1 files changed, 66 insertions, 11 deletions
diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example
index c610b3f..d9671f4 100644
--- a/bin/OpenSim.ini.example
+++ b/bin/OpenSim.ini.example
@@ -46,11 +46,8 @@
 [Const]
-    ; For a grid these will usually be the externally accessible IP/DNS
+        ; this section defines constants for grid services
-    ; name and use default public port 8002 and default private port 8003
+        ; to simplify other configuration files default settings
-    ; For a standalone this will usually be the externally accessible IP/DNS
-    ; name and use default public port 9000. The private port is not used
-    ; in the configuration for a standalone.
    ;# {BaseHostname} {} {BaseHostname} {"example.com" "127.0.0.1"} "127.0.0.1"
    BaseHostname = "127.0.0.1"
@@ -61,13 +58,13 @@
    ;# {PublicPort} {} {PublicPort} {8002 9000} "8002"
    PublicPort = "8002"
+        ;grid default private port 8003, not used in standalone
    ;# {PrivatePort} {} {PrivatePort} {8003} "8003"
    ; port to access private grid services.
    ; grids that run all their regions should deny access to this port
    ; from outside their networks, using firewalls
    PrivatePort = "8003"
 [Startup]
    ;# {ConsolePrompt} {} {ConsolePrompt} {} "Region (\R) "
    ;; Console prompt
@@ -264,9 +261,13 @@
    ; edit the line ulimit -s 262144, and change this last value
    ;# {DefaultScriptEngine} {} {Default script engine} {XEngine} XEngine
-    ;; Default script engine to use. Currently, we only have XEngine
+    ;; Default script engine to use (Xengine if all commented)
    ; DefaultScriptEngine = "XEngine"
+    ;; ***DANGER***DANGER***
+    ;; experimental engine
+    ;; see section [YEngine} below
+    ; DefaultScriptEngine = "YEngine"
+    
    ;# {HttpProxy} {} {Proxy URL for llHTTPRequest and dynamic texture loading} {} http://proxy.com:8080
    ;; Http proxy setting for llHTTPRequest and dynamic texture loading, if
    ;; required
@@ -299,7 +300,18 @@
    ;; default is false
    ; TelehubAllowLandmark = false
+    
+    ;; SSL certificate validation options
+    ;; you can allow selfsigned certificates or no official CA with next option set to true
+    ;# {NoVerifyCertChain} {} {do not verify SSL Cert Chain} {true false} true
+    ; NoVerifyCertChain = true
+    ;; you can also bypass the hostname or domain verification
+    ;# {NoVerifyCertHostname} {} {do not verify SSL Cert name versus peer name} {true false} true
+    ; NoVerifyCertHostname = true
+    ;; having both options true does provide encryption but with low security
+    ;; set both true if you don't care to use SSL, they are needed to contact regions or grids that do use it.
+    
 [AccessControl]
    ;# {AllowedClients} {} {Bar (|) separated list of allowed clients} {}
    ;; Bar (|) separated list of viewers which may gain access to the regions.
@@ -458,7 +470,6 @@
    ;; Password for the default estate owner
    ; DefaultEstateOwnerPassword = password
 [SMTP]
    ;; The SMTP server enabled the email module to send email to external
    ;; destinations.
@@ -491,7 +502,6 @@
    ;# {SMTP_SERVER_PASSWORD} {[Startup]emailmodule:DefaultEmailModule enabled:true} {SMTP server password} {}
    ; SMTP_SERVER_PASSWORD = ""
 [Network]
    ;# {ConsoleUser} {} {User name for console account} {}
    ;; Configure the remote console user here. This will not actually be used
@@ -508,10 +518,39 @@
    ;; the region ports use UDP.
    ; http_listener_port = 9000
+        ; optional main server secure http (ssl)
+        ; to use ssl you need a ssl certificate in PKCS12 format that validates the ExternalHostnames 
+        ; or their domains
+        ; some viewers by default only accept certificates signed by a oficial CA
+        ; to use others like self signed certificates with those viewers,
+        ; their debug option NoVerifySSLCert needs to be set true, You need to inform users about this
+        ; the main unsecure port will still open for some services. this may change in future.
