mirrors/coturn
1
0
Fork 0
mirror of https://github.com/coturn/coturn.git synced 2025-10-24 20:41:03 +02:00
Code Issues Projects Releases Wiki Activity

MySQL SSL support added

Browse Source
This commit is contained in:
mom040267 2014-08-16 06:51:58 +00:00
parent f904f07969
commit 00f2a84f56
10 changed files with 67 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@ -2,6 +2,7 @@
Version 4.1.2.1 'Vitari':
- The origin attribute is verified in the subsequent
session messages.
- MySQL SSL connection support.
- Crash fixed when the DB connection string is incorrect.
- Minor docs fixes.

5
INSTALL
View File

@ -897,6 +897,11 @@ Or in the turnserver.conf file:
mysql-userdb="host=localhost dbname=turn user=turn password=turn connect_timeout=30"
If you have to use a secure MySQL connection (SSL) then you have to use also
the optional connection string parameters for the secure communications:
ca, capath, cert, key, cipher (see
http://dev.mysql.com/doc/refman/5.0/en/mysql-ssl-set.html for the description).
XVI. MongoDB setup
The MongoDB setup is well documented on their site http://docs.mongodb.org/manual/.

4
README.turnserver
View File

@ -118,6 +118,10 @@ User database settings:
Also, see http://www.mysql.org or http://mariadb.org
for full MySQL documentation.
Optional connection string parameters for the secure communications (SSL):
ca, capath, cert, key, cipher
(see http://dev.mysql.com/doc/refman/5.0/en/mysql-ssl-set.html for the description).
-J, --mongo-userdb User database connection string for MongoDB.
This database can be used for long-term and short-term
credentials mechanisms, and it can store the secret value

2
STATUS
View File

@ -103,5 +103,7 @@ compatibility.
44) Double (dual) allocation added (SSODA draft).
45) Secure MySQL connection implemented.
Things to be implemented in future (the development roadmap)
are described in the TODO file.

5
examples/etc/turnserver.conf
View File

@ -264,6 +264,11 @@
# as the user database.
# This database can be used for long-term and short-term credential mechanisms
# and it can store the secret value for secret-based timed authentication in TURN RESP API.
#
# Optional connection string parameters for the secure communications (SSL):
# ca, capath, cert, key, cipher
# (see http://dev.mysql.com/doc/refman/5.0/en/mysql-ssl-set.html for the description).
#
# Use string format as below (space separated parameters, all optional):
#
#mysql-userdb="host=<host> dbname=<database-name> user=<database-user> password=<database-user-password> port=<port> connect_timeout=<seconds>"

2
man/man1/turnadmin.1
View File

@ -1,5 +1,5 @@
.\" Text automatically generated by txt2man
.TH TURN 1 "11 August 2014" "" ""
.TH TURN 1 "15 August 2014" "" ""
.SH GENERAL INFORMATION
\fIturnadmin\fP is a TURN administration tool. This tool can be used to manage

6
man/man1/turnserver.1
View File

@ -1,5 +1,5 @@
.\" Text automatically generated by txt2man
.TH TURN 1 "11 August 2014" "" ""
.TH TURN 1 "15 August 2014" "" ""
.SH GENERAL INFORMATION
The \fBTURN Server\fP project contains the source code of a TURN server and TURN client
@ -175,6 +175,10 @@ See the INSTALL file for more explanations and examples.
.PP
Also, see http://www.mysql.org or http://mariadb.org
for full MySQL documentation.
.PP
Optional connection string parameters for the secure communications (SSL):
ca, capath, cert, key, cipher
(see http://dev.mysql.com/doc/refman/5.0/en/mysql\-ssl\-set.html for the description).
.RE
.TP
.B

2
man/man1/turnutils.1
View File

@ -1,5 +1,5 @@
.\" Text automatically generated by txt2man
.TH TURN 1 "11 August 2014" "" ""
.TH TURN 1 "15 August 2014" "" ""
.SH GENERAL INFORMATION
A set of turnutils_* programs provides some utility functionality to be used

