mirrors/coturn
1
0
Fork 0
mirror of https://github.com/coturn/coturn.git synced 2025-10-24 20:41:03 +02:00
Code Issues Projects Releases Wiki Activity

MySQL SSL support added

Browse Source
This commit is contained in:
mom040267 2014-08-16 06:51:58 +00:00
parent f904f07969
commit 00f2a84f56
10 changed files with 67 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@ -2,6 +2,7 @@
Version 4.1.2.1 'Vitari': Version 4.1.2.1 'Vitari':
- The origin attribute is verified in the subsequent - The origin attribute is verified in the subsequent
session messages. session messages.
- MySQL SSL connection support.
- Crash fixed when the DB connection string is incorrect. - Crash fixed when the DB connection string is incorrect.
- Minor docs fixes. - Minor docs fixes.

5
INSTALL
View File

@ -897,6 +897,11 @@ Or in the turnserver.conf file:
mysql-userdb="host=localhost dbname=turn user=turn password=turn connect_timeout=30" mysql-userdb="host=localhost dbname=turn user=turn password=turn connect_timeout=30"
If you have to use a secure MySQL connection (SSL) then you have to use also
the optional connection string parameters for the secure communications:
ca, capath, cert, key, cipher (see
http://dev.mysql.com/doc/refman/5.0/en/mysql-ssl-set.html for the description).
XVI. MongoDB setup XVI. MongoDB setup
The MongoDB setup is well documented on their site http://docs.mongodb.org/manual/. The MongoDB setup is well documented on their site http://docs.mongodb.org/manual/.

4
README.turnserver
View File

@ -118,6 +118,10 @@ User database settings:
Also, see http://www.mysql.org or http://mariadb.org Also, see http://www.mysql.org or http://mariadb.org
for full MySQL documentation. for full MySQL documentation.
Optional connection string parameters for the secure communications (SSL):
ca, capath, cert, key, cipher
(see http://dev.mysql.com/doc/refman/5.0/en/mysql-ssl-set.html for the description).
-J, --mongo-userdb User database connection string for MongoDB. -J, --mongo-userdb User database connection string for MongoDB.
This database can be used for long-term and short-term This database can be used for long-term and short-term
credentials mechanisms, and it can store the secret value credentials mechanisms, and it can store the secret value

2
STATUS
View File

@ -103,5 +103,7 @@ compatibility.
44) Double (dual) allocation added (SSODA draft). 44) Double (dual) allocation added (SSODA draft).
45) Secure MySQL connection implemented.
Things to be implemented in future (the development roadmap) Things to be implemented in future (the development roadmap)
are described in the TODO file. are described in the TODO file.

5
examples/etc/turnserver.conf
View File

@ -264,6 +264,11 @@
# as the user database. # as the user database.
# This database can be used for long-term and short-term credential mechanisms # This database can be used for long-term and short-term credential mechanisms
# and it can store the secret value for secret-based timed authentication in TURN RESP API. # and it can store the secret value for secret-based timed authentication in TURN RESP API.
#
# Optional connection string parameters for the secure communications (SSL):
# ca, capath, cert, key, cipher
# (see http://dev.mysql.com/doc/refman/5.0/en/mysql-ssl-set.html for the description).
#
# Use string format as below (space separated parameters, all optional): # Use string format as below (space separated parameters, all optional):
# #
#mysql-userdb="host=<host> dbname=<database-name> user=<database-user> password=<database-user-password> port=<port> connect_timeout=<seconds>" #mysql-userdb="host=<host> dbname=<database-name> user=<database-user> password=<database-user-password> port=<port> connect_timeout=<seconds>"

2
man/man1/turnadmin.1
View File

@ -1,5 +1,5 @@
.\" Text automatically generated by txt2man .\" Text automatically generated by txt2man
.TH TURN 1 "11 August 2014" "" "" .TH TURN 1 "15 August 2014" "" ""
.SH GENERAL INFORMATION .SH GENERAL INFORMATION
\fIturnadmin\fP is a TURN administration tool. This tool can be used to manage \fIturnadmin\fP is a TURN administration tool. This tool can be used to manage