+        
+        ; set http_listener_ssl to enable main server ssl. it will replace unsecure port on most functions
+        ;# {http_listener_ssl}{} {enable main server ssl port)} {} false
+    ;http_listener_ssl = false
+        
+        ; Set port for main SSL connections
+        ;# {http_listener_sslport}{} {main server ssl port)} {} 9001
+    ;http_listener_sslport = 9001 ;
+        
+        ; currently if using ssl, regions ExternalHostName must the the same and equal to http_listener_cn
+        ; this may be removed in future
+        ;# {http_listener_cn}{} {main server ssl externalHostName)} {} ""
+    ;http_listener_cn = "myRegionsExternalHostName"
+        ; the path for the certificate path
+        ;# {http_listener_cert_path}{} {main server ssl certificate file path)} {} ""
+    ;http_listener_cert_path = "mycert.p12"
+        
+        ;# {http_listener_cert_pass}{} {main server ssl certificate password)} {} ""
+        ;http_listener_cert_pass = "mycertpass" ; the cert passwork
+        
    ; By default, OpenSimulator does not allow scripts to make HTTP calls to addresses on the simulator's LAN.
    ; See the OutboundDisallowForUserScripts parameter in OpenSimDefaults.ini for more information on this filter.
    ; If you need to allow scripts to make some LAN calls use the OutboundDisallowForUserScriptsExcept parameter below.
    ; We recommend that you do not override OutboundDisallowForUserScripts directly unless you are very sure about what you're doing.
+        ; this HTTP calls can also use ssl see opensimDefaults.ini
    ;
    ; You can whitelist individual endpoints by IP or FQDN, e.g.
    ;
@@ -884,6 +923,22 @@
    ;; Money Unit fee to create groups.  Default is 0.
    ; PriceGroupCreate = 0
+[YEngine]
+    ;; experimental engine
+    ;; ONLY SUPORTS ONE REGION PER INSTANCE at this point
+    ;; implements non preemptive microthreading, so fixing problems like llSleep or long events handlers
+    ;; but those will suffer from timeslicing, so will be slower.
+    ;; compiles LSL directly to IL, so only suports LSL scripting (no C# etc) 
+    ;; shares the Xengine APIs like LSL, OSSL, etc.
+    ;; DANGER, do not use with HG, don't leave regions running alone with it.
+    ;; TPs or crossings to/from Xengine will full recompile scripts losing state.
+    ;; attachment scripts may misbehave, cars will stop on crossings, etc.
+    Enabled = false
+    ScriptStackSize = 256
+    ScriptHeapSize = 256
+    UseSourceHashCode = true
+    MinTimerInterval = 0.1
+    ;ScriptBasePath="ScriptEngines"
 [XEngine]
    ;# {Enabled} {} {Enable the XEngine scripting engine?} {true false} true

diff --git a/bin/OpenSim.ini.example b/bin/OpenSim.ini.example index c610b3f..d9671f4 100644 --- a/bin/OpenSim.ini.example +++ b/bin/OpenSim.ini.example
@@ -46,11 +46,8 @@
46		46
47		47
48	[Const]	48	[Const]
49	; For a grid these will usually be the externally accessible IP/DNS	49	; this section defines constants for grid services
50	; name and use default public port 8002 and default private port 8003	50	; to simplify other configuration files default settings
51	; For a standalone this will usually be the externally accessible IP/DNS
52	; name and use default public port 9000. The private port is not used
53	; in the configuration for a standalone.
54		51
55	;# {BaseHostname} {} {BaseHostname} {"example.com" "127.0.0.1"} "127.0.0.1"	52	;# {BaseHostname} {} {BaseHostname} {"example.com" "127.0.0.1"} "127.0.0.1"
56	BaseHostname = "127.0.0.1"	53	BaseHostname = "127.0.0.1"
@@ -61,13 +58,13 @@
61	;# {PublicPort} {} {PublicPort} {8002 9000} "8002"	58	;# {PublicPort} {} {PublicPort} {8002 9000} "8002"
62	PublicPort = "8002"	59	PublicPort = "8002"
63		60
		61	;grid default private port 8003, not used in standalone
64	;# {PrivatePort} {} {PrivatePort} {8003} "8003"	62	;# {PrivatePort} {} {PrivatePort} {8003} "8003"
65	; port to access private grid services.	63	; port to access private grid services.
