mirror of
				https://github.com/coturn/coturn.git
				synced 2025-10-25 04:51:04 +02:00 
			
		
		
		
	MySQL SSL support added
This commit is contained in:
		
							parent
							
								
									f904f07969
								
							
						
					
					
						commit
						00f2a84f56
					
				| @ -2,6 +2,7 @@ | ||||
| Version 4.1.2.1 'Vitari': | ||||
| 	- The origin attribute is verified in the subsequent  | ||||
| 	session messages. | ||||
| 	- MySQL SSL connection support. | ||||
| 	- Crash fixed when the DB connection string is incorrect. | ||||
| 	- Minor docs fixes. | ||||
| 	 | ||||
|  | ||||
							
								
								
									
										5
									
								
								INSTALL
									
									
									
									
									
								
							
							
						
						
									
										5
									
								
								INSTALL
									
									
									
									
									
								
							| @ -897,6 +897,11 @@ Or in the turnserver.conf file: | ||||
| 
 | ||||
| mysql-userdb="host=localhost dbname=turn user=turn password=turn connect_timeout=30" | ||||
| 
 | ||||
| If you have to use a secure MySQL connection (SSL) then you have to use also | ||||
| the optional connection string parameters for the secure communications: | ||||
| ca, capath, cert, key, cipher (see  | ||||
| http://dev.mysql.com/doc/refman/5.0/en/mysql-ssl-set.html for the description). | ||||
| 
 | ||||
| XVI. MongoDB setup | ||||
| 
 | ||||
| The MongoDB setup is well documented on their site http://docs.mongodb.org/manual/.  | ||||
|  | ||||
| @ -118,6 +118,10 @@ User database settings: | ||||
| 		Also, see http://www.mysql.org or http://mariadb.org  | ||||
| 		for full MySQL documentation. | ||||
| 		 | ||||
| 		Optional connection string parameters for the secure communications (SSL):  | ||||
| 		ca, capath, cert, key, cipher  | ||||
| 		(see http://dev.mysql.com/doc/refman/5.0/en/mysql-ssl-set.html for the description). | ||||
| 		 | ||||
| -J, --mongo-userdb	User database connection string for MongoDB.  | ||||
| 		This database can be used for long-term and short-term  | ||||
| 		credentials mechanisms, and it can store the secret value  | ||||
|  | ||||
							
								
								
									
										2
									
								
								STATUS
									
									
									
									
									
								
							
							
						
						
									
										2
									
								
								STATUS
									
									
									
									
									
