mirror of
https://github.com/coturn/coturn.git
synced 2025-10-23 12:00:59 +02:00
Merge remote master
This commit is contained in:
commit
38e7daf3d6
1
.gitignore
vendored
1
.gitignore
vendored
@ -4,3 +4,4 @@ build
|
|||||||
include
|
include
|
||||||
lib
|
lib
|
||||||
sqlite
|
sqlite
|
||||||
|
examples/ca/CA.pl
|
||||||
|
@ -51,6 +51,13 @@ Version 4.5.1.2 'dan Eider':
|
|||||||
- merge PR #488 Fix typos about INSTALL filenames (by raccoonback)
|
- merge PR #488 Fix typos about INSTALL filenames (by raccoonback)
|
||||||
- fix compiler warning comparison between signed and unsigned integer expressions
|
- fix compiler warning comparison between signed and unsigned integer expressions
|
||||||
- fix compiler warning string truncation
|
- fix compiler warning string truncation
|
||||||
|
- change Diffie Hellman default key length from 1066 to 2066
|
||||||
|
- merge PR #522 drop of supplementary group IDs (by weberhofer)
|
||||||
|
- merge PR #514 Unify spelling of Coturn (by paulmenzel)
|
||||||
|
- merge PR#506 Rename "prod" config option to "no-software-attribute" (by dbrgn)
|
||||||
|
- merge PR #519 fix config extension in README.docker (by ooookai)
|
||||||
|
- merge PR #516 change sql data dir in docker-compose-all.yml (by raghumuppa)
|
||||||
|
- mergr PR #513 remove trailing spaces from READMEs (by paulmenzel)
|
||||||
|
|
||||||
02/03/2019 Oleg Moskalenko <mom040267@gmail.com> Mihály Mészáros <misi@majd.eu>
|
02/03/2019 Oleg Moskalenko <mom040267@gmail.com> Mihály Mészáros <misi@majd.eu>
|
||||||
Version 4.5.1.1 'dan Eider':
|
Version 4.5.1.1 'dan Eider':
|
||||||
|
@ -158,7 +158,7 @@ Flags:
|
|||||||
|
|
||||||
-o, --daemon Run server as daemon.
|
-o, --daemon Run server as daemon.
|
||||||
|
|
||||||
--prod Production mode: hide the software version.
|
--no-software-attribute Production mode: hide the software version.
|
||||||
|
|
||||||
-f, --fingerprint Use fingerprints in the TURN messages. If an incoming request
|
-f, --fingerprint Use fingerprints in the TURN messages. If an incoming request
|
||||||
contains a fingerprint, then TURN server will always add
|
contains a fingerprint, then TURN server will always add
|
||||||
@ -190,9 +190,9 @@ Flags:
|
|||||||
|
|
||||||
--oauth Support oAuth authentication, as in the third-party STUN/TURN RFC 7635.
|
--oauth Support oAuth authentication, as in the third-party STUN/TURN RFC 7635.
|
||||||
|
|
||||||
--dh566 Use 566 bits predefined DH TLS key. Default size of the key is 1066.
|
--dh566 Use 566 bits predefined DH TLS key. Default size of the key is 2066.
|
||||||
|
|
||||||
--dh2066 Use 2066 bits predefined DH TLS key. Default size of the key is 1066.
|
--dh1066 Use 1066 bits predefined DH TLS key. Default size of the key is 2066.
|
||||||
|
|
||||||
--no-tlsv1 Do not allow TLSv1/DTLSv1 protocol.
|
--no-tlsv1 Do not allow TLSv1/DTLSv1 protocol.
|
||||||
|
|
||||||
@ -322,6 +322,10 @@ Options with values:
|
|||||||
--alt-tls-listening-port Alternative listening port for TLS and DTLS protocols.
|
--alt-tls-listening-port Alternative listening port for TLS and DTLS protocols.
|
||||||
Default (or zero) value means "TLS listening port plus one".
|
Default (or zero) value means "TLS listening port plus one".
|
||||||
|
|
||||||
|
--tcp-proxy-port Support connections from TCP loadbalancer on this port. The loadbalancer
|
||||||
|
should use the binary proxy protocol.
|
||||||
|
(https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)
|
||||||
|
|
||||||
--aux-server Auxiliary STUN/TURN server listening endpoint.
|
--aux-server Auxiliary STUN/TURN server listening endpoint.
|
||||||
Aux servers have almost full TURN and STUN functionality.
|
Aux servers have almost full TURN and STUN functionality.
|
||||||
The (minor) limitations are:
|
The (minor) limitations are:
|
||||||
@ -463,7 +467,7 @@ Options with values:
|
|||||||
by this option.
|
by this option.
|
||||||
|
|
||||||
--dh-file Use custom DH TLS key, stored in PEM format in the file.
|
--dh-file Use custom DH TLS key, stored in PEM format in the file.
|
||||||
Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.
|
Flags --dh566 and --dh1066 are ignored when the DH key is taken from a file.
|
||||||
|
|
||||||
-l, --log-file Option to set the full path name of the log file.
|
-l, --log-file Option to set the full path name of the log file.
|
||||||
By default, the turnserver tries to open a log file in
|
By default, the turnserver tries to open a log file in
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
Before you begin
|
Before you begin
|
||||||
* copy db schema run ./cp-schema.sh
|
* copy db schema run ./cp-schema.sh
|
||||||
* edit turnserver/turnserver.cfg according your db selection (mysql or postgresql or redis or mongodb)
|
* edit turnserver/turnserver.conf according your db selection (mysql or postgresql or redis or mongodb)
|
||||||
|
|
||||||
# start
|
# start
|
||||||
|
|
||||||
|
@ -8,11 +8,11 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
|
|||||||
apt-get update && \
|
apt-get update && \
|
||||||
apt-get install -y build-essential git debhelper dpkg-dev libssl-dev libevent-dev sqlite3 libsqlite3-dev postgresql-client libpq-dev default-mysql-client default-libmysqlclient-dev libhiredis-dev libmongoc-dev libbson-dev
|
apt-get install -y build-essential git debhelper dpkg-dev libssl-dev libevent-dev sqlite3 libsqlite3-dev postgresql-client libpq-dev default-mysql-client default-libmysqlclient-dev libhiredis-dev libmongoc-dev libbson-dev
|
||||||
|
|
||||||
# Clone coTURN
|
# Clone Coturn
|
||||||
WORKDIR ${BUILD_PREFIX}
|
WORKDIR ${BUILD_PREFIX}
|
||||||
RUN git clone https://github.com/coturn/coturn.git
|
RUN git clone https://github.com/coturn/coturn.git
|
||||||
|
|
||||||
# Build coTURN
|
# Build Coturn
|
||||||
WORKDIR coturn
|
WORKDIR coturn
|
||||||
RUN ./configure
|
RUN ./configure
|
||||||
RUN make
|
RUN make
|
||||||
|
@ -582,7 +582,7 @@ syslog
|
|||||||
# Implementers SHOULD make usage of the SOFTWARE attribute a
|
# Implementers SHOULD make usage of the SOFTWARE attribute a
|
||||||
# configurable option (https://tools.ietf.org/html/rfc5389#section-16.1.2)
|
# configurable option (https://tools.ietf.org/html/rfc5389#section-16.1.2)
|
||||||
#
|
#
|
||||||
#prod
|
#no-software-attribute
|
||||||
|
|
||||||
# Option to suppress STUN functionality, only TURN requests will be processed.
|
# Option to suppress STUN functionality, only TURN requests will be processed.
|
||||||
# Run as TURN server only, all STUN requests will be ignored.
|
# Run as TURN server only, all STUN requests will be ignored.
|
||||||
@ -640,7 +640,7 @@ no-loopback-peers
|
|||||||
# Allocate Address Family according
|
# Allocate Address Family according
|
||||||
# If enabled then TURN server allocates address family according the TURN
|
# If enabled then TURN server allocates address family according the TURN
|
||||||
# Client <=> Server communication address family.
|
# Client <=> Server communication address family.
|
||||||
# (By default coTURN works according RFC 6156.)
|
# (By default Coturn works according RFC 6156.)
|
||||||
# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!!
|
# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!!
|
||||||
#
|
#
|
||||||
#keep-address-family
|
#keep-address-family
|
||||||
|
@ -7,7 +7,7 @@ services:
|
|||||||
context: ./mysql
|
context: ./mysql
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- mysql-data:/var/lib/mysql/data
|
- mysql-data:/var/lib/mysql
|
||||||
env_file:
|
env_file:
|
||||||
- mysql/mysql.env
|
- mysql/mysql.env
|
||||||
networks:
|
networks:
|
||||||
@ -19,7 +19,7 @@ services:
|
|||||||
context: ./postgresql
|
context: ./postgresql
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- postgresql-data:/var/lib/postgresql/data
|
- postgresql-data:/var/lib/postgresql
|
||||||
env_file:
|
env_file:
|
||||||
- postgresql/postgresql.env
|
- postgresql/postgresql.env
|
||||||
networks:
|
networks:
|
||||||
@ -49,7 +49,7 @@ services:
|
|||||||
- backend
|
- backend
|
||||||
|
|
||||||
|
|
||||||
# coTURN
|
# Coturn
|
||||||
coturn:
|
coturn:
|
||||||
build:
|
build:
|
||||||
context: ./coturn
|
context: ./coturn
|
||||||
|
@ -13,7 +13,7 @@ services:
|
|||||||
- backend
|
- backend
|
||||||
|
|
||||||
|
|
||||||
# coTURN
|
# Coturn
|
||||||
coturn:
|
coturn:
|
||||||
build:
|
build:
|
||||||
context: ./coturn
|
context: ./coturn
|
||||||
|
@ -14,7 +14,7 @@ services:
|
|||||||
- backend
|
- backend
|
||||||
|
|
||||||
|
|
||||||
# coTURN
|
# Coturn
|
||||||
coturn:
|
coturn:
|
||||||
build:
|
build:
|
||||||
context: ./coturn
|
context: ./coturn
|
||||||
|
@ -14,7 +14,7 @@ services:
|
|||||||
- backend
|
- backend
|
||||||
|
|
||||||
|
|
||||||
# coTURN
|
# Coturn
|
||||||
coturn:
|
coturn:
|
||||||
build:
|
build:
|
||||||
context: ./coturn
|
context: ./coturn
|
||||||
|
@ -14,7 +14,7 @@ services:
|
|||||||
- backend
|
- backend
|
||||||
|
|
||||||
|
|
||||||
# coTURN
|
# Coturn
|
||||||
coturn:
|
coturn:
|
||||||
build:
|
build:
|
||||||
context: ./coturn
|
context: ./coturn
|
||||||
|
22
examples/ca/CA.pl.diff
Normal file
22
examples/ca/CA.pl.diff
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
--- CA.pl 2019-10-12 19:56:43.000000000 +0000
|
||||||
|
+++ CA.pl 2020-03-05 07:58:41.112690266 +0000
|
||||||
|
@@ -25,8 +25,8 @@
|
||||||
|
my $verbose = 1;
|
||||||
|
|
||||||
|
my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} || "";
|
||||||
|
-my $DAYS = "-days 365";
|
||||||
|
-my $CADAYS = "-days 1095"; # 3 years
|
||||||
|
+my $DAYS = "-days 36500";
|
||||||
|
+my $CADAYS = "-days 365000"; # 1000 years
|
||||||
|
my $REQ = "$openssl req $OPENSSL_CONFIG";
|
||||||
|
my $CA = "$openssl ca $OPENSSL_CONFIG";
|
||||||
|
my $VERIFY = "$openssl verify";
|
||||||
|
@@ -34,7 +34,7 @@
|
||||||
|
my $PKCS12 = "$openssl pkcs12";
|
||||||
|
|
||||||
|
# default openssl.cnf file has setup as per the following
|
||||||
|
-my $CATOP = "./demoCA";
|
||||||
|
+my $CATOP = "./CA";
|
||||||
|
my $CAKEY = "cakey.pem";
|
||||||
|
my $CAREQ = "careq.pem";
|
||||||
|
my $CACERT = "cacert.pem";
|
80
examples/ca/CA/cacert.pem
Normal file
80
examples/ca/CA/cacert.pem
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
Certificate:
|
||||||
|
Data:
|
||||||
|
Version: 3 (0x2)
|
||||||
|
Serial Number:
|
||||||
|
4c:9b:ec:95:d1:21:49:1d:5d:65:a7:1a:61:46:67:dd:42:18:65:46
|
||||||
|
Signature Algorithm: sha256WithRSAEncryption
|
||||||
|
Issuer: C=HU, ST=Hungary, O=coTURN, CN=CA/emailAddress=misi@majd.eu
|
||||||
|
Validity
|
||||||
|
Not Before: Mar 5 09:05:10 2020 GMT
|
||||||
|
Not After : Jul 7 09:05:10 3019 GMT
|
||||||
|
Subject: C=HU, ST=Hungary, O=coTURN, CN=CA/emailAddress=misi@majd.eu
|
||||||
|
Subject Public Key Info:
|
||||||
|
Public Key Algorithm: rsaEncryption
|
||||||
|
RSA Public-Key: (2048 bit)
|
||||||
|
Modulus:
|
||||||
|
00:d8:76:2a:59:44:73:da:25:38:93:54:d8:c5:2b:
|
||||||
|
11:bd:30:80:21:5f:47:95:7d:eb:5e:3e:98:0d:a7:
|
||||||
|
a8:30:8c:07:6d:1a:ee:89:c1:4c:cc:64:81:90:b3:
|
||||||
|
ab:54:1f:9b:72:23:c5:2f:0a:32:52:be:27:ad:2f:
|
||||||
|
51:ee:62:9e:ed:44:d0:ba:aa:72:67:03:a2:ee:a0:
|
||||||
|
e3:5d:9e:37:ec:ee:0b:29:59:e8:d8:d5:84:a1:6d:
|
||||||
|
36:5d:85:6b:0d:73:a0:32:fe:b6:fa:99:ef:8c:78:
|
||||||
|
a9:02:f4:3a:bd:13:bc:1a:9b:72:55:0b:e7:0c:ed:
|
||||||
|
68:00:c2:e7:78:4a:df:ce:14:2a:99:f1:de:97:16:
|
||||||
|
60:44:f1:fc:f8:74:e5:33:31:cc:f9:ff:5d:9e:c1:
|
||||||
|
c7:c6:21:75:48:08:26:f5:7c:f1:56:ec:15:c5:7f:
|
||||||
|
24:0f:08:03:74:e0:da:10:bf:3d:90:67:09:1e:b2:
|
||||||
|
3f:b4:f4:15:df:53:e8:68:e8:d1:28:8e:2d:37:f9:
|
||||||
|
e0:3a:a3:29:00:3d:0a:66:7c:71:ab:54:e5:da:fe:
|
||||||
|
44:18:3c:b4:be:c5:ce:49:26:8c:cc:ab:88:8f:b7:
|
||||||
|
e3:ad:5b:df:b2:d4:a3:f8:a9:06:4f:38:6e:b7:05:
|
||||||
|
b3:3a:bd:63:cd:f7:26:15:e0:98:fd:30:7e:d3:33:
|
||||||
|
56:8d
|
||||||
|
Exponent: 65537 (0x10001)
|
||||||
|
X509v3 extensions:
|
||||||
|
X509v3 Subject Key Identifier:
|
||||||
|
1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42
|
||||||
|
X509v3 Authority Key Identifier:
|
||||||
|
keyid:1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42
|
||||||
|
|
||||||
|
X509v3 Basic Constraints: critical
|
||||||
|
CA:TRUE
|
||||||
|
Signature Algorithm: sha256WithRSAEncryption
|
||||||
|
b4:d5:d9:7a:46:1e:1a:95:02:b5:7e:86:45:16:26:d5:8a:11:
|
||||||
|
b9:34:98:58:df:cd:0c:d5:a5:f2:cc:24:1a:22:f4:c7:3e:50:
|
||||||
|
39:40:f5:d6:e8:3b:9c:05:e9:f9:95:9b:c2:01:3b:69:d5:ba:
|
||||||
|
4f:cf:7c:a6:7c:6e:f4:24:a3:d1:88:e2:29:60:ca:6d:b0:ee:
|
||||||
|
a6:b8:d1:5f:49:d5:08:a6:c2:79:3a:3f:8a:63:ec:53:ef:48:
|
||||||
|
00:8c:61:d2:0f:38:e0:00:ac:6d:a6:bf:ed:6a:42:c3:cf:4e:
|
||||||
|
e3:0d:48:c5:a7:6d:5e:af:5a:e4:30:26:ba:19:2a:a5:57:da:
|
||||||
|
ce:b7:b6:45:24:fb:36:b6:a3:6c:55:ca:9f:91:19:29:db:a4:
|
||||||
|
22:d4:45:53:b9:79:6a:a7:5e:90:a3:4d:3b:c1:b6:2b:52:41:
|
||||||
|
97:7d:9e:0c:cf:0a:5f:ce:0e:fe:bf:a9:e5:b7:60:17:f5:93:
|
||||||
|
4b:b5:6d:2d:51:a6:c1:54:65:f9:e1:5c:21:8d:3d:19:0c:dc:
|
||||||
|
2c:c9:17:40:65:15:d0:ad:98:06:a0:11:aa:87:b3:2d:03:29:
|
||||||
|
37:24:f6:42:a8:d5:58:ae:55:20:c3:37:a3:62:33:36:34:73:
|
||||||
|
98:bc:70:30:aa:33:b0:e4:86:b6:d9:22:79:1f:3f:68:6f:f5:
|
||||||
|
66:75:e8:70
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDlzCCAn+gAwIBAgIUTJvsldEhSR1dZacaYUZn3UIYZUYwDQYJKoZIhvcNAQEL
|
||||||
|
BQAwWjELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNv
|
||||||
|
VFVSTjELMAkGA1UEAwwCQ0ExGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTAg
|
||||||
|
Fw0yMDAzMDUwOTA1MTBaGA8zMDE5MDcwNzA5MDUxMFowWjELMAkGA1UEBhMCSFUx
|
||||||
|
EDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNvVFVSTjELMAkGA1UEAwwCQ0Ex
|
||||||
|
GzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTCCASIwDQYJKoZIhvcNAQEBBQAD
