mirrors/coturn
1
0
Fork 0
mirror of https://github.com/coturn/coturn.git synced 2025-10-23 03:50:59 +02:00
Code Issues Projects Releases Wiki Activity

Merge remote master

Browse Source
This commit is contained in:
Greg Fodor 2020-04-28 17:18:30 +00:00
commit 38e7daf3d6
56 changed files with 1765 additions and 748 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -4,3 +4,4 @@ build
include
lib
sqlite
examples/ca/CA.pl

7
ChangeLog
View File

@ -51,6 +51,13 @@ Version 4.5.1.2 'dan Eider':
- merge PR #488 Fix typos about INSTALL filenames (by raccoonback)
- fix compiler warning comparison between signed and unsigned integer expressions
- fix compiler warning string truncation
- change Diffie Hellman default key length from 1066 to 2066
- merge PR #522 drop of supplementary group IDs (by weberhofer)
- merge PR #514 Unify spelling of Coturn (by paulmenzel)
- merge PR#506 Rename "prod" config option to "no-software-attribute" (by dbrgn)
- merge PR #519 fix config extension in README.docker (by ooookai)
- merge PR #516 change sql data dir in docker-compose-all.yml (by raghumuppa)
- mergr PR #513 remove trailing spaces from READMEs (by paulmenzel)
02/03/2019 Oleg Moskalenko <mom040267@gmail.com> Mihály Mészáros <misi@majd.eu>
Version 4.5.1.1 'dan Eider':

12
README.turnserver
View File

@ -158,7 +158,7 @@ Flags:
-o, --daemon Run server as daemon.
--prod Production mode: hide the software version.
--no-software-attribute Production mode: hide the software version.
-f, --fingerprint Use fingerprints in the TURN messages. If an incoming request
contains a fingerprint, then TURN server will always add
@ -190,9 +190,9 @@ Flags:
--oauth Support oAuth authentication, as in the third-party STUN/TURN RFC 7635.
--dh566 Use 566 bits predefined DH TLS key. Default size of the key is 1066.
--dh566 Use 566 bits predefined DH TLS key. Default size of the key is 2066.
--dh2066 Use 2066 bits predefined DH TLS key. Default size of the key is 1066.
--dh1066 Use 1066 bits predefined DH TLS key. Default size of the key is 2066.
--no-tlsv1 Do not allow TLSv1/DTLSv1 protocol.
@ -322,6 +322,10 @@ Options with values:
--alt-tls-listening-port Alternative listening port for TLS and DTLS protocols.
Default (or zero) value means "TLS listening port plus one".
--tcp-proxy-port Support connections from TCP loadbalancer on this port. The loadbalancer
should use the binary proxy protocol.
(https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)
--aux-server Auxiliary STUN/TURN server listening endpoint.
Aux servers have almost full TURN and STUN functionality.
The (minor) limitations are:
@ -463,7 +467,7 @@ Options with values:
by this option.
--dh-file Use custom DH TLS key, stored in PEM format in the file.
Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.
Flags --dh566 and --dh1066 are ignored when the DH key is taken from a file.
-l, --log-file Option to set the full path name of the log file.
By default, the turnserver tries to open a log file in

2
docker/README.docker
View File

@ -1,6 +1,6 @@
Before you begin
* copy db schema run ./cp-schema.sh
* edit turnserver/turnserver.cfg according your db selection (mysql or postgresql or redis or mongodb)
* edit turnserver/turnserver.conf according your db selection (mysql or postgresql or redis or mongodb)
# start

4
docker/coturn/Dockerfile
View File

@ -8,11 +8,11 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
apt-get update && \
apt-get install -y build-essential git debhelper dpkg-dev libssl-dev libevent-dev sqlite3 libsqlite3-dev postgresql-client libpq-dev default-mysql-client default-libmysqlclient-dev libhiredis-dev libmongoc-dev libbson-dev
# Clone coTURN
# Clone Coturn
WORKDIR ${BUILD_PREFIX}
RUN git clone https://github.com/coturn/coturn.git
# Build coTURN
# Build Coturn
WORKDIR coturn
RUN ./configure
RUN make

4
docker/coturn/turnserver.conf
View File

@ -582,7 +582,7 @@ syslog
# Implementers SHOULD make usage of the SOFTWARE attribute a
# configurable option (https://tools.ietf.org/html/rfc5389#section-16.1.2)
#
#prod
#no-software-attribute
# Option to suppress STUN functionality, only TURN requests will be processed.
# Run as TURN server only, all STUN requests will be ignored.
@ -640,7 +640,7 @@ no-loopback-peers
# Allocate Address Family according
# If enabled then TURN server allocates address family according the TURN
# Client <=> Server communication address family.
# (By default coTURN works according RFC 6156.)
# (By default Coturn works according RFC 6156.)
# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!!
#
#keep-address-family

6
docker/docker-compose-all.yml
View File

@ -7,7 +7,7 @@ services:
context: ./mysql
restart: unless-stopped
volumes:
- mysql-data:/var/lib/mysql/data
- mysql-data:/var/lib/mysql
env_file:
- mysql/mysql.env
networks:
@ -19,7 +19,7 @@ services:
context: ./postgresql
restart: unless-stopped
volumes:
- postgresql-data:/var/lib/postgresql/data
- postgresql-data:/var/lib/postgresql
env_file:
- postgresql/postgresql.env
networks:
@ -49,7 +49,7 @@ services:
- backend
# coTURN
# Coturn
coturn:
build:
context: ./coturn

2
docker/docker-compose-mongodb.yml
View File

@ -13,7 +13,7 @@ services:
- backend
# coTURN
# Coturn
coturn:
build:
context: ./coturn

2
docker/docker-compose-mysql.yml
View File

@ -14,7 +14,7 @@ services:
- backend
# coTURN
# Coturn
coturn:
build:
context: ./coturn

2
docker/docker-compose-postgresql.yml
View File

@ -14,7 +14,7 @@ services:
- backend
# coTURN
# Coturn
coturn:
build:
context: ./coturn

2
docker/docker-compose-redis.yml
View File

@ -14,7 +14,7 @@ services:
- backend
# coTURN
# Coturn
coturn:
build:
context: ./coturn

22
examples/ca/CA.pl.diff Normal file
View File

@ -0,0 +1,22 @@
--- CA.pl 2019-10-12 19:56:43.000000000 +0000
+++ CA.pl 2020-03-05 07:58:41.112690266 +0000
@@ -25,8 +25,8 @@
my $verbose = 1;
my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} || "";
-my $DAYS = "-days 365";
-my $CADAYS = "-days 1095"; # 3 years
+my $DAYS = "-days 36500";
+my $CADAYS = "-days 365000"; # 1000 years
my $REQ = "$openssl req $OPENSSL_CONFIG";
my $CA = "$openssl ca $OPENSSL_CONFIG";
my $VERIFY = "$openssl verify";
@@ -34,7 +34,7 @@
my $PKCS12 = "$openssl pkcs12";
# default openssl.cnf file has setup as per the following
-my $CATOP = "./demoCA";
+my $CATOP = "./CA";
my $CAKEY = "cakey.pem";
my $CAREQ = "careq.pem";
my $CACERT = "cacert.pem";