66	; grids that run all their regions should deny access to this port	64	; grids that run all their regions should deny access to this port
67	; from outside their networks, using firewalls	65	; from outside their networks, using firewalls
68	PrivatePort = "8003"	66	PrivatePort = "8003"
69		67
70
71	[Startup]	68	[Startup]
72	;# {ConsolePrompt} {} {ConsolePrompt} {} "Region (\R) "	69	;# {ConsolePrompt} {} {ConsolePrompt} {} "Region (\R) "
73	;; Console prompt	70	;; Console prompt
@@ -264,9 +261,13 @@
264	; edit the line ulimit -s 262144, and change this last value	261	; edit the line ulimit -s 262144, and change this last value
265		262
266	;# {DefaultScriptEngine} {} {Default script engine} {XEngine} XEngine	263	;# {DefaultScriptEngine} {} {Default script engine} {XEngine} XEngine
267	;; Default script engine to use. Currently, we only have XEngine	264	;; Default script engine to use (Xengine if all commented)
268	; DefaultScriptEngine = "XEngine"	265	; DefaultScriptEngine = "XEngine"
269		266	;; *DANGERDANGER**
		267	;; experimental engine
		268	;; see section [YEngine} below
		269	; DefaultScriptEngine = "YEngine"
		270
270	;# {HttpProxy} {} {Proxy URL for llHTTPRequest and dynamic texture loading} {} http://proxy.com:8080	271	;# {HttpProxy} {} {Proxy URL for llHTTPRequest and dynamic texture loading} {} http://proxy.com:8080
271	;; Http proxy setting for llHTTPRequest and dynamic texture loading, if	272	;; Http proxy setting for llHTTPRequest and dynamic texture loading, if
272	;; required	273	;; required
@@ -299,7 +300,18 @@
299	;; default is false	300	;; default is false
300	; TelehubAllowLandmark = false	301	; TelehubAllowLandmark = false
301		302
302		303
		304	;; SSL certificate validation options
		305	;; you can allow selfsigned certificates or no official CA with next option set to true
		306	;# {NoVerifyCertChain} {} {do not verify SSL Cert Chain} {true false} true
		307	; NoVerifyCertChain = true
		308
		309	;; you can also bypass the hostname or domain verification
		310	;# {NoVerifyCertHostname} {} {do not verify SSL Cert name versus peer name} {true false} true
		311	; NoVerifyCertHostname = true
		312	;; having both options true does provide encryption but with low security
		313	;; set both true if you don't care to use SSL, they are needed to contact regions or grids that do use it.
		314
303	[AccessControl]	315	[AccessControl]
304	;# {AllowedClients} {} {Bar (\|) separated list of allowed clients} {}	316	;# {AllowedClients} {} {Bar (\|) separated list of allowed clients} {}
305	;; Bar (\|) separated list of viewers which may gain access to the regions.	317	;; Bar (\|) separated list of viewers which may gain access to the regions.
@@ -458,7 +470,6 @@
458	;; Password for the default estate owner	470	;; Password for the default estate owner
459	; DefaultEstateOwnerPassword = password	471	; DefaultEstateOwnerPassword = password
460		472
461
462	[SMTP]	473	[SMTP]
463	;; The SMTP server enabled the email module to send email to external	474	;; The SMTP server enabled the email module to send email to external
464	;; destinations.	475	;; destinations.
@@ -491,7 +502,6 @@
491	;# {SMTP_SERVER_PASSWORD} {[Startup]emailmodule:DefaultEmailModule enabled:true} {SMTP server password} {}	502	;# {SMTP_SERVER_PASSWORD} {[Startup]emailmodule:DefaultEmailModule enabled:true} {SMTP server password} {}
492	; SMTP_SERVER_PASSWORD = ""	503	; SMTP_SERVER_PASSWORD = ""
493		504
494
495	[Network]	505	[Network]
496	;# {ConsoleUser} {} {User name for console account} {}	506	;# {ConsoleUser} {} {User name for console account} {}
497	;; Configure the remote console user here. This will not actually be used	507	;; Configure the remote console user here. This will not actually be used
@@ -508,10 +518,39 @@
508	;; the region ports use UDP.	518	;; the region ports use UDP.