|
||||||
|
ggEPADCCAQoCggEBANh2KllEc9olOJNU2MUrEb0wgCFfR5V9614+mA2nqDCMB20a
|
||||||
|
7onBTMxkgZCzq1Qfm3IjxS8KMlK+J60vUe5inu1E0LqqcmcDou6g412eN+zuCylZ
|
||||||
|
6NjVhKFtNl2Faw1zoDL+tvqZ74x4qQL0Or0TvBqbclUL5wztaADC53hK384UKpnx
|
||||||
|
3pcWYETx/Ph05TMxzPn/XZ7Bx8YhdUgIJvV88VbsFcV/JA8IA3Tg2hC/PZBnCR6y
|
||||||
|
P7T0Fd9T6Gjo0SiOLTf54DqjKQA9CmZ8catU5dr+RBg8tL7FzkkmjMyriI+3461b
|
||||||
|
37LUo/ipBk84brcFszq9Y833JhXgmP0wftMzVo0CAwEAAaNTMFEwHQYDVR0OBBYE
|
||||||
|
FBwnXkA5jOxxx+3pKlbJnt9I6oJCMB8GA1UdIwQYMBaAFBwnXkA5jOxxx+3pKlbJ
|
||||||
|
nt9I6oJCMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALTV2XpG
|
||||||
|
HhqVArV+hkUWJtWKEbk0mFjfzQzVpfLMJBoi9Mc+UDlA9dboO5wF6fmVm8IBO2nV
|
||||||
|
uk/PfKZ8bvQko9GI4ilgym2w7qa40V9J1Qimwnk6P4pj7FPvSACMYdIPOOAArG2m
|
||||||
|
v+1qQsPPTuMNSMWnbV6vWuQwJroZKqVX2s63tkUk+za2o2xVyp+RGSnbpCLURVO5
|
||||||
|
eWqnXpCjTTvBtitSQZd9ngzPCl/ODv6/qeW3YBf1k0u1bS1RpsFUZfnhXCGNPRkM
|
||||||
|
3CzJF0BlFdCtmAagEaqHsy0DKTck9kKo1ViuVSDDN6NiMzY0c5i8cDCqM7DkhrbZ
|
||||||
|
InkfP2hv9WZ16HA=
|
||||||
|
-----END CERTIFICATE-----
|
17
examples/ca/CA/careq.pem
Normal file
17
examples/ca/CA/careq.pem
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
-----BEGIN CERTIFICATE REQUEST-----
|
||||||
|
MIICsjCCAZoCAQAwbTELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxETAP
|
||||||
|
BgNVBAcMCERlYnJlY2VuMQ8wDQYDVQQKDAZjb1RVUk4xCzAJBgNVBAMMAkNBMRsw
|
||||||
|
GQYJKoZIhvcNAQkBFgxtaXNpQG1hamQuZXUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
|
||||||
|
DwAwggEKAoIBAQDYdipZRHPaJTiTVNjFKxG9MIAhX0eVfetePpgNp6gwjAdtGu6J
|
||||||
|
wUzMZIGQs6tUH5tyI8UvCjJSvietL1HuYp7tRNC6qnJnA6LuoONdnjfs7gspWejY
|
||||||
|
1YShbTZdhWsNc6Ay/rb6me+MeKkC9Dq9E7wam3JVC+cM7WgAwud4St/OFCqZ8d6X
|
||||||
|
FmBE8fz4dOUzMcz5/12ewcfGIXVICCb1fPFW7BXFfyQPCAN04NoQvz2QZwkesj+0
|
||||||
|
9BXfU+ho6NEoji03+eA6oykAPQpmfHGrVOXa/kQYPLS+xc5JJozMq4iPt+OtW9+y
|
||||||
|
1KP4qQZPOG63BbM6vWPN9yYV4Jj9MH7TM1aNAgMBAAGgADANBgkqhkiG9w0BAQsF
|
||||||
|
AAOCAQEAmvXWsoJQneJFFHb+qTNjkA3sHduyB+kQ5qUVlFoT6U6IKyWnVUqAKc9a
|
||||||
|
eFKw94yq/01cqOBd4MWKTg9k/wjjmkJA9WtXMrVq8HW1rKVRCCJxtzUKTR3pet/z
|
||||||
|
gs3YwbTlqpljtpn3qEzspMaeyvh391A4IVykDZHGR12+4LqZhoUyGl1QJ7KgQwGM
|
||||||
|
+Vi2TL3fY8PDxvGFmGvWnUIWYkB31vAuDz1xOqm2JlP0kTHMUPiVBlwJVuHdATy2
|
||||||
|
sWZEzsNnXBt2vAVwhTdFEajF4ut8guPQWW8XcTiaEOGJUIY8J4Yb2wqHk+4HsIFV
|
||||||
|
i2vua41jc90Ki3EA0+QDB7BJAvC4yw==
|
||||||
|
-----END CERTIFICATE REQUEST-----
|
1
examples/ca/CA/crlnumber
Normal file
1
examples/ca/CA/crlnumber
Normal file
@ -0,0 +1 @@
|
|||||||
|
01
|
3
examples/ca/CA/index.txt
Normal file
3
examples/ca/CA/index.txt
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
V 30190707090510Z 4C9BEC95D121491D5D65A71A614667DD42186546 unknown /C=HU/ST=Hungary/O=coTURN/CN=CA/emailAddress=misi@majd.eu
|
||||||
|
V 300303090521Z 4C9BEC95D121491D5D65A71A614667DD42186547 unknown /C=HU/ST=Hungary/L=Debrecen/O=coTURN/CN=Server/emailAddress=misi@majd.eu
|
||||||
|
V 300303090542Z 4C9BEC95D121491D5D65A71A614667DD42186548 unknown /C=HU/ST=Hungary/L=Debrecen/O=coTURN/CN=Client/emailAddress=misi@majd.eu
|
1
examples/ca/CA/index.txt.attr
Normal file
1
examples/ca/CA/index.txt.attr
Normal file
@ -0,0 +1 @@
|
|||||||
|
unique_subject = yes
|
1
examples/ca/CA/index.txt.attr.old
Normal file
1
examples/ca/CA/index.txt.attr.old
Normal file
@ -0,0 +1 @@
|
|||||||
|
unique_subject = yes
|
2
examples/ca/CA/index.txt.old
Normal file
2
examples/ca/CA/index.txt.old
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
V 30190707090510Z 4C9BEC95D121491D5D65A71A614667DD42186546 unknown /C=HU/ST=Hungary/O=coTURN/CN=CA/emailAddress=misi@majd.eu
|
||||||
|
V 300303090521Z 4C9BEC95D121491D5D65A71A614667DD42186547 unknown /C=HU/ST=Hungary/L=Debrecen/O=coTURN/CN=Server/emailAddress=misi@majd.eu
|
@ -0,0 +1,80 @@
|
|||||||
|
Certificate:
|
||||||
|
Data:
|
||||||
|
Version: 3 (0x2)
|
||||||
|
Serial Number:
|
||||||
|
4c:9b:ec:95:d1:21:49:1d:5d:65:a7:1a:61:46:67:dd:42:18:65:46
|
||||||
|
Signature Algorithm: sha256WithRSAEncryption
|
||||||
|
Issuer: C=HU, ST=Hungary, O=coTURN, CN=CA/emailAddress=misi@majd.eu
|
||||||
|
Validity
|
||||||
|
Not Before: Mar 5 09:05:10 2020 GMT
|
||||||
|
Not After : Jul 7 09:05:10 3019 GMT
|
||||||
|
Subject: C=HU, ST=Hungary, O=coTURN, CN=CA/emailAddress=misi@majd.eu
|
||||||
|
Subject Public Key Info:
|
||||||
|
Public Key Algorithm: rsaEncryption
|
||||||
|
RSA Public-Key: (2048 bit)
|
||||||
|
Modulus:
|
||||||
|
00:d8:76:2a:59:44:73:da:25:38:93:54:d8:c5:2b:
|
||||||
|
11:bd:30:80:21:5f:47:95:7d:eb:5e:3e:98:0d:a7:
|
||||||
|
a8:30:8c:07:6d:1a:ee:89:c1:4c:cc:64:81:90:b3:
|
||||||
|
ab:54:1f:9b:72:23:c5:2f:0a:32:52:be:27:ad:2f:
|
||||||
|
51:ee:62:9e:ed:44:d0:ba:aa:72:67:03:a2:ee:a0:
|
||||||
|
e3:5d:9e:37:ec:ee:0b:29:59:e8:d8:d5:84:a1:6d:
|
||||||
|
36:5d:85:6b:0d:73:a0:32:fe:b6:fa:99:ef:8c:78:
|
||||||
|
a9:02:f4:3a:bd:13:bc:1a:9b:72:55:0b:e7:0c:ed:
|
||||||
|
68:00:c2:e7:78:4a:df:ce:14:2a:99:f1:de:97:16:
|
||||||
|
60:44:f1:fc:f8:74:e5:33:31:cc:f9:ff:5d:9e:c1:
|
||||||
|
c7:c6:21:75:48:08:26:f5:7c:f1:56:ec:15:c5:7f:
|
||||||
|
24:0f:08:03:74:e0:da:10:bf:3d:90:67:09:1e:b2:
|
||||||
|
3f:b4:f4:15:df:53:e8:68:e8:d1:28:8e:2d:37:f9:
|
||||||
|
e0:3a:a3:29:00:3d:0a:66:7c:71:ab:54:e5:da:fe:
|
||||||
|
44:18:3c:b4:be:c5:ce:49:26:8c:cc:ab:88:8f:b7:
|
||||||
|
e3:ad:5b:df:b2:d4:a3:f8:a9:06:4f:38:6e:b7:05:
|
||||||
|
b3:3a:bd:63:cd:f7:26:15:e0:98:fd:30:7e:d3:33:
|
||||||
|
56:8d
|
||||||
|
Exponent: 65537 (0x10001)
|
||||||
|
X509v3 extensions:
|
||||||
|
X509v3 Subject Key Identifier:
|
||||||
|
1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42
|
||||||
|
X509v3 Authority Key Identifier:
|
||||||
|
keyid:1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42
|
||||||
|
|
||||||
|
X509v3 Basic Constraints: critical
|
||||||
|
CA:TRUE
|
||||||
|
Signature Algorithm: sha256WithRSAEncryption
|
||||||
|
b4:d5:d9:7a:46:1e:1a:95:02:b5:7e:86:45:16:26:d5:8a:11:
|
||||||
|
b9:34:98:58:df:cd:0c:d5:a5:f2:cc:24:1a:22:f4:c7:3e:50:
|
||||||
|
39:40:f5:d6:e8:3b:9c:05:e9:f9:95:9b:c2:01:3b:69:d5:ba:
|
||||||
|
4f:cf:7c:a6:7c:6e:f4:24:a3:d1:88:e2:29:60:ca:6d:b0:ee:
|
||||||
|
a6:b8:d1:5f:49:d5:08:a6:c2:79:3a:3f:8a:63:ec:53:ef:48:
|
||||||
|
00:8c:61:d2:0f:38:e0:00:ac:6d:a6:bf:ed:6a:42:c3:cf:4e:
|
||||||
|
e3:0d:48:c5:a7:6d:5e:af:5a:e4:30:26:ba:19:2a:a5:57:da:
|
||||||
|
ce:b7:b6:45:24:fb:36:b6:a3:6c:55:ca:9f:91:19:29:db:a4:
|
||||||
|
22:d4:45:53:b9:79:6a:a7:5e:90:a3:4d:3b:c1:b6:2b:52:41:
|
||||||
|
97:7d:9e:0c:cf:0a:5f:ce:0e:fe:bf:a9:e5:b7:60:17:f5:93:
|
||||||
|
4b:b5:6d:2d:51:a6:c1:54:65:f9:e1:5c:21:8d:3d:19:0c:dc:
|
||||||
|
2c:c9:17:40:65:15:d0:ad:98:06:a0:11:aa:87:b3:2d:03:29:
|
||||||
|
37:24:f6:42:a8:d5:58:ae:55:20:c3:37:a3:62:33:36:34:73:
|
||||||
|
98:bc:70:30:aa:33:b0:e4:86:b6:d9:22:79:1f:3f:68:6f:f5:
|
||||||
|
66:75:e8:70
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDlzCCAn+gAwIBAgIUTJvsldEhSR1dZacaYUZn3UIYZUYwDQYJKoZIhvcNAQEL
|
||||||
|
BQAwWjELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNv
|
||||||
|
VFVSTjELMAkGA1UEAwwCQ0ExGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTAg
|
||||||
|
Fw0yMDAzMDUwOTA1MTBaGA8zMDE5MDcwNzA5MDUxMFowWjELMAkGA1UEBhMCSFUx
|
||||||
|
EDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNvVFVSTjELMAkGA1UEAwwCQ0Ex
|
||||||
|
GzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTCCASIwDQYJKoZIhvcNAQEBBQAD
|
||||||
|
ggEPADCCAQoCggEBANh2KllEc9olOJNU2MUrEb0wgCFfR5V9614+mA2nqDCMB20a
|
||||||
|
7onBTMxkgZCzq1Qfm3IjxS8KMlK+J60vUe5inu1E0LqqcmcDou6g412eN+zuCylZ
|
||||||
|
6NjVhKFtNl2Faw1zoDL+tvqZ74x4qQL0Or0TvBqbclUL5wztaADC53hK384UKpnx
|
||||||
|
3pcWYETx/Ph05TMxzPn/XZ7Bx8YhdUgIJvV88VbsFcV/JA8IA3Tg2hC/PZBnCR6y
|
||||||
|
P7T0Fd9T6Gjo0SiOLTf54DqjKQA9CmZ8catU5dr+RBg8tL7FzkkmjMyriI+3461b
|
||||||
|
37LUo/ipBk84brcFszq9Y833JhXgmP0wftMzVo0CAwEAAaNTMFEwHQYDVR0OBBYE
|
||||||
|
FBwnXkA5jOxxx+3pKlbJnt9I6oJCMB8GA1UdIwQYMBaAFBwnXkA5jOxxx+3pKlbJ
|
||||||
|
nt9I6oJCMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALTV2XpG
|
||||||
|
HhqVArV+hkUWJtWKEbk0mFjfzQzVpfLMJBoi9Mc+UDlA9dboO5wF6fmVm8IBO2nV
|
||||||
|
uk/PfKZ8bvQko9GI4ilgym2w7qa40V9J1Qimwnk6P4pj7FPvSACMYdIPOOAArG2m
|
||||||
|
v+1qQsPPTuMNSMWnbV6vWuQwJroZKqVX2s63tkUk+za2o2xVyp+RGSnbpCLURVO5
|
||||||
|
eWqnXpCjTTvBtitSQZd9ngzPCl/ODv6/qeW3YBf1k0u1bS1RpsFUZfnhXCGNPRkM
|
||||||
|
3CzJF0BlFdCtmAagEaqHsy0DKTck9kKo1ViuVSDDN6NiMzY0c5i8cDCqM7DkhrbZ
|
||||||
|
InkfP2hv9WZ16HA=
|
||||||
|
-----END CERTIFICATE-----
|
@ -0,0 +1,80 @@
|
|||||||
|
Certificate:
|
||||||
|
Data:
|
||||||
|
Version: 3 (0x2)
|
||||||
|
Serial Number:
|
||||||
|
4c:9b:ec:95:d1:21:49:1d:5d:65:a7:1a:61:46:67:dd:42:18:65:47
|
||||||
|
Signature Algorithm: sha256WithRSAEncryption
|
||||||
|
Issuer: C=HU, ST=Hungary, O=coTURN, CN=CA/emailAddress=misi@majd.eu
|
||||||
|
Validity
|
||||||
|
Not Before: Mar 5 09:05:21 2020 GMT
|
||||||
|
Not After : Mar 3 09:05:21 2030 GMT
|
||||||
|
Subject: C=HU, ST=Hungary, L=Debrecen, O=coTURN, CN=Server/emailAddress=misi@majd.eu
|
||||||
|
Subject Public Key Info:
|
||||||
|
Public Key Algorithm: rsaEncryption
|
||||||
|
RSA Public-Key: (2048 bit)
|
||||||
|
Modulus:
|
||||||
|
00:bc:db:f7:17:35:17:7c:46:79:64:89:61:5f:ac:
|
||||||
|
cf:8f:6d:97:13:87:8a:d6:f1:ab:df:f6:69:4e:04:
|
||||||
|
57:c1:4d:6c:3d:77:c9:50:0d:3d:b6:89:cd:ac:00:
|
||||||
|
b5:02:45:e4:4c:78:ef:6f:18:7e:57:4e:bc:62:4d:
|
||||||
|
f6:de:6c:c8:77:ea:c5:b2:b4:65:2d:46:76:bf:5e:
|
||||||
|
5f:f8:45:78:55:f4:4d:20:ac:91:f0:4f:23:cb:5d:
|
||||||
|
40:29:44:de:9c:f7:0a:e6:48:a4:80:35:dd:cb:e8:
|
||||||
|
02:90:59:f7:31:f9:4c:50:fe:98:ef:dd:7f:60:51:
|
||||||
|
2d:44:0a:14:a2:57:96:51:36:3f:73:66:db:45:5f:
|
||||||
|
bd:9d:f4:82:3a:ce:ab:75:4f:d0:90:6d:43:d1:7b:
|
||||||
|
2f:77:31:88:db:2f:4a:a9:4e:62:39:c7:14:7f:39:
|
||||||
|
ef:e2:08:b7:18:a7:6c:f8:d9:35:d5:a3:f8:64:f5:
|
||||||
|
02:51:22:1b:8e:7a:c5:44:ae:df:b1:17:0b:71:df:
|
||||||
|
09:82:89:49:70:c5:9b:a0:f3:3c:02:48:75:e7:81:
|
||||||
|
f9:24:51:56:24:3b:ff:b8:68:d3:13:2e:a2:f4:d1:
|
||||||
|
70:33:a9:7a:d6:17:fd:ca:a5:6b:13:74:c9:ce:b6:
|
||||||
|
26:4f:01:ff:eb:ba:b5:f9:a1:70:80:da:11:df:a3:
|
||||||
|
7b:4f
|
||||||
|
Exponent: 65537 (0x10001)
|
||||||
|
X509v3 extensions:
|
||||||
|
X509v3 Subject Key Identifier:
|
||||||
|
38:C1:E5:77:D3:01:6B:7A:A7:D8:18:6B:50:D6:FA:0E:D6:D9:B4:4F
|
||||||
|
X509v3 Authority Key Identifier:
|
||||||
|
keyid:1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42
|
||||||
|
|
||||||
|
X509v3 Basic Constraints: critical
|
||||||
|
CA:TRUE
|
||||||
|
Signature Algorithm: sha256WithRSAEncryption
|
||||||
|
a3:37:55:68:68:02:9f:af:d6:b1:38:b3:d8:bf:30:27:33:6f:
|
||||||
|
21:4c:09:ee:cf:24:d2:eb:cf:1c:7a:15:98:6d:10:94:e0:4a:
|
||||||
|
1f:88:5c:43:90:09:78:c1:a6:82:06:16:f2:8c:d1:3a:c5:3b:
|
||||||
|
99:67:35:3c:00:bf:9f:a2:6a:e7:33:85:83:88:72:88:e4:d2:
|
||||||
|
83:1c:6c:49:92:5f:51:80:0d:92:0f:99:4d:cb:2a:18:4d:68:
|
||||||
|
b7:b6:d1:de:54:22:71:88:8d:04:45:c5:13:34:8d:52:7a:f7:
|
||||||
|
2a:e7:cb:b2:41:20:7b:ef:aa:d0:58:93:b5:e6:b5:fa:8b:22:
|
||||||
|
a3:ed:a7:81:9b:ca:50:f7:d0:bd:5f:f2:52:6d:8b:af:af:64:
|
||||||
|
36:9d:6d:81:ce:50:29:b7:db:d0:ac:a3:1d:78:77:90:29:a3:
|
||||||
|
84:10:69:13:e9:47:fc:e1:1e:c2:74:55:61:11:65:2d:77:e1:
|
||||||
|
ca:9f:2d:6f:2f:76:f6:69:bc:09:50:9a:b0:48:05:a2:53:e6:
|
||||||
|
93:46:81:0d:04:8b:cd:fb:a4:a7:82:08:78:f9:87:dc:0a:07:
|
||||||
|
91:1f:de:09:fa:00:5a:16:1a:2b:5c:83:10:03:33:2f:ad:8c:
|
||||||
|
9a:eb:94:0f:77:b1:9b:ec:e6:0e:dc:84:dd:35:3f:b5:8a:d2:
|
||||||
|
06:0e:88:d7
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDrDCCApSgAwIBAgIUTJvsldEhSR1dZacaYUZn3UIYZUcwDQYJKoZIhvcNAQEL
|
||||||
|
BQAwWjELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNv
|
||||||
|
VFVSTjELMAkGA1UEAwwCQ0ExGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTAe
|
||||||
|
Fw0yMDAzMDUwOTA1MjFaFw0zMDAzMDMwOTA1MjFaMHExCzAJBgNVBAYTAkhVMRAw
|
||||||
|
DgYDVQQIDAdIdW5nYXJ5MREwDwYDVQQHDAhEZWJyZWNlbjEPMA0GA1UECgwGY29U
|
||||||
|
VVJOMQ8wDQYDVQQDDAZTZXJ2ZXIxGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5l
|
||||||
|
dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALzb9xc1F3xGeWSJYV+s
|
||||||
|
z49tlxOHitbxq9/2aU4EV8FNbD13yVANPbaJzawAtQJF5Ex4728YfldOvGJN9t5s
|
||||||
|
yHfqxbK0ZS1Gdr9eX/hFeFX0TSCskfBPI8tdQClE3pz3CuZIpIA13cvoApBZ9zH5
|
||||||
|
TFD+mO/df2BRLUQKFKJXllE2P3Nm20VfvZ30gjrOq3VP0JBtQ9F7L3cxiNsvSqlO
|
||||||
|
YjnHFH857+IItxinbPjZNdWj+GT1AlEiG456xUSu37EXC3HfCYKJSXDFm6DzPAJI
|
||||||
|
deeB+SRRViQ7/7ho0xMuovTRcDOpetYX/cqlaxN0yc62Jk8B/+u6tfmhcIDaEd+j
|
||||||
|
e08CAwEAAaNTMFEwHQYDVR0OBBYEFDjB5XfTAWt6p9gYa1DW+g7W2bRPMB8GA1Ud
|
||||||
|
IwQYMBaAFBwnXkA5jOxxx+3pKlbJnt9I6oJCMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
|
||||||
|
KoZIhvcNAQELBQADggEBAKM3VWhoAp+v1rE4s9i/MCczbyFMCe7PJNLrzxx6FZht
|
||||||
|
EJTgSh+IXEOQCXjBpoIGFvKM0TrFO5lnNTwAv5+iauczhYOIcojk0oMcbEmSX1GA
|
||||||
|
DZIPmU3LKhhNaLe20d5UInGIjQRFxRM0jVJ69yrny7JBIHvvqtBYk7XmtfqLIqPt
|
||||||
|
p4GbylD30L1f8lJti6+vZDadbYHOUCm329Csox14d5Apo4QQaRPpR/zhHsJ0VWER
|
||||||
|
ZS134cqfLW8vdvZpvAlQmrBIBaJT5pNGgQ0Ei837pKeCCHj5h9wKB5Ef3gn6AFoW
|
||||||
|
GitcgxADMy+tjJrrlA93sZvs5g7chN01P7WK0gYOiNc=
|
||||||
|
-----END CERTIFICATE-----
|
@ -0,0 +1,80 @@
|
|||||||
|
Certificate:
|
||||||
|
Data:
|
||||||
|
Version: 3 (0x2)
|
||||||
|
Serial Number:
|
||||||
|
4c:9b:ec:95:d1:21:49:1d:5d:65:a7:1a:61:46:67:dd:42:18:65:48
|
||||||
|
Signature Algorithm: sha256WithRSAEncryption
|
||||||
|
Issuer: C=HU, ST=Hungary, O=coTURN, CN=CA/emailAddress=misi@majd.eu
|
||||||
|
Validity
|
||||||
|
Not Before: Mar 5 09:05:42 2020 GMT
|
||||||
|
Not After : Mar 3 09:05:42 2030 GMT
|
||||||
|
Subject: C=HU, ST=Hungary, L=Debrecen, O=coTURN, CN=Client/emailAddress=misi@majd.eu
|
||||||
|
Subject Public Key Info:
|
||||||
|
Public Key Algorithm: rsaEncryption
|
||||||
|
RSA Public-Key: (2048 bit)
|
||||||
|
Modulus:
|
||||||