80
examples/ca/CA/cacert.pem Normal file
View File

@ -0,0 +1,80 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4c:9b:ec:95:d1:21:49:1d:5d:65:a7:1a:61:46:67:dd:42:18:65:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=HU, ST=Hungary, O=coTURN, CN=CA/emailAddress=misi@majd.eu
Validity
Not Before: Mar 5 09:05:10 2020 GMT
Not After : Jul 7 09:05:10 3019 GMT
Subject: C=HU, ST=Hungary, O=coTURN, CN=CA/emailAddress=misi@majd.eu
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:76:2a:59:44:73:da:25:38:93:54:d8:c5:2b:
11:bd:30:80:21:5f:47:95:7d:eb:5e:3e:98:0d:a7:
a8:30:8c:07:6d:1a:ee:89:c1:4c:cc:64:81:90:b3:
ab:54:1f:9b:72:23:c5:2f:0a:32:52:be:27:ad:2f:
51:ee:62:9e:ed:44:d0:ba:aa:72:67:03:a2:ee:a0:
e3:5d:9e:37:ec:ee:0b:29:59:e8:d8:d5:84:a1:6d:
36:5d:85:6b:0d:73:a0:32:fe:b6:fa:99:ef:8c:78:
a9:02:f4:3a:bd:13:bc:1a:9b:72:55:0b:e7:0c:ed:
68:00:c2:e7:78:4a:df:ce:14:2a:99:f1:de:97:16:
60:44:f1:fc:f8:74:e5:33:31:cc:f9:ff:5d:9e:c1:
c7:c6:21:75:48:08:26:f5:7c:f1:56:ec:15:c5:7f:
24:0f:08:03:74:e0:da:10:bf:3d:90:67:09:1e:b2:
3f:b4:f4:15:df:53:e8:68:e8:d1:28:8e:2d:37:f9:
e0:3a:a3:29:00:3d:0a:66:7c:71:ab:54:e5:da:fe:
44:18:3c:b4:be:c5:ce:49:26:8c:cc:ab:88:8f:b7:
e3:ad:5b:df:b2:d4:a3:f8:a9:06:4f:38:6e:b7:05:
b3:3a:bd:63:cd:f7:26:15:e0:98:fd:30:7e:d3:33:
56:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42
X509v3 Authority Key Identifier:
keyid:1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
b4:d5:d9:7a:46:1e:1a:95:02:b5:7e:86:45:16:26:d5:8a:11:
b9:34:98:58:df:cd:0c:d5:a5:f2:cc:24:1a:22:f4:c7:3e:50:
39:40:f5:d6:e8:3b:9c:05:e9:f9:95:9b:c2:01:3b:69:d5:ba:
4f:cf:7c:a6:7c:6e:f4:24:a3:d1:88:e2:29:60:ca:6d:b0:ee:
a6:b8:d1:5f:49:d5:08:a6:c2:79:3a:3f:8a:63:ec:53:ef:48:
00:8c:61:d2:0f:38:e0:00:ac:6d:a6:bf:ed:6a:42:c3:cf:4e:
e3:0d:48:c5:a7:6d:5e:af:5a:e4:30:26:ba:19:2a:a5:57:da:
ce:b7:b6:45:24:fb:36:b6:a3:6c:55:ca:9f:91:19:29:db:a4:
22:d4:45:53:b9:79:6a:a7:5e:90:a3:4d:3b:c1:b6:2b:52:41:
97:7d:9e:0c:cf:0a:5f:ce:0e:fe:bf:a9:e5:b7:60:17:f5:93:
4b:b5:6d:2d:51:a6:c1:54:65:f9:e1:5c:21:8d:3d:19:0c:dc:
2c:c9:17:40:65:15:d0:ad:98:06:a0:11:aa:87:b3:2d:03:29:
37:24:f6:42:a8:d5:58:ae:55:20:c3:37:a3:62:33:36:34:73:
98:bc:70:30:aa:33:b0:e4:86:b6:d9:22:79:1f:3f:68:6f:f5:
66:75:e8:70
-----BEGIN CERTIFICATE-----
MIIDlzCCAn+gAwIBAgIUTJvsldEhSR1dZacaYUZn3UIYZUYwDQYJKoZIhvcNAQEL
BQAwWjELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNv
VFVSTjELMAkGA1UEAwwCQ0ExGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTAg
Fw0yMDAzMDUwOTA1MTBaGA8zMDE5MDcwNzA5MDUxMFowWjELMAkGA1UEBhMCSFUx
EDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNvVFVSTjELMAkGA1UEAwwCQ0Ex
GzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANh2KllEc9olOJNU2MUrEb0wgCFfR5V9614+mA2nqDCMB20a
7onBTMxkgZCzq1Qfm3IjxS8KMlK+J60vUe5inu1E0LqqcmcDou6g412eN+zuCylZ
6NjVhKFtNl2Faw1zoDL+tvqZ74x4qQL0Or0TvBqbclUL5wztaADC53hK384UKpnx
3pcWYETx/Ph05TMxzPn/XZ7Bx8YhdUgIJvV88VbsFcV/JA8IA3Tg2hC/PZBnCR6y
P7T0Fd9T6Gjo0SiOLTf54DqjKQA9CmZ8catU5dr+RBg8tL7FzkkmjMyriI+3461b
37LUo/ipBk84brcFszq9Y833JhXgmP0wftMzVo0CAwEAAaNTMFEwHQYDVR0OBBYE
FBwnXkA5jOxxx+3pKlbJnt9I6oJCMB8GA1UdIwQYMBaAFBwnXkA5jOxxx+3pKlbJ
nt9I6oJCMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALTV2XpG
HhqVArV+hkUWJtWKEbk0mFjfzQzVpfLMJBoi9Mc+UDlA9dboO5wF6fmVm8IBO2nV
uk/PfKZ8bvQko9GI4ilgym2w7qa40V9J1Qimwnk6P4pj7FPvSACMYdIPOOAArG2m
v+1qQsPPTuMNSMWnbV6vWuQwJroZKqVX2s63tkUk+za2o2xVyp+RGSnbpCLURVO5
eWqnXpCjTTvBtitSQZd9ngzPCl/ODv6/qeW3YBf1k0u1bS1RpsFUZfnhXCGNPRkM
3CzJF0BlFdCtmAagEaqHsy0DKTck9kKo1ViuVSDDN6NiMzY0c5i8cDCqM7DkhrbZ
InkfP2hv9WZ16HA=
-----END CERTIFICATE-----

17
examples/ca/CA/careq.pem Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICsjCCAZoCAQAwbTELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxETAP
BgNVBAcMCERlYnJlY2VuMQ8wDQYDVQQKDAZjb1RVUk4xCzAJBgNVBAMMAkNBMRsw
GQYJKoZIhvcNAQkBFgxtaXNpQG1hamQuZXUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDYdipZRHPaJTiTVNjFKxG9MIAhX0eVfetePpgNp6gwjAdtGu6J
wUzMZIGQs6tUH5tyI8UvCjJSvietL1HuYp7tRNC6qnJnA6LuoONdnjfs7gspWejY
1YShbTZdhWsNc6Ay/rb6me+MeKkC9Dq9E7wam3JVC+cM7WgAwud4St/OFCqZ8d6X
FmBE8fz4dOUzMcz5/12ewcfGIXVICCb1fPFW7BXFfyQPCAN04NoQvz2QZwkesj+0
9BXfU+ho6NEoji03+eA6oykAPQpmfHGrVOXa/kQYPLS+xc5JJozMq4iPt+OtW9+y
1KP4qQZPOG63BbM6vWPN9yYV4Jj9MH7TM1aNAgMBAAGgADANBgkqhkiG9w0BAQsF
AAOCAQEAmvXWsoJQneJFFHb+qTNjkA3sHduyB+kQ5qUVlFoT6U6IKyWnVUqAKc9a
eFKw94yq/01cqOBd4MWKTg9k/wjjmkJA9WtXMrVq8HW1rKVRCCJxtzUKTR3pet/z
gs3YwbTlqpljtpn3qEzspMaeyvh391A4IVykDZHGR12+4LqZhoUyGl1QJ7KgQwGM
+Vi2TL3fY8PDxvGFmGvWnUIWYkB31vAuDz1xOqm2JlP0kTHMUPiVBlwJVuHdATy2
sWZEzsNnXBt2vAVwhTdFEajF4ut8guPQWW8XcTiaEOGJUIY8J4Yb2wqHk+4HsIFV
i2vua41jc90Ki3EA0+QDB7BJAvC4yw==
-----END CERTIFICATE REQUEST-----

1
examples/ca/CA/crlnumber Normal file
View File

@ -0,0 +1 @@
01

3
examples/ca/CA/index.txt Normal file
View File

@ -0,0 +1,3 @@
V 30190707090510Z 4C9BEC95D121491D5D65A71A614667DD42186546 unknown /C=HU/ST=Hungary/O=coTURN/CN=CA/emailAddress=misi@majd.eu
V 300303090521Z 4C9BEC95D121491D5D65A71A614667DD42186547 unknown /C=HU/ST=Hungary/L=Debrecen/O=coTURN/CN=Server/emailAddress=misi@majd.eu
V 300303090542Z 4C9BEC95D121491D5D65A71A614667DD42186548 unknown /C=HU/ST=Hungary/L=Debrecen/O=coTURN/CN=Client/emailAddress=misi@majd.eu

1
examples/ca/CA/index.txt.attr Normal file
View File

@ -0,0 +1 @@
unique_subject = yes

1
examples/ca/CA/index.txt.attr.old Normal file
View File

@ -0,0 +1 @@
unique_subject = yes

2
examples/ca/CA/index.txt.old Normal file
View File

@ -0,0 +1,2 @@
V 30190707090510Z 4C9BEC95D121491D5D65A71A614667DD42186546 unknown /C=HU/ST=Hungary/O=coTURN/CN=CA/emailAddress=misi@majd.eu
V 300303090521Z 4C9BEC95D121491D5D65A71A614667DD42186547 unknown /C=HU/ST=Hungary/L=Debrecen/O=coTURN/CN=Server/emailAddress=misi@majd.eu

