From 3a81642d979a84c5c2e666cb500e080d56f887ed Mon Sep 17 00:00:00 2001 From: UbitUmarov Date: Wed, 7 Dec 2016 13:30:07 +0000 Subject: add SSL certs validation options for regions to allow simple encriptation without any peer autentification using simple homemade (or even shared) certs. --- OpenSim/Framework/Servers/BaseOpenSimServer.cs | 30 +++++++++++++++++++++++++- OpenSim/Server/ServerMain.cs | 2 +- 2 files changed, 30 insertions(+), 2 deletions(-) (limited to 'OpenSim') diff --git a/OpenSim/Framework/Servers/BaseOpenSimServer.cs b/OpenSim/Framework/Servers/BaseOpenSimServer.cs index 1d4deac..541b658 100644 --- a/OpenSim/Framework/Servers/BaseOpenSimServer.cs +++ b/OpenSim/Framework/Servers/BaseOpenSimServer.cs @@ -33,6 +33,9 @@ using System.Text; using System.Text.RegularExpressions; using System.Threading; using System.Timers; +using System.Net; +using System.Net.Security; +using System.Security.Cryptography.X509Certificates; using log4net; using log4net.Appender; using log4net.Core; @@ -85,7 +88,27 @@ namespace OpenSim.Framework.Servers // Random uuid for private data m_osSecret = UUID.Random().ToString(); } - + + private static bool m_NoVerifyCertChain = false; + private static bool m_NoVerifyCertHostname = false; + + public static bool ValidateServerCertificate( + object sender, + X509Certificate certificate, + X509Chain chain, + SslPolicyErrors sslPolicyErrors) + { + if (m_NoVerifyCertChain) + sslPolicyErrors &= ~SslPolicyErrors.RemoteCertificateChainErrors; + + if (m_NoVerifyCertHostname) + sslPolicyErrors &= ~SslPolicyErrors.RemoteCertificateNameMismatch; + + if (sslPolicyErrors == SslPolicyErrors.None) + return true; + + return false; + } /// /// Must be overriden by child classes for their own server specific startup behaviour. /// @@ -96,6 +119,11 @@ namespace OpenSim.Framework.Servers RegisterCommonComponents(Config); IConfig startupConfig = Config.Configs["Startup"]; + + m_NoVerifyCertChain = startupConfig.GetBoolean("NoVerifyCertChain", m_NoVerifyCertChain); + m_NoVerifyCertHostname = startupConfig.GetBoolean("NoVerifyCertHostname", m_NoVerifyCertHostname); + ServicePointManager.ServerCertificateValidationCallback = ValidateServerCertificate; + int logShowStatsSeconds = startupConfig.GetInt("LogShowStatsSeconds", m_periodDiagnosticTimerMS / 1000); m_periodDiagnosticTimerMS = logShowStatsSeconds * 1000; m_periodicDiagnosticsTimer.Elapsed += new ElapsedEventHandler(LogDiagnostics); diff --git a/OpenSim/Server/ServerMain.cs b/OpenSim/Server/ServerMain.cs index 190f60f..9d6a3d0 100644 --- a/OpenSim/Server/ServerMain.cs +++ b/OpenSim/Server/ServerMain.cs @@ -79,6 +79,7 @@ namespace OpenSim.Server // Make sure we don't get outbound connections queueing ServicePointManager.DefaultConnectionLimit = 50; ServicePointManager.UseNagleAlgorithm = false; + ServicePointManager.ServerCertificateValidationCallback = ValidateServerCertificate; m_Server = new HttpServerBase("R.O.B.U.S.T.", args); @@ -94,7 +95,6 @@ namespace OpenSim.Server m_NoVerifyCertChain = serverConfig.GetBoolean("NoVerifyCertChain", m_NoVerifyCertChain); m_NoVerifyCertHostname = serverConfig.GetBoolean("NoVerifyCertHostname", m_NoVerifyCertHostname); - ServicePointManager.ServerCertificateValidationCallback = ValidateServerCertificate; string connList = serverConfig.GetString("ServiceConnectors", String.Empty); -- cgit v1.1