6
man/man1/turnserver.1
View File

@ -1,5 +1,5 @@
.\" Text automatically generated by txt2man .\" Text automatically generated by txt2man
.TH TURN 1 "11 August 2014" "" "" .TH TURN 1 "15 August 2014" "" ""
.SH GENERAL INFORMATION .SH GENERAL INFORMATION
The \fBTURN Server\fP project contains the source code of a TURN server and TURN client The \fBTURN Server\fP project contains the source code of a TURN server and TURN client
@ -175,6 +175,10 @@ See the INSTALL file for more explanations and examples.
.PP .PP
Also, see http://www.mysql.org or http://mariadb.org Also, see http://www.mysql.org or http://mariadb.org
for full MySQL documentation. for full MySQL documentation.
.PP
Optional connection string parameters for the secure communications (SSL):
ca, capath, cert, key, cipher
(see http://dev.mysql.com/doc/refman/5.0/en/mysql\-ssl\-set.html for the description).
.RE .RE
.TP .TP
.B .B

2
man/man1/turnutils.1
View File

@ -1,5 +1,5 @@
.\" Text automatically generated by txt2man .\" Text automatically generated by txt2man
.TH TURN 1 "11 August 2014" "" "" .TH TURN 1 "15 August 2014" "" ""
.SH GENERAL INFORMATION .SH GENERAL INFORMATION
A set of turnutils_* programs provides some utility functionality to be used A set of turnutils_* programs provides some utility functionality to be used

35
src/apps/relay/dbdrivers/dbd_mysql.c
View File

@ -46,6 +46,13 @@ struct _Myconninfo {
char *password; char *password;
unsigned int port; unsigned int port;
unsigned int connect_timeout; unsigned int connect_timeout;
/* SSL ==>> */
char *key;
char *ca;
char *cert;
char *capath;
char *cipher;
/* <<== SSL : see http://dev.mysql.com/doc/refman/5.0/en/mysql-ssl-set.html */
}; };
typedef struct _Myconninfo Myconninfo; typedef struct _Myconninfo Myconninfo;
@ -56,6 +63,11 @@ static void MyconninfoFree(Myconninfo *co) {
if(co->dbname) turn_free(co->dbname, strlen(co->dbname)+1); if(co->dbname) turn_free(co->dbname, strlen(co->dbname)+1);
if(co->user) turn_free(co->user, strlen(co->user)+1); if(co->user) turn_free(co->user, strlen(co->user)+1);
if(co->password) turn_free(co->password, strlen(co->password)+1); if(co->password) turn_free(co->password, strlen(co->password)+1);
if(co->key) turn_free(co->key, strlen(co->key)+1);
if(co->ca) turn_free(co->ca, strlen(co->ca)+1);
if(co->cert) turn_free(co->cert, strlen(co->cert)+1);
if(co->capath) turn_free(co->capath, strlen(co->capath)+1);
if(co->cipher) turn_free(co->cipher, strlen(co->cipher)+1);
ns_bzero(co,sizeof(Myconninfo)); ns_bzero(co,sizeof(Myconninfo));
} }
} }
@ -127,6 +139,26 @@ static Myconninfo *MyconninfoParse(char *userdb, char **errmsg) {
co->connect_timeout = (unsigned int)atoi(seq+1); co->connect_timeout = (unsigned int)atoi(seq+1);
else if(!strcmp(s,"timeout")) else if(!strcmp(s,"timeout"))
co->connect_timeout = (unsigned int)atoi(seq+1); co->connect_timeout = (unsigned int)atoi(seq+1);
else if(!strcmp(s,"key"))
co->key = strdup(seq+1);
else if(!strcmp(s,"ssl-key"))
co->key = strdup(seq+1);
else if(!strcmp(s,"ca"))
co->ca = strdup(seq+1);
else if(!strcmp(s,"ssl-ca"))
co->ca = strdup(seq+1);
else if(!strcmp(s,"capath"))
co->capath = strdup(seq+1);
else if(!strcmp(s,"ssl-capath"))
co->capath = strdup(seq+1);
else if(!strcmp(s,"cert"))
co->cert = strdup(seq+1);
else if(!strcmp(s,"ssl-cert"))
co->cert = strdup(seq+1);
else if(!strcmp(s,"cipher"))
co->cipher = strdup(seq+1);
else if(!strcmp(s,"ssl-cipher"))
co->cipher = strdup(seq+1);
else { else {
MyconninfoFree(co); MyconninfoFree(co);
co = NULL; co = NULL;
@ -192,6 +224,9 @@ static MYSQL *get_mydb_connection(void) {
} else { } else {
if(co->connect_timeout) if(co->connect_timeout)
mysql_options(mydbconnection,MYSQL_OPT_CONNECT_TIMEOUT,&(co->connect_timeout)); mysql_options(mydbconnection,MYSQL_OPT_CONNECT_TIMEOUT,&(co->connect_timeout));
if(co->ca || co->capath || co->cert || co->cipher || co->key) {
mysql_ssl_set(mydbconnection, co->key, co->cert, co->ca, co->capath, co->cipher);
}
MYSQL *conn = mysql_real_connect(mydbconnection, co->host, co->user, co->password, co->dbname, co->port, NULL, CLIENT_IGNORE_SIGPIPE); MYSQL *conn = mysql_real_connect(mydbconnection, co->host, co->user, co->password, co->dbname, co->port, NULL, CLIENT_IGNORE_SIGPIPE);
if(!conn) { if(!conn) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Cannot open MySQL DB connection: <%s>, runtime error\n",pud->userdb); TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Cannot open MySQL DB connection: <%s>, runtime error\n",pud->userdb);