80
examples/ca/CA/newcerts/4C9BEC95D121491D5D65A71A614667DD42186546.pem Normal file
View File

@ -0,0 +1,80 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4c:9b:ec:95:d1:21:49:1d:5d:65:a7:1a:61:46:67:dd:42:18:65:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=HU, ST=Hungary, O=coTURN, CN=CA/emailAddress=misi@majd.eu
Validity
Not Before: Mar 5 09:05:10 2020 GMT
Not After : Jul 7 09:05:10 3019 GMT
Subject: C=HU, ST=Hungary, O=coTURN, CN=CA/emailAddress=misi@majd.eu
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:76:2a:59:44:73:da:25:38:93:54:d8:c5:2b:
11:bd:30:80:21:5f:47:95:7d:eb:5e:3e:98:0d:a7:
a8:30:8c:07:6d:1a:ee:89:c1:4c:cc:64:81:90:b3:
ab:54:1f:9b:72:23:c5:2f:0a:32:52:be:27:ad:2f:
51:ee:62:9e:ed:44:d0:ba:aa:72:67:03:a2:ee:a0:
e3:5d:9e:37:ec:ee:0b:29:59:e8:d8:d5:84:a1:6d:
36:5d:85:6b:0d:73:a0:32:fe:b6:fa:99:ef:8c:78:
a9:02:f4:3a:bd:13:bc:1a:9b:72:55:0b:e7:0c:ed:
68:00:c2:e7:78:4a:df:ce:14:2a:99:f1:de:97:16:
60:44:f1:fc:f8:74:e5:33:31:cc:f9:ff:5d:9e:c1:
c7:c6:21:75:48:08:26:f5:7c:f1:56:ec:15:c5:7f:
24:0f:08:03:74:e0:da:10:bf:3d:90:67:09:1e:b2:
3f:b4:f4:15:df:53:e8:68:e8:d1:28:8e:2d:37:f9:
e0:3a:a3:29:00:3d:0a:66:7c:71:ab:54:e5:da:fe:
44:18:3c:b4:be:c5:ce:49:26:8c:cc:ab:88:8f:b7:
e3:ad:5b:df:b2:d4:a3:f8:a9:06:4f:38:6e:b7:05:
b3:3a:bd:63:cd:f7:26:15:e0:98:fd:30:7e:d3:33:
56:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42
X509v3 Authority Key Identifier:
keyid:1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
b4:d5:d9:7a:46:1e:1a:95:02:b5:7e:86:45:16:26:d5:8a:11:
b9:34:98:58:df:cd:0c:d5:a5:f2:cc:24:1a:22:f4:c7:3e:50:
39:40:f5:d6:e8:3b:9c:05:e9:f9:95:9b:c2:01:3b:69:d5:ba:
4f:cf:7c:a6:7c:6e:f4:24:a3:d1:88:e2:29:60:ca:6d:b0:ee:
a6:b8:d1:5f:49:d5:08:a6:c2:79:3a:3f:8a:63:ec:53:ef:48:
00:8c:61:d2:0f:38:e0:00:ac:6d:a6:bf:ed:6a:42:c3:cf:4e:
e3:0d:48:c5:a7:6d:5e:af:5a:e4:30:26:ba:19:2a:a5:57:da:
ce:b7:b6:45:24:fb:36:b6:a3:6c:55:ca:9f:91:19:29:db:a4:
22:d4:45:53:b9:79:6a:a7:5e:90:a3:4d:3b:c1:b6:2b:52:41:
97:7d:9e:0c:cf:0a:5f:ce:0e:fe:bf:a9:e5:b7:60:17:f5:93:
4b:b5:6d:2d:51:a6:c1:54:65:f9:e1:5c:21:8d:3d:19:0c:dc:
2c:c9:17:40:65:15:d0:ad:98:06:a0:11:aa:87:b3:2d:03:29:
37:24:f6:42:a8:d5:58:ae:55:20:c3:37:a3:62:33:36:34:73:
98:bc:70:30:aa:33:b0:e4:86:b6:d9:22:79:1f:3f:68:6f:f5:
66:75:e8:70
-----BEGIN CERTIFICATE-----
MIIDlzCCAn+gAwIBAgIUTJvsldEhSR1dZacaYUZn3UIYZUYwDQYJKoZIhvcNAQEL
BQAwWjELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNv
VFVSTjELMAkGA1UEAwwCQ0ExGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTAg
Fw0yMDAzMDUwOTA1MTBaGA8zMDE5MDcwNzA5MDUxMFowWjELMAkGA1UEBhMCSFUx
EDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNvVFVSTjELMAkGA1UEAwwCQ0Ex
GzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANh2KllEc9olOJNU2MUrEb0wgCFfR5V9614+mA2nqDCMB20a
7onBTMxkgZCzq1Qfm3IjxS8KMlK+J60vUe5inu1E0LqqcmcDou6g412eN+zuCylZ
6NjVhKFtNl2Faw1zoDL+tvqZ74x4qQL0Or0TvBqbclUL5wztaADC53hK384UKpnx
3pcWYETx/Ph05TMxzPn/XZ7Bx8YhdUgIJvV88VbsFcV/JA8IA3Tg2hC/PZBnCR6y
P7T0Fd9T6Gjo0SiOLTf54DqjKQA9CmZ8catU5dr+RBg8tL7FzkkmjMyriI+3461b
37LUo/ipBk84brcFszq9Y833JhXgmP0wftMzVo0CAwEAAaNTMFEwHQYDVR0OBBYE
FBwnXkA5jOxxx+3pKlbJnt9I6oJCMB8GA1UdIwQYMBaAFBwnXkA5jOxxx+3pKlbJ
nt9I6oJCMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALTV2XpG
HhqVArV+hkUWJtWKEbk0mFjfzQzVpfLMJBoi9Mc+UDlA9dboO5wF6fmVm8IBO2nV
uk/PfKZ8bvQko9GI4ilgym2w7qa40V9J1Qimwnk6P4pj7FPvSACMYdIPOOAArG2m
v+1qQsPPTuMNSMWnbV6vWuQwJroZKqVX2s63tkUk+za2o2xVyp+RGSnbpCLURVO5
eWqnXpCjTTvBtitSQZd9ngzPCl/ODv6/qeW3YBf1k0u1bS1RpsFUZfnhXCGNPRkM
3CzJF0BlFdCtmAagEaqHsy0DKTck9kKo1ViuVSDDN6NiMzY0c5i8cDCqM7DkhrbZ
InkfP2hv9WZ16HA=
-----END CERTIFICATE-----

80
examples/ca/CA/newcerts/4C9BEC95D121491D5D65A71A614667DD42186547.pem Normal file
View File