|
00:af:6d:38:31:23:12:12:e7:5a:8d:ed:1c:02:7e:
|
||||||
|
bf:c2:ef:7a:d1:c0:b2:4b:b4:38:9b:a7:5d:dd:01:
|
||||||
|
2c:a0:e7:7c:5b:7a:4d:71:4b:c9:5b:77:e8:b3:4c:
|
||||||
|
92:5b:8c:43:57:b6:c9:8c:44:66:6a:9e:8c:f2:76:
|
||||||
|
58:a2:f5:38:a3:4f:ef:af:5a:c7:bf:e5:72:98:c0:
|
||||||
|
b8:2e:a1:75:cc:16:8b:bf:a3:6a:e6:fd:c9:25:35:
|
||||||
|
92:31:b2:78:2a:42:7b:a1:ce:25:be:32:45:6e:0b:
|
||||||
|
36:22:f8:6c:9c:f3:8f:bf:c8:8c:79:d5:59:02:f5:
|
||||||
|
de:1f:67:fc:ef:c7:27:88:a7:35:b1:d7:ee:dc:1c:
|
||||||
|
74:11:fc:3c:56:33:b5:e7:88:ce:f3:ce:db:b9:3c:
|
||||||
|
e0:eb:15:bc:00:5f:29:f4:9c:8e:4d:61:df:da:aa:
|
||||||
|
f4:fc:fb:e7:4b:75:dc:dc:cf:f0:4b:3b:67:cf:bf:
|
||||||
|
35:b8:0f:5b:20:94:60:dd:3b:e5:7a:ec:0e:30:2c:
|
||||||
|
c1:fb:f6:21:5b:ed:80:34:9d:59:5c:95:39:a2:61:
|
||||||
|
a4:13:fa:57:b9:f5:85:d4:a1:bf:91:cf:d7:dc:ac:
|
||||||
|
fa:32:47:ee:d2:86:9b:14:d1:35:88:1e:2d:9f:39:
|
||||||
|
74:86:de:f1:04:de:e1:39:2f:a8:91:bf:8b:f7:4f:
|
||||||
|
7c:e5
|
||||||
|
Exponent: 65537 (0x10001)
|
||||||
|
X509v3 extensions:
|
||||||
|
X509v3 Subject Key Identifier:
|
||||||
|
32:BA:14:26:42:B6:5B:9E:3C:F1:53:1A:FD:DB:CB:FE:B1:A2:74:6C
|
||||||
|
X509v3 Authority Key Identifier:
|
||||||
|
keyid:1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42
|
||||||
|
|
||||||
|
X509v3 Basic Constraints: critical
|
||||||
|
CA:TRUE
|
||||||
|
Signature Algorithm: sha256WithRSAEncryption
|
||||||
|
6b:93:56:56:81:fb:34:9e:15:2e:3e:b2:2c:73:72:60:f2:1a:
|
||||||
|
a8:bf:c3:f0:c7:57:00:48:37:2a:1c:63:71:1b:29:f4:2b:dc:
|
||||||
|
64:07:f8:72:80:65:18:c7:74:23:c1:02:00:d8:93:1d:4f:2b:
|
||||||
|
8c:46:34:1e:d2:6a:5c:ab:8d:ff:a7:fe:e5:c2:bf:33:55:ea:
|
||||||
|
2b:e2:70:e9:24:4c:4d:31:d4:dd:10:55:f5:bb:2c:a5:ec:f6:
|
||||||
|
8f:7a:05:1c:6c:7d:cf:85:6b:29:a7:bd:fe:a2:bc:00:45:b8:
|
||||||
|
ac:70:c7:c9:67:93:0a:5c:d7:52:a3:c9:fc:6c:ef:52:b2:6b:
|
||||||
|
bc:5b:f9:e1:9b:27:07:39:28:28:7f:a0:70:62:af:4f:42:82:
|
||||||
|
dd:ec:23:4d:fc:8e:19:51:87:cc:d0:29:d5:27:44:9c:fa:b5:
|
||||||
|
51:ea:31:eb:51:84:3f:07:5b:c0:57:5d:2a:c7:15:ed:9c:46:
|
||||||
|
ac:8e:14:8b:4d:82:0e:b4:6a:47:db:37:f3:03:08:86:b6:25:
|
||||||
|
0b:92:6d:99:a9:99:45:4e:38:45:e0:a2:4e:e7:34:50:51:ab:
|
||||||
|
f8:c8:ef:26:3d:7f:9f:8f:45:20:cf:f5:31:27:b6:00:3a:e0:
|
||||||
|
4a:d5:62:9a:29:27:9b:aa:3a:95:56:1c:d7:65:15:ce:35:10:
|
||||||
|
2a:7e:cc:b6
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDrDCCApSgAwIBAgIUTJvsldEhSR1dZacaYUZn3UIYZUgwDQYJKoZIhvcNAQEL
|
||||||
|
BQAwWjELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNv
|
||||||
|
VFVSTjELMAkGA1UEAwwCQ0ExGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTAe
|
||||||
|
Fw0yMDAzMDUwOTA1NDJaFw0zMDAzMDMwOTA1NDJaMHExCzAJBgNVBAYTAkhVMRAw
|
||||||
|
DgYDVQQIDAdIdW5nYXJ5MREwDwYDVQQHDAhEZWJyZWNlbjEPMA0GA1UECgwGY29U
|
||||||
|
VVJOMQ8wDQYDVQQDDAZDbGllbnQxGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5l
|
||||||
|
dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9tODEjEhLnWo3tHAJ+
|
||||||
|
v8LvetHAsku0OJunXd0BLKDnfFt6TXFLyVt36LNMkluMQ1e2yYxEZmqejPJ2WKL1
|
||||||
|
OKNP769ax7/lcpjAuC6hdcwWi7+jaub9ySU1kjGyeCpCe6HOJb4yRW4LNiL4bJzz
|
||||||
|
j7/IjHnVWQL13h9n/O/HJ4inNbHX7twcdBH8PFYzteeIzvPO27k84OsVvABfKfSc
|
||||||
|
jk1h39qq9Pz750t13NzP8Es7Z8+/NbgPWyCUYN075XrsDjAswfv2IVvtgDSdWVyV
|
||||||
|
OaJhpBP6V7n1hdShv5HP19ys+jJH7tKGmxTRNYgeLZ85dIbe8QTe4TkvqJG/i/dP
|
||||||
|
fOUCAwEAAaNTMFEwHQYDVR0OBBYEFDK6FCZCtluePPFTGv3by/6xonRsMB8GA1Ud
|
||||||
|
IwQYMBaAFBwnXkA5jOxxx+3pKlbJnt9I6oJCMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
|
||||||
|
KoZIhvcNAQELBQADggEBAGuTVlaB+zSeFS4+sixzcmDyGqi/w/DHVwBINyocY3Eb
|
||||||
|
KfQr3GQH+HKAZRjHdCPBAgDYkx1PK4xGNB7Salyrjf+n/uXCvzNV6ivicOkkTE0x
|
||||||
|
1N0QVfW7LKXs9o96BRxsfc+Faymnvf6ivABFuKxwx8lnkwpc11Kjyfxs71Kya7xb
|
||||||
|
+eGbJwc5KCh/oHBir09Cgt3sI038jhlRh8zQKdUnRJz6tVHqMetRhD8HW8BXXSrH
|
||||||
|
Fe2cRqyOFItNgg60akfbN/MDCIa2JQuSbZmpmUVOOEXgok7nNFBRq/jI7yY9f5+P
|
||||||
|
RSDP9TEntgA64ErVYpopJ5uqOpVWHNdlFc41ECp+zLY=
|
||||||
|
-----END CERTIFICATE-----
|
30
examples/ca/CA/private/cakey.pem
Normal file
30
examples/ca/CA/private/cakey.pem
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||||
|
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIeK2OY7PJbzYCAggA
|
||||||
|
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECKP+q72oc4q7BIIEyHkaZfqjSX9W
|
||||||
|
HIHqbQtHOMlAtqSxmAyV6C3pXLwNuEpo4cYwyPUdJwMNxm8OjsxuH708daZu5QWl
|
||||||
|
7EVNV4WY9ff4/4geJAp9ZrqJN5TsgFIUyss5NzHjTMPUz/yunr0Hk5OOVLusTCqF
|
||||||
|
Ys0Qdo2Gy33NZCK53U22pa0S/szppN4DIDujSOuUAiyxJdz12cCUyw/OlAXvDLJb
|
||||||
|
I9oObKWpbYBtJSLk5aWblZDUTVmFWngkTIc76wchBXu7WntLjXdMG2lv4Gy/ozUb
|
||||||
|
vsYvEADNRJFOpYyfWvmEFNKvEcVxfzshnms9TdzhDCmYhmYR+NfamYq5Om+81Pv3
|
||||||
|
h+z1Zd7x3uYs8NM+DbRKhwHS6jkQCxelWdQbeSJj/Fz9VpWSrJlkmhXI+7qkBCsv
|
||||||
|
DVoz017Y2zK/iM5JRPTH65tnNMeH61Zj4EOHBEzMBE6EvugJcSqPXfBKtVMwVAzV
|
||||||
|
Mva8gtOlMN0Ce9dmG+HZKDek6S++5AbkxuOwRb+YOVXjUrNXXf0YqglM9Nb/RCr4
|
||||||
|
Z+gkuTCwARJZqjebZnUw1mSZp2R89X774wNDHAlw96tSW2OZlfPmbvXBnwT7QwPm
|
||||||
|
YBZT6CrLL7LEIs0G5zFh1L/PCQi7EyNaE9Ixw52nqc5Ej2M6Rj6XcdCRdw5IKmh/
|
||||||
|
BbTzD0LxfNh+XKpAIzkuNfGkwUVtfldmfpW3xRKzI1o+rbgDGMA/eEFYWmyE9326
|
||||||
|
/vsv7daE4zWAG4O5OdGKMKBABCqM92X2YU7bZoNQS25dy7uZsQ8zvkcI1Q1GKMW0
|
||||||
|
Lg2oDTSTSrPRVgLAcb0o06Frvler5F277OBfBm1+6+7aL3hct4TZjb+0pp5SuxrS
|
||||||
|
7PpRXMFYzbQ+Z7YrRv6uwrrxVl99Ok/jBGLYT+CllZ+PNvRbcgsy0xUIz6KTbQQZ
|
||||||
|
H4qqkObdKFHQLqfP9+YUwjE2akR/prOR2Dfoq648L/eEF4qpGCADaXFoHODWfiqz
|
||||||
|
VQHvLP4FN4ppYn3jB4lSTIl+7s92XznK5aN5AERRdUIfjPnZB8lQkDP/qwwCI0Ki
|
||||||
|
SRxUtsrMef1biTKL5HI3On2wPLFQCGVEmiQoD8uEqaB/vAdJy5ZdQ3HA547TxLmy
|
||||||
|
TJ6je8QMFUcO3n1pJWeUHuL+WyGrcstOEkZiFQyVpAFFeS7h6u2UI7HyNXGaP1mk
|
||||||
|
+vWulewlMjWHw05qG9wLqEiDkpZgmx4garfWbR2rggBu1Jlg4svS2jdmytuKQ735
|
||||||
|
E1e5g7TCSzv6sHzdHfQ2WaVvfM5YfxqWpgPhNH2t7rScoLTvI2txyhpIIEIMn+ip
|
||||||
|
tBM15Ai+L92gr4wLJlsBOcKOWSN46ucqQsGla3so0PZAtU4hVPEJ+PzaR2czStUk
|
||||||
|
MzrKfG1qox+JW8BBiW2zV2idKy2440Sn/NSqMyvZgEFn7GDaAcTsZi2FhRLT1Fg+
|
||||||
|
2c5viBTaCRdh20QDQQu3skEhbFU5GjeZEqCO25hX5L3BZPnQtwQujc2RU9aGWwPm
|
||||||
|
o/nrp8ilBRI18qFdxfqFEV6ftdVNXlrV+cMgtuwPNX6vnmKWjN67/cDIUML3ab+e
|
||||||
|
9cx0rBvCBvMn7Q0AvY/RcsVP0DaLmov7ciuvih0ptCgYThov7FJ2V+q+2LbNLwSc
|
||||||
|
qpi/6R+l6bIjP0UITKZlug==
|
||||||
|
-----END ENCRYPTED PRIVATE KEY-----
|
1
examples/ca/CA/serial
Normal file
1
examples/ca/CA/serial
Normal file
@ -0,0 +1 @@
|
|||||||
|
4C9BEC95D121491D5D65A71A614667DD42186549
|
1
examples/ca/CA/serial.old
Normal file
1
examples/ca/CA/serial.old
Normal file
@ -0,0 +1 @@
|
|||||||
|
4C9BEC95D121491D5D65A71A614667DD42186548
|
364
examples/ca/openssl.conf
Normal file
364
examples/ca/openssl.conf
Normal file
@ -0,0 +1,364 @@
|
|||||||
|
#
|
||||||
|
# OpenSSL example configuration file.
|
||||||
|
# This is mostly being used for generation of certificate requests.
|
||||||
|
#
|
||||||
|
|
||||||
|
# Note that you can include other files from the main configuration
|
||||||
|
# file using the .include directive.
|
||||||
|
#.include filename
|
||||||
|
|
||||||
|
# This definition stops the following lines choking if HOME isn't
|
||||||
|
# defined.
|
||||||
|
HOME = .
|
||||||
|
|
||||||
|
# Extra OBJECT IDENTIFIER info:
|
||||||
|
#oid_file = $ENV::HOME/.oid
|
||||||
|
oid_section = new_oids
|
||||||
|
|
||||||
|
# System default
|
||||||
|
openssl_conf = default_conf
|
||||||
|
|
||||||
|
# To use this configuration file with the "-extfile" option of the
|
||||||
|
# "openssl x509" utility, name here the section containing the
|
||||||
|
# X.509v3 extensions to use:
|
||||||
|
# extensions =
|
||||||
|
# (Alternatively, use a configuration file that has only
|
||||||
|
# X.509v3 extensions in its main [= default] section.)
|
||||||
|
|
||||||
|
[ new_oids ]
|
||||||
|
|
||||||
|
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
|
||||||
|
# Add a simple OID like this:
|
||||||
|
# testoid1=1.2.3.4
|
||||||
|
# Or use config file substitution like this:
|
||||||
|
# testoid2=${testoid1}.5.6
|
||||||
|
|
||||||
|
# Policies used by the TSA examples.
|
||||||
|
tsa_policy1 = 1.2.3.4.1
|
||||||
|
tsa_policy2 = 1.2.3.4.5.6
|
||||||
|
tsa_policy3 = 1.2.3.4.5.7
|
||||||
|
|
||||||
|
####################################################################
|
||||||
|
[ ca ]
|
||||||
|
default_ca = CA_default # The default ca section
|
||||||
|
|
||||||
|
####################################################################
|
||||||
|
[ CA_default ]
|
||||||
|
|
||||||
|
dir = ./CA # Where everything is kept
|
||||||
|
certs = $dir/certs # Where the issued certs are kept
|
||||||
|
crl_dir = $dir/crl # Where the issued crl are kept
|
||||||
|
database = $dir/index.txt # database index file.
|
||||||
|
#unique_subject = no # Set to 'no' to allow creation of
|
||||||
|
# several certs with same subject.
|
||||||
|
new_certs_dir = $dir/newcerts # default place for new certs.
|
||||||
|
|
||||||
|
certificate = $dir/cacert.pem # The CA certificate
|
||||||
|
serial = $dir/serial # The current serial number
|
||||||
|
crlnumber = $dir/crlnumber # the current crl number
|
||||||
|
# must be commented out to leave a V1 CRL
|
||||||
|
crl = $dir/crl.pem # The current CRL
|
||||||
|
private_key = $dir/private/cakey.pem# The private key
|
||||||
|
|
||||||
|
x509_extensions = usr_cert # The extensions to add to the cert
|
||||||
|
|
||||||
|
# Comment out the following two lines for the "traditional"
|
||||||
|
# (and highly broken) format.
|
||||||
|
name_opt = ca_default # Subject Name options
|
||||||
|
cert_opt = ca_default # Certificate field options
|
||||||
|
|
||||||
|
# Extension copying option: use with caution.
|
||||||
|
# copy_extensions = copy
|
||||||
|
|
||||||
|
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
|
||||||
|
# so this is commented out by default to leave a V1 CRL.
|
||||||
|
# crlnumber must also be commented out to leave a V1 CRL.
|
||||||
|
# crl_extensions = crl_ext
|
||||||
|
|
||||||
|
default_days = 3650 # how long to certify for
|
||||||
|
default_crl_days= 30 # how long before next CRL
|
||||||
|
default_md = default # use public key default MD
|
||||||
|
preserve = no # keep passed DN ordering
|
||||||
|
|
||||||
|
# A few difference way of specifying how similar the request should look
|
||||||
|
# For type CA, the listed attributes must be the same, and the optional
|
||||||
|
# and supplied fields are just that :-)
|
||||||
|
policy = policy_match
|
||||||
|
|
||||||
|
# For the CA policy
|
||||||
|
[ policy_match ]
|
||||||
|
countryName = match
|
||||||
|
stateOrProvinceName = match
|
||||||
|
organizationName = match
|
||||||
|
organizationalUnitName = optional
|
||||||
|
commonName = supplied
|
||||||
|
emailAddress = optional
|
||||||
|
|
||||||
|
# For the 'anything' policy
|
||||||
|
# At this point in time, you must list all acceptable 'object'
|
||||||
|
# types.
|
||||||
|
[ policy_anything ]
|
||||||
|
countryName = optional
|
||||||
|
stateOrProvinceName = optional
|
||||||
|
localityName = optional
|
||||||
|
organizationName = optional
|
||||||
|
organizationalUnitName = optional
|
||||||
|
commonName = supplied
|
||||||
|
emailAddress = optional
|
||||||
|
|
||||||
|
####################################################################
|
||||||
|
[ req ]
|
||||||
|
default_bits = 2048
|
||||||
|
default_keyfile = privkey.pem
|
||||||
|
distinguished_name = req_distinguished_name
|
||||||
|
attributes = req_attributes
|
||||||
|
x509_extensions = v3_ca # The extensions to add to the self signed cert
|
||||||
|
|
||||||
|
# Passwords for private keys if not present they will be prompted for
|
||||||
|
# input_password = secret
|
||||||
|
# output_password = secret
|
||||||
|
|
||||||
|
# This sets a mask for permitted string types. There are several options.
|
||||||
|
# default: PrintableString, T61String, BMPString.
|
||||||
|
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
|
||||||
|
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
|
||||||
|
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
|
||||||
|
# MASK:XXXX a literal mask value.
|
||||||
|
# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
|
||||||
|
string_mask = utf8only
|
||||||
|
|
||||||
|
# req_extensions = v3_req # The extensions to add to a certificate request
|
||||||
|
|
||||||
|
[ req_distinguished_name ]
|
||||||
|
countryName = Country Name (2 letter code)
|
||||||
|
countryName_default = HU
|
||||||
|
countryName_min = 2
|
||||||
|
countryName_max = 2
|
||||||
|
|
||||||
|
stateOrProvinceName = State or Province Name (full name)
|
||||||
|
stateOrProvinceName_default = Hungary
|
||||||
|
|
||||||
|
localityName = Locality Name (eg, city)
|
||||||
|
localityName_default = Debrecen
|
||||||
|
|
||||||
|
0.organizationName = Organization Name (eg, company)
|
||||||
|
0.organizationName_default = coTURN
|
||||||
|
|
||||||
|
# we can do this but it is not needed normally :-)
|
||||||
|
#1.organizationName = Second Organization Name (eg, company)
|
||||||
|
#1.organizationName_default = World Wide Web Pty Ltd
|
||||||
|
|
||||||
|
#organizationalUnitName = Organizational Unit Name (eg, section)
|
||||||
|
#organizationalUnitName_default =
|
||||||
|
|
||||||
|
commonName = Common Name (e.g. server FQDN or YOUR name)
|
||||||
|
commonName_max = 64
|
||||||
|
|
||||||
|
emailAddress = Email Address
|
||||||
|
emailAddress_default = misi@majd.eu
|
||||||
|
emailAddress_max = 64
|
||||||
|
|
||||||
|
# SET-ex3 = SET extension number 3
|
||||||
|
|
||||||
|
[ req_attributes ]
|
||||||
|
#challengePassword = A challenge password
|
||||||
|
#challengePassword_min = 4
|
||||||
|
#challengePassword_max = 20
|
||||||
|
|
||||||
|
#unstructuredName = An optional company name
|
||||||
|
|
||||||
|
[ usr_cert ]
