add SSL certs validation options for regions to allow simple encriptation without any peer autentification using simple homemade (or even shared) certs.

4 files changed, 38 insertions, 1 deletions

diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example
index 4df6584..a4a6d0c 100644
--- a/bin/OpenSim.ini.example
+++ b/bin/OpenSim.ini.example
@@ -295,6 +295,19 @@
     ;; default is false
     ; TelehubAllowLandmark = false
 
+    
+    ;; SSL certificate validation options
+    ;; used also on contacting other peers that require SSL and we don't
+    ;; you should set this to false forcing all peers (like regions) to have valid certificates
+    ;; but you can allow selfsigned certificates or no official CA with next option true
+    ;# {NoVerifyCertChain} {} {do not verify SSL Cert Chain} {true false} true
+    ; NoVerifyCertChain = true
+
+    ;; you can also bypass the hostname or domain verification
+    ;# {NoVerifyCertHostname} {} {do not verify SSL Cert name versus peer name} {true false} true
+    ; NoVerifyCertHostname = true
+    ;; having both options true does provide encriptation, but low security
+    ;; possible enought for small grids, specially it not comercial       
 
 [AccessControl]
     ;# {AllowedClients} {} {Bar (|) separated list of allowed clients} {}
diff --git a/bin/OpenSimDefaults.ini b/bin/OpenSimDefaults.ini
index 6539f6e..4884d3d 100644
--- a/bin/OpenSimDefaults.ini
+++ b/bin/OpenSimDefaults.ini
@@ -401,7 +401,20 @@
     ; routing and land at the landmark coordinates when set to true
     ; default is false
     ; TelehubAllowLandmark = false
-   
+
+    ; #
+    ; # SSL certificates validation options
+    ; #
+    
+    ; SSL certificate validation options
+    ; used also on contacting other peers that require SSL and we don't
+    ; you should set this to false forcing all peers (like regions) to have valid certificates
+    ; but you can allow selfsigned certificates or no official CA with next option true
+    ; NoVerifyCertChain = true
+    ; you can also bypass the hostname or domain verification
+    ; NoVerifyCertHostname = true
+    ; having both options true does provide encriptation, but low security
+    ; possible enought for small grids, specially it not comercial    
     
 [Map]
     ; Map tile options.  
diff --git a/bin/Robust.HG.ini.example b/bin/Robust.HG.ini.example
index 08a3b8c..f66b245 100644
--- a/bin/Robust.HG.ini.example
+++ b/bin/Robust.HG.ini.example
@@ -71,6 +71,7 @@
     ConsoleHistoryFileLines = 100
 
     ; peers SSL certificate validation options (if using ssl)
+    ; used also on contacting other peers that require SSL and we don't
     ; you should set this to false forcing all peers (like regions) to have valid certificates
     ; but you can allow selfsigned certificates or no official CA with next option true
     NoVerifyCertChain = true
diff --git a/bin/Robust.ini.example b/bin/Robust.ini.example
index 743b23d..5e6ce47 100644
--- a/bin/Robust.ini.example
+++ b/bin/Robust.ini.example
@@ -61,6 +61,16 @@
 
     ; How many lines of command history should we keep? (default is 100)
     ConsoleHistoryFileLines = 100
+    
+    ; peers SSL certificate validation options
+    ; used also on contacting other peers that require SSL and we don't
+    ; you should set this to false forcing all peers (like regions) to have valid certificates
+    ; but you can allow selfsigned certificates or no official CA with next option true
+    NoVerifyCertChain = true
+    ; you can also bypass the hostname or domain verification
+    NoVerifyCertHostname = true
+    ; having both options true does provide encriptation, but low security
+    ; possible enought for small grids, specially it not comercial
   
 [ServiceList]
     AssetServiceConnector = "${Const|PrivatePort}/OpenSim.Server.Handlers.dll:AssetServiceConnector"