@ -0,0 +1,80 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4c:9b:ec:95:d1:21:49:1d:5d:65:a7:1a:61:46:67:dd:42:18:65:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=HU, ST=Hungary, O=coTURN, CN=CA/emailAddress=misi@majd.eu
Validity
Not Before: Mar 5 09:05:21 2020 GMT
Not After : Mar 3 09:05:21 2030 GMT
Subject: C=HU, ST=Hungary, L=Debrecen, O=coTURN, CN=Server/emailAddress=misi@majd.eu
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:db:f7:17:35:17:7c:46:79:64:89:61:5f:ac:
cf:8f:6d:97:13:87:8a:d6:f1:ab:df:f6:69:4e:04:
57:c1:4d:6c:3d:77:c9:50:0d:3d:b6:89:cd:ac:00:
b5:02:45:e4:4c:78:ef:6f:18:7e:57:4e:bc:62:4d:
f6:de:6c:c8:77:ea:c5:b2:b4:65:2d:46:76:bf:5e:
5f:f8:45:78:55:f4:4d:20:ac:91:f0:4f:23:cb:5d:
40:29:44:de:9c:f7:0a:e6:48:a4:80:35:dd:cb:e8:
02:90:59:f7:31:f9:4c:50:fe:98:ef:dd:7f:60:51:
2d:44:0a:14:a2:57:96:51:36:3f:73:66:db:45:5f:
bd:9d:f4:82:3a:ce:ab:75:4f:d0:90:6d:43:d1:7b:
2f:77:31:88:db:2f:4a:a9:4e:62:39:c7:14:7f:39:
ef:e2:08:b7:18:a7:6c:f8:d9:35:d5:a3:f8:64:f5:
02:51:22:1b:8e:7a:c5:44:ae:df:b1:17:0b:71:df:
09:82:89:49:70:c5:9b:a0:f3:3c:02:48:75:e7:81:
f9:24:51:56:24:3b:ff:b8:68:d3:13:2e:a2:f4:d1:
70:33:a9:7a:d6:17:fd:ca:a5:6b:13:74:c9:ce:b6:
26:4f:01:ff:eb:ba:b5:f9:a1:70:80:da:11:df:a3:
7b:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:C1:E5:77:D3:01:6B:7A:A7:D8:18:6B:50:D6:FA:0E:D6:D9:B4:4F
X509v3 Authority Key Identifier:
keyid:1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
a3:37:55:68:68:02:9f:af:d6:b1:38:b3:d8:bf:30:27:33:6f:
21:4c:09:ee:cf:24:d2:eb:cf:1c:7a:15:98:6d:10:94:e0:4a:
1f:88:5c:43:90:09:78:c1:a6:82:06:16:f2:8c:d1:3a:c5:3b:
99:67:35:3c:00:bf:9f:a2:6a:e7:33:85:83:88:72:88:e4:d2:
83:1c:6c:49:92:5f:51:80:0d:92:0f:99:4d:cb:2a:18:4d:68:
b7:b6:d1:de:54:22:71:88:8d:04:45:c5:13:34:8d:52:7a:f7:
2a:e7:cb:b2:41:20:7b:ef:aa:d0:58:93:b5:e6:b5:fa:8b:22:
a3:ed:a7:81:9b:ca:50:f7:d0:bd:5f:f2:52:6d:8b:af:af:64:
36:9d:6d:81:ce:50:29:b7:db:d0:ac:a3:1d:78:77:90:29:a3:
84:10:69:13:e9:47:fc:e1:1e:c2:74:55:61:11:65:2d:77:e1:
ca:9f:2d:6f:2f:76:f6:69:bc:09:50:9a:b0:48:05:a2:53:e6:
93:46:81:0d:04:8b:cd:fb:a4:a7:82:08:78:f9:87:dc:0a:07:
91:1f:de:09:fa:00:5a:16:1a:2b:5c:83:10:03:33:2f:ad:8c:
9a:eb:94:0f:77:b1:9b:ec:e6:0e:dc:84:dd:35:3f:b5:8a:d2:
06:0e:88:d7
-----BEGIN CERTIFICATE-----
MIIDrDCCApSgAwIBAgIUTJvsldEhSR1dZacaYUZn3UIYZUcwDQYJKoZIhvcNAQEL
BQAwWjELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNv
VFVSTjELMAkGA1UEAwwCQ0ExGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTAe
Fw0yMDAzMDUwOTA1MjFaFw0zMDAzMDMwOTA1MjFaMHExCzAJBgNVBAYTAkhVMRAw
DgYDVQQIDAdIdW5nYXJ5MREwDwYDVQQHDAhEZWJyZWNlbjEPMA0GA1UECgwGY29U
VVJOMQ8wDQYDVQQDDAZTZXJ2ZXIxGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5l
dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALzb9xc1F3xGeWSJYV+s
z49tlxOHitbxq9/2aU4EV8FNbD13yVANPbaJzawAtQJF5Ex4728YfldOvGJN9t5s
yHfqxbK0ZS1Gdr9eX/hFeFX0TSCskfBPI8tdQClE3pz3CuZIpIA13cvoApBZ9zH5
TFD+mO/df2BRLUQKFKJXllE2P3Nm20VfvZ30gjrOq3VP0JBtQ9F7L3cxiNsvSqlO
YjnHFH857+IItxinbPjZNdWj+GT1AlEiG456xUSu37EXC3HfCYKJSXDFm6DzPAJI
deeB+SRRViQ7/7ho0xMuovTRcDOpetYX/cqlaxN0yc62Jk8B/+u6tfmhcIDaEd+j
e08CAwEAAaNTMFEwHQYDVR0OBBYEFDjB5XfTAWt6p9gYa1DW+g7W2bRPMB8GA1Ud
IwQYMBaAFBwnXkA5jOxxx+3pKlbJnt9I6oJCMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
KoZIhvcNAQELBQADggEBAKM3VWhoAp+v1rE4s9i/MCczbyFMCe7PJNLrzxx6FZht
EJTgSh+IXEOQCXjBpoIGFvKM0TrFO5lnNTwAv5+iauczhYOIcojk0oMcbEmSX1GA
DZIPmU3LKhhNaLe20d5UInGIjQRFxRM0jVJ69yrny7JBIHvvqtBYk7XmtfqLIqPt
p4GbylD30L1f8lJti6+vZDadbYHOUCm329Csox14d5Apo4QQaRPpR/zhHsJ0VWER
ZS134cqfLW8vdvZpvAlQmrBIBaJT5pNGgQ0Ei837pKeCCHj5h9wKB5Ef3gn6AFoW
GitcgxADMy+tjJrrlA93sZvs5g7chN01P7WK0gYOiNc=
-----END CERTIFICATE-----

80
examples/ca/CA/newcerts/4C9BEC95D121491D5D65A71A614667DD42186548.pem Normal file
View File