11
src/apps/relay/mainrelay.c
View File

@ -425,8 +425,11 @@ static char Usage[] = "Usage: turnserver [options]\n"
" This database can be used for long-term and short-term credentials mechanisms,\n" " This database can be used for long-term and short-term credentials mechanisms,\n"
" and it can store the secret value(s) for secret-based timed authentication in TURN RESP API.\n" " and it can store the secret value(s) for secret-based timed authentication in TURN RESP API.\n"
" The connection string my be space-separated list of parameters:\n" " The connection string my be space-separated list of parameters:\n"
" \"host=<ip-addr> dbname=<database-name> user=<database-user> \\\n password=<database-user-password> port=<db-port> connect_timeout=<seconds>\".\n" " \"host=<ip-addr> dbname=<database-name> user=<database-user> \\\n password=<database-user-password> port=<db-port> connect_timeout=<seconds>\".\n\n"
" All parameters are optional.\n" " The connection string parameters for the secure communications (SSL):\n"
" ca, capath, cert, key, cipher\n"
" (see http://dev.mysql.com/doc/refman/5.0/en/mysql-ssl-set.html for the description).\n\n"
" All connection-string parameters are optional.\n\n"
#endif #endif
#if !defined(TURN_NO_MONGO) #if !defined(TURN_NO_MONGO)
" -J, --mongo-userdb <connection-string> MongoDB connection string, if used (default - empty, no MongoDB used).\n" " -J, --mongo-userdb <connection-string> MongoDB connection string, if used (default - empty, no MongoDB used).\n"
@ -438,8 +441,8 @@ static char Usage[] = "Usage: turnserver [options]\n"
" This database can be used for long-term and short-term credentials mechanisms,\n" " This database can be used for long-term and short-term credentials mechanisms,\n"
" and it can store the secret value(s) for secret-based timed authentication in TURN RESP API.\n" " and it can store the secret value(s) for secret-based timed authentication in TURN RESP API.\n"
" The connection string my be space-separated list of parameters:\n" " The connection string my be space-separated list of parameters:\n"
" \"host=<ip-addr> dbname=<db-number> \\\n password=<database-user-password> port=<db-port> connect_timeout=<seconds>\".\n" " \"host=<ip-addr> dbname=<db-number> \\\n password=<database-user-password> port=<db-port> connect_timeout=<seconds>\".\n\n"
" All parameters are optional.\n" " All connection-string parameters are optional.\n\n"
" -O, --redis-statsdb <connection-string> Redis status and statistics database connection string, if used \n" " -O, --redis-statsdb <connection-string> Redis status and statistics database connection string, if used \n"
" (default - empty, no Redis stats DB used).\n" " (default - empty, no Redis stats DB used).\n"
" This database keeps allocations status information, and it can be also used for publishing\n" " This database keeps allocations status information, and it can be also used for publishing\n"