation without any peer autentification using simple homemade (or even shared) certs.

author: UbitUmarov 2016-12-07 13:30:07 +0000
committer: UbitUmarov 2016-12-07 13:30:07 +0000
commit: 3a81642d979a84c5c2e666cb500e080d56f887ed (patch)
tree: 0f3302d414792ef3b3cb2046595561373f1ba19b /bin/OpenSim.ini.example
parent: add SSL certs validation options for robust to allow simple certificates, pos... (diff)
download: opensim-SC-3a81642d979a84c5c2e666cb500e080d56f887ed.zip
opensim-SC-3a81642d979a84c5c2e666cb500e080d56f887ed.tar.gz
opensim-SC-3a81642d979a84c5c2e666cb500e080d56f887ed.tar.bz2
opensim-SC-3a81642d979a84c5c2e666cb500e080d56f887ed.tar.xz
1 files changed, 13 insertions, 0 deletions
diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example
index 4df6584..a4a6d0c 100644
--- a/bin/OpenSim.ini.example
+++ b/bin/OpenSim.ini.example
@@ -295,6 +295,19 @@
    ;; default is false
    ; TelehubAllowLandmark = false
+    
+    ;; SSL certificate validation options
+    ;; used also on contacting other peers that require SSL and we don't
+    ;; you should set this to false forcing all peers (like regions) to have valid certificates
+    ;; but you can allow selfsigned certificates or no official CA with next option true
+    ;# {NoVerifyCertChain} {} {do not verify SSL Cert Chain} {true false} true
+    ; NoVerifyCertChain = true
+    ;; you can also bypass the hostname or domain verification
+    ;# {NoVerifyCertHostname} {} {do not verify SSL Cert name versus peer name} {true false} true
+    ; NoVerifyCertHostname = true
+    ;; having both options true does provide encriptation, but low security
+    ;; possible enought for small grids, specially it not comercial       
 [AccessControl]
    ;# {AllowedClients} {} {Bar (|) separated list of allowed clients} {}
author	UbitUmarov	2016-12-07 13:30:07 +0000
committer	UbitUmarov	2016-12-07 13:30:07 +0000
commit	3a81642d979a84c5c2e666cb500e080d56f887ed (patch)
tree	0f3302d414792ef3b3cb2046595561373f1ba19b /bin/OpenSim.ini.example
parent	add SSL certs validation options for robust to allow simple certificates, pos... (diff)
download	opensim-SC-3a81642d979a84c5c2e666cb500e080d56f887ed.zip opensim-SC-3a81642d979a84c5c2e666cb500e080d56f887ed.tar.gz opensim-SC-3a81642d979a84c5c2e666cb500e080d56f887ed.tar.bz2 opensim-SC-3a81642d979a84c5c2e666cb500e080d56f887ed.tar.xz

diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example index 4df6584..a4a6d0c 100644 --- a/bin/OpenSim.ini.example +++ b/bin/OpenSim.ini.example
@@ -295,6 +295,19 @@
295	;; default is false	295	;; default is false
296	; TelehubAllowLandmark = false	296	; TelehubAllowLandmark = false
297		297
		298
		299	;; SSL certificate validation options
		300	;; used also on contacting other peers that require SSL and we don't
		301	;; you should set this to false forcing all peers (like regions) to have valid certificates
		302	;; but you can allow selfsigned certificates or no official CA with next option true
		303	;# {NoVerifyCertChain} {} {do not verify SSL Cert Chain} {true false} true
		304	; NoVerifyCertChain = true
		305
		306	;; you can also bypass the hostname or domain verification
		307	;# {NoVerifyCertHostname} {} {do not verify SSL Cert name versus peer name} {true false} true
		308	; NoVerifyCertHostname = true
		309	;; having both options true does provide encriptation, but low security
		310	;; possible enought for small grids, specially it not comercial
298		311
299	[AccessControl]	312	[AccessControl]
300	;# {AllowedClients} {} {Bar (\|) separated list of allowed clients} {}	313	;# {AllowedClients} {} {Bar (\|) separated list of allowed clients} {}