@ -0,0 +1,80 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4c:9b:ec:95:d1:21:49:1d:5d:65:a7:1a:61:46:67:dd:42:18:65:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=HU, ST=Hungary, O=coTURN, CN=CA/emailAddress=misi@majd.eu
Validity
Not Before: Mar 5 09:05:42 2020 GMT
Not After : Mar 3 09:05:42 2030 GMT
Subject: C=HU, ST=Hungary, L=Debrecen, O=coTURN, CN=Client/emailAddress=misi@majd.eu
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:6d:38:31:23:12:12:e7:5a:8d:ed:1c:02:7e:
bf:c2:ef:7a:d1:c0:b2:4b:b4:38:9b:a7:5d:dd:01:
2c:a0:e7:7c:5b:7a:4d:71:4b:c9:5b:77:e8:b3:4c:
92:5b:8c:43:57:b6:c9:8c:44:66:6a:9e:8c:f2:76:
58:a2:f5:38:a3:4f:ef:af:5a:c7:bf:e5:72:98:c0:
b8:2e:a1:75:cc:16:8b:bf:a3:6a:e6:fd:c9:25:35:
92:31:b2:78:2a:42:7b:a1:ce:25:be:32:45:6e:0b:
36:22:f8:6c:9c:f3:8f:bf:c8:8c:79:d5:59:02:f5:
de:1f:67:fc:ef:c7:27:88:a7:35:b1:d7:ee:dc:1c:
74:11:fc:3c:56:33:b5:e7:88:ce:f3:ce:db:b9:3c:
e0:eb:15:bc:00:5f:29:f4:9c:8e:4d:61:df:da:aa:
f4:fc:fb:e7:4b:75:dc:dc:cf:f0:4b:3b:67:cf:bf:
35:b8:0f:5b:20:94:60:dd:3b:e5:7a:ec:0e:30:2c:
c1:fb:f6:21:5b:ed:80:34:9d:59:5c:95:39:a2:61:
a4:13:fa:57:b9:f5:85:d4:a1:bf:91:cf:d7:dc:ac:
fa:32:47:ee:d2:86:9b:14:d1:35:88:1e:2d:9f:39:
74:86:de:f1:04:de:e1:39:2f:a8:91:bf:8b:f7:4f:
7c:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:BA:14:26:42:B6:5B:9E:3C:F1:53:1A:FD:DB:CB:FE:B1:A2:74:6C
X509v3 Authority Key Identifier:
keyid:1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
6b:93:56:56:81:fb:34:9e:15:2e:3e:b2:2c:73:72:60:f2:1a:
a8:bf:c3:f0:c7:57:00:48:37:2a:1c:63:71:1b:29:f4:2b:dc:
64:07:f8:72:80:65:18:c7:74:23:c1:02:00:d8:93:1d:4f:2b:
8c:46:34:1e:d2:6a:5c:ab:8d:ff:a7:fe:e5:c2:bf:33:55:ea:
2b:e2:70:e9:24:4c:4d:31:d4:dd:10:55:f5:bb:2c:a5:ec:f6:
8f:7a:05:1c:6c:7d:cf:85:6b:29:a7:bd:fe:a2:bc:00:45:b8:
ac:70:c7:c9:67:93:0a:5c:d7:52:a3:c9:fc:6c:ef:52:b2:6b:
bc:5b:f9:e1:9b:27:07:39:28:28:7f:a0:70:62:af:4f:42:82:
dd:ec:23:4d:fc:8e:19:51:87:cc:d0:29:d5:27:44:9c:fa:b5:
51:ea:31:eb:51:84:3f:07:5b:c0:57:5d:2a:c7:15:ed:9c:46:
ac:8e:14:8b:4d:82:0e:b4:6a:47:db:37:f3:03:08:86:b6:25:
0b:92:6d:99:a9:99:45:4e:38:45:e0:a2:4e:e7:34:50:51:ab:
f8:c8:ef:26:3d:7f:9f:8f:45:20:cf:f5:31:27:b6:00:3a:e0:
4a:d5:62:9a:29:27:9b:aa:3a:95:56:1c:d7:65:15:ce:35:10:
2a:7e:cc:b6
-----BEGIN CERTIFICATE-----
MIIDrDCCApSgAwIBAgIUTJvsldEhSR1dZacaYUZn3UIYZUgwDQYJKoZIhvcNAQEL
BQAwWjELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNv
VFVSTjELMAkGA1UEAwwCQ0ExGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTAe
Fw0yMDAzMDUwOTA1NDJaFw0zMDAzMDMwOTA1NDJaMHExCzAJBgNVBAYTAkhVMRAw
DgYDVQQIDAdIdW5nYXJ5MREwDwYDVQQHDAhEZWJyZWNlbjEPMA0GA1UECgwGY29U
VVJOMQ8wDQYDVQQDDAZDbGllbnQxGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5l
dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9tODEjEhLnWo3tHAJ+
v8LvetHAsku0OJunXd0BLKDnfFt6TXFLyVt36LNMkluMQ1e2yYxEZmqejPJ2WKL1
OKNP769ax7/lcpjAuC6hdcwWi7+jaub9ySU1kjGyeCpCe6HOJb4yRW4LNiL4bJzz
j7/IjHnVWQL13h9n/O/HJ4inNbHX7twcdBH8PFYzteeIzvPO27k84OsVvABfKfSc
jk1h39qq9Pz750t13NzP8Es7Z8+/NbgPWyCUYN075XrsDjAswfv2IVvtgDSdWVyV
OaJhpBP6V7n1hdShv5HP19ys+jJH7tKGmxTRNYgeLZ85dIbe8QTe4TkvqJG/i/dP
fOUCAwEAAaNTMFEwHQYDVR0OBBYEFDK6FCZCtluePPFTGv3by/6xonRsMB8GA1Ud
IwQYMBaAFBwnXkA5jOxxx+3pKlbJnt9I6oJCMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
KoZIhvcNAQELBQADggEBAGuTVlaB+zSeFS4+sixzcmDyGqi/w/DHVwBINyocY3Eb
KfQr3GQH+HKAZRjHdCPBAgDYkx1PK4xGNB7Salyrjf+n/uXCvzNV6ivicOkkTE0x
1N0QVfW7LKXs9o96BRxsfc+Faymnvf6ivABFuKxwx8lnkwpc11Kjyfxs71Kya7xb
+eGbJwc5KCh/oHBir09Cgt3sI038jhlRh8zQKdUnRJz6tVHqMetRhD8HW8BXXSrH
Fe2cRqyOFItNgg60akfbN/MDCIa2JQuSbZmpmUVOOEXgok7nNFBRq/jI7yY9f5+P
RSDP9TEntgA64ErVYpopJ5uqOpVWHNdlFc41ECp+zLY=
-----END CERTIFICATE-----

30
examples/ca/CA/private/cakey.pem Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIeK2OY7PJbzYCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECKP+q72oc4q7BIIEyHkaZfqjSX9W
HIHqbQtHOMlAtqSxmAyV6C3pXLwNuEpo4cYwyPUdJwMNxm8OjsxuH708daZu5QWl
7EVNV4WY9ff4/4geJAp9ZrqJN5TsgFIUyss5NzHjTMPUz/yunr0Hk5OOVLusTCqF
Ys0Qdo2Gy33NZCK53U22pa0S/szppN4DIDujSOuUAiyxJdz12cCUyw/OlAXvDLJb
I9oObKWpbYBtJSLk5aWblZDUTVmFWngkTIc76wchBXu7WntLjXdMG2lv4Gy/ozUb
vsYvEADNRJFOpYyfWvmEFNKvEcVxfzshnms9TdzhDCmYhmYR+NfamYq5Om+81Pv3
h+z1Zd7x3uYs8NM+DbRKhwHS6jkQCxelWdQbeSJj/Fz9VpWSrJlkmhXI+7qkBCsv
DVoz017Y2zK/iM5JRPTH65tnNMeH61Zj4EOHBEzMBE6EvugJcSqPXfBKtVMwVAzV
Mva8gtOlMN0Ce9dmG+HZKDek6S++5AbkxuOwRb+YOVXjUrNXXf0YqglM9Nb/RCr4
Z+gkuTCwARJZqjebZnUw1mSZp2R89X774wNDHAlw96tSW2OZlfPmbvXBnwT7QwPm
YBZT6CrLL7LEIs0G5zFh1L/PCQi7EyNaE9Ixw52nqc5Ej2M6Rj6XcdCRdw5IKmh/
BbTzD0LxfNh+XKpAIzkuNfGkwUVtfldmfpW3xRKzI1o+rbgDGMA/eEFYWmyE9326
/vsv7daE4zWAG4O5OdGKMKBABCqM92X2YU7bZoNQS25dy7uZsQ8zvkcI1Q1GKMW0
Lg2oDTSTSrPRVgLAcb0o06Frvler5F277OBfBm1+6+7aL3hct4TZjb+0pp5SuxrS
7PpRXMFYzbQ+Z7YrRv6uwrrxVl99Ok/jBGLYT+CllZ+PNvRbcgsy0xUIz6KTbQQZ
H4qqkObdKFHQLqfP9+YUwjE2akR/prOR2Dfoq648L/eEF4qpGCADaXFoHODWfiqz
VQHvLP4FN4ppYn3jB4lSTIl+7s92XznK5aN5AERRdUIfjPnZB8lQkDP/qwwCI0Ki
SRxUtsrMef1biTKL5HI3On2wPLFQCGVEmiQoD8uEqaB/vAdJy5ZdQ3HA547TxLmy
TJ6je8QMFUcO3n1pJWeUHuL+WyGrcstOEkZiFQyVpAFFeS7h6u2UI7HyNXGaP1mk
+vWulewlMjWHw05qG9wLqEiDkpZgmx4garfWbR2rggBu1Jlg4svS2jdmytuKQ735
E1e5g7TCSzv6sHzdHfQ2WaVvfM5YfxqWpgPhNH2t7rScoLTvI2txyhpIIEIMn+ip
tBM15Ai+L92gr4wLJlsBOcKOWSN46ucqQsGla3so0PZAtU4hVPEJ+PzaR2czStUk
MzrKfG1qox+JW8BBiW2zV2idKy2440Sn/NSqMyvZgEFn7GDaAcTsZi2FhRLT1Fg+
2c5viBTaCRdh20QDQQu3skEhbFU5GjeZEqCO25hX5L3BZPnQtwQujc2RU9aGWwPm
o/nrp8ilBRI18qFdxfqFEV6ftdVNXlrV+cMgtuwPNX6vnmKWjN67/cDIUML3ab+e
9cx0rBvCBvMn7Q0AvY/RcsVP0DaLmov7ciuvih0ptCgYThov7FJ2V+q+2LbNLwSc
qpi/6R+l6bIjP0UITKZlug==
-----END ENCRYPTED PRIVATE KEY-----

