diff options
author | UbitUmarov | 2016-12-07 13:30:07 +0000 |
---|---|---|
committer | UbitUmarov | 2016-12-07 13:30:07 +0000 |
commit | 3a81642d979a84c5c2e666cb500e080d56f887ed (patch) | |
tree | 0f3302d414792ef3b3cb2046595561373f1ba19b /bin | |
parent | add SSL certs validation options for robust to allow simple certificates, pos... (diff) | |
download | opensim-SC-3a81642d979a84c5c2e666cb500e080d56f887ed.zip opensim-SC-3a81642d979a84c5c2e666cb500e080d56f887ed.tar.gz opensim-SC-3a81642d979a84c5c2e666cb500e080d56f887ed.tar.bz2 opensim-SC-3a81642d979a84c5c2e666cb500e080d56f887ed.tar.xz |
add SSL certs validation options for regions to allow simple encriptation without any peer autentification using simple homemade (or even shared) certs.
Diffstat (limited to '')
-rw-r--r-- | bin/OpenSim.ini.example | 13 | ||||
-rw-r--r-- | bin/OpenSimDefaults.ini | 15 | ||||
-rw-r--r-- | bin/Robust.HG.ini.example | 1 | ||||
-rw-r--r-- | bin/Robust.ini.example | 10 |
4 files changed, 38 insertions, 1 deletions
diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example index 4df6584..a4a6d0c 100644 --- a/bin/OpenSim.ini.example +++ b/bin/OpenSim.ini.example | |||
@@ -295,6 +295,19 @@ | |||
295 | ;; default is false | 295 | ;; default is false |
296 | ; TelehubAllowLandmark = false | 296 | ; TelehubAllowLandmark = false |
297 | 297 | ||
298 | |||
299 | ;; SSL certificate validation options | ||
300 | ;; used also on contacting other peers that require SSL and we don't | ||
301 | ;; you should set this to false forcing all peers (like regions) to have valid certificates | ||
302 | ;; but you can allow selfsigned certificates or no official CA with next option true | ||
303 | ;# {NoVerifyCertChain} {} {do not verify SSL Cert Chain} {true false} true | ||
304 | ; NoVerifyCertChain = true | ||
305 | |||
306 | ;; you can also bypass the hostname or domain verification | ||
307 | ;# {NoVerifyCertHostname} {} {do not verify SSL Cert name versus peer name} {true false} true | ||
308 | ; NoVerifyCertHostname = true | ||
309 | ;; having both options true does provide encriptation, but low security | ||
310 | ;; possible enought for small grids, specially it not comercial | ||
298 | 311 | ||
299 | [AccessControl] | 312 | [AccessControl] |
300 | ;# {AllowedClients} {} {Bar (|) separated list of allowed clients} {} | 313 | ;# {AllowedClients} {} {Bar (|) separated list of allowed clients} {} |
diff --git a/bin/OpenSimDefaults.ini b/bin/OpenSimDefaults.ini index 6539f6e..4884d3d 100644 --- a/bin/OpenSimDefaults.ini +++ b/bin/OpenSimDefaults.ini | |||
@@ -401,7 +401,20 @@ | |||
401 | ; routing and land at the landmark coordinates when set to true | 401 | ; routing and land at the landmark coordinates when set to true |
402 | ; default is false | 402 | ; default is false |
403 | ; TelehubAllowLandmark = false | 403 | ; TelehubAllowLandmark = false |
404 | 404 | ||
405 | ; # | ||
406 | ; # SSL certificates validation options | ||
407 | ; # | ||
408 | |||
409 | ; SSL certificate validation options | ||
410 | ; used also on contacting other peers that require SSL and we don't | ||
411 | ; you should set this to false forcing all peers (like regions) to have valid certificates | ||
412 | ; but you can allow selfsigned certificates or no official CA with next option true | ||
413 | ; NoVerifyCertChain = true | ||
414 | ; you can also bypass the hostname or domain verification | ||
415 | ; NoVerifyCertHostname = true | ||
416 | ; having both options true does provide encriptation, but low security | ||
417 | ; possible enought for small grids, specially it not comercial | ||
405 | 418 | ||
406 | [Map] | 419 | [Map] |
407 | ; Map tile options. | 420 | ; Map tile options. |
diff --git a/bin/Robust.HG.ini.example b/bin/Robust.HG.ini.example index 08a3b8c..f66b245 100644 --- a/bin/Robust.HG.ini.example +++ b/bin/Robust.HG.ini.example | |||
@@ -71,6 +71,7 @@ | |||
71 | ConsoleHistoryFileLines = 100 | 71 | ConsoleHistoryFileLines = 100 |
72 | 72 | ||
73 | ; peers SSL certificate validation options (if using ssl) | 73 | ; peers SSL certificate validation options (if using ssl) |
74 | ; used also on contacting other peers that require SSL and we don't | ||
74 | ; you should set this to false forcing all peers (like regions) to have valid certificates | 75 | ; you should set this to false forcing all peers (like regions) to have valid certificates |
75 | ; but you can allow selfsigned certificates or no official CA with next option true | 76 | ; but you can allow selfsigned certificates or no official CA with next option true |
76 | NoVerifyCertChain = true | 77 | NoVerifyCertChain = true |
diff --git a/bin/Robust.ini.example b/bin/Robust.ini.example index 743b23d..5e6ce47 100644 --- a/bin/Robust.ini.example +++ b/bin/Robust.ini.example | |||
@@ -61,6 +61,16 @@ | |||
61 | 61 | ||
62 | ; How many lines of command history should we keep? (default is 100) | 62 | ; How many lines of command history should we keep? (default is 100) |
63 | ConsoleHistoryFileLines = 100 | 63 | ConsoleHistoryFileLines = 100 |
64 | |||
65 | ; peers SSL certificate validation options | ||
66 | ; used also on contacting other peers that require SSL and we don't | ||
67 | ; you should set this to false forcing all peers (like regions) to have valid certificates | ||
68 | ; but you can allow selfsigned certificates or no official CA with next option true | ||
69 | NoVerifyCertChain = true | ||
70 | ; you can also bypass the hostname or domain verification | ||
71 | NoVerifyCertHostname = true | ||
72 | ; having both options true does provide encriptation, but low security | ||
73 | ; possible enought for small grids, specially it not comercial | ||
64 | 74 | ||
65 | [ServiceList] | 75 | [ServiceList] |
66 | AssetServiceConnector = "${Const|PrivatePort}/OpenSim.Server.Handlers.dll:AssetServiceConnector" | 76 | AssetServiceConnector = "${Const|PrivatePort}/OpenSim.Server.Handlers.dll:AssetServiceConnector" |