1 files changed, 26 insertions, 12 deletions
diff --git a/bin/OpenSimDefaults.ini b/bin/OpenSimDefaults.ini
index bb81c95..51f6c9c 100644
--- a/bin/OpenSimDefaults.ini
+++ b/bin/OpenSimDefaults.ini
@@ -401,7 +401,18 @@
    ; routing and land at the landmark coordinates when set to true
    ; default is false
    ; TelehubAllowLandmark = false
-   
+    ; #
+    ; # SSL certificates validation options
+    ; #
+    
+    ; SSL certificate validation options
+    ; you can allow selfsigned certificates or no official CA with next option set to true
+    ; NoVerifyCertChain = true
+    ; you can also bypass the hostname or domain verification
+    ; NoVerifyCertHostname = true
+    ; having both options true does provide encryption but with low security
+    ; set both true if you don't care to use SSL, they are needed to contact regions or grids that do use it.
    
 [Map]
    ; Map tile options.  
@@ -571,16 +582,18 @@
    http_listener_port = 9000
    console_port = 0
-    ; ssl config: Experimental!  The auto https config only really works definately on windows XP now
+    ; ssl config: Experimental!
-    ; you need a Cert Request/Signed pair installed in the MY store with the CN specified below
+    http_listener_ssl = false ; if set to true main server is replaced by a ssl one
-    ; you can use https on other platforms, but you'll need to configure the httpapi yourself for now
-    http_listener_ssl = false ; Also create a SSL server
-    http_listener_cn = "localhost" ; Use the cert with the common name
    http_listener_sslport = 9001 ; Use this port for SSL connections
-    http_listener_ssl_cert = "" ; Currently unused, but will be used for OSHttpServer
+        ; currently if using ssl, regions ExternalHostName must the the same and equal to http_listener_cn
+        ; this will change is future
-    ; HTTPS for "Out of band" management applications such as the remote 
+    http_listener_cn = "myRegionsExternalHostName"
-    ; admin module
+        ; if the cert doesnt have a oficial CA or is selfsigned viewers option NoVerifySSLCert need to be set true
+    http_listener_cert_path = "mycert.p12" ; path for the cert file that is valid for the ExternalHostName
+        http_listener_cert_pass = "mycertpass" ; the cert passwork
+    ; addicional HTTPS for "Out of band" management applications such as the remote 
+    ; admin module or scripts
    ;
    ; Create https_listener = "True" will create a listener on the port
    ; specified. Provide the path to your server certificate along with it's
@@ -588,7 +601,7 @@
    ; https_listener = False
    ; Set our listener to this port
    ; https_port = 0
-    ; Path to X509 certificate
+    ; Path to X509 certificate, can be the same as main or another
    ; cert_path = "path/to/cert.p12"
    ; Password for cert
    ; cert_pass = "password"
@@ -600,7 +613,8 @@
    ; HttpBodyMaxLenMAX=16384
    ; Hostname to use in llRequestURL/llRequestSecureURL
-    ; if not defined - llRequestURL/llRequestSecureURL are disabled   
+        ; must be a valid hostname for the ssl cert.
+        ; if not defined - llRequestURL/llRequestSecureURL are disabled   
    ; ExternalHostNameForLSL=127.0.0.1
    ; Disallow the following address ranges for user scripting calls (e.g. llHttpRequest())

diff --git a/bin/OpenSimDefaults.ini b/bin/OpenSimDefaults.ini index bb81c95..51f6c9c 100644 --- a/bin/OpenSimDefaults.ini +++ b/bin/OpenSimDefaults.ini
@@ -401,7 +401,18 @@
401	; routing and land at the landmark coordinates when set to true	401	; routing and land at the landmark coordinates when set to true
402	; default is false	402	; default is false
403	; TelehubAllowLandmark = false	403	; TelehubAllowLandmark = false
404		404
		405	; #
		406	; # SSL certificates validation options
		407	; #
		408
		409	; SSL certificate validation options
		410	; you can allow selfsigned certificates or no official CA with next option set to true
		411	; NoVerifyCertChain = true
		412	; you can also bypass the hostname or domain verification
		413	; NoVerifyCertHostname = true
		414	; having both options true does provide encryption but with low security
		415	; set both true if you don't care to use SSL, they are needed to contact regions or grids that do use it.
405		416
406	[Map]	417	[Map]
407	; Map tile options.	418	; Map tile options.
@@ -571,16 +582,18 @@
571	http_listener_port = 9000	582	http_listener_port = 9000
572	console_port = 0	583	console_port = 0
573		584
574	; ssl config: Experimental! The auto https config only really works definately on windows XP now	585	; ssl config: Experimental!
575	; you need a Cert Request/Signed pair installed in the MY store with the CN specified below	586	http_listener_ssl = false ; if set to true main server is replaced by a ssl one
576	; you can use https on other platforms, but you'll need to configure the httpapi yourself for now
577	http_listener_ssl = false ; Also create a SSL server
578	http_listener_cn = "localhost" ; Use the cert with the common name
579	http_listener_sslport = 9001 ; Use this port for SSL connections	587	http_listener_sslport = 9001 ; Use this port for SSL connections
580	http_listener_ssl_cert = "" ; Currently unused, but will be used for OSHttpServer	588	; currently if using ssl, regions ExternalHostName must the the same and equal to http_listener_cn
581		589	; this will change is future
582	; HTTPS for "Out of band" management applications such as the remote	590	http_listener_cn = "myRegionsExternalHostName"
583	; admin module	591	; if the cert doesnt have a oficial CA or is selfsigned viewers option NoVerifySSLCert need to be set true
		592	http_listener_cert_path = "mycert.p12" ; path for the cert file that is valid for the ExternalHostName
		593	http_listener_cert_pass = "mycertpass" ; the cert passwork
		594
		595	; addicional HTTPS for "Out of band" management applications such as the remote
		596	; admin module or scripts
584	;	597	;
585	; Create https_listener = "True" will create a listener on the port	598	; Create https_listener = "True" will create a listener on the port
586	; specified. Provide the path to your server certificate along with it's	599	; specified. Provide the path to your server certificate along with it's
@@ -588,7 +601,7 @@
588	; https_listener = False	601	; https_listener = False
589	; Set our listener to this port	602	; Set our listener to this port
590	; https_port = 0	603	; https_port = 0
591	; Path to X509 certificate	604	; Path to X509 certificate, can be the same as main or another
592	; cert_path = "path/to/cert.p12"	605	; cert_path = "path/to/cert.p12"
593	; Password for cert	606	; Password for cert
594	; cert_pass = "password"	607	; cert_pass = "password"
@@ -600,7 +613,8 @@
600	; HttpBodyMaxLenMAX=16384	613	; HttpBodyMaxLenMAX=16384
601		614
602	; Hostname to use in llRequestURL/llRequestSecureURL	615	; Hostname to use in llRequestURL/llRequestSecureURL
603	; if not defined - llRequestURL/llRequestSecureURL are disabled	616	; must be a valid hostname for the ssl cert.
		617	; if not defined - llRequestURL/llRequestSecureURL are disabled
604	; ExternalHostNameForLSL=127.0.0.1	618	; ExternalHostNameForLSL=127.0.0.1
605		619
606	; Disallow the following address ranges for user scripting calls (e.g. llHttpRequest())	620	; Disallow the following address ranges for user scripting calls (e.g. llHttpRequest())