								
							| @ -102,6 +102,8 @@ compatibility. | ||||
| 43) MongoDB support added. | ||||
| 
 | ||||
| 44) Double (dual) allocation added (SSODA draft). | ||||
| 
 | ||||
| 45) Secure MySQL connection implemented. | ||||
|   | ||||
| Things to be implemented in future (the development roadmap)  | ||||
| are described in the TODO file. | ||||
|  | ||||
| @ -263,7 +263,12 @@ | ||||
| # MySQL database connection string in the case that we are using MySQL | ||||
| # as the user database. | ||||
| # This database can be used for long-term and short-term credential mechanisms | ||||
| # and it can store the secret value for secret-based timed authentication in TURN RESP API.  | ||||
| # and it can store the secret value for secret-based timed authentication in TURN RESP API. | ||||
| # | ||||
| # Optional connection string parameters for the secure communications (SSL):  | ||||
| # ca, capath, cert, key, cipher  | ||||
| # (see http://dev.mysql.com/doc/refman/5.0/en/mysql-ssl-set.html for the description). | ||||
| # | ||||
| # Use string format as below (space separated parameters, all optional): | ||||
| # | ||||
| #mysql-userdb="host=<host> dbname=<database-name> user=<database-user> password=<database-user-password> port=<port> connect_timeout=<seconds>" | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| .\" Text automatically generated by txt2man | ||||
| .TH TURN 1 "11 August 2014" "" "" | ||||
| .TH TURN 1 "15 August 2014" "" "" | ||||
| .SH GENERAL INFORMATION | ||||
| 
 | ||||
| \fIturnadmin\fP is a TURN administration tool. This tool can be used to manage  | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| .\" Text automatically generated by txt2man | ||||
| .TH TURN 1 "11 August 2014" "" "" | ||||
| .TH TURN 1 "15 August 2014" "" "" | ||||
| .SH GENERAL INFORMATION | ||||
| 
 | ||||
| The \fBTURN Server\fP project contains the source code of a TURN server and TURN client  | ||||
| @ -175,6 +175,10 @@ See the INSTALL file for more explanations and examples. | ||||
| .PP | ||||
| Also, see http://www.mysql.org or http://mariadb.org  | ||||
| for full MySQL documentation. | ||||
| .PP | ||||
| Optional connection string parameters for the secure communications (SSL):  | ||||
| ca, capath, cert, key, cipher  | ||||
| (see http://dev.mysql.com/doc/refman/5.0/en/mysql\-ssl\-set.html for the description). | ||||
| .RE | ||||
| .TP | ||||
| .B | ||||
|  | ||||
| @ -1,5 +1,5 @@ | ||||
| .\" Text automatically generated by txt2man | ||||
| .TH TURN 1 "11 August 2014" "" "" | ||||
| .TH TURN 1 "15 August 2014" "" "" | ||||
| .SH GENERAL INFORMATION | ||||
| 
 | ||||
| A set of turnutils_* programs provides some utility functionality to be used | ||||
|  | ||||
| @ -46,6 +46,13 @@ struct _Myconninfo { | ||||
| 	char *password; | ||||
| 	unsigned int port; | ||||
| 	unsigned int connect_timeout; | ||||
| 	/* SSL ==>> */ | ||||
| 	char *key; | ||||
| 	char *ca; | ||||
| 	char *cert; | ||||
| 	char *capath; | ||||
| 	char *cipher; | ||||
| 	/* <<== SSL : see http://dev.mysql.com/doc/refman/5.0/en/mysql-ssl-set.html */ | ||||
| }; | ||||
| 
 | ||||
| typedef struct _Myconninfo Myconninfo; | ||||
| @ -56,6 +63,11 @@ static void MyconninfoFree(Myconninfo *co) { | ||||
| 		if(co->dbname) turn_free(co->dbname, strlen(co->dbname)+1); | ||||
| 		if(co->user) turn_free(co->user, strlen(co->user)+1); | ||||
| 		if(co->password) turn_free(co->password, strlen(co->password)+1); | ||||
| 		if(co->key) turn_free(co->key, strlen(co->key)+1); | ||||
| 		if(co->ca) turn_free(co->ca, strlen(co->ca)+1); | ||||
| 		if(co->cert) turn_free(co->cert, strlen(co->cert)+1); | ||||
| 		if(co->capath) turn_free(co->capath, strlen(co->capath)+1); | ||||
| 		if(co->cipher) turn_free(co->cipher, strlen(co->cipher)+1); | ||||
| 		ns_bzero(co,sizeof(Myconninfo)); | ||||
| 	} | ||||
| } | ||||
| @ -127,6 +139,26 @@ static Myconninfo *MyconninfoParse(char *userdb, char **errmsg) { | ||||
| 				co->connect_timeout = (unsigned int)atoi(seq+1); | ||||
| 			else if(!strcmp(s,"timeout")) | ||||
| 				co->connect_timeout = (unsigned int)atoi(seq+1); | ||||
| 			else if(!strcmp(s,"key")) | ||||
| 				co->key = strdup(seq+1); | ||||