|
||||||
|
|
||||||
|
# These extensions are added when 'ca' signs a request.
|
||||||
|
|
||||||
|
# This goes against PKIX guidelines but some CAs do it and some software
|
||||||
|
# requires this to avoid interpreting an end user certificate as a CA.
|
||||||
|
|
||||||
|
basicConstraints=CA:FALSE
|
||||||
|
|
||||||
|
# Here are some examples of the usage of nsCertType. If it is omitted
|
||||||
|
# the certificate can be used for anything *except* object signing.
|
||||||
|
|
||||||
|
# This is OK for an SSL server.
|
||||||
|
# nsCertType = server
|
||||||
|
|
||||||
|
# For an object signing certificate this would be used.
|
||||||
|
# nsCertType = objsign
|
||||||
|
|
||||||
|
# For normal client use this is typical
|
||||||
|
# nsCertType = client, email
|
||||||
|
|
||||||
|
# and for everything including object signing:
|
||||||
|
# nsCertType = client, email, objsign
|
||||||
|
|
||||||
|
# This is typical in keyUsage for a client certificate.
|
||||||
|
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||||
|
|
||||||
|
# This will be displayed in Netscape's comment listbox.
|
||||||
|
nsComment = "OpenSSL Generated Certificate"
|
||||||
|
|
||||||
|
# PKIX recommendations harmless if included in all certificates.
|
||||||
|
subjectKeyIdentifier=hash
|
||||||
|
authorityKeyIdentifier=keyid,issuer
|
||||||
|
|
||||||
|
# This stuff is for subjectAltName and issuerAltname.
|
||||||
|
# Import the email address.
|
||||||
|
# subjectAltName=email:copy
|
||||||
|
# An alternative to produce certificates that aren't
|
||||||
|
# deprecated according to PKIX.
|
||||||
|
# subjectAltName=email:move
|
||||||
|
|
||||||
|
# Copy subject details
|
||||||
|
# issuerAltName=issuer:copy
|
||||||
|
|
||||||
|
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
|
||||||
|
#nsBaseUrl
|
||||||
|
#nsRevocationUrl
|
||||||
|
#nsRenewalUrl
|
||||||
|
#nsCaPolicyUrl
|
||||||
|
#nsSslServerName
|
||||||
|
|
||||||
|
# This is required for TSA certificates.
|
||||||
|
# extendedKeyUsage = critical,timeStamping
|
||||||
|
|
||||||
|
[ v3_req ]
|
||||||
|
|
||||||
|
# Extensions to add to a certificate request
|
||||||
|
|
||||||
|
basicConstraints = CA:FALSE
|
||||||
|
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||||
|
|
||||||
|
[ v3_ca ]
|
||||||
|
|
||||||
|
|
||||||
|
# Extensions for a typical CA
|
||||||
|
|
||||||
|
|
||||||
|
# PKIX recommendation.
|
||||||
|
|
||||||
|
subjectKeyIdentifier=hash
|
||||||
|
|
||||||
|
authorityKeyIdentifier=keyid:always,issuer
|
||||||
|
|
||||||
|
basicConstraints = critical,CA:true
|
||||||
|
|
||||||
|
# Key usage: this is typical for a CA certificate. However since it will
|
||||||
|
# prevent it being used as an test self-signed certificate it is best
|
||||||
|
# left out by default.
|
||||||
|
# keyUsage = cRLSign, keyCertSign
|
||||||
|
|
||||||
|
# Some might want this also
|
||||||
|
# nsCertType = sslCA, emailCA
|
||||||
|
|
||||||
|
# Include email address in subject alt name: another PKIX recommendation
|
||||||
|
# subjectAltName=email:copy
|
||||||
|
# Copy issuer details
|
||||||
|
# issuerAltName=issuer:copy
|
||||||
|
|
||||||
|
# DER hex encoding of an extension: beware experts only!
|
||||||
|
# obj=DER:02:03
|
||||||
|
# Where 'obj' is a standard or added object
|
||||||
|
# You can even override a supported extension:
|
||||||
|
# basicConstraints= critical, DER:30:03:01:01:FF
|
||||||
|
|
||||||
|
[ crl_ext ]
|
||||||
|
|
||||||
|
# CRL extensions.
|
||||||
|
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
|
||||||
|
|
||||||
|
# issuerAltName=issuer:copy
|
||||||
|
authorityKeyIdentifier=keyid:always
|
||||||
|
|
||||||
|
[ proxy_cert_ext ]
|
||||||
|
# These extensions should be added when creating a proxy certificate
|
||||||
|
|
||||||
|
# This goes against PKIX guidelines but some CAs do it and some software
|
||||||
|
# requires this to avoid interpreting an end user certificate as a CA.
|
||||||
|
|
||||||
|
basicConstraints=CA:FALSE
|
||||||
|
|
||||||
|
# Here are some examples of the usage of nsCertType. If it is omitted
|
||||||
|
# the certificate can be used for anything *except* object signing.
|
||||||
|
|
||||||
|
# This is OK for an SSL server.
|
||||||
|
# nsCertType = server
|
||||||
|
|
||||||
|
# For an object signing certificate this would be used.
|
||||||
|
# nsCertType = objsign
|
||||||
|
|
||||||
|
# For normal client use this is typical
|
||||||
|
# nsCertType = client, email
|
||||||
|
|
||||||
|
# and for everything including object signing:
|
||||||
|
# nsCertType = client, email, objsign
|
||||||
|
|
||||||
|
# This is typical in keyUsage for a client certificate.
|
||||||
|
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||||
|
|
||||||
|
# This will be displayed in Netscape's comment listbox.
|
||||||
|
nsComment = "OpenSSL Generated Certificate"
|
||||||
|
|
||||||
|
# PKIX recommendations harmless if included in all certificates.
|
||||||
|
subjectKeyIdentifier=hash
|
||||||
|
authorityKeyIdentifier=keyid,issuer
|
||||||
|
|
||||||
|
# This stuff is for subjectAltName and issuerAltname.
|
||||||
|
# Import the email address.
|
||||||
|
# subjectAltName=email:copy
|
||||||
|
# An alternative to produce certificates that aren't
|
||||||
|
# deprecated according to PKIX.
|
||||||
|
# subjectAltName=email:move
|
||||||
|
|
||||||
|
# Copy subject details
|
||||||
|
# issuerAltName=issuer:copy
|
||||||
|
|
||||||
|
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
|
||||||
|
#nsBaseUrl
|
||||||
|
#nsRevocationUrl
|
||||||
|
#nsRenewalUrl
|
||||||
|
#nsCaPolicyUrl
|
||||||
|
#nsSslServerName
|
||||||
|
|
||||||
|
# This really needs to be in place for it to be a proxy certificate.
|
||||||
|
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
|
||||||
|
|
||||||
|
####################################################################
|
||||||
|
[ tsa ]
|
||||||
|
|
||||||
|
default_tsa = tsa_config1 # the default TSA section
|
||||||
|
|
||||||
|
[ tsa_config1 ]
|
||||||
|
|
||||||
|
# These are used by the TSA reply generation only.
|
||||||
|
dir = ./CA # TSA root directory
|
||||||
|
serial = $dir/tsaserial # The current serial number (mandatory)
|
||||||
|
crypto_device = builtin # OpenSSL engine to use for signing
|
||||||
|
signer_cert = $dir/tsacert.pem # The TSA signing certificate
|
||||||
|
# (optional)
|
||||||
|
certs = $dir/cacert.pem # Certificate chain to include in reply
|
||||||
|
# (optional)
|
||||||
|
signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
|
||||||
|
signer_digest = sha256 # Signing digest to use. (Optional)
|
||||||
|
default_policy = tsa_policy1 # Policy if request did not specify it
|
||||||
|
# (optional)
|
||||||
|
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
|
||||||
|
digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
|
||||||
|
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
|
||||||
|
clock_precision_digits = 0 # number of digits after dot. (optional)
|
||||||
|
ordering = yes # Is ordering defined for timestamps?
|
||||||
|
# (optional, default: no)
|
||||||
|
tsa_name = yes # Must the TSA name be included in the reply?
|
||||||
|
# (optional, default: no)
|
||||||
|
ess_cert_id_chain = no # Must the ESS cert id chain be included?
|
||||||
|
# (optional, default: no)
|
||||||
|
ess_cert_id_alg = sha1 # algorithm to compute certificate
|
||||||
|
# identifier (optional, default: sha1)
|
||||||
|
[default_conf]
|
||||||
|
ssl_conf = ssl_sect
|
||||||
|
|
||||||
|
[ssl_sect]
|
||||||
|
system_default = system_default_sect
|
||||||
|
|
||||||
|
[system_default_sect]
|
||||||
|
MinProtocol = TLSv1.2
|
||||||
|
CipherString = DEFAULT@SECLEVEL=2
|
16
examples/ca/run.sh
Executable file
16
examples/ca/run.sh
Executable file
@ -0,0 +1,16 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#set -x
|
||||||
|
# key passwd: coTURN
|
||||||
|
cp /usr/lib/ssl/misc/CA.pl ./CA.pl
|
||||||
|
patch < CA.pl.diff
|
||||||
|
export OPENSSL_CONFIG="-config openssl.conf"
|
||||||
|
./CA.pl -newca
|
||||||
|
|
||||||
|
for i in "server" "client";
|
||||||
|
do
|
||||||
|
./CA.pl -newreq-nodes
|
||||||
|
./CA.pl -signCA
|
||||||
|
mv newcert.pem turn_${i}_cert.pem
|
||||||
|
mv newkey.pem turn_${i}_pkey.pem
|
||||||
|
rm newreq.pem
|
||||||
|
done;
|
80
examples/ca/turn_client_cert.pem
Normal file
80
examples/ca/turn_client_cert.pem
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
Certificate:
|
||||||
|
Data:
|
||||||
|
Version: 3 (0x2)
|
||||||
|
Serial Number:
|
||||||
|
4c:9b:ec:95:d1:21:49:1d:5d:65:a7:1a:61:46:67:dd:42:18:65:48
|
||||||
|
Signature Algorithm: sha256WithRSAEncryption
|
||||||
|
Issuer: C=HU, ST=Hungary, O=coTURN, CN=CA/emailAddress=misi@majd.eu
|
||||||
|
Validity
|
||||||
|
Not Before: Mar 5 09:05:42 2020 GMT
|
||||||
|
Not After : Mar 3 09:05:42 2030 GMT
|
||||||
|
Subject: C=HU, ST=Hungary, L=Debrecen, O=coTURN, CN=Client/emailAddress=misi@majd.eu
|
||||||
|
Subject Public Key Info:
|
||||||
|
Public Key Algorithm: rsaEncryption
|
||||||
|
RSA Public-Key: (2048 bit)
|
||||||
|
Modulus:
|
||||||
|
00:af:6d:38:31:23:12:12:e7:5a:8d:ed:1c:02:7e:
|
||||||
|
bf:c2:ef:7a:d1:c0:b2:4b:b4:38:9b:a7:5d:dd:01:
|
||||||
|
2c:a0:e7:7c:5b:7a:4d:71:4b:c9:5b:77:e8:b3:4c:
|
||||||
|
92:5b:8c:43:57:b6:c9:8c:44:66:6a:9e:8c:f2:76:
|
||||||
|
58:a2:f5:38:a3:4f:ef:af:5a:c7:bf:e5:72:98:c0:
|
||||||
|
b8:2e:a1:75:cc:16:8b:bf:a3:6a:e6:fd:c9:25:35:
|
||||||
|
92:31:b2:78:2a:42:7b:a1:ce:25:be:32:45:6e:0b:
|
||||||
|
36:22:f8:6c:9c:f3:8f:bf:c8:8c:79:d5:59:02:f5:
|
||||||
|
de:1f:67:fc:ef:c7:27:88:a7:35:b1:d7:ee:dc:1c:
|
||||||
|
74:11:fc:3c:56:33:b5:e7:88:ce:f3:ce:db:b9:3c:
|
||||||
|
e0:eb:15:bc:00:5f:29:f4:9c:8e:4d:61:df:da:aa:
|
||||||
|
f4:fc:fb:e7:4b:75:dc:dc:cf:f0:4b:3b:67:cf:bf:
|
||||||
|
35:b8:0f:5b:20:94:60:dd:3b:e5:7a:ec:0e:30:2c:
|
||||||
|
c1:fb:f6:21:5b:ed:80:34:9d:59:5c:95:39:a2:61:
|
||||||
|
a4:13:fa:57:b9:f5:85:d4:a1:bf:91:cf:d7:dc:ac:
|
||||||
|
fa:32:47:ee:d2:86:9b:14:d1:35:88:1e:2d:9f:39:
|
||||||
|
74:86:de:f1:04:de:e1:39:2f:a8:91:bf:8b:f7:4f:
|
||||||
|
7c:e5
|
||||||
|
Exponent: 65537 (0x10001)
|
||||||
|
X509v3 extensions:
|
||||||
|
X509v3 Subject Key Identifier:
|
||||||
|
32:BA:14:26:42:B6:5B:9E:3C:F1:53:1A:FD:DB:CB:FE:B1:A2:74:6C
|
||||||
|
X509v3 Authority Key Identifier:
|
||||||
|
keyid:1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42
|
||||||
|
|
||||||
|
X509v3 Basic Constraints: critical
|
||||||
|
CA:TRUE
|
||||||
|
Signature Algorithm: sha256WithRSAEncryption
|
||||||
|
6b:93:56:56:81:fb:34:9e:15:2e:3e:b2:2c:73:72:60:f2:1a:
|
||||||
|
a8:bf:c3:f0:c7:57:00:48:37:2a:1c:63:71:1b:29:f4:2b:dc:
|
||||||
|
64:07:f8:72:80:65:18:c7:74:23:c1:02:00:d8:93:1d:4f:2b:
|
||||||
|
8c:46:34:1e:d2:6a:5c:ab:8d:ff:a7:fe:e5:c2:bf:33:55:ea:
|
||||||
|
2b:e2:70:e9:24:4c:4d:31:d4:dd:10:55:f5:bb:2c:a5:ec:f6:
|
||||||
|
8f:7a:05:1c:6c:7d:cf:85:6b:29:a7:bd:fe:a2:bc:00:45:b8:
|
||||||
|
ac:70:c7:c9:67:93:0a:5c:d7:52:a3:c9:fc:6c:ef:52:b2:6b:
|
||||||
|
bc:5b:f9:e1:9b:27:07:39:28:28:7f:a0:70:62:af:4f:42:82:
|
||||||
|
dd:ec:23:4d:fc:8e:19:51:87:cc:d0:29:d5:27:44:9c:fa:b5:
|
||||||
|
51:ea:31:eb:51:84:3f:07:5b:c0:57:5d:2a:c7:15:ed:9c:46:
|
||||||
|
ac:8e:14:8b:4d:82:0e:b4:6a:47:db:37:f3:03:08:86:b6:25:
|
||||||
|
0b:92:6d:99:a9:99:45:4e:38:45:e0:a2:4e:e7:34:50:51:ab:
|
||||||
|
f8:c8:ef:26:3d:7f:9f:8f:45:20:cf:f5:31:27:b6:00:3a:e0:
|
||||||
|
4a:d5:62:9a:29:27:9b:aa:3a:95:56:1c:d7:65:15:ce:35:10:
|
||||||
|
2a:7e:cc:b6
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDrDCCApSgAwIBAgIUTJvsldEhSR1dZacaYUZn3UIYZUgwDQYJKoZIhvcNAQEL
|
||||||
|
BQAwWjELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNv
|
||||||
|
VFVSTjELMAkGA1UEAwwCQ0ExGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTAe
|
||||||
|
Fw0yMDAzMDUwOTA1NDJaFw0zMDAzMDMwOTA1NDJaMHExCzAJBgNVBAYTAkhVMRAw
|
||||||
|
DgYDVQQIDAdIdW5nYXJ5MREwDwYDVQQHDAhEZWJyZWNlbjEPMA0GA1UECgwGY29U
|
||||||
|
VVJOMQ8wDQYDVQQDDAZDbGllbnQxGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5l
|
||||||
|
dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9tODEjEhLnWo3tHAJ+
|
||||||
|
v8LvetHAsku0OJunXd0BLKDnfFt6TXFLyVt36LNMkluMQ1e2yYxEZmqejPJ2WKL1
|
||||||
|
OKNP769ax7/lcpjAuC6hdcwWi7+jaub9ySU1kjGyeCpCe6HOJb4yRW4LNiL4bJzz
|
||||||
|
j7/IjHnVWQL13h9n/O/HJ4inNbHX7twcdBH8PFYzteeIzvPO27k84OsVvABfKfSc
|
||||||
|
jk1h39qq9Pz750t13NzP8Es7Z8+/NbgPWyCUYN075XrsDjAswfv2IVvtgDSdWVyV
|
||||||
|
OaJhpBP6V7n1hdShv5HP19ys+jJH7tKGmxTRNYgeLZ85dIbe8QTe4TkvqJG/i/dP
|
||||||
|
fOUCAwEAAaNTMFEwHQYDVR0OBBYEFDK6FCZCtluePPFTGv3by/6xonRsMB8GA1Ud
|
||||||
|
IwQYMBaAFBwnXkA5jOxxx+3pKlbJnt9I6oJCMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
|
||||||
|
KoZIhvcNAQELBQADggEBAGuTVlaB+zSeFS4+sixzcmDyGqi/w/DHVwBINyocY3Eb
|
||||||
|
KfQr3GQH+HKAZRjHdCPBAgDYkx1PK4xGNB7Salyrjf+n/uXCvzNV6ivicOkkTE0x
|
||||||
|
1N0QVfW7LKXs9o96BRxsfc+Faymnvf6ivABFuKxwx8lnkwpc11Kjyfxs71Kya7xb
|
||||||
|
+eGbJwc5KCh/oHBir09Cgt3sI038jhlRh8zQKdUnRJz6tVHqMetRhD8HW8BXXSrH
|
||||||
|
Fe2cRqyOFItNgg60akfbN/MDCIa2JQuSbZmpmUVOOEXgok7nNFBRq/jI7yY9f5+P