509	; http_listener_port = 9000	519	; http_listener_port = 9000
510		520
		521	; optional main server secure http (ssl)
		522	; to use ssl you need a ssl certificate in PKCS12 format that validates the ExternalHostnames
		523	; or their domains
		524	; some viewers by default only accept certificates signed by a oficial CA
		525	; to use others like self signed certificates with those viewers,
		526	; their debug option NoVerifySSLCert needs to be set true, You need to inform users about this
		527	; the main unsecure port will still open for some services. this may change in future.
		528
		529	; set http_listener_ssl to enable main server ssl. it will replace unsecure port on most functions
		530	;# {http_listener_ssl}{} {enable main server ssl port)} {} false
		531	;http_listener_ssl = false
		532
		533	; Set port for main SSL connections
		534	;# {http_listener_sslport}{} {main server ssl port)} {} 9001
		535	;http_listener_sslport = 9001 ;
		536
		537	; currently if using ssl, regions ExternalHostName must the the same and equal to http_listener_cn
		538	; this may be removed in future
		539	;# {http_listener_cn}{} {main server ssl externalHostName)} {} ""
		540	;http_listener_cn = "myRegionsExternalHostName"
		541
		542	; the path for the certificate path
		543	;# {http_listener_cert_path}{} {main server ssl certificate file path)} {} ""
		544	;http_listener_cert_path = "mycert.p12"
		545
		546	;# {http_listener_cert_pass}{} {main server ssl certificate password)} {} ""
		547	;http_listener_cert_pass = "mycertpass" ; the cert passwork
		548
511	; By default, OpenSimulator does not allow scripts to make HTTP calls to addresses on the simulator's LAN.	549	; By default, OpenSimulator does not allow scripts to make HTTP calls to addresses on the simulator's LAN.
512	; See the OutboundDisallowForUserScripts parameter in OpenSimDefaults.ini for more information on this filter.	550	; See the OutboundDisallowForUserScripts parameter in OpenSimDefaults.ini for more information on this filter.
513	; If you need to allow scripts to make some LAN calls use the OutboundDisallowForUserScriptsExcept parameter below.	551	; If you need to allow scripts to make some LAN calls use the OutboundDisallowForUserScriptsExcept parameter below.
514	; We recommend that you do not override OutboundDisallowForUserScripts directly unless you are very sure about what you're doing.	552	; We recommend that you do not override OutboundDisallowForUserScripts directly unless you are very sure about what you're doing.
		553	; this HTTP calls can also use ssl see opensimDefaults.ini
515	;	554	;
516	; You can whitelist individual endpoints by IP or FQDN, e.g.	555	; You can whitelist individual endpoints by IP or FQDN, e.g.
517	;	556	;
@@ -884,6 +923,22 @@
884	;; Money Unit fee to create groups. Default is 0.	923	;; Money Unit fee to create groups. Default is 0.
885	; PriceGroupCreate = 0	924	; PriceGroupCreate = 0
886		925
		926	[YEngine]
		927	;; experimental engine
		928	;; ONLY SUPORTS ONE REGION PER INSTANCE at this point
		929	;; implements non preemptive microthreading, so fixing problems like llSleep or long events handlers
		930	;; but those will suffer from timeslicing, so will be slower.
		931	;; compiles LSL directly to IL, so only suports LSL scripting (no C# etc)
		932	;; shares the Xengine APIs like LSL, OSSL, etc.
		933	;; DANGER, do not use with HG, don't leave regions running alone with it.
		934	;; TPs or crossings to/from Xengine will full recompile scripts losing state.
		935	;; attachment scripts may misbehave, cars will stop on crossings, etc.
		936	Enabled = false
		937	ScriptStackSize = 256
		938	ScriptHeapSize = 256
		939	UseSourceHashCode = true
		940	MinTimerInterval = 0.1
		941	;ScriptBasePath="ScriptEngines"
887		942
888	[XEngine]	943	[XEngine]
889	;# {Enabled} {} {Enable the XEngine scripting engine?} {true false} true	944	;# {Enabled} {} {Enable the XEngine scripting engine?} {true false} true