1
examples/ca/CA/serial Normal file
View File

@ -0,0 +1 @@
4C9BEC95D121491D5D65A71A614667DD42186549

1
examples/ca/CA/serial.old Normal file
View File

@ -0,0 +1 @@
4C9BEC95D121491D5D65A71A614667DD42186548

364
examples/ca/openssl.conf Normal file
View File

@ -0,0 +1,364 @@
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# Note that you can include other files from the main configuration
# file using the .include directive.
#.include filename
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# System default
openssl_conf = default_conf
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
# Policies used by the TSA examples.
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = ./CA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several certs with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
x509_extensions = usr_cert # The extensions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
# Extension copying option: use with caution.
# copy_extensions = copy
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = default # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extensions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = HU
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Hungary
localityName = Locality Name (eg, city)
localityName_default = Debrecen
0.organizationName = Organization Name (eg, company)
0.organizationName_default = coTURN
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
#organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_default = misi@majd.eu
emailAddress_max = 64
# SET-ex3 = SET extension number 3
[ req_attributes ]
#challengePassword = A challenge password
#challengePassword_min = 4
#challengePassword_max = 20
#unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
# This is required for TSA certificates.
# extendedKeyUsage = critical,timeStamping
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = critical,CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
# This really needs to be in place for it to be a proxy certificate.
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
####################################################################
[ tsa ]
default_tsa = tsa_config1 # the default TSA section
[ tsa_config1 ]
# These are used by the TSA reply generation only.
dir = ./CA # TSA root directory
serial = $dir/tsaserial # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate
# (optional)
certs = $dir/cacert.pem # Certificate chain to include in reply
# (optional)
signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
signer_digest = sha256 # Signing digest to use. (Optional)
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
clock_precision_digits = 0 # number of digits after dot. (optional)
ordering = yes # Is ordering defined for timestamps?
# (optional, default: no)
tsa_name = yes # Must the TSA name be included in the reply?
# (optional, default: no)
ess_cert_id_chain = no # Must the ESS cert id chain be included?
# (optional, default: no)
ess_cert_id_alg = sha1 # algorithm to compute certificate
# identifier (optional, default: sha1)
[default_conf]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=2

16
examples/ca/run.sh Executable file
View File

@ -0,0 +1,16 @@
#!/bin/bash
#set -x
# key passwd: coTURN
cp /usr/lib/ssl/misc/CA.pl ./CA.pl
patch < CA.pl.diff
export OPENSSL_CONFIG="-config openssl.conf"
./CA.pl -newca
for i in "server" "client";
do
./CA.pl -newreq-nodes
./CA.pl -signCA
mv newcert.pem turn_${i}_cert.pem
mv newkey.pem turn_${i}_pkey.pem
rm newreq.pem
done;

80
examples/ca/turn_client_cert.pem Normal file
View File

@ -0,0 +1,80 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4c:9b:ec:95:d1:21:49:1d:5d:65:a7:1a:61:46:67:dd:42:18:65:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=HU, ST=Hungary, O=coTURN, CN=CA/emailAddress=misi@majd.eu
Validity
Not Before: Mar 5 09:05:42 2020 GMT
Not After : Mar 3 09:05:42 2030 GMT
Subject: C=HU, ST=Hungary, L=Debrecen, O=coTURN, CN=Client/emailAddress=misi@majd.eu
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:6d:38:31:23:12:12:e7:5a:8d:ed:1c:02:7e:
bf:c2:ef:7a:d1:c0:b2:4b:b4:38:9b:a7:5d:dd:01:
2c:a0:e7:7c:5b:7a:4d:71:4b:c9:5b:77:e8:b3:4c:
92:5b:8c:43:57:b6:c9:8c:44:66:6a:9e:8c:f2:76:
58:a2:f5:38:a3:4f:ef:af:5a:c7:bf:e5:72:98:c0:
b8:2e:a1:75:cc:16:8b:bf:a3:6a:e6:fd:c9:25:35:
92:31:b2:78:2a:42:7b:a1:ce:25:be:32:45:6e:0b:
36:22:f8:6c:9c:f3:8f:bf:c8:8c:79:d5:59:02:f5:
de:1f:67:fc:ef:c7:27:88:a7:35:b1:d7:ee:dc:1c:
74:11:fc:3c:56:33:b5:e7:88:ce:f3:ce:db:b9:3c:
e0:eb:15:bc:00:5f:29:f4:9c:8e:4d:61:df:da:aa:
f4:fc:fb:e7:4b:75:dc:dc:cf:f0:4b:3b:67:cf:bf:
35:b8:0f:5b:20:94:60:dd:3b:e5:7a:ec:0e:30:2c:
c1:fb:f6:21:5b:ed:80:34:9d:59:5c:95:39:a2:61:
a4:13:fa:57:b9:f5:85:d4:a1:bf:91:cf:d7:dc:ac:
fa:32:47:ee:d2:86:9b:14:d1:35:88:1e:2d:9f:39:
74:86:de:f1:04:de:e1:39:2f:a8:91:bf:8b:f7:4f:
7c:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:BA:14:26:42:B6:5B:9E:3C:F1:53:1A:FD:DB:CB:FE:B1:A2:74:6C
X509v3 Authority Key Identifier:
keyid:1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
6b:93:56:56:81:fb:34:9e:15:2e:3e:b2:2c:73:72:60:f2:1a:
a8:bf:c3:f0:c7:57:00:48:37:2a:1c:63:71:1b:29:f4:2b:dc:
64:07:f8:72:80:65:18:c7:74:23:c1:02:00:d8:93:1d:4f:2b:
8c:46:34:1e:d2:6a:5c:ab:8d:ff:a7:fe:e5:c2:bf:33:55:ea:
2b:e2:70:e9:24:4c:4d:31:d4:dd:10:55:f5:bb:2c:a5:ec:f6:
8f:7a:05:1c:6c:7d:cf:85:6b:29:a7:bd:fe:a2:bc:00:45:b8:
ac:70:c7:c9:67:93:0a:5c:d7:52:a3:c9:fc:6c:ef:52:b2:6b:
bc:5b:f9:e1:9b:27:07:39:28:28:7f:a0:70:62:af:4f:42:82:
dd:ec:23:4d:fc:8e:19:51:87:cc:d0:29:d5:27:44:9c:fa:b5:
51:ea:31:eb:51:84:3f:07:5b:c0:57:5d:2a:c7:15:ed:9c:46:
ac:8e:14:8b:4d:82:0e:b4:6a:47:db:37:f3:03:08:86:b6:25:
0b:92:6d:99:a9:99:45:4e:38:45:e0:a2:4e:e7:34:50:51:ab:
f8:c8:ef:26:3d:7f:9f:8f:45:20:cf:f5:31:27:b6:00:3a:e0:
4a:d5:62:9a:29:27:9b:aa:3a:95:56:1c:d7:65:15:ce:35:10:
2a:7e:cc:b6
-----BEGIN CERTIFICATE-----
MIIDrDCCApSgAwIBAgIUTJvsldEhSR1dZacaYUZn3UIYZUgwDQYJKoZIhvcNAQEL
BQAwWjELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNv
VFVSTjELMAkGA1UEAwwCQ0ExGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTAe
Fw0yMDAzMDUwOTA1NDJaFw0zMDAzMDMwOTA1NDJaMHExCzAJBgNVBAYTAkhVMRAw
DgYDVQQIDAdIdW5nYXJ5MREwDwYDVQQHDAhEZWJyZWNlbjEPMA0GA1UECgwGY29U
VVJOMQ8wDQYDVQQDDAZDbGllbnQxGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5l
dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9tODEjEhLnWo3tHAJ+
v8LvetHAsku0OJunXd0BLKDnfFt6TXFLyVt36LNMkluMQ1e2yYxEZmqejPJ2WKL1
OKNP769ax7/lcpjAuC6hdcwWi7+jaub9ySU1kjGyeCpCe6HOJb4yRW4LNiL4bJzz
j7/IjHnVWQL13h9n/O/HJ4inNbHX7twcdBH8PFYzteeIzvPO27k84OsVvABfKfSc
jk1h39qq9Pz750t13NzP8Es7Z8+/NbgPWyCUYN075XrsDjAswfv2IVvtgDSdWVyV
OaJhpBP6V7n1hdShv5HP19ys+jJH7tKGmxTRNYgeLZ85dIbe8QTe4TkvqJG/i/dP
fOUCAwEAAaNTMFEwHQYDVR0OBBYEFDK6FCZCtluePPFTGv3by/6xonRsMB8GA1Ud
IwQYMBaAFBwnXkA5jOxxx+3pKlbJnt9I6oJCMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
KoZIhvcNAQELBQADggEBAGuTVlaB+zSeFS4+sixzcmDyGqi/w/DHVwBINyocY3Eb
KfQr3GQH+HKAZRjHdCPBAgDYkx1PK4xGNB7Salyrjf+n/uXCvzNV6ivicOkkTE0x
1N0QVfW7LKXs9o96BRxsfc+Faymnvf6ivABFuKxwx8lnkwpc11Kjyfxs71Kya7xb
+eGbJwc5KCh/oHBir09Cgt3sI038jhlRh8zQKdUnRJz6tVHqMetRhD8HW8BXXSrH
Fe2cRqyOFItNgg60akfbN/MDCIa2JQuSbZmpmUVOOEXgok7nNFBRq/jI7yY9f5+P
RSDP9TEntgA64ErVYpopJ5uqOpVWHNdlFc41ECp+zLY=
-----END CERTIFICATE-----