|
||||||
|
RSDP9TEntgA64ErVYpopJ5uqOpVWHNdlFc41ECp+zLY=
|
||||||
|
-----END CERTIFICATE-----
|
28
examples/ca/turn_client_pkey.pem
Normal file
28
examples/ca/turn_client_pkey.pem
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCvbTgxIxIS51qN
|
||||||
|
7RwCfr/C73rRwLJLtDibp13dASyg53xbek1xS8lbd+izTJJbjENXtsmMRGZqnozy
|
||||||
|
dlii9TijT++vWse/5XKYwLguoXXMFou/o2rm/cklNZIxsngqQnuhziW+MkVuCzYi
|
||||||
|
+Gyc84+/yIx51VkC9d4fZ/zvxyeIpzWx1+7cHHQR/DxWM7XniM7zztu5PODrFbwA
|
||||||
|
Xyn0nI5NYd/aqvT8++dLddzcz/BLO2fPvzW4D1sglGDdO+V67A4wLMH79iFb7YA0
|
||||||
|
nVlclTmiYaQT+le59YXUob+Rz9fcrPoyR+7ShpsU0TWIHi2fOXSG3vEE3uE5L6iR
|
||||||
|
v4v3T3zlAgMBAAECggEBAINzP+vx75UirwQybA6ik2aqtEmALxnzDYf1PaxhOOPJ
|
||||||
|
EbIqTuVaeKOFkmToN7NJwxxy50un5WZ3L/5vF7PkNHCLcXrgd1UfxWMY5eprKi2n
|
||||||
|
p0gOWAiGmra7EbUTml9wOdvg8P84BDaVSBekNx7Ukx6OVFTmvTAutCascSfq/4Cx
|
||||||
|
K71zaW/I9hrU8oNDBDzolVW4gW8ObNLGhoDqmvkoXrlrGEBNqkuErbbYZA1k/001
|
||||||
|
lurEh7Zp7Kp6jjHcRm83a7bWiRYGtv1K9kR9MKKLW7au8zyjYcesTvS2QjY+k20W
|
||||||
|
vE2kmyAosbJShFzTmZn8kwgh6c0BPyFDEI5XleMeefECgYEA6ZhgG87wyU4RDU1N
|
||||||
|
PxLV9ufbSYpW91KP1iuZ5Z6QdLGWZeWKjvxtoLAa3z9ceIBVvFqCGDn4DfwIaNLe
|
||||||
|
tGsjeyXre1R3/B0S/oAJbmbRV4pWl/jSzgbzCTGW7x1mpqgpJdHFmTbqTxkNB6cM
|
||||||
|
fpzTPfM012KfRglD9D+2DTOCyEsCgYEAwECXQRIe7/657J68GHSBCaQ+rzDL3nRe
|
||||||
|
exe4duHyXok0yohk7OiPepKQ1hdYq2PHhGEj6b5OgFppWeA66M/ndjX4S10oCtN0
|
||||||
|
oEb7honFz4ZmHmqQ6UotAuBx7tq06v+KI/eTvefTVh9mujdwMW4sAowhx9Dw6PkR
|
||||||
|
ipFCdi458Y8CgYEAhJ//ySoYKaMKKWw/NFVkZ9fB+CH0OF2GzslYijcZuzdstZO6
|
||||||
|
tG37bCUwTJozzTLH+rXEcS7QeFglCibXTMYbkfq4lQAjU1/KffaB5E26A6LGgWhD
|
||||||
|
f7gQWqLuF/qwYmTNX+yW7ONx6tDFRhgBDw3JHb4svTEATwpJq65UlXAui7sCgYBD
|
||||||
|
krBXO8JKApNg+s4MHm74b5VkyFbv4qEOzOCWUIZ6+ejnQxeOOZOstnVX+q681v5a
|
||||||
|
pjYUQ0KeVKjw4SJzkBe/8epKuvyHCZnVd/2SZTx0271q9XPnu52khDUnihHLA3SP
|
||||||
|
fcadGi2q+LCHxVKW3S1028JH1EXI7TpgJPxiQ480OwKBgQDmi0BiSFaxNVcJm+pq
|
||||||
|
rbmK2pRPl49VOlc7px89ilZgoIeU8jwWQyqXRooarFhV1H0SA6oh52jYljiIIFVn
|
||||||
|
qwKfS3Sjo6iW3ytjGcRLeNS0Sk8D2XMky7Mw120ZxatTsKw3ztmYFAlSYdxRMnue
|
||||||
|
zkYzcxL3N2LvHeY8SOwyxayfxg==
|
||||||
|
-----END PRIVATE KEY-----
|
80
examples/ca/turn_server_cert.pem
Normal file
80
examples/ca/turn_server_cert.pem
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
Certificate:
|
||||||
|
Data:
|
||||||
|
Version: 3 (0x2)
|
||||||
|
Serial Number:
|
||||||
|
4c:9b:ec:95:d1:21:49:1d:5d:65:a7:1a:61:46:67:dd:42:18:65:47
|
||||||
|
Signature Algorithm: sha256WithRSAEncryption
|
||||||
|
Issuer: C=HU, ST=Hungary, O=coTURN, CN=CA/emailAddress=misi@majd.eu
|
||||||
|
Validity
|
||||||
|
Not Before: Mar 5 09:05:21 2020 GMT
|
||||||
|
Not After : Mar 3 09:05:21 2030 GMT
|
||||||
|
Subject: C=HU, ST=Hungary, L=Debrecen, O=coTURN, CN=Server/emailAddress=misi@majd.eu
|
||||||
|
Subject Public Key Info:
|
||||||
|
Public Key Algorithm: rsaEncryption
|
||||||
|
RSA Public-Key: (2048 bit)
|
||||||
|
Modulus:
|
||||||
|
00:bc:db:f7:17:35:17:7c:46:79:64:89:61:5f:ac:
|
||||||
|
cf:8f:6d:97:13:87:8a:d6:f1:ab:df:f6:69:4e:04:
|
||||||
|
57:c1:4d:6c:3d:77:c9:50:0d:3d:b6:89:cd:ac:00:
|
||||||
|
b5:02:45:e4:4c:78:ef:6f:18:7e:57:4e:bc:62:4d:
|
||||||
|
f6:de:6c:c8:77:ea:c5:b2:b4:65:2d:46:76:bf:5e:
|
||||||
|
5f:f8:45:78:55:f4:4d:20:ac:91:f0:4f:23:cb:5d:
|
||||||
|
40:29:44:de:9c:f7:0a:e6:48:a4:80:35:dd:cb:e8:
|
||||||
|
02:90:59:f7:31:f9:4c:50:fe:98:ef:dd:7f:60:51:
|
||||||
|
2d:44:0a:14:a2:57:96:51:36:3f:73:66:db:45:5f:
|
||||||
|
bd:9d:f4:82:3a:ce:ab:75:4f:d0:90:6d:43:d1:7b:
|
||||||
|
2f:77:31:88:db:2f:4a:a9:4e:62:39:c7:14:7f:39:
|
||||||
|
ef:e2:08:b7:18:a7:6c:f8:d9:35:d5:a3:f8:64:f5:
|
||||||
|
02:51:22:1b:8e:7a:c5:44:ae:df:b1:17:0b:71:df:
|
||||||
|
09:82:89:49:70:c5:9b:a0:f3:3c:02:48:75:e7:81:
|
||||||
|
f9:24:51:56:24:3b:ff:b8:68:d3:13:2e:a2:f4:d1:
|
||||||
|
70:33:a9:7a:d6:17:fd:ca:a5:6b:13:74:c9:ce:b6:
|
||||||
|
26:4f:01:ff:eb:ba:b5:f9:a1:70:80:da:11:df:a3:
|
||||||
|
7b:4f
|
||||||
|
Exponent: 65537 (0x10001)
|
||||||
|
X509v3 extensions:
|
||||||
|
X509v3 Subject Key Identifier:
|
||||||
|
38:C1:E5:77:D3:01:6B:7A:A7:D8:18:6B:50:D6:FA:0E:D6:D9:B4:4F
|
||||||
|
X509v3 Authority Key Identifier:
|
||||||
|
keyid:1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42
|
||||||
|
|
||||||
|
X509v3 Basic Constraints: critical
|
||||||
|
CA:TRUE
|
||||||
|
Signature Algorithm: sha256WithRSAEncryption
|
||||||
|
a3:37:55:68:68:02:9f:af:d6:b1:38:b3:d8:bf:30:27:33:6f:
|
||||||
|
21:4c:09:ee:cf:24:d2:eb:cf:1c:7a:15:98:6d:10:94:e0:4a:
|
||||||
|
1f:88:5c:43:90:09:78:c1:a6:82:06:16:f2:8c:d1:3a:c5:3b:
|
||||||
|
99:67:35:3c:00:bf:9f:a2:6a:e7:33:85:83:88:72:88:e4:d2:
|
||||||
|
83:1c:6c:49:92:5f:51:80:0d:92:0f:99:4d:cb:2a:18:4d:68:
|
||||||
|
b7:b6:d1:de:54:22:71:88:8d:04:45:c5:13:34:8d:52:7a:f7:
|
||||||
|
2a:e7:cb:b2:41:20:7b:ef:aa:d0:58:93:b5:e6:b5:fa:8b:22:
|
||||||
|
a3:ed:a7:81:9b:ca:50:f7:d0:bd:5f:f2:52:6d:8b:af:af:64:
|
||||||
|
36:9d:6d:81:ce:50:29:b7:db:d0:ac:a3:1d:78:77:90:29:a3:
|
||||||
|
84:10:69:13:e9:47:fc:e1:1e:c2:74:55:61:11:65:2d:77:e1:
|
||||||
|
ca:9f:2d:6f:2f:76:f6:69:bc:09:50:9a:b0:48:05:a2:53:e6:
|
||||||
|
93:46:81:0d:04:8b:cd:fb:a4:a7:82:08:78:f9:87:dc:0a:07:
|
||||||
|
91:1f:de:09:fa:00:5a:16:1a:2b:5c:83:10:03:33:2f:ad:8c:
|
||||||
|
9a:eb:94:0f:77:b1:9b:ec:e6:0e:dc:84:dd:35:3f:b5:8a:d2:
|
||||||
|
06:0e:88:d7
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDrDCCApSgAwIBAgIUTJvsldEhSR1dZacaYUZn3UIYZUcwDQYJKoZIhvcNAQEL
|
||||||
|
BQAwWjELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNv
|
||||||
|
VFVSTjELMAkGA1UEAwwCQ0ExGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTAe
|
||||||
|
Fw0yMDAzMDUwOTA1MjFaFw0zMDAzMDMwOTA1MjFaMHExCzAJBgNVBAYTAkhVMRAw
|
||||||
|
DgYDVQQIDAdIdW5nYXJ5MREwDwYDVQQHDAhEZWJyZWNlbjEPMA0GA1UECgwGY29U
|
||||||
|
VVJOMQ8wDQYDVQQDDAZTZXJ2ZXIxGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5l
|
||||||
|
dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALzb9xc1F3xGeWSJYV+s
|
||||||
|
z49tlxOHitbxq9/2aU4EV8FNbD13yVANPbaJzawAtQJF5Ex4728YfldOvGJN9t5s
|
||||||
|
yHfqxbK0ZS1Gdr9eX/hFeFX0TSCskfBPI8tdQClE3pz3CuZIpIA13cvoApBZ9zH5
|
||||||
|
TFD+mO/df2BRLUQKFKJXllE2P3Nm20VfvZ30gjrOq3VP0JBtQ9F7L3cxiNsvSqlO
|
||||||
|
YjnHFH857+IItxinbPjZNdWj+GT1AlEiG456xUSu37EXC3HfCYKJSXDFm6DzPAJI
|
||||||
|
deeB+SRRViQ7/7ho0xMuovTRcDOpetYX/cqlaxN0yc62Jk8B/+u6tfmhcIDaEd+j
|
||||||
|
e08CAwEAAaNTMFEwHQYDVR0OBBYEFDjB5XfTAWt6p9gYa1DW+g7W2bRPMB8GA1Ud
|
||||||
|
IwQYMBaAFBwnXkA5jOxxx+3pKlbJnt9I6oJCMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
|
||||||
|
KoZIhvcNAQELBQADggEBAKM3VWhoAp+v1rE4s9i/MCczbyFMCe7PJNLrzxx6FZht
|
||||||
|
EJTgSh+IXEOQCXjBpoIGFvKM0TrFO5lnNTwAv5+iauczhYOIcojk0oMcbEmSX1GA
|
||||||
|
DZIPmU3LKhhNaLe20d5UInGIjQRFxRM0jVJ69yrny7JBIHvvqtBYk7XmtfqLIqPt
|
||||||
|
p4GbylD30L1f8lJti6+vZDadbYHOUCm329Csox14d5Apo4QQaRPpR/zhHsJ0VWER
|
||||||
|
ZS134cqfLW8vdvZpvAlQmrBIBaJT5pNGgQ0Ei837pKeCCHj5h9wKB5Ef3gn6AFoW
|
||||||
|
GitcgxADMy+tjJrrlA93sZvs5g7chN01P7WK0gYOiNc=
|
||||||
|
-----END CERTIFICATE-----
|
28
examples/ca/turn_server_pkey.pem
Normal file
28
examples/ca/turn_server_pkey.pem
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC82/cXNRd8Rnlk
|
||||||
|
iWFfrM+PbZcTh4rW8avf9mlOBFfBTWw9d8lQDT22ic2sALUCReRMeO9vGH5XTrxi
|
||||||
|
TfbebMh36sWytGUtRna/Xl/4RXhV9E0grJHwTyPLXUApRN6c9wrmSKSANd3L6AKQ
|
||||||
|
Wfcx+UxQ/pjv3X9gUS1EChSiV5ZRNj9zZttFX72d9II6zqt1T9CQbUPRey93MYjb
|
||||||
|
L0qpTmI5xxR/Oe/iCLcYp2z42TXVo/hk9QJRIhuOesVErt+xFwtx3wmCiUlwxZug
|
||||||
|
8zwCSHXngfkkUVYkO/+4aNMTLqL00XAzqXrWF/3KpWsTdMnOtiZPAf/rurX5oXCA
|
||||||
|
2hHfo3tPAgMBAAECggEALGPXVBEakA9QgRz5Ui+gKaoslF6Ld7IeH+ofHkNPDRRR
|
||||||
|
mLELFFHIa5tASGlyIjKjUoYqYQZ0y7ip9sE0gVs4U1dPWI2mKlohlyFrlUNe4XUm
|
||||||
|
m8N0GfPAChDE/+48FNDMMwxn/eqrUz4ZPCypOYnLMk5lTBvX0J/D7/Yem3nSzwt1
|
||||||
|
qkZoijxZH5IvJAJkBWvucRuJ8XxHzOAo2V2Y+wTdilcJhfCvqGC0rkydjaN6TtRW
|
||||||
|
HWKvAOa7hEegNBbZhHhKfw5ovQwj9Cnr2+8gaTSw5gVaZNnhCO+TlUfQHIBH9rmt
|
||||||
|
82SHu1QoYSGMvkjlrrKhRYHrx+4P4TXoZ6eB1hl3QQKBgQDmwUOkh6qwL2dtcrF1
|
||||||
|
bVdRZjb1bw6L8qZAgUkcA1IaLVUlhjEJZGXAoPbLn6Vq+jfOvaYLmzEaLcpn3pfx
|
||||||
|
Hwcb1vnNW7dlXC1vpIWXPZP4IPJV4XsL1AgoEj6mgETHxvC+4cLc2gaMY5o5TzUv
|
||||||
|
VdV/A7SIqxAyPccXt1u/eITfNwKBgQDRhVTTJiBsGGjOetfgNqNGxpkKB6W4cET9
|
||||||
|
EyC1c7Lh40lioA2G8lzhFCdK9VZ+cAT51Bmkr5jq29EyMafSy3e4+PG8ZLHVL0ll
|
||||||
|
qBY4vSzHQNcGvUgh+15g6ISgCbM0eSsAea3LY+fmchz6mBS6DhyMkYPSbV+7YvHJ
|
||||||
|
PSnfTkTgqQKBgQCO+SQOJzjs3RI6UBv/4/V8K9bVjy/2Kiw0P2arAqu2KGxfSZvM
|
||||||
|
c/ZPuevwEkSN2ecGI59kBY4Q6FpGrTZ7YXwoFbTFNpSVKt3EFK3pHXA3B0LfT0vL
|
||||||
|
8l3zZgqHY2Y6WdsEiiEQcc4o4fXGmHsdjxMvFX6gR01Ls9dNrIAeTHAXVQKBgGoL
|
||||||
|
Q72C5JIRYKpw/mYbAVTHG5o5+KR7Hk/AqKNuJbGyqefi/jW44U2CN8j2l4pzA/G2
|
||||||
|
aiwyPAFStHTlMP29waC7Tw59IIy33Dw5cNXS2aEXrj1Y+/NHGKOPy+B8SFlcomkh
|
||||||
|
LNduf2bhhs1Gv+bTUZvL4p5UgUmEcL/b1x+Qq8fRAoGBAIpNCp4W+TsPUJcQKoWm
|
||||||
|
L61RVr5GaHv7/qxQvYaXIVCq8/gZAbJi3/A9ieTrF72uuOZ+ajzFHDUiiDs19y67
|
||||||
|
mCvCchPgqzLy9iSs6mm8fmS6kJnWn04I+7DOfe7kScUnD5WkyNaTYAeOqvdWzl/i
|
||||||
|
B1hQJJ9GzZG5Rztlotm5m/JY
|
||||||
|
-----END PRIVATE KEY-----
|
1
examples/etc/cacert.pem
Symbolic link
1
examples/etc/cacert.pem
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../ca/CA/cacert.pem
|
@ -1,5 +1,5 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=coTURN STUN/TURN Server
|
Description=Coturn STUN/TURN Server
|
||||||
Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1)
|
Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1)
|
||||||
After=network.target
|
After=network.target
|
||||||
After=network-online.target
|
After=network-online.target
|
||||||
|
@ -1,23 +0,0 @@
|
|||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIDzjCCArYCCQD3YHhln4EqhDANBgkqhkiG9w0BAQUFADCBpzELMAkGA1UEBhMC
|
|
||||||
VVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxXYWxudXQgQ3JlZWsxKzApBgNVBAoT
|
|
||||||
IlJGQzU3NjYgVFVSTiBTZXJ2ZXIgcHVibGljIHByb2plY3QxFDASBgNVBAsTC2Rl
|
|
||||||
dmVsb3BtZW50MQ0wCwYDVQQDEwRPbGVnMSIwIAYJKoZIhvcNAQkBFhNtb20wNDAy
|
|
||||||
NjdAZ21haWwuY29tMCAXDTEyMTEyNzAwNDEwNVoYDzIxMTIxMTAzMDA0MTA1WjCB
|
|
||||||
pzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxXYWxudXQgQ3Jl
|
|
||||||
ZWsxKzApBgNVBAoTIlJGQzU3NjYgVFVSTiBTZXJ2ZXIgcHVibGljIHByb2plY3Qx
|
|
||||||
FDASBgNVBAsTC2RldmVsb3BtZW50MQ0wCwYDVQQDEwRPbGVnMSIwIAYJKoZIhvcN
|
|
||||||
AQkBFhNtb20wNDAyNjdAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
|
|
||||||
MIIBCgKCAQEA3huHvPYyvNZBK91bP3O1dBdOj93YQ3812BTcRMjEYnvSyyEosxFd
|
|
||||||
dEnILgDiFK//pFnDtwm7FxOCtVwRQ0+8qGTH4vH0EIpKTBsaafKH3L9CYe40pwcm
|
|
||||||
BJHvclOa4vl2Ghi09+M0UEHdokkM77K9rpXx7aZILoICkqnoAuBe0TY8D5PBXinM
|
|
||||||
gtk7HlrvANxSmPHAAaGQ5t/+jfTWVH1UYCpogTgCKYPbNi+joKu6oEz+qRKAqDYd
|
|
||||||
FY6/Qpiv7reYiNiVhM7HGNY27FkKDJDBhsmZRmtTIEdYFfcWPZvv69L7Rf1skOXF
|
|
||||||
Vm5/to3HArJJF+lz6YGj0C3pE6dZt6sUmQIDAQABMA0GCSqGSIb3DQEBBQUAA4IB
|
|
||||||
AQAhXgGdXXf0dMPdkfl4jv4dqFNSmax6wmeNc+oJC9qIFVDLsdAaAWXZ+pZHYIMR
|
|
||||||
UN8mQobsIZdfPQ0gs8CgUwrKziAjA92y2Q/I7vsg83qRLhysGC5etYMD/wlySDDS
|
|
||||||
AJKraevDPTEdmfNstCblubNG2PIeqV1isWtPMqB2dMsCeyzJXVyfD0QcABzFv4Fs
|
|
||||||
MMy7JI7MsctNh1tjV/0TsddDMeMLs22rix5fS8MZ6uunFzIuJ0MshFNehXFuvz0B
|
|
||||||
uNmn0k7djUm3h+2Avs3YGCo/8GtqHapc/lva/9gT+iEW0e7i0Ru5Jhar66VMzJqv
|
|
||||||
+wEhQafC77d3vWHtXQU8dYmM
|
|
||||||
-----END CERTIFICATE-----
|
|
1
examples/etc/turn_client_cert.pem
Symbolic link
1
examples/etc/turn_client_cert.pem
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../ca/turn_client_cert.pem
|
@ -1,27 +0,0 @@
|
|||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIEowIBAAKCAQEA3huHvPYyvNZBK91bP3O1dBdOj93YQ3812BTcRMjEYnvSyyEo
|
|
||||||
sxFddEnILgDiFK//pFnDtwm7FxOCtVwRQ0+8qGTH4vH0EIpKTBsaafKH3L9CYe40
|
|
||||||
pwcmBJHvclOa4vl2Ghi09+M0UEHdokkM77K9rpXx7aZILoICkqnoAuBe0TY8D5PB
|
|
||||||
XinMgtk7HlrvANxSmPHAAaGQ5t/+jfTWVH1UYCpogTgCKYPbNi+joKu6oEz+qRKA
|
|
||||||
qDYdFY6/Qpiv7reYiNiVhM7HGNY27FkKDJDBhsmZRmtTIEdYFfcWPZvv69L7Rf1s
|
|
||||||
kOXFVm5/to3HArJJF+lz6YGj0C3pE6dZt6sUmQIDAQABAoIBAH5ITN8FZEe10gws
|
|
||||||
qUrkcRD2h3aI/gMyetzGz45UUERmfq17xvY5M1eA884kNmbowoMhfoO9hqBSOYkA
|
|
||||||
Ndh9p5he5L+GLeyRlDi9WEFQ4iqCnC2uEEW/bMBAcVIhcvkGOT4ROiOPDRlsuaUh
|
|
||||||
v7cxe2OeYZVra7L1vJzC+eVYyNBN5CgK8w08MPEkupQS9+Jvr0QWCikRz187cG45
|
|
||||||
EiDMrBKyJNE9lY6u4P8gJ+/NgaASWP/D3kbsjiQ2OwSGLrwDAvWC7Bx2GK3/0goA
|
|
||||||
btp7YGaWvp+mE5V91cOW+PfweC5Do4MjOr4ToNkczW0AxKE5o94yo56h+II5bX6N
|
|
||||||
z65VvtkCgYEA/Sq/3S2yup/Oodzj003KG4skWYFrj7KXeXgm7RZcpNwkd8JaFXJ/
|
|
||||||
Cwl7/3bkRv6RHLmXX/2hcNWlxq3u6Efs1EjtycdArU68kO01vLdExJYIzHKmHikV
|
|
||||||
n+T4hukxGDzObxn3lH1KcOodh/x572Uufn79dewoZCPzH8t/jiMOWGcCgYEA4JfN
|
|
||||||
66Kq/oDookqenM9Ij5l6zeeNwzMjIlkU2eG0DAH0KdsBN/hTGGGRQVBk03YREQmK
|
|
||||||
crEhGAZxzfrX5fK11UVG3C2pqAtrVe6FuD32vFUpP1MO0ftSA889NoEwGdNZV4pV
|
|
||||||
Mk0+6xVCNOatj2inMXlQq5s68WfCzkiWD7uLCv8CgYBcwuYsF4tuYBGpMzNzAAS2
|
|
||||||
1OPLu+T6cPiZdFHm+xOVAGiITPkO9LXiCGabsydvb+UhvkrdzCP0IQQt6RsplvkK
|
|
||||||
y3H9RfnHxprHC3NuI0SaN1Mf/j4pvOoEfTQm0pi/hcAp6zzQ9ptpBg8t/W98LPm9
|
|
||||||
NbCPHamrD5UMqFajcOrXrwKBgD8D2M8IcRm/aYY/kYlFz4Ia+g3Trj7alj0I6YTI