| 			else if(!strcmp(s,"ssl-key")) | ||||
| 				co->key = strdup(seq+1); | ||||
| 			else if(!strcmp(s,"ca")) | ||||
| 				co->ca = strdup(seq+1); | ||||
| 			else if(!strcmp(s,"ssl-ca")) | ||||
| 				co->ca = strdup(seq+1); | ||||
| 			else if(!strcmp(s,"capath")) | ||||
| 				co->capath = strdup(seq+1); | ||||
| 			else if(!strcmp(s,"ssl-capath")) | ||||
| 				co->capath = strdup(seq+1); | ||||
| 			else if(!strcmp(s,"cert")) | ||||
| 				co->cert = strdup(seq+1); | ||||
| 			else if(!strcmp(s,"ssl-cert")) | ||||
| 				co->cert = strdup(seq+1); | ||||
| 			else if(!strcmp(s,"cipher")) | ||||
| 				co->cipher = strdup(seq+1); | ||||
| 			else if(!strcmp(s,"ssl-cipher")) | ||||
| 				co->cipher = strdup(seq+1); | ||||
| 			else { | ||||
| 				MyconninfoFree(co); | ||||
| 				co = NULL; | ||||
| @ -192,6 +224,9 @@ static MYSQL *get_mydb_connection(void) { | ||||
| 			} else { | ||||
| 				if(co->connect_timeout) | ||||
| 					mysql_options(mydbconnection,MYSQL_OPT_CONNECT_TIMEOUT,&(co->connect_timeout)); | ||||
| 				if(co->ca || co->capath || co->cert || co->cipher || co->key) { | ||||
| 					mysql_ssl_set(mydbconnection, co->key, co->cert, co->ca, co->capath, co->cipher); | ||||
| 				} | ||||
| 				MYSQL *conn = mysql_real_connect(mydbconnection, co->host, co->user, co->password, co->dbname, co->port, NULL, CLIENT_IGNORE_SIGPIPE); | ||||
| 				if(!conn) { | ||||
| 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Cannot open MySQL DB connection: <%s>, runtime error\n",pud->userdb); | ||||
|  | ||||
| @ -425,8 +425,11 @@ static char Usage[] = "Usage: turnserver [options]\n" | ||||
| "	                                	This database can be used for long-term and short-term credentials mechanisms,\n" | ||||
| "		                                and it can store the secret value(s) for secret-based timed authentication in TURN RESP API.\n" | ||||
| "						The connection string my be space-separated list of parameters:\n" | ||||
| "	        	          		\"host=<ip-addr> dbname=<database-name> user=<database-user> \\\n								password=<database-user-password> port=<db-port> connect_timeout=<seconds>\".\n" | ||||
| "	        	          		All parameters are optional.\n" | ||||
| "	        	          		\"host=<ip-addr> dbname=<database-name> user=<database-user> \\\n								password=<database-user-password> port=<db-port> connect_timeout=<seconds>\".\n\n" | ||||
| "						The connection string parameters for the secure communications (SSL):\n" | ||||
| "						ca, capath, cert, key, cipher\n" | ||||
| "						(see http://dev.mysql.com/doc/refman/5.0/en/mysql-ssl-set.html for the description).\n\n" | ||||
| "	        	          		All connection-string parameters are optional.\n\n" | ||||
| #endif | ||||
| #if !defined(TURN_NO_MONGO) | ||||
| " -J, --mongo-userdb	<connection-string>	MongoDB connection string, if used (default - empty, no MongoDB used).\n" | ||||
| @ -438,8 +441,8 @@ static char Usage[] = "Usage: turnserver [options]\n" | ||||
| "	                                	This database can be used for long-term and short-term credentials mechanisms,\n" | ||||
| "		                                and it can store the secret value(s) for secret-based timed authentication in TURN RESP API.\n" | ||||
| "						The connection string my be space-separated list of parameters:\n" | ||||
| "	        	          		\"host=<ip-addr> dbname=<db-number> \\\n								password=<database-user-password> port=<db-port> connect_timeout=<seconds>\".\n" | ||||
| "	        	          		All parameters are optional.\n" | ||||
| "	        	          		\"host=<ip-addr> dbname=<db-number> \\\n								password=<database-user-password> port=<db-port> connect_timeout=<seconds>\".\n\n" | ||||
| "	        	          		All connection-string parameters are optional.\n\n" | ||||
| " -O, --redis-statsdb	<connection-string>	Redis status and statistics database connection string, if used \n" | ||||
| "						(default - empty, no Redis stats DB used).\n" | ||||
| "	                                	This database keeps allocations status information, and it can be also used for publishing\n" | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user