28
examples/ca/turn_client_pkey.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCvbTgxIxIS51qN
7RwCfr/C73rRwLJLtDibp13dASyg53xbek1xS8lbd+izTJJbjENXtsmMRGZqnozy
dlii9TijT++vWse/5XKYwLguoXXMFou/o2rm/cklNZIxsngqQnuhziW+MkVuCzYi
+Gyc84+/yIx51VkC9d4fZ/zvxyeIpzWx1+7cHHQR/DxWM7XniM7zztu5PODrFbwA
Xyn0nI5NYd/aqvT8++dLddzcz/BLO2fPvzW4D1sglGDdO+V67A4wLMH79iFb7YA0
nVlclTmiYaQT+le59YXUob+Rz9fcrPoyR+7ShpsU0TWIHi2fOXSG3vEE3uE5L6iR
v4v3T3zlAgMBAAECggEBAINzP+vx75UirwQybA6ik2aqtEmALxnzDYf1PaxhOOPJ
EbIqTuVaeKOFkmToN7NJwxxy50un5WZ3L/5vF7PkNHCLcXrgd1UfxWMY5eprKi2n
p0gOWAiGmra7EbUTml9wOdvg8P84BDaVSBekNx7Ukx6OVFTmvTAutCascSfq/4Cx
K71zaW/I9hrU8oNDBDzolVW4gW8ObNLGhoDqmvkoXrlrGEBNqkuErbbYZA1k/001
lurEh7Zp7Kp6jjHcRm83a7bWiRYGtv1K9kR9MKKLW7au8zyjYcesTvS2QjY+k20W
vE2kmyAosbJShFzTmZn8kwgh6c0BPyFDEI5XleMeefECgYEA6ZhgG87wyU4RDU1N
PxLV9ufbSYpW91KP1iuZ5Z6QdLGWZeWKjvxtoLAa3z9ceIBVvFqCGDn4DfwIaNLe
tGsjeyXre1R3/B0S/oAJbmbRV4pWl/jSzgbzCTGW7x1mpqgpJdHFmTbqTxkNB6cM
fpzTPfM012KfRglD9D+2DTOCyEsCgYEAwECXQRIe7/657J68GHSBCaQ+rzDL3nRe
exe4duHyXok0yohk7OiPepKQ1hdYq2PHhGEj6b5OgFppWeA66M/ndjX4S10oCtN0
oEb7honFz4ZmHmqQ6UotAuBx7tq06v+KI/eTvefTVh9mujdwMW4sAowhx9Dw6PkR
ipFCdi458Y8CgYEAhJ//ySoYKaMKKWw/NFVkZ9fB+CH0OF2GzslYijcZuzdstZO6
tG37bCUwTJozzTLH+rXEcS7QeFglCibXTMYbkfq4lQAjU1/KffaB5E26A6LGgWhD
f7gQWqLuF/qwYmTNX+yW7ONx6tDFRhgBDw3JHb4svTEATwpJq65UlXAui7sCgYBD
krBXO8JKApNg+s4MHm74b5VkyFbv4qEOzOCWUIZ6+ejnQxeOOZOstnVX+q681v5a
pjYUQ0KeVKjw4SJzkBe/8epKuvyHCZnVd/2SZTx0271q9XPnu52khDUnihHLA3SP
fcadGi2q+LCHxVKW3S1028JH1EXI7TpgJPxiQ480OwKBgQDmi0BiSFaxNVcJm+pq
rbmK2pRPl49VOlc7px89ilZgoIeU8jwWQyqXRooarFhV1H0SA6oh52jYljiIIFVn
qwKfS3Sjo6iW3ytjGcRLeNS0Sk8D2XMky7Mw120ZxatTsKw3ztmYFAlSYdxRMnue
zkYzcxL3N2LvHeY8SOwyxayfxg==
-----END PRIVATE KEY-----

80
examples/ca/turn_server_cert.pem Normal file
View File

@ -0,0 +1,80 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4c:9b:ec:95:d1:21:49:1d:5d:65:a7:1a:61:46:67:dd:42:18:65:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=HU, ST=Hungary, O=coTURN, CN=CA/emailAddress=misi@majd.eu
Validity
Not Before: Mar 5 09:05:21 2020 GMT
Not After : Mar 3 09:05:21 2030 GMT
Subject: C=HU, ST=Hungary, L=Debrecen, O=coTURN, CN=Server/emailAddress=misi@majd.eu
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:db:f7:17:35:17:7c:46:79:64:89:61:5f:ac:
cf:8f:6d:97:13:87:8a:d6:f1:ab:df:f6:69:4e:04:
57:c1:4d:6c:3d:77:c9:50:0d:3d:b6:89:cd:ac:00:
b5:02:45:e4:4c:78:ef:6f:18:7e:57:4e:bc:62:4d:
f6:de:6c:c8:77:ea:c5:b2:b4:65:2d:46:76:bf:5e:
5f:f8:45:78:55:f4:4d:20:ac:91:f0:4f:23:cb:5d:
40:29:44:de:9c:f7:0a:e6:48:a4:80:35:dd:cb:e8:
02:90:59:f7:31:f9:4c:50:fe:98:ef:dd:7f:60:51:
2d:44:0a:14:a2:57:96:51:36:3f:73:66:db:45:5f:
bd:9d:f4:82:3a:ce:ab:75:4f:d0:90:6d:43:d1:7b:
2f:77:31:88:db:2f:4a:a9:4e:62:39:c7:14:7f:39:
ef:e2:08:b7:18:a7:6c:f8:d9:35:d5:a3:f8:64:f5:
02:51:22:1b:8e:7a:c5:44:ae:df:b1:17:0b:71:df:
09:82:89:49:70:c5:9b:a0:f3:3c:02:48:75:e7:81:
f9:24:51:56:24:3b:ff:b8:68:d3:13:2e:a2:f4:d1:
70:33:a9:7a:d6:17:fd:ca:a5:6b:13:74:c9:ce:b6:
26:4f:01:ff:eb:ba:b5:f9:a1:70:80:da:11:df:a3:
7b:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:C1:E5:77:D3:01:6B:7A:A7:D8:18:6B:50:D6:FA:0E:D6:D9:B4:4F
X509v3 Authority Key Identifier:
keyid:1C:27:5E:40:39:8C:EC:71:C7:ED:E9:2A:56:C9:9E:DF:48:EA:82:42
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
a3:37:55:68:68:02:9f:af:d6:b1:38:b3:d8:bf:30:27:33:6f:
21:4c:09:ee:cf:24:d2:eb:cf:1c:7a:15:98:6d:10:94:e0:4a:
1f:88:5c:43:90:09:78:c1:a6:82:06:16:f2:8c:d1:3a:c5:3b:
99:67:35:3c:00:bf:9f:a2:6a:e7:33:85:83:88:72:88:e4:d2:
83:1c:6c:49:92:5f:51:80:0d:92:0f:99:4d:cb:2a:18:4d:68:
b7:b6:d1:de:54:22:71:88:8d:04:45:c5:13:34:8d:52:7a:f7:
2a:e7:cb:b2:41:20:7b:ef:aa:d0:58:93:b5:e6:b5:fa:8b:22:
a3:ed:a7:81:9b:ca:50:f7:d0:bd:5f:f2:52:6d:8b:af:af:64:
36:9d:6d:81:ce:50:29:b7:db:d0:ac:a3:1d:78:77:90:29:a3:
84:10:69:13:e9:47:fc:e1:1e:c2:74:55:61:11:65:2d:77:e1:
ca:9f:2d:6f:2f:76:f6:69:bc:09:50:9a:b0:48:05:a2:53:e6:
93:46:81:0d:04:8b:cd:fb:a4:a7:82:08:78:f9:87:dc:0a:07:
91:1f:de:09:fa:00:5a:16:1a:2b:5c:83:10:03:33:2f:ad:8c:
9a:eb:94:0f:77:b1:9b:ec:e6:0e:dc:84:dd:35:3f:b5:8a:d2:
06:0e:88:d7
-----BEGIN CERTIFICATE-----
MIIDrDCCApSgAwIBAgIUTJvsldEhSR1dZacaYUZn3UIYZUcwDQYJKoZIhvcNAQEL
BQAwWjELMAkGA1UEBhMCSFUxEDAOBgNVBAgMB0h1bmdhcnkxDzANBgNVBAoMBmNv
VFVSTjELMAkGA1UEAwwCQ0ExGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5ldTAe
Fw0yMDAzMDUwOTA1MjFaFw0zMDAzMDMwOTA1MjFaMHExCzAJBgNVBAYTAkhVMRAw
DgYDVQQIDAdIdW5nYXJ5MREwDwYDVQQHDAhEZWJyZWNlbjEPMA0GA1UECgwGY29U
VVJOMQ8wDQYDVQQDDAZTZXJ2ZXIxGzAZBgkqhkiG9w0BCQEWDG1pc2lAbWFqZC5l
dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALzb9xc1F3xGeWSJYV+s
z49tlxOHitbxq9/2aU4EV8FNbD13yVANPbaJzawAtQJF5Ex4728YfldOvGJN9t5s
yHfqxbK0ZS1Gdr9eX/hFeFX0TSCskfBPI8tdQClE3pz3CuZIpIA13cvoApBZ9zH5
TFD+mO/df2BRLUQKFKJXllE2P3Nm20VfvZ30gjrOq3VP0JBtQ9F7L3cxiNsvSqlO
YjnHFH857+IItxinbPjZNdWj+GT1AlEiG456xUSu37EXC3HfCYKJSXDFm6DzPAJI
deeB+SRRViQ7/7ho0xMuovTRcDOpetYX/cqlaxN0yc62Jk8B/+u6tfmhcIDaEd+j
e08CAwEAAaNTMFEwHQYDVR0OBBYEFDjB5XfTAWt6p9gYa1DW+g7W2bRPMB8GA1Ud
IwQYMBaAFBwnXkA5jOxxx+3pKlbJnt9I6oJCMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
KoZIhvcNAQELBQADggEBAKM3VWhoAp+v1rE4s9i/MCczbyFMCe7PJNLrzxx6FZht
EJTgSh+IXEOQCXjBpoIGFvKM0TrFO5lnNTwAv5+iauczhYOIcojk0oMcbEmSX1GA
DZIPmU3LKhhNaLe20d5UInGIjQRFxRM0jVJ69yrny7JBIHvvqtBYk7XmtfqLIqPt
p4GbylD30L1f8lJti6+vZDadbYHOUCm329Csox14d5Apo4QQaRPpR/zhHsJ0VWER
ZS134cqfLW8vdvZpvAlQmrBIBaJT5pNGgQ0Ei837pKeCCHj5h9wKB5Ef3gn6AFoW
GitcgxADMy+tjJrrlA93sZvs5g7chN01P7WK0gYOiNc=
-----END CERTIFICATE-----

