1 files changed, 44 insertions, 9 deletions

diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example
index 05a43f4..0ef6cfc 100644
--- a/bin/OpenSim.ini.example
+++ b/bin/OpenSim.ini.example
@@ -46,11 +46,8 @@
 
 
 [Const]
-    ; For a grid these will usually be the externally accessible IP/DNS
-    ; name and use default public port 8002 and default private port 8003
-    ; For a standalone this will usually be the externally accessible IP/DNS
-    ; name and use default public port 9000. The private port is not used
-    ; in the configuration for a standalone.
+        ; this section defines constants for grid services
+        ; to simplify other configuration files default settings
 
     ;# {BaseHostname} {} {BaseHostname} {"example.com" "127.0.0.1"} "127.0.0.1"
     BaseHostname = "127.0.0.1"
@@ -61,13 +58,13 @@
     ;# {PublicPort} {} {PublicPort} {8002 9000} "8002"
     PublicPort = "8002"
 
+        ;grid default private port 8003, not used in standalone
     ;# {PrivatePort} {} {PrivatePort} {8003} "8003"
     ; port to access private grid services.
     ; grids that run all their regions should deny access to this port
     ; from outside their networks, using firewalls
     PrivatePort = "8003"
 
-
 [Startup]
     ;# {ConsolePrompt} {} {ConsolePrompt} {} "Region (\R) "
     ;; Console prompt
@@ -299,7 +296,18 @@
     ;; default is false
     ; TelehubAllowLandmark = false
 
-
+    
+    ;; SSL certificate validation options
+    ;; you can allow selfsigned certificates or no official CA with next option set to true
+    ;# {NoVerifyCertChain} {} {do not verify SSL Cert Chain} {true false} true
+    ; NoVerifyCertChain = true
+
+    ;; you can also bypass the hostname or domain verification
+    ;# {NoVerifyCertHostname} {} {do not verify SSL Cert name versus peer name} {true false} true
+    ; NoVerifyCertHostname = true
+    ;; having both options true does provide encryption but with low security
+    ;; set both true if you don't care to use SSL, they are needed to contact regions or grids that do use it.
+    
 [AccessControl]
     ;# {AllowedClients} {} {Bar (|) separated list of allowed clients} {}
     ;; Bar (|) separated list of viewers which may gain access to the regions.
@@ -443,7 +451,6 @@
     ;; Password for the default estate owner
     ; DefaultEstateOwnerPassword = password
 
-
 [SMTP]
     ;; The SMTP server enabled the email module to send email to external
     ;; destinations.
@@ -476,7 +483,6 @@
     ;# {SMTP_SERVER_PASSWORD} {[Startup]emailmodule:DefaultEmailModule enabled:true} {SMTP server password} {}
     ; SMTP_SERVER_PASSWORD = ""
 
-
 [Network]
     ;# {ConsoleUser} {} {User name for console account} {}
     ;; Configure the remote console user here. This will not actually be used
@@ -493,10 +499,39 @@
     ;; the region ports use UDP.
     ; http_listener_port = 9000
 
+        ; optional main server secure http (ssl)
+        ; to use ssl you need a ssl certificate in PKCS12 format that validates the ExternalHostnames 
+        ; or their domains
+        ; some viewers by default only accept certificates signed by a oficial CA
+        ; to use others like self signed certificates with those viewers,
+        ; their debug option NoVerifySSLCert needs to be set true, You need to inform users about this
+        ; the main unsecure port will still open for some services. this may change in future.
+        
+        ; set http_listener_ssl to enable main server ssl. it will replace unsecure port on most functions
+        ;# {http_listener_ssl}{} {enable main server ssl port)} {} false
+    ;http_listener_ssl = false
+        
+        ; Set port for main SSL connections
+        ;# {http_listener_sslport}{} {main server ssl port)} {} 9001
+    ;http_listener_sslport = 9001 ;
+        
+        ; currently if using ssl, regions ExternalHostName must the the same and equal to http_listener_cn
+        ; this may be removed in future
+        ;# {http_listener_cn}{} {main server ssl externalHostName)} {} ""
+    ;http_listener_cn = "myRegionsExternalHostName"
+
+        ; the path for the certificate path
+        ;# {http_listener_cert_path}{} {main server ssl certificate file path)} {} ""
+    ;http_listener_cert_path = "mycert.p12"
+        
+        ;# {http_listener_cert_pass}{} {main server ssl certificate password)} {} ""
+        ;http_listener_cert_pass = "mycertpass" ; the cert passwork
+        
     ; By default, OpenSimulator does not allow scripts to make HTTP calls to addresses on the simulator's LAN.
     ; See the OutboundDisallowForUserScripts parameter in OpenSimDefaults.ini for more information on this filter.
     ; If you need to allow scripts to make some LAN calls use the OutboundDisallowForUserScriptsExcept parameter below.
     ; We recommend that you do not override OutboundDisallowForUserScripts directly unless you are very sure about what you're doing.
+        ; this HTTP calls can also use ssl see opensimDefaults.ini
     ;
     ; You can whitelist individual endpoints by IP or FQDN, e.g.
     ;