OpenSim
/
OpenSimMirror
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

add SSL certs validation options for robust to allow simple certificates, possible only for encriptation without any peer autentification. disable validation by default for the small grids case

httptests
UbitUmarov 2016-12-07 12:23:40 +00:00
parent 4993a08d25
commit 049dd374e9
2 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
OpenSim/Server/ServerMain.cs
View File

@ -30,6 +30,8 @@ using log4net;
using System.Reflection; using System.Reflection;
using System; using System;
using System.Net; using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.Collections.Generic; using System.Collections.Generic;
using OpenSim.Framework.Servers; using OpenSim.Framework.Servers;
using OpenSim.Framework.Servers.HttpServer; using OpenSim.Framework.Servers.HttpServer;
@ -51,6 +53,26 @@ namespace OpenSim.Server
new List<IServiceConnector>(); new List<IServiceConnector>();
protected static PluginLoader loader; protected static PluginLoader loader;
private static bool m_NoVerifyCertChain = false;
private static bool m_NoVerifyCertHostname = false;
public static bool ValidateServerCertificate(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
if (m_NoVerifyCertChain)
sslPolicyErrors &= ~SslPolicyErrors.RemoteCertificateChainErrors;
if (m_NoVerifyCertHostname)
sslPolicyErrors &= ~SslPolicyErrors.RemoteCertificateNameMismatch;
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
return false;
}
public static int Main(string[] args) public static int Main(string[] args)
{ {
@ -69,6 +91,11 @@ namespace OpenSim.Server
throw new Exception("Configuration error"); throw new Exception("Configuration error");
} }
m_NoVerifyCertChain = serverConfig.GetBoolean("NoVerifyCertChain", m_NoVerifyCertChain);
m_NoVerifyCertHostname = serverConfig.GetBoolean("NoVerifyCertHostname", m_NoVerifyCertHostname);
ServicePointManager.ServerCertificateValidationCallback = ValidateServerCertificate;
string connList = serverConfig.GetString("ServiceConnectors", String.Empty); string connList = serverConfig.GetString("ServiceConnectors", String.Empty);
registryLocation = serverConfig.GetString("RegistryLocation","."); registryLocation = serverConfig.GetString("RegistryLocation",".");

9
bin/Robust.HG.ini.example
View File

@ -70,6 +70,15 @@
; How many lines of command history should we keep? (default is 100) ; How many lines of command history should we keep? (default is 100)
ConsoleHistoryFileLines = 100 ConsoleHistoryFileLines = 100
; peers SSL certificate validation options (if using ssl)
; you should set this to false forcing all peers (like regions) to have valid certificates
; but you can allow selfsigned certificates or no official CA with next option true
NoVerifyCertChain = true
; you can also bypass the hostname or domain verification
NoVerifyCertHostname = true
; having both options true does provide encriptation, but low security
; possible enought for small grids, specially it not comercial
[ServiceList] [ServiceList]
AssetServiceConnector = "${Const|PrivatePort}/OpenSim.Server.Handlers.dll:AssetServiceConnector" AssetServiceConnector = "${Const|PrivatePort}/OpenSim.Server.Handlers.dll:AssetServiceConnector"