add SSL certs validation options for robust to allow simple certificates, possible only for encriptation without any peer autentification. disable validation by default for the small grids case
parent
4993a08d25
commit
049dd374e9
|
@ -30,6 +30,8 @@ using log4net;
|
|||
using System.Reflection;
|
||||
using System;
|
||||
using System.Net;
|
||||
using System.Net.Security;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
using System.Collections.Generic;
|
||||
using OpenSim.Framework.Servers;
|
||||
using OpenSim.Framework.Servers.HttpServer;
|
||||
|
@ -51,6 +53,26 @@ namespace OpenSim.Server
|
|||
new List<IServiceConnector>();
|
||||
|
||||
protected static PluginLoader loader;
|
||||
private static bool m_NoVerifyCertChain = false;
|
||||
private static bool m_NoVerifyCertHostname = false;
|
||||
|
||||
public static bool ValidateServerCertificate(
|
||||
object sender,
|
||||
X509Certificate certificate,
|
||||
X509Chain chain,
|
||||
SslPolicyErrors sslPolicyErrors)
|
||||
{
|
||||
if (m_NoVerifyCertChain)
|
||||
sslPolicyErrors &= ~SslPolicyErrors.RemoteCertificateChainErrors;
|
||||
|
||||
if (m_NoVerifyCertHostname)
|
||||
sslPolicyErrors &= ~SslPolicyErrors.RemoteCertificateNameMismatch;
|
||||
|
||||
if (sslPolicyErrors == SslPolicyErrors.None)
|
||||
return true;
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
public static int Main(string[] args)
|
||||
{
|
||||
|
@ -69,6 +91,11 @@ namespace OpenSim.Server
|
|||
throw new Exception("Configuration error");
|
||||
}
|
||||
|
||||
m_NoVerifyCertChain = serverConfig.GetBoolean("NoVerifyCertChain", m_NoVerifyCertChain);
|
||||
m_NoVerifyCertHostname = serverConfig.GetBoolean("NoVerifyCertHostname", m_NoVerifyCertHostname);
|
||||
|
||||
ServicePointManager.ServerCertificateValidationCallback = ValidateServerCertificate;
|
||||
|
||||
string connList = serverConfig.GetString("ServiceConnectors", String.Empty);
|
||||
|
||||
registryLocation = serverConfig.GetString("RegistryLocation",".");
|
||||
|
|
|
@ -70,6 +70,15 @@
|
|||
; How many lines of command history should we keep? (default is 100)
|
||||
ConsoleHistoryFileLines = 100
|
||||
|
||||
; peers SSL certificate validation options (if using ssl)
|
||||
; you should set this to false forcing all peers (like regions) to have valid certificates
|
||||
; but you can allow selfsigned certificates or no official CA with next option true
|
||||
NoVerifyCertChain = true
|
||||
; you can also bypass the hostname or domain verification
|
||||
NoVerifyCertHostname = true
|
||||
; having both options true does provide encriptation, but low security
|
||||
; possible enought for small grids, specially it not comercial
|
||||
|
||||
|
||||
[ServiceList]
|
||||
AssetServiceConnector = "${Const|PrivatePort}/OpenSim.Server.Handlers.dll:AssetServiceConnector"
|
||||
|
|
Loading…
Reference in New Issue