|
|
||||||
gw/rbGph/FGL5ySsG2lL+T4rnlY9aw8LC9IF3OCCRRlLpCEWsu8MENIJgjA2IGa1
|
|
||||||
XAkzi8MstrfL4BMZjn9AeBKG7kZVldnrOoATEuRs5L2cC20iMLQ1dbBOAKaITzJS
|
|
||||||
2IxZAoGBAKqwr/uennxJrnMtpjLBgcphoU3aXJZvzzDqlOaqzJp6Xmbese4sDEe0
|
|
||||||
hvVHreigDzOnGnqL/vSjTDWaLqS/O1iE7p+UrGIkZj/Zl6Jk54OX6AHmWE2LhdlU
|
|
||||||
FYgIQKX7fuocpF1Dpe7xEeVwvdp+UqbDzHQg1CWGe1cBPYDYIkSH
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
1
examples/etc/turn_client_pkey.pem
Symbolic link
1
examples/etc/turn_client_pkey.pem
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../ca/turn_client_pkey.pem
|
@ -1,22 +0,0 @@
|
|||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIDsDCCApgCCQCmgrJCiQlGOTANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMC
|
|
||||||
VVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxXYWxudXQgQ3JlZWsxHDAaBgNVBAoT
|
|
||||||
E1RVUk4gU2VydmVyIHByb2plY3QxFDASBgNVBAsTC0RldmVsb3BtZW50MQ0wCwYD
|
|
||||||
VQQDEwRPbGVnMSIwIAYJKoZIhvcNAQkBFhNtb20wNDAyNjdAZ21haWwuY29tMCAX
|
|
||||||
DTEyMTEyNTA4MjAxNloYDzIxMTIxMTAxMDgyMDE2WjCBmDELMAkGA1UEBhMCVVMx
|
|
||||||
CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxXYWxudXQgQ3JlZWsxHDAaBgNVBAoTE1RV
|
|
||||||
Uk4gU2VydmVyIHByb2plY3QxFDASBgNVBAsTC0RldmVsb3BtZW50MQ0wCwYDVQQD
|
|
||||||
EwRPbGVnMSIwIAYJKoZIhvcNAQkBFhNtb20wNDAyNjdAZ21haWwuY29tMIIBIjAN
|
|
||||||
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6bYkERhZ43RjW4EuqCaTq5g+D+l
|
|
||||||
JI/GwlVzdzQ3+F4clMQDR1kp1nX+9AvwjCXz3AYwY1H9CqjmjGM4R9uNJJseK/aJ
|
|
||||||
d2DUFADkF+7I674XwX8U2Fy5on9jqWq3jdbb8eg/awcTBdrNLWNPquwfS2KVdooj
|
|
||||||
9yPkqnO0c3ko1/OzIQCcs09O3l/MPt+aOsHk3B9l79ZRs3zWkylI+we0Fnc+7tZE
|
|
||||||
psCztA+KCCoiJf7NenOvVhdKg7D1AXuzJ/P/Euvc3+CIiS9HI4pWLopY1k+HydLe
|
|
||||||
IcopqSbg9CRIKe1HOL8YTvCm2ZoTqgijwWUlGtwEDf2xxUQX/TLYiW8JFQIDAQAB
|
|
||||||
MA0GCSqGSIb3DQEBBQUAA4IBAQATbrBOLV4e8Qmsby9+srxXsdbNc60PmDZ4WiZ1
|
|
||||||
IElfWmzM7wGXm9sJg1PX/7T24R1tbwZGLIhZnkhecG372GChULZJ9Pdjh0Ab2nK5
|
|
||||||
LRKHXTpjp/xOJvx0JMCIIyRnGZT1nABPOk8uEjNW8PaU6yhQ4f5nKaSOgYGRCln6
|
|
||||||
dcy5vylCsyD9Q7GXs0KOC38XD+Ycv6VLX4zKJ2Yum50Wt643nLjG9RlGT3FXWJ1K
|
|
||||||
HUbPC5TO6bcYLdiTjaYr+X8xC/x6h/Ngdo/16w7fRmQQ4uS+TVXrg8ITmI71KX/I
|
|
||||||
m7C9jbsubwzrhW84oZXYf+o/0ATtEAhiVLnHifKCCYikqfVj
|
|
||||||
-----END CERTIFICATE-----
|
|
1
examples/etc/turn_server_cert.pem
Symbolic link
1
examples/etc/turn_server_cert.pem
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../ca/turn_server_cert.pem
|
@ -1,27 +0,0 @@
|
|||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIEpAIBAAKCAQEAv6bYkERhZ43RjW4EuqCaTq5g+D+lJI/GwlVzdzQ3+F4clMQD
|
|
||||||
R1kp1nX+9AvwjCXz3AYwY1H9CqjmjGM4R9uNJJseK/aJd2DUFADkF+7I674XwX8U
|
|
||||||
2Fy5on9jqWq3jdbb8eg/awcTBdrNLWNPquwfS2KVdooj9yPkqnO0c3ko1/OzIQCc
|
|
||||||
s09O3l/MPt+aOsHk3B9l79ZRs3zWkylI+we0Fnc+7tZEpsCztA+KCCoiJf7NenOv
|
|
||||||
VhdKg7D1AXuzJ/P/Euvc3+CIiS9HI4pWLopY1k+HydLeIcopqSbg9CRIKe1HOL8Y
|
|
||||||
TvCm2ZoTqgijwWUlGtwEDf2xxUQX/TLYiW8JFQIDAQABAoIBADUPHCXUyKLCwKFH
|
|
||||||
NEf27sGZxX71H+NfaseioLT/3/8DDyagncfDB7I4OL2YEKC8YScpD3xv1n59BFcZ
|
|
||||||
oRtDzW+1AkVpm+VRCWYAWSXHFhkuJ6WKaVr9UOeMHStqQCcktP/kLKqU6s9UJDnM
|
|
||||||
pOHNPVzBjl+jHxHs/gGyxuKxSH2Anwkrzpiv5j0obKFnw3QtAqeZRs1NlvPtYt2S
|
|
||||||
eihZWr8r8LqylPk9ga9MYmO79Yr+EPVaqd6bmz4MpZJ4/7LEjx03Q6azdMCPhFNY
|
|
||||||
cYzPIDZFEj81Zj/tqA2MU/uTTUUrcXint4dHRJs34m5N68PV1Y1XhhH6FG0+X711
|
|
||||||
ZymudoECgYEA/ChS5zmmOoLoaq2441+PzQbDP45qR6+G4slHwC8RDZhsYw0hQnp9
|
|
||||||
n44Qagpt74J4FjxT20BdE714DZP32IqagUwatWRQ+z3UoGafkJSNc5JSEogwZ65C
|
|
||||||
nC8RI1pPHLEvE8IzBJiqUA1kbMOMfTYW694wdN9JVZang05/AXaJzm8CgYEAwpJ8
|
|
||||||
nJRR9JFweHRrRgnrVk0Qi+ABbN9T/nhPXYab2vjBfeBOTA1Mob0M3zMJDCnL2i+D
|
|
||||||
K1GzE6WaYHElr45j2Wfphd/rRTk74WR4BaPpTCGaAhBQNn0ufqUkKsCPEAlTU+nG
|
|
||||||
iyXP4OvdMPjEBckjbKm/mlX7m0njSHAY6SWNorsCgYEAi8Yubk3efwChpMC3hBIs
|
|
||||||
vBHLmSdwclwyAPRh+X4djdO4AQ/+J8OObytond86IVHJD0pRkW+UKKUWLzCeakIq
|
|
||||||
cxGknHgHC72yZ1d7i8FMx4uMQwmLC23lLn5ImbgtslHlLqavcRTPE6DY0hFzhtS8
|
|
||||||
z/JSGfbLx83C/V49uKnkqbECgYA6h1oYt70XdpCAi3ShcuZp5XCuwslq+JsJlyM4
|
|
||||||
nP9RFTcPKGQlGHMOzBGNKor0L7Z0gYpRg5f8tvoDPMX7UzfR9CIY9UyOXDMZD+HS
|
|
||||||
wIWzMwBi0olueqV7zy1b9uSSDFwWh+IDhXJM1GaLDqnYm7KeQ0mxoV+4TLej2KSF
|
|
||||||
rZg3dQKBgQCVrVxFV8jHBsRsH5PzMx6pUSAollmuyte9mGU1MIE7EZf+LEQIAjGZ
|
|
||||||
9jvtAILYVJXwVZv1/zNxldUfBNuWc95ft+Gg7FEN0p0uLpdYNXQUcXuJaJ9tJ1td
|
|
||||||
ZfvRcrUXdFNKYt9/yaGeHVaIQfp4W1faZD7OnII7EOVkUKyv/qNGAA==
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
1
examples/etc/turn_server_pkey.pem
Symbolic link
1
examples/etc/turn_server_pkey.pem
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../ca/turn_server_pkey.pem
|
@ -45,6 +45,14 @@
|
|||||||
#
|
#
|
||||||
#alt-tls-listening-port=0
|
#alt-tls-listening-port=0
|
||||||
|
|
||||||
|
# Some network setups will require using a TCP reverse proxy in front
|
||||||
|
# of the STUN server. If the proxy port option is set a single listener
|
||||||
|
# is started on the given port that accepts connections using the
|
||||||
|
# haproxy proxy protocol v2.
|
||||||
|
# (https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)
|
||||||
|
#
|
||||||
|
#tcp-proxy-port=5555
|
||||||
|
|
||||||
# Listener IP address of relay server. Multiple listeners can be specified.
|
# Listener IP address of relay server. Multiple listeners can be specified.
|
||||||
# If no IP(s) specified in the config file or in the command line options,
|
# If no IP(s) specified in the config file or in the command line options,
|
||||||
# then all IPv4 and IPv6 system IPs will be used for listening.
|
# then all IPv4 and IPv6 system IPs will be used for listening.
|
||||||
@ -566,7 +574,7 @@
|
|||||||
# Implementers SHOULD make usage of the SOFTWARE attribute a
|
# Implementers SHOULD make usage of the SOFTWARE attribute a
|
||||||
# configurable option (https://tools.ietf.org/html/rfc5389#section-16.1.2)
|
# configurable option (https://tools.ietf.org/html/rfc5389#section-16.1.2)
|
||||||
#
|
#
|
||||||
#prod
|
#no-software-attribute
|
||||||
|
|
||||||
# Option to suppress STUN functionality, only TURN requests will be processed.
|
# Option to suppress STUN functionality, only TURN requests will be processed.
|
||||||
# Run as TURN server only, all STUN requests will be ignored.
|
# Run as TURN server only, all STUN requests will be ignored.
|
||||||
@ -631,7 +639,7 @@
|
|||||||
# Allocate Address Family according
|
# Allocate Address Family according
|
||||||
# If enabled then TURN server allocates address family according the TURN
|
# If enabled then TURN server allocates address family according the TURN
|
||||||
# Client <=> Server communication address family.
|
# Client <=> Server communication address family.
|
||||||
# (By default coTURN works according RFC 6156.)
|
# (By default Coturn works according RFC 6156.)
|
||||||
# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!!
|
# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!!
|
||||||
#
|
#
|
||||||
#keep-address-family
|
#keep-address-family
|
||||||
|
@ -32,5 +32,5 @@ fi
|
|||||||
|
|
||||||
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
|
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
|
||||||
|
|
||||||
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -S -i turn_server_cert.pem -k turn_server_pkey.pem -E turn_server_cert.pem -n 1000 -m 10 -l 170 -e 127.0.0.1 -g -u bolt -w kwyjibo -s -X $@ 127.0.0.1
|
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -S -i turn_server_cert.pem -k turn_server_pkey.pem -E cacert.pem -n 1000 -m 10 -l 170 -e 127.0.0.1 -g -u bolt -w kwyjibo -s -X $@ 127.0.0.1
|
||||||
|
|
||||||
|
@ -36,4 +36,4 @@ fi
|
|||||||
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
|
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
|
||||||
export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
|
export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
|
||||||
|
|
||||||
PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --allow-loopback-peers --max-bps=3000000 -f -m 10 --min-port=32355 --max-port=65535 --user=ninefingers:youhavetoberealistic --user=bolt:kwyjibo -r bolt.co --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --CA-file=turn_server_cert.pem --log-file=stdout -v --cipher-list="ALL:!eNULL:!aNULL:!NULL" --cli-password=secret --db=var/db/turndb $@
|
PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --allow-loopback-peers --max-bps=3000000 -f -m 10 --min-port=32355 --max-port=65535 --user=ninefingers:youhavetoberealistic --user=bolt:kwyjibo -r bolt.co --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --CA-file=cacert.pem --log-file=stdout -v --cipher-list="ALL:!eNULL:!aNULL:!NULL" --cli-password=secret --db=var/db/turndb $@
|
||||||
|
@ -32,5 +32,5 @@ fi
|
|||||||
|
|
||||||
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
|
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
|
||||||
|
|
||||||
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -t -S -i turn_server_cert.pem -k turn_server_pkey.pem -E turn_server_cert.pem -n 1000 -m 10 -l 170 -e 127.0.0.1 -X -g -u bolt -w kwyjibo -s $@ 127.0.0.1
|
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -t -S -i turn_server_cert.pem -k turn_server_pkey.pem -E cacert.pem -n 1000 -m 10 -l 170 -e 127.0.0.1 -X -g -u bolt -w kwyjibo -s $@ 127.0.0.1
|
||||||
|
|
||||||
|
@ -55,14 +55,19 @@ because data for multiple realms can be stored in the same database.
|
|||||||
\fBturnadmin \fP\- a TURN relay administration tool.
|
\fBturnadmin \fP\- a TURN relay administration tool.
|
||||||
\fB
|
\fB
|
||||||
.SS SYNOPSIS
|
.SS SYNOPSIS
|
||||||
|
.nf
|
||||||
|
.fam C
|
||||||
|
|
||||||
|
$ \fIturnadmin\fP [\fIcommand\fP] [\fIoptions\fP]
|
||||||
|
|
||||||
$ \fIturnadmin\fP [command] [options]
|
|
||||||
.PP
|
|
||||||
$ \fIturnadmin\fP [ \fB\-h\fP | \fB\-\-help\fP]
|
$ \fIturnadmin\fP [ \fB\-h\fP | \fB\-\-help\fP]
|
||||||
|
|
||||||
|
.fam T
|
||||||
|
.fi
|
||||||
|
.fam T
|
||||||
|
.fi
|
||||||
.SS DESCRIPTION
|
.SS DESCRIPTION
|
||||||
|
|
||||||
.TP
|
|
||||||
.B
|
|
||||||
Commands:
|
Commands:
|
||||||
.TP
|
.TP
|
||||||
.B
|
.B
|
||||||
@ -135,15 +140,14 @@ List origin\-to\-realm relations.
|
|||||||
Set realm params: max\-bps, total\-quota, user\-quota.
|
Set realm params: max\-bps, total\-quota, user\-quota.
|
||||||
.TP
|
.TP
|
||||||
.B
|
.B
|
||||||
\fB\-G\fP, \fB\-\-list\-realm\-options\fP
|
\fB\-G\fP, \fB\-\-list\-realm\fP\-\fIoptions\fP
|
||||||
List realm params.
|
List realm params.
|
||||||
.TP
|
.TP
|
||||||
.B
|
.B
|
||||||
\fB\-E\fP, \fB\-\-generate\-encrypted\-password\-aes\fP
|
\fB\-E\fP, \fB\-\-generate\-encrypted\-password\-aes\fP
|
||||||
Generate and print to the standard output
|
Generate and print to the standard output
|
||||||
an encrypted form of password with AES\-128
|
an encrypted form of password with AES\-128
|
||||||
.TP
|
.PP
|
||||||
.B
|
|
||||||
Options with required values:
|
Options with required values:
|
||||||
.TP
|
.TP
|
||||||
.B
|
.B
|
||||||
@ -215,8 +219,7 @@ Set value of realm's user\-quota parameter.
|
|||||||
.B
|
.B
|
||||||
\fB\-h\fP, \fB\-\-help\fP
|
\fB\-h\fP, \fB\-\-help\fP
|
||||||
Help.
|
Help.
|
||||||
.TP
|
.PP
|
||||||
.B
|
|
||||||
Command examples:
|
Command examples:
|
||||||
.PP
|
.PP
|
||||||
Generate an encrypted form of a password:
|
Generate an encrypted form of a password:
|
||||||
@ -282,8 +285,6 @@ $ \fIturnadmin\fP \fB\-\-file\-key\-path\fP <key\-file> \fB\-v\fP <encrypted>
|
|||||||
.PP
|
.PP
|
||||||
|
|
||||||
.RS
|
.RS
|
||||||
.TP
|
|
||||||
.B
|
|
||||||
Help:
|
Help:
|
||||||
.PP
|
.PP
|
||||||
$ \fIturnadmin\fP \fB\-h\fP
|
$ \fIturnadmin\fP \fB\-h\fP
|
||||||
@ -291,7 +292,7 @@ $ \fIturnadmin\fP \fB\-h\fP
|
|||||||
=======================================
|
=======================================
|
||||||
.SS DOCS
|
.SS DOCS
|
||||||
|
|
||||||
After installation, run the command:
|
After installation, run the \fIcommand\fP:
|
||||||
.PP
|
.PP
|
||||||
$ man \fIturnadmin\fP
|
$ man \fIturnadmin\fP
|
||||||
.PP
|
.PP
|
||||||
|
@ -96,8 +96,6 @@ $ \fIturnserver\fP \fB\-h\fP
|
|||||||
.fi
|
.fi
|
||||||
.SS DESCRIPTION
|
.SS DESCRIPTION
|
||||||
|
|
||||||
.TP
|
|
||||||
.B
|
|
||||||
Config file settings:
|
Config file settings:
|
||||||
.TP
|
.TP
|
||||||
.B
|
.B
|
||||||
@ -126,8 +124,7 @@ upper directory level etc/
|
|||||||
.IP \(bu 3
|
.IP \(bu 3
|
||||||
installation directory /etc
|
installation directory /etc
|
||||||
.RE
|
.RE
|
||||||
.TP
|
.PP
|
||||||
.B
|
|
||||||
User database settings:
|
User database settings:
|
||||||
.TP
|
.TP
|
||||||
.B
|
.B
|
||||||
@ -219,8 +216,7 @@ See the INSTALL file for more explanations and examples.
|
|||||||
.PP
|
.PP
|
||||||
Also, see http://redis.io for full Redis documentation.
|
Also, see http://redis.io for full Redis documentation.
|
||||||
.RE
|
.RE
|
||||||
.TP
|
.PP
|
||||||
.B
|
|
||||||
Flags:
|
Flags:
|
||||||
.TP
|
.TP
|
||||||
.B
|
.B
|
||||||
@ -234,10 +230,8 @@ Extra verbose mode, very annoying and not recommended.