35
src/apps/relay/dbdrivers/dbd_mysql.c
View File

@ -46,6 +46,13 @@ struct _Myconninfo {
char *password;
unsigned int port;
unsigned int connect_timeout;
/* SSL ==>> */
char *key;
char *ca;
char *cert;
char *capath;
char *cipher;
/* <<== SSL : see http://dev.mysql.com/doc/refman/5.0/en/mysql-ssl-set.html */
};
typedef struct _Myconninfo Myconninfo;
@ -56,6 +63,11 @@ static void MyconninfoFree(Myconninfo *co) {
if(co->dbname) turn_free(co->dbname, strlen(co->dbname)+1);
if(co->user) turn_free(co->user, strlen(co->user)+1);
if(co->password) turn_free(co->password, strlen(co->password)+1);
if(co->key) turn_free(co->key, strlen(co->key)+1);
if(co->ca) turn_free(co->ca, strlen(co->ca)+1);
if(co->cert) turn_free(co->cert, strlen(co->cert)+1);
if(co->capath) turn_free(co->capath, strlen(co->capath)+1);
if(co->cipher) turn_free(co->cipher, strlen(co->cipher)+1);
ns_bzero(co,sizeof(Myconninfo));
}
}
@ -127,6 +139,26 @@ static Myconninfo *MyconninfoParse(char *userdb, char **errmsg) {
co->connect_timeout = (unsigned int)atoi(seq+1);
else if(!strcmp(s,"timeout"))
co->connect_timeout = (unsigned int)atoi(seq+1);
else if(!strcmp(s,"key"))
co->key = strdup(seq+1);
else if(!strcmp(s,"ssl-key"))
co->key = strdup(seq+1);
else if(!strcmp(s,"ca"))
co->ca = strdup(seq+1);
else if(!strcmp(s,"ssl-ca"))
co->ca = strdup(seq+1);
else if(!strcmp(s,"capath"))
co->capath = strdup(seq+1);
else if(!strcmp(s,"ssl-capath"))
co->capath = strdup(seq+1);
else if(!strcmp(s,"cert"))
co->cert = strdup(seq+1);
else if(!strcmp(s,"ssl-cert"))
co->cert = strdup(seq+1);
else if(!strcmp(s,"cipher"))
co->cipher = strdup(seq+1);
else if(!strcmp(s,"ssl-cipher"))
co->cipher = strdup(seq+1);
else {
MyconninfoFree(co);
co = NULL;
@ -192,6 +224,9 @@ static MYSQL *get_mydb_connection(void) {
} else {
if(co->connect_timeout)
mysql_options(mydbconnection,MYSQL_OPT_CONNECT_TIMEOUT,&(co->connect_timeout));
if(co->ca || co->capath || co->cert || co->cipher || co->key) {
mysql_ssl_set(mydbconnection, co->key, co->cert, co->ca, co->capath, co->cipher);
}
MYSQL *conn = mysql_real_connect(mydbconnection, co->host, co->user, co->password, co->dbname, co->port, NULL, CLIENT_IGNORE_SIGPIPE);
if(!conn) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Cannot open MySQL DB connection: <%s>, runtime error\n",pud->userdb);

11
src/apps/relay/mainrelay.c
View File

@ -425,8 +425,11 @@ static char Usage[] = "Usage: turnserver [options]\n"
" This database can be used for long-term and short-term credentials mechanisms,\n"
" and it can store the secret value(s) for secret-based timed authentication in TURN RESP API.\n"
" The connection string my be space-separated list of parameters:\n"
" \"host=<ip-addr> dbname=<database-name> user=<database-user> \\\n password=<database-user-password> port=<db-port> connect_timeout=<seconds>\".\n"
" All parameters are optional.\n"
" \"host=<ip-addr> dbname=<database-name> user=<database-user> \\\n password=<database-user-password> port=<db-port> connect_timeout=<seconds>\".\n\n"
" The connection string parameters for the secure communications (SSL):\n"
" ca, capath, cert, key, cipher\n"
" (see http://dev.mysql.com/doc/refman/5.0/en/mysql-ssl-set.html for the description).\n\n"
" All connection-string parameters are optional.\n\n"
#endif
#if !defined(TURN_NO_MONGO)
" -J, --mongo-userdb <connection-string> MongoDB connection string, if used (default - empty, no MongoDB used).\n"
@ -438,8 +441,8 @@ static char Usage[] = "Usage: turnserver [options]\n"
" This database can be used for long-term and short-term credentials mechanisms,\n"
" and it can store the secret value(s) for secret-based timed authentication in TURN RESP API.\n"
" The connection string my be space-separated list of parameters:\n"
" \"host=<ip-addr> dbname=<db-number> \\\n password=<database-user-password> port=<db-port> connect_timeout=<seconds>\".\n"
" All parameters are optional.\n"
" \"host=<ip-addr> dbname=<db-number> \\\n password=<database-user-password> port=<db-port> connect_timeout=<seconds>\".\n\n"
" All connection-string parameters are optional.\n\n"
" -O, --redis-statsdb <connection-string> Redis status and statistics database connection string, if used \n"
" (default - empty, no Redis stats DB used).\n"
" This database keeps allocations status information, and it can be also used for publishing\n"