28
examples/ca/turn_server_pkey.pem Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC82/cXNRd8Rnlk
iWFfrM+PbZcTh4rW8avf9mlOBFfBTWw9d8lQDT22ic2sALUCReRMeO9vGH5XTrxi
TfbebMh36sWytGUtRna/Xl/4RXhV9E0grJHwTyPLXUApRN6c9wrmSKSANd3L6AKQ
Wfcx+UxQ/pjv3X9gUS1EChSiV5ZRNj9zZttFX72d9II6zqt1T9CQbUPRey93MYjb
L0qpTmI5xxR/Oe/iCLcYp2z42TXVo/hk9QJRIhuOesVErt+xFwtx3wmCiUlwxZug
8zwCSHXngfkkUVYkO/+4aNMTLqL00XAzqXrWF/3KpWsTdMnOtiZPAf/rurX5oXCA
2hHfo3tPAgMBAAECggEALGPXVBEakA9QgRz5Ui+gKaoslF6Ld7IeH+ofHkNPDRRR
mLELFFHIa5tASGlyIjKjUoYqYQZ0y7ip9sE0gVs4U1dPWI2mKlohlyFrlUNe4XUm
m8N0GfPAChDE/+48FNDMMwxn/eqrUz4ZPCypOYnLMk5lTBvX0J/D7/Yem3nSzwt1
qkZoijxZH5IvJAJkBWvucRuJ8XxHzOAo2V2Y+wTdilcJhfCvqGC0rkydjaN6TtRW
HWKvAOa7hEegNBbZhHhKfw5ovQwj9Cnr2+8gaTSw5gVaZNnhCO+TlUfQHIBH9rmt
82SHu1QoYSGMvkjlrrKhRYHrx+4P4TXoZ6eB1hl3QQKBgQDmwUOkh6qwL2dtcrF1
bVdRZjb1bw6L8qZAgUkcA1IaLVUlhjEJZGXAoPbLn6Vq+jfOvaYLmzEaLcpn3pfx
Hwcb1vnNW7dlXC1vpIWXPZP4IPJV4XsL1AgoEj6mgETHxvC+4cLc2gaMY5o5TzUv
VdV/A7SIqxAyPccXt1u/eITfNwKBgQDRhVTTJiBsGGjOetfgNqNGxpkKB6W4cET9
EyC1c7Lh40lioA2G8lzhFCdK9VZ+cAT51Bmkr5jq29EyMafSy3e4+PG8ZLHVL0ll
qBY4vSzHQNcGvUgh+15g6ISgCbM0eSsAea3LY+fmchz6mBS6DhyMkYPSbV+7YvHJ
PSnfTkTgqQKBgQCO+SQOJzjs3RI6UBv/4/V8K9bVjy/2Kiw0P2arAqu2KGxfSZvM
c/ZPuevwEkSN2ecGI59kBY4Q6FpGrTZ7YXwoFbTFNpSVKt3EFK3pHXA3B0LfT0vL
8l3zZgqHY2Y6WdsEiiEQcc4o4fXGmHsdjxMvFX6gR01Ls9dNrIAeTHAXVQKBgGoL
Q72C5JIRYKpw/mYbAVTHG5o5+KR7Hk/AqKNuJbGyqefi/jW44U2CN8j2l4pzA/G2
aiwyPAFStHTlMP29waC7Tw59IIy33Dw5cNXS2aEXrj1Y+/NHGKOPy+B8SFlcomkh
LNduf2bhhs1Gv+bTUZvL4p5UgUmEcL/b1x+Qq8fRAoGBAIpNCp4W+TsPUJcQKoWm
L61RVr5GaHv7/qxQvYaXIVCq8/gZAbJi3/A9ieTrF72uuOZ+ajzFHDUiiDs19y67
mCvCchPgqzLy9iSs6mm8fmS6kJnWn04I+7DOfe7kScUnD5WkyNaTYAeOqvdWzl/i
B1hQJJ9GzZG5Rztlotm5m/JY
-----END PRIVATE KEY-----

1
examples/etc/cacert.pem Symbolic link
View File

@ -0,0 +1 @@
../ca/CA/cacert.pem

2
examples/etc/coturn.service
View File

@ -1,5 +1,5 @@
[Unit]
Description=coTURN STUN/TURN Server
Description=Coturn STUN/TURN Server
Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1)
After=network.target
After=network-online.target

23
examples/etc/turn_client_cert.pem
View File

@ -1,23 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDzjCCArYCCQD3YHhln4EqhDANBgkqhkiG9w0BAQUFADCBpzELMAkGA1UEBhMC
VVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxXYWxudXQgQ3JlZWsxKzApBgNVBAoT
IlJGQzU3NjYgVFVSTiBTZXJ2ZXIgcHVibGljIHByb2plY3QxFDASBgNVBAsTC2Rl
dmVsb3BtZW50MQ0wCwYDVQQDEwRPbGVnMSIwIAYJKoZIhvcNAQkBFhNtb20wNDAy
NjdAZ21haWwuY29tMCAXDTEyMTEyNzAwNDEwNVoYDzIxMTIxMTAzMDA0MTA1WjCB
pzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxXYWxudXQgQ3Jl
ZWsxKzApBgNVBAoTIlJGQzU3NjYgVFVSTiBTZXJ2ZXIgcHVibGljIHByb2plY3Qx
FDASBgNVBAsTC2RldmVsb3BtZW50MQ0wCwYDVQQDEwRPbGVnMSIwIAYJKoZIhvcN
AQkBFhNtb20wNDAyNjdAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA3huHvPYyvNZBK91bP3O1dBdOj93YQ3812BTcRMjEYnvSyyEosxFd
dEnILgDiFK//pFnDtwm7FxOCtVwRQ0+8qGTH4vH0EIpKTBsaafKH3L9CYe40pwcm
BJHvclOa4vl2Ghi09+M0UEHdokkM77K9rpXx7aZILoICkqnoAuBe0TY8D5PBXinM
gtk7HlrvANxSmPHAAaGQ5t/+jfTWVH1UYCpogTgCKYPbNi+joKu6oEz