|
|||||||
.B
|
.B
|
||||||
\fB\-o\fP, \fB\-\-daemon\fP
|
\fB\-o\fP, \fB\-\-daemon\fP
|
||||||
Run server as daemon.
|
Run server as daemon.
|
||||||
.TP
|
.PP
|
||||||
.B
|
\fB\-\-no\-software\-attribute\fP Production mode: hide the software version.
|
||||||
\fB\-\-prod\fP
|
|
||||||
Production mode: hide the software version.
|
|
||||||
.TP
|
.TP
|
||||||
.B
|
.B
|
||||||
\fB\-f\fP, \fB\-\-fingerprint\fP
|
\fB\-f\fP, \fB\-\-fingerprint\fP
|
||||||
@ -281,11 +275,11 @@ Support oAuth authentication, as in the third\-party STUN/TURN RFC 7635.
|
|||||||
.TP
|
.TP
|
||||||
.B
|
.B
|
||||||
\fB\-\-dh566\fP
|
\fB\-\-dh566\fP
|
||||||
Use 566 bits predefined DH TLS key. Default size of the key is 1066.
|
Use 566 bits predefined DH TLS key. Default size of the key is 2066.
|
||||||
.TP
|
.TP
|
||||||
.B
|
.B
|
||||||
\fB\-\-dh2066\fP
|
\fB\-\-dh1066\fP
|
||||||
Use 2066 bits predefined DH TLS key. Default size of the key is 1066.
|
Use 1066 bits predefined DH TLS key. Default size of the key is 2066.
|
||||||
.TP
|
.TP
|
||||||
.B
|
.B
|
||||||
\fB\-\-no\-tlsv1\fP
|
\fB\-\-no\-tlsv1\fP
|
||||||
@ -406,8 +400,7 @@ initially used by the session).
|
|||||||
.B
|
.B
|
||||||
\fB\-h\fP
|
\fB\-h\fP
|
||||||
Help.
|
Help.
|
||||||
.TP
|
.PP
|
||||||
.B
|
|
||||||
Options with values:
|
Options with values:
|
||||||
.TP
|
.TP
|
||||||
.B
|
.B
|
||||||
@ -483,6 +476,12 @@ Alternative listening port for TLS and DTLS protocols.
|
|||||||
Default (or zero) value means "TLS listening port plus one".
|
Default (or zero) value means "TLS listening port plus one".
|
||||||
.TP
|
.TP
|
||||||
.B
|
.B
|
||||||
|
\fB\-\-tcp\-proxy\-port\fP
|
||||||
|
Support connections from TCP loadbalancer on this port. The loadbalancer
|
||||||
|
should use the binary proxy protocol.
|
||||||
|
(https://www.haproxy.org/download/1.8/doc/proxy\-protocol.txt)
|
||||||
|
.TP
|
||||||
|
.B
|
||||||
\fB\-\-aux\-server\fP
|
\fB\-\-aux\-server\fP
|
||||||
Auxiliary STUN/TURN server listening endpoint.
|
Auxiliary STUN/TURN server listening endpoint.
|
||||||
Aux servers have almost full TURN and STUN functionality.
|
Aux servers have almost full TURN and STUN functionality.
|
||||||
@ -681,7 +680,7 @@ by this option.
|
|||||||
.B
|
.B
|
||||||
\fB\-\-dh\-file\fP
|
\fB\-\-dh\-file\fP
|
||||||
Use custom DH TLS key, stored in PEM format in the file.
|
Use custom DH TLS key, stored in PEM format in the file.
|
||||||
Flags \fB\-\-dh566\fP and \fB\-\-dh2066\fP are ignored when the DH key is taken from a file.
|
Flags \fB\-\-dh566\fP and \fB\-\-dh1066\fP are ignored when the DH key is taken from a file.
|
||||||
.TP
|
.TP
|
||||||
.B
|
.B
|
||||||
\fB\-l\fP, \fB\-\-log\-file\fP
|
\fB\-l\fP, \fB\-\-log\-file\fP
|
||||||
|
@ -439,6 +439,7 @@ int set_raw_socket_tos(evutil_socket_t fd, int family, int tos)
|
|||||||
int is_stream_socket(int st) {
|
int is_stream_socket(int st) {
|
||||||
switch(st) {
|
switch(st) {
|
||||||
case TCP_SOCKET:
|
case TCP_SOCKET:
|
||||||
|
case TCP_SOCKET_PROXY:
|
||||||
case TLS_SOCKET:
|
case TLS_SOCKET:
|
||||||
case TENTATIVE_TCP_SOCKET:
|
case TENTATIVE_TCP_SOCKET:
|
||||||
case SCTP_SOCKET:
|
case SCTP_SOCKET:
|
||||||
|
@ -90,7 +90,7 @@ NULL,
|
|||||||
NULL,
|
NULL,
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
DH_1066, "", "", "",
|
DH_2066, "", "", "",
|
||||||
"turn_server_cert.pem","turn_server_pkey.pem", "", "",
|
"turn_server_cert.pem","turn_server_pkey.pem", "", "",
|
||||||
0,0,0,
|
0,0,0,
|
||||||
#if !TLS_SUPPORTED
|
#if !TLS_SUPPORTED
|
||||||
@ -110,8 +110,8 @@ NULL, PTHREAD_MUTEX_INITIALIZER,
|
|||||||
//////////////// Common params ////////////////////
|
//////////////// Common params ////////////////////
|
||||||
TURN_VERBOSE_NONE,0,0,0,0,
|
TURN_VERBOSE_NONE,0,0,0,0,
|
||||||
"/var/run/turnserver.pid",
|
"/var/run/turnserver.pid",
|
||||||
DEFAULT_STUN_PORT,DEFAULT_STUN_TLS_PORT,0,0,1,
|
DEFAULT_STUN_PORT,DEFAULT_STUN_TLS_PORT,0,0,0,1,
|
||||||
0,0,0,0,
|
0,0,0,0,0,
|
||||||
"",
|
"",
|
||||||
"",0,
|
"",0,
|
||||||
{
|
{
|
||||||
@ -405,6 +405,8 @@ static char Usage[] = "Usage: turnserver [options]\n"
|
|||||||
" or in old RFC 3489 sense, default is \"listening port plus one\").\n"
|
" or in old RFC 3489 sense, default is \"listening port plus one\").\n"
|
||||||
" --alt-tls-listening-port <port> Alternative listening port for TLS and DTLS,\n"
|
" --alt-tls-listening-port <port> Alternative listening port for TLS and DTLS,\n"
|
||||||
" the default is \"TLS/DTLS port plus one\".\n"
|
" the default is \"TLS/DTLS port plus one\".\n"
|
||||||
|
" --tcp-proxy-port <port> Support connections from TCP loadbalancer on this port. The loadbalancer should\n"
|
||||||
|
" use the binary proxy protocol (https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)\n"
|
||||||
" -L, --listening-ip <ip> Listener IP address of relay server. Multiple listeners can be specified.\n"
|
" -L, --listening-ip <ip> Listener IP address of relay server. Multiple listeners can be specified.\n"
|
||||||
" --aux-server <ip:port> Auxiliary STUN/TURN server listening endpoint.\n"
|
" --aux-server <ip:port> Auxiliary STUN/TURN server listening endpoint.\n"
|
||||||
" Auxiliary servers do not have alternative ports and\n"
|
" Auxiliary servers do not have alternative ports and\n"
|
||||||
@ -451,7 +453,7 @@ static char Usage[] = "Usage: turnserver [options]\n"
|
|||||||
" -v, --verbose 'Moderate' verbose mode.\n"
|
" -v, --verbose 'Moderate' verbose mode.\n"
|
||||||
" -V, --Verbose Extra verbose mode, very annoying (for debug purposes only).\n"
|
" -V, --Verbose Extra verbose mode, very annoying (for debug purposes only).\n"
|
||||||
" -o, --daemon Start process as daemon (detach from current shell).\n"
|
" -o, --daemon Start process as daemon (detach from current shell).\n"
|
||||||
" --prod Production mode: hide the software version.\n"
|
" --no-software-attribute Production mode: hide the software version (formerly --prod).\n"
|
||||||
" -f, --fingerprint Use fingerprints in the TURN messages.\n"
|
" -f, --fingerprint Use fingerprints in the TURN messages.\n"
|
||||||
" -a, --lt-cred-mech Use the long-term credential mechanism.\n"
|
" -a, --lt-cred-mech Use the long-term credential mechanism.\n"
|
||||||
" -z, --no-auth Do not use any credential mechanism, allow anonymous access.\n"
|
" -z, --no-auth Do not use any credential mechanism, allow anonymous access.\n"
|
||||||
@ -561,10 +563,10 @@ static char Usage[] = "Usage: turnserver [options]\n"
|
|||||||
" if pre-OpenSSL 1.0.2 is used. With OpenSSL 1.0.2+,\n"
|
" if pre-OpenSSL 1.0.2 is used. With OpenSSL 1.0.2+,\n"
|
||||||
" an optimal curve will be automatically calculated, if not defined\n"
|
" an optimal curve will be automatically calculated, if not defined\n"
|
||||||
" by this option.\n"
|
" by this option.\n"
|
||||||
" --dh566 Use 566 bits predefined DH TLS key. Default size of the predefined key is 1066.\n"
|
" --dh566 Use 566 bits predefined DH TLS key. Default size of the predefined key is 2066.\n"
|
||||||
" --dh2066 Use 2066 bits predefined DH TLS key. Default size of the predefined key is 1066.\n"
|
" --dh1066 Use 1066 bits predefined DH TLS key. Default size of the predefined key is 2066.\n"
|
||||||
" --dh-file <dh-file-name> Use custom DH TLS key, stored in PEM format in the file.\n"
|
" --dh-file <dh-file-name> Use custom DH TLS key, stored in PEM format in the file.\n"
|
||||||
" Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.\n"
|
" Flags --dh566 and --dh1066 are ignored when the DH key is taken from a file.\n"
|
||||||
" --no-tlsv1 Do not allow TLSv1/DTLSv1 protocol.\n"
|
" --no-tlsv1 Do not allow TLSv1/DTLSv1 protocol.\n"
|
||||||
" --no-tlsv1_1 Do not allow TLSv1.1 protocol.\n"
|
" --no-tlsv1_1 Do not allow TLSv1.1 protocol.\n"
|
||||||
" --no-tlsv1_2 Do not allow TLSv1.2/DTLSv1.2 protocol.\n"
|
" --no-tlsv1_2 Do not allow TLSv1.2/DTLSv1.2 protocol.\n"
|
||||||
@ -719,6 +721,7 @@ static char AdminUsage[] = "Usage: turnadmin [command] [options]\n"
|
|||||||
enum EXTRA_OPTS {
|
enum EXTRA_OPTS {
|
||||||
NO_UDP_OPT=256,
|
NO_UDP_OPT=256,
|
||||||
NO_TCP_OPT,
|
NO_TCP_OPT,
|
||||||
|
TCP_PROXY_PORT_OPT,
|
||||||
NO_TLS_OPT,
|
NO_TLS_OPT,
|
||||||
NO_DTLS_OPT,
|
NO_DTLS_OPT,
|
||||||
NO_UDP_RELAY_OPT,
|
NO_UDP_RELAY_OPT,
|
||||||
@ -775,7 +778,7 @@ enum EXTRA_OPTS {
|
|||||||
CLI_MAX_SESSIONS_OPT,
|
CLI_MAX_SESSIONS_OPT,
|
||||||
EC_CURVE_NAME_OPT,
|
EC_CURVE_NAME_OPT,
|
||||||
DH566_OPT,
|
DH566_OPT,
|
||||||
DH2066_OPT,
|
DH1066_OPT,
|
||||||
NE_TYPE_OPT,
|
NE_TYPE_OPT,
|
||||||
NO_SSLV2_OPT, /*deprecated*/
|
NO_SSLV2_OPT, /*deprecated*/
|
||||||
NO_SSLV3_OPT, /*deprecated*/
|
NO_SSLV3_OPT, /*deprecated*/
|
||||||
@ -788,7 +791,7 @@ enum EXTRA_OPTS {
|
|||||||
ADMIN_USER_QUOTA_OPT,
|
ADMIN_USER_QUOTA_OPT,
|
||||||
SERVER_NAME_OPT,
|
SERVER_NAME_OPT,
|
||||||
OAUTH_OPT,
|
OAUTH_OPT,
|
||||||
PROD_OPT,
|
NO_SOFTWARE_ATTRIBUTE_OPT,
|
||||||
NO_HTTP_OPT,
|
NO_HTTP_OPT,
|
||||||
SECRET_KEY_OPT
|
SECRET_KEY_OPT
|
||||||
};
|
};
|
||||||
@ -814,6 +817,7 @@ static const struct myoption long_options[] = {
|
|||||||
{ "tls-listening-port", required_argument, NULL, TLS_PORT_OPT },
|
{ "tls-listening-port", required_argument, NULL, TLS_PORT_OPT },
|
||||||
{ "alt-listening-port", required_argument, NULL, ALT_PORT_OPT },
|
{ "alt-listening-port", required_argument, NULL, ALT_PORT_OPT },
|
||||||
{ "alt-tls-listening-port", required_argument, NULL, ALT_TLS_PORT_OPT },
|
{ "alt-tls-listening-port", required_argument, NULL, ALT_TLS_PORT_OPT },
|
||||||
|
{ "tcp-proxy-port", required_argument, NULL, TCP_PROXY_PORT_OPT },
|
||||||
{ "listening-ip", required_argument, NULL, 'L' },
|
{ "listening-ip", required_argument, NULL, 'L' },
|
||||||
{ "relay-device", required_argument, NULL, 'i' },
|
{ "relay-device", required_argument, NULL, 'i' },
|
||||||
{ "relay-ip", required_argument, NULL, 'E' },
|
{ "relay-ip", required_argument, NULL, 'E' },
|
||||||
@ -856,7 +860,8 @@ static const struct myoption long_options[] = {
|
|||||||
{ "verbose", optional_argument, NULL, 'v' },
|
{ "verbose", optional_argument, NULL, 'v' },
|
||||||
{ "Verbose", optional_argument, NULL, 'V' },
|
{ "Verbose", optional_argument, NULL, 'V' },
|
||||||
{ "daemon", optional_argument, NULL, 'o' },
|
{ "daemon", optional_argument, NULL, 'o' },
|
||||||
{ "prod", optional_argument, NULL, PROD_OPT },
|
/* deprecated: */ { "prod", optional_argument, NULL, NO_SOFTWARE_ATTRIBUTE_OPT },
|
||||||
|
{ "no-software-attribute", optional_argument, NULL, NO_SOFTWARE_ATTRIBUTE_OPT },
|
||||||
{ "fingerprint", optional_argument, NULL, 'f' },
|
{ "fingerprint", optional_argument, NULL, 'f' },
|
||||||
{ "check-origin-consistency", optional_argument, NULL, CHECK_ORIGIN_CONSISTENCY_OPT },
|
{ "check-origin-consistency", optional_argument, NULL, CHECK_ORIGIN_CONSISTENCY_OPT },
|
||||||
{ "no-udp", optional_argument, NULL, NO_UDP_OPT },
|
{ "no-udp", optional_argument, NULL, NO_UDP_OPT },
|
||||||
@ -908,7 +913,7 @@ static const struct myoption long_options[] = {
|
|||||||
{ "cli-max-output-sessions", required_argument, NULL, CLI_MAX_SESSIONS_OPT },
|
{ "cli-max-output-sessions", required_argument, NULL, CLI_MAX_SESSIONS_OPT },
|
||||||
{ "ec-curve-name", required_argument, NULL, EC_CURVE_NAME_OPT },
|
{ "ec-curve-name", required_argument, NULL, EC_CURVE_NAME_OPT },
|
||||||
{ "dh566", optional_argument, NULL, DH566_OPT },
|
{ "dh566", optional_argument, NULL, DH566_OPT },
|
||||||
{ "dh2066", optional_argument, NULL, DH2066_OPT },
|
{ "dh1066", optional_argument, NULL, DH1066_OPT },
|
||||||
{ "ne", required_argument, NULL, NE_TYPE_OPT },
|
{ "ne", required_argument, NULL, NE_TYPE_OPT },
|
||||||
{ "no-sslv2", optional_argument, NULL, NO_SSLV2_OPT }, /* deprecated */
|
{ "no-sslv2", optional_argument, NULL, NO_SSLV2_OPT }, /* deprecated */
|
||||||
{ "no-sslv3", optional_argument, NULL, NO_SSLV3_OPT }, /* deprecated */
|
{ "no-sslv3", optional_argument, NULL, NO_SSLV3_OPT }, /* deprecated */
|
||||||
@ -1174,9 +1179,9 @@ static void set_option(int c, char *value)
|
|||||||
if(get_bool_value(value))
|
if(get_bool_value(value))
|
||||||
turn_params.dh_key_size = DH_566;
|
turn_params.dh_key_size = DH_566;
|
||||||
break;
|
break;
|
||||||
case DH2066_OPT:
|
case DH1066_OPT:
|
||||||
if(get_bool_value(value))
|
if(get_bool_value(value))
|
||||||
turn_params.dh_key_size = DH_2066;
|
turn_params.dh_key_size = DH_1066;
|
||||||
break;
|
break;
|
||||||
case EC_CURVE_NAME_OPT:
|
case EC_CURVE_NAME_OPT:
|
||||||
STRCPY(turn_params.ec_curve_name,value);
|
STRCPY(turn_params.ec_curve_name,value);
|
||||||
@ -1278,6 +1283,10 @@ static void set_option(int c, char *value)
|
|||||||
case ALT_TLS_PORT_OPT:
|
case ALT_TLS_PORT_OPT:
|
||||||
turn_params.alt_tls_listener_port = atoi(value);
|
turn_params.alt_tls_listener_port = atoi(value);
|
||||||
break;
|
break;
|
||||||
|
case TCP_PROXY_PORT_OPT:
|
||||||
|
turn_params.tcp_proxy_port = atoi(value);
|
||||||
|
turn_params.tcp_use_proxy = 1;
|
||||||
|
break;
|
||||||
case MIN_PORT_OPT:
|
case MIN_PORT_OPT:
|
||||||
turn_params.min_port = atoi(value);
|
turn_params.min_port = atoi(value);
|
||||||
break;
|
break;
|
||||||
@ -1390,8 +1399,8 @@ static void set_option(int c, char *value)
|
|||||||
anon_credentials = 1;
|
anon_credentials = 1;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case PROD_OPT:
|
case NO_SOFTWARE_ATTRIBUTE_OPT:
|
||||||
turn_params.prod = get_bool_value(value);
|
turn_params.no_software_attribute = get_bool_value(value);
|
||||||
break;
|
break;
|
||||||
case 'f':
|
case 'f':
|
||||||
turn_params.fingerprint = get_bool_value(value);
|
turn_params.fingerprint = get_bool_value(value);
|
||||||
@ -2082,6 +2091,7 @@ static void set_network_engine(void)
|
|||||||
|
|
||||||
static void drop_privileges(void)
|
static void drop_privileges(void)
|
||||||
{
|
{
|
||||||
|
setgroups(0, NULL);
|
||||||
if(procgroupid_set) {
|
if(procgroupid_set) {
|
||||||
if(getgid() != procgroupid) {
|
if(getgid() != procgroupid) {
|
||||||
if (setgid(procgroupid) != 0) {
|
if (setgid(procgroupid) != 0) {
|
||||||
@ -2287,13 +2297,13 @@ int main(int argc, char **argv)
|
|||||||
|
|
||||||
if(turn_params.allow_loopback_peers) {
|
if(turn_params.allow_loopback_peers) {
|
||||||
TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "CONFIG WARNING: allow_loopback_peers opens a possible security vulnerability. Do not use in production!!\n");
|
TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "CONFIG WARNING: allow_loopback_peers opens a possible security vulnerability. Do not use in production!!\n");
|
||||||
if(cli_password[0]==0) {
|
if(cli_password[0]==0 && use_cli) {
|
||||||
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "\nCONFIG ERROR: allow_loopback_peers and empty cli password cannot be used together.\n");
|
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "\nCONFIG ERROR: allow_loopback_peers and empty cli password cannot be used together.\n");
|
||||||
exit(-1);
|
exit(-1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if(use_cli && cli_password[0]==0) {
|
if(use_cli && cli_password[0]==0 && use_cli) {
|
||||||
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "\nCONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!\n");
|
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "\nCONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!\n");
|
||||||
use_cli = 0;
|
use_cli = 0;
|
||||||
}
|
}
|
||||||
@ -2920,10 +2930,10 @@ static void set_ctx(SSL_CTX** out, const char *protocol, const SSL_METHOD* metho
|
|||||||
if(!dh) {
|
if(!dh) {
|
||||||
if(turn_params.dh_key_size == DH_566)
|
if(turn_params.dh_key_size == DH_566)
|
||||||
dh = get_dh566();
|
dh = get_dh566();
|
||||||
else if(turn_params.dh_key_size == DH_2066)
|
else if(turn_params.dh_key_size == DH_1066)
|
||||||
dh = get_dh2066();
|
|
||||||
else
|
|
||||||
dh = get_dh1066();
|
dh = get_dh1066();
|
||||||
|
else
|
||||||
|
dh = get_dh2066();
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -213,7 +213,7 @@ typedef struct _turn_params_ {
|
|||||||
|
|
||||||
int verbose;
|
int verbose;
|
||||||
int turn_daemon;
|
int turn_daemon;
|
||||||
int prod;
|
int no_software_attribute;
|
||||||
int web_admin_listen_on_workers;
|
int web_admin_listen_on_workers;
|
||||||
|
|
||||||
int do_not_use_config_file;
|
int do_not_use_config_file;
|
||||||
@ -226,10 +226,12 @@ typedef struct _turn_params_ {
|
|||||||
int tls_listener_port;
|
int tls_listener_port;
|
||||||
int alt_listener_port;
|
int alt_listener_port;
|
||||||
int alt_tls_listener_port;
|
int alt_tls_listener_port;
|
||||||
|
int tcp_proxy_port;
|
||||||
int rfc5780;
|
int rfc5780;
|
||||||
|
|
||||||
int no_udp;
|
int no_udp;
|
||||||
int no_tcp;
|
int no_tcp;
|
||||||
|
int tcp_use_proxy;
|
||||||
|
|
||||||
vint no_tcp_relay;
|
vint no_tcp_relay;
|
||||||
vint no_udp_relay;
|
vint no_udp_relay;
|
||||||
|
@ -1473,7 +1473,7 @@ static void setup_tcp_listener_servers(ioa_engine_handle e, struct relay_server
|
|||||||
/* Create listeners */
|
/* Create listeners */
|
||||||
|
|
||||||
/* Aux TCP servers */
|
/* Aux TCP servers */
|
||||||
if(!turn_params.no_tls || !turn_params.no_tcp) {
|
if(!turn_params.tcp_use_proxy && (!turn_params.no_tls || !turn_params.no_tcp)) {
|
||||||
|
|
||||||
for(i=0; i<turn_params.aux_servers_list.size; i++) {
|
for(i=0; i<turn_params.aux_servers_list.size; i++) {
|
||||||
|
|
||||||
@ -1494,15 +1494,15 @@ static void setup_tcp_listener_servers(ioa_engine_handle e, struct relay_server
|
|||||||
|
|
||||||
/* TCP: */
|
/* TCP: */
|
||||||
if(!turn_params.no_tcp) {
|
if(!turn_params.no_tcp) {
|
||||||
tcp_services[index] = create_tls_listener_server(turn_params.listener_ifname, turn_params.listener.addrs[i], turn_params.listener_port, turn_params.verbose, e, send_socket_to_general_relay, relay_server);
|
tcp_services[index] = create_tls_listener_server(turn_params.listener_ifname, turn_params.listener.addrs[i], turn_params.tcp_use_proxy?turn_params.tcp_proxy_port:turn_params.listener_port, turn_params.verbose, e, send_socket_to_general_relay, relay_server);
|
||||||
if(turn_params.rfc5780)
|
if(turn_params.rfc5780)
|
||||||
tcp_services[index+1] = create_tls_listener_server(turn_params.listener_ifname, turn_params.listener.addrs[i], get_alt_listener_port(), turn_params.verbose, e, send_socket_to_general_relay, relay_server);
|
tcp_services[index+1] = turn_params.tcp_use_proxy?NULL:create_tls_listener_server(turn_params.listener_ifname, turn_params.listener.addrs[i], get_alt_listener_port(), turn_params.verbose, e, send_socket_to_general_relay, relay_server);
|
||||||
} else {
|
} else {
|
||||||
tcp_services[index] = NULL;
|
tcp_services[index] = NULL;
|
||||||
if(turn_params.rfc5780)
|
if(turn_params.rfc5780)
|
||||||
tcp_services[index+1] = NULL;
|
tcp_services[index+1] = NULL;
|
||||||
}
|
}
|
||||||
if(!turn_params.no_tls && (turn_params.no_tcp || (turn_params.listener_port != turn_params.tls_listener_port))) {
|
if(!turn_params.no_tls && !turn_params.tcp_use_proxy && (turn_params.no_tcp || (turn_params.listener_port != turn_params.tls_listener_port))) {
|
||||||
tls_services[index] = create_tls_listener_server(turn_params.listener_ifname, turn_params.listener.addrs[i], turn_params.tls_listener_port, turn_params.verbose, e, send_socket_to_general_relay, relay_server);
|
tls_services[index] = create_tls_listener_server(turn_params.listener_ifname, turn_params.listener.addrs[i], turn_params.tls_listener_port, turn_params.verbose, e, send_socket_to_general_relay, relay_server);
|
||||||
if(turn_params.rfc5780)
|
if(turn_params.rfc5780)
|
||||||
tls_services[index+1] = create_tls_listener_server(turn_params.listener_ifname, turn_params.listener.addrs[i], get_alt_tls_listener_port(), turn_params.verbose, e, send_socket_to_general_relay, relay_server);
|
tls_services[index+1] = create_tls_listener_server(turn_params.listener_ifname, turn_params.listener.addrs[i], get_alt_tls_listener_port(), turn_params.verbose, e, send_socket_to_general_relay, relay_server);
|
||||||
@ -1651,7 +1651,7 @@ static void setup_relay_server(struct relay_server *rs, ioa_engine_handle e, int
|
|||||||
&turn_params.permission_lifetime,
|
&turn_params.permission_lifetime,
|
||||||
&turn_params.stun_only,
|
&turn_params.stun_only,
|
||||||
&turn_params.no_stun,
|
&turn_params.no_stun,
|
||||||
&turn_params.prod,
|
&turn_params.no_software_attribute,
|
||||||
&turn_params.web_admin_listen_on_workers,
|
&turn_params.web_admin_listen_on_workers,
|
||||||
&turn_params.alternate_servers_list,
|
&turn_params.alternate_servers_list,
|
||||||
&turn_params.tls_alternate_servers_list,
|
&turn_params.tls_alternate_servers_list,
|
||||||
|
@ -2157,6 +2157,67 @@ static TURN_TLS_TYPE check_tentative_tls(ioa_socket_raw fd)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
static ssize_t socket_parse_proxy_v2(ioa_socket_handle s, uint8_t *buf, size_t len)
|
||||||
|
{
|
||||||
|
if(len < 16){
|
||||||
|
return 0 ;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Check for proxy-v2 magic field */
|
||||||
|
char magic[] = {0x0D, 0x0A, 0x0D, 0x0A, 0x00, 0x0D, 0x0A, 0x51, 0x55, 0x49, 0x54, 0x0A};
|
||||||
|
if(memcmp(magic, buf, sizeof(magic))){
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Check version */
|
||||||
|
uint8_t version = buf[12] >> 4;
|
||||||
|
if(version != 2) return -1;
|
||||||
|
|
||||||
|
/* Read data */
|
||||||
|
uint8_t command = buf[12] & 0xF;
|
||||||
|
uint8_t family = buf[13] >> 4;
|
||||||
|
uint8_t proto = buf[13] & 0xF;
|
||||||
|
size_t plen = ((size_t)buf[14] << 8) | buf[15];
|
||||||
|
|
||||||
|
size_t tlen = 16 + plen;
|
||||||
|
if(len < tlen) return 0;
|
||||||
|
|
||||||
|
/* A local connection is used by the proxy itself and does not carry a valid address */
|
||||||
|
if(command == 0) return tlen;
|
||||||
|
|
||||||
|
/* Accept only proxied TCP connections */
|
||||||
|
if(command != 1 || proto != 1) return -1;
|
||||||
|
|
||||||
|
/* Read the address */
|
||||||
|
if(family == 1 && plen >= 12){ /* IPv4 */
|
||||||
|
struct sockaddr_in remote, local;
|
||||||
|
remote.sin_family = local.sin_family = AF_INET;
|
||||||
|
memcpy(&remote.sin_addr.s_addr, &buf[16], 4);
|
||||||
|
memcpy(&local.sin_addr.s_addr, &buf[20], 4);
|
||||||
|
memcpy(&remote.sin_port, &buf[24], 2);
|
||||||
|
memcpy(&local.sin_port, &buf[26], 2);
|
||||||
|
|
||||||
|
addr_cpy4(&(s->local_addr), &local);
|
||||||
|
addr_cpy4(&(s->remote_addr), &remote);
|
||||||
|
|
||||||
|
}else if(family == 2 && plen >= 36){ /* IPv6 */
|
||||||
|
struct sockaddr_in6 remote, local;
|
||||||
|
remote.sin6_family = local.sin6_family = AF_INET6;
|
||||||
|
memcpy(&remote.sin6_addr.s6_addr, &buf[16], 16);
|
||||||
|
memcpy(&local.sin6_addr.s6_addr, &buf[32], 16);
|
||||||
|
memcpy(&remote.sin6_port, &buf[48], 2);
|
||||||
|
memcpy(&local.sin6_port, &buf[50], 2);
|
||||||
|
|
||||||
|
addr_cpy6(&(s->local_addr), &local);
|
||||||
|
addr_cpy6(&(s->remote_addr), &remote);
|
||||||
|
|
||||||
|
}else{
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return tlen;
|
||||||
|
}
|
||||||
|
|
||||||
static int socket_input_worker(ioa_socket_handle s)
|
static int socket_input_worker(ioa_socket_handle s)
|
||||||
{
|
{
|
||||||
int len = 0;
|
int len = 0;
|
||||||
@ -2372,39 +2433,57 @@ static int socket_input_worker(ioa_socket_handle s)
|
|||||||
struct evbuffer *inbuf = bufferevent_get_input(s->bev);
|
struct evbuffer *inbuf = bufferevent_get_input(s->bev);
|
||||||
if(inbuf) {
|
if(inbuf) {
|
||||||
ev_ssize_t blen = evbuffer_copyout(inbuf, buf_elem->buf.buf, STUN_BUFFER_SIZE);
|
ev_ssize_t blen = evbuffer_copyout(inbuf, buf_elem->buf.buf, STUN_BUFFER_SIZE);
|
||||||
|
|
||||||
if(blen>0) {
|
if(blen>0) {
|
||||||
int mlen = 0;
|
int mlen = 0;
|
||||||
|
|
||||||
if(blen>(ev_ssize_t)STUN_BUFFER_SIZE)
|
if(blen>(ev_ssize_t)STUN_BUFFER_SIZE)
|
||||||
blen=(ev_ssize_t)STUN_BUFFER_SIZE;
|
blen=(ev_ssize_t)STUN_BUFFER_SIZE;
|
||||||
|
|
||||||
if(is_stream_socket(s->st) && ((s->sat == TCP_CLIENT_DATA_SOCKET)||(s->sat==TCP_RELAY_DATA_SOCKET))) {
|
if(s->st == TCP_SOCKET_PROXY){
|
||||||
mlen = blen;
|
ssize_t tlen = socket_parse_proxy_v2(s, buf_elem->buf.buf, blen);
|
||||||
} else {
|
blen = 0;
|
||||||
mlen = stun_get_message_len_str(buf_elem->buf.buf, blen, 1, &app_msg_len);
|
if (tlen < 0){
|
||||||
}
|
|
||||||
|
|
||||||
if(mlen>0 && mlen<=(int)blen) {
|
|
||||||
len = (int)bufferevent_read(s->bev, buf_elem->buf.buf, mlen);
|
|
||||||
if(len < 0) {
|
|
||||||
ret = -1;
|
|
||||||
s->tobeclosed = 1;
|
s->tobeclosed = 1;
|
||||||
s->broken = 1;
|
s->broken = 1;
|
||||||
log_socket_event(s, "socket read failed, to be closed",1);
|
ret = -1;
|
||||||
} else if((s->st == TLS_SOCKET)||(s->st == TLS_SCTP_SOCKET)) {
|
log_socket_event(s, "proxy protocol violated",1);
|
||||||
#if TLS_SUPPORTED
|
}else if(tlen > 0){
|
||||||
SSL *ctx = bufferevent_openssl_get_ssl(s->bev);
|
bufferevent_read(s->bev, buf_elem->buf.buf, tlen);
|
||||||
if(!ctx || SSL_get_shutdown(ctx)) {
|
|
||||||
ret = -1;
|
blen = evbuffer_copyout(inbuf, buf_elem->buf.buf, STUN_BUFFER_SIZE);
|
||||||
s->tobeclosed = 1;
|
s->st = TCP_SOCKET;
|
||||||
}
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
if(ret != -1) {
|
|
||||||
ret = len;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(blen){
|
||||||
|
if(is_stream_socket(s->st) && ((s->sat == TCP_CLIENT_DATA_SOCKET)||(s->sat==TCP_RELAY_DATA_SOCKET))) {
|
||||||
|
mlen = blen;
|
||||||
|
} else {
|
||||||
|
mlen = stun_get_message_len_str(buf_elem->buf.buf, blen, 1, &app_msg_len);
|
||||||
|
}
|
||||||
|
|
||||||
|
if(mlen>0 && mlen<=(int)blen) {
|
||||||
|
len = (int)bufferevent_read(s->bev, buf_elem->buf.buf, mlen);
|
||||||
|
if(len < 0) {
|
||||||
|
ret = -1;
|
||||||
|
s->tobeclosed = 1;
|
||||||
|
s->broken = 1;
|
||||||
|
log_socket_event(s, "socket read failed, to be closed",1);
|
||||||
|
} else if((s->st == TLS_SOCKET)||(s->st == TLS_SCTP_SOCKET)) {
|
||||||
|
#if TLS_SUPPORTED
|
||||||
|
SSL *ctx = bufferevent_openssl_get_ssl(s->bev);
|
||||||
|
if(!ctx || SSL_get_shutdown(ctx)) {
|
||||||
|
ret = -1;
|
||||||
|
s->tobeclosed = 1;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
if(ret != -1) {
|
||||||
|
ret = len;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
} else if(blen<0) {
|
} else if(blen<0) {
|
||||||
s->tobeclosed = 1;
|
s->tobeclosed = 1;
|
||||||
s->broken = 1;
|
s->broken = 1;
|
||||||
@ -3277,6 +3356,7 @@ int register_callback_on_ioa_socket(ioa_engine_handle e, ioa_socket_handle s, in
|
|||||||
break;
|
break;
|
||||||
case SCTP_SOCKET:
|
case SCTP_SOCKET:
|
||||||
case TCP_SOCKET:
|
case TCP_SOCKET:
|
||||||
|
case TCP_SOCKET_PROXY:
|
||||||
if(s->bev) {
|
if(s->bev) {
|
||||||
if(!clean_preexisting) {
|
if(!clean_preexisting) {
|
||||||
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR,
|
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR,
|
||||||
|
@ -82,7 +82,9 @@ static void server_input_handler(struct evconnlistener *l, evutil_socket_t fd,
|
|||||||
|
|
||||||
SOCKET_TYPE st = TENTATIVE_TCP_SOCKET;
|
SOCKET_TYPE st = TENTATIVE_TCP_SOCKET;
|
||||||
|
|
||||||
if(turn_params.no_tls)
|
if(turn_params.tcp_use_proxy)
|
||||||
|
st = TCP_SOCKET_PROXY;
|
||||||
|
else if(turn_params.no_tls)
|
||||||
st = TCP_SOCKET;
|
st = TCP_SOCKET;
|
||||||
else if(turn_params.no_tcp)
|
else if(turn_params.no_tcp)
|
||||||
st = TLS_SOCKET;
|
st = TLS_SOCKET;
|
||||||
|
@ -1659,7 +1659,7 @@ static void https_finish_page(struct str_buffer *sb, ioa_socket_handle s, int cc
|
|||||||
str_buffer_append(sb,"</body>\r\n</html>\r\n");
|
str_buffer_append(sb,"</body>\r\n</html>\r\n");
|
||||||
|
|
||||||
send_str_from_ioa_socket_tcp(s,"HTTP/1.1 200 OK\r\nServer: ");
|
send_str_from_ioa_socket_tcp(s,"HTTP/1.1 200 OK\r\nServer: ");
|
||||||
if(!turn_params.prod) {
|
if(!turn_params.no_software_attribute) {
|
||||||
send_str_from_ioa_socket_tcp(s,TURN_SOFTWARE);
|
send_str_from_ioa_socket_tcp(s,TURN_SOFTWARE);
|
||||||
}
|
}
|
||||||
send_str_from_ioa_socket_tcp(s,"\r\n");
|
send_str_from_ioa_socket_tcp(s,"\r\n");
|
||||||
|
@ -90,6 +90,7 @@ enum _SOCKET_TYPE {
|
|||||||
SCTP_SOCKET=132,
|
SCTP_SOCKET=132,
|
||||||
TLS_SCTP_SOCKET=133,
|
TLS_SCTP_SOCKET=133,
|
||||||
DTLS_SOCKET=250,
|
DTLS_SOCKET=250,
|
||||||
|
TCP_SOCKET_PROXY=253,
|
||||||
TENTATIVE_SCTP_SOCKET=254,
|
TENTATIVE_SCTP_SOCKET=254,
|
||||||
TENTATIVE_TCP_SOCKET=255
|
TENTATIVE_TCP_SOCKET=255
|
||||||
};
|
};
|
||||||
|
@ -64,7 +64,7 @@ static inline int get_family(int stun_family, ioa_engine_handle e, ioa_socket_ha
|
|||||||
////////////////////////////////////////////////
|
////////////////////////////////////////////////
|
||||||
|
|
||||||
const char * get_version(turn_turnserver *server) {
|
const char * get_version(turn_turnserver *server) {
|
||||||
if(server && !*server->prod) {
|
if(server && !*server->no_software_attribute) {
|
||||||
return (const char *) TURN_SOFTWARE;
|
return (const char *) TURN_SOFTWARE;
|
||||||
} else {
|
} else {
|
||||||
return (const char *) "None";
|
return (const char *) "None";
|
||||||
@ -4900,7 +4900,7 @@ void init_turn_server(turn_turnserver* server,
|
|||||||
vintp permission_lifetime,
|
vintp permission_lifetime,
|
||||||
vintp stun_only,
|
vintp stun_only,
|
||||||
vintp no_stun,
|
vintp no_stun,
|
||||||
vintp prod,
|
vintp no_software_attribute,
|
||||||
vintp web_admin_listen_on_workers,
|
vintp web_admin_listen_on_workers,
|
||||||
turn_server_addrs_list_t *alternate_servers_list,
|
turn_server_addrs_list_t *alternate_servers_list,
|
||||||
turn_server_addrs_list_t *tls_alternate_servers_list,
|
turn_server_addrs_list_t *tls_alternate_servers_list,
|
||||||
@ -4962,7 +4962,7 @@ void init_turn_server(turn_turnserver* server,
|
|||||||
server->permission_lifetime = permission_lifetime;
|
server->permission_lifetime = permission_lifetime;
|
||||||
server->stun_only = stun_only;
|
server->stun_only = stun_only;
|
||||||
server->no_stun = no_stun;
|
server->no_stun = no_stun;
|
||||||
server->prod = prod;
|
server->no_software_attribute = no_software_attribute;
|
||||||
server-> web_admin_listen_on_workers = web_admin_listen_on_workers;
|
server-> web_admin_listen_on_workers = web_admin_listen_on_workers;
|
||||||
|
|
||||||
server->dont_fragment = dont_fragment;
|
server->dont_fragment = dont_fragment;
|
||||||
|
@ -120,7 +120,7 @@ struct _turn_turnserver {
|
|||||||
vintp permission_lifetime;
|
vintp permission_lifetime;
|
||||||
vintp stun_only;
|
vintp stun_only;
|
||||||
vintp no_stun;
|
vintp no_stun;
|
||||||
vintp prod;
|
vintp no_software_attribute;
|
||||||
vintp web_admin_listen_on_workers;
|
vintp web_admin_listen_on_workers;
|
||||||
vintp secure_stun;
|
vintp secure_stun;
|
||||||
turn_credential_type ct;
|
turn_credential_type ct;
|
||||||
@ -199,7 +199,7 @@ void init_turn_server(turn_turnserver* server,
|
|||||||
vintp permission_lifetime,
|
vintp permission_lifetime,
|
||||||
vintp stun_only,
|
vintp stun_only,
|
||||||
vintp no_stun,
|
vintp no_stun,
|
||||||
vintp prod,
|
vintp no_software_attribute,
|
||||||
vintp web_admin_listen_on_workers,
|
vintp web_admin_listen_on_workers,
|
||||||
turn_server_addrs_list_t *alternate_servers_list,
|
turn_server_addrs_list_t *alternate_servers_list,
|
||||||
turn_server_addrs_list_t *tls_alternate_servers_list,
|
turn_server_addrs_list_t *tls_alternate_servers_list,
|
||||||
|
Loading…
x
Reference in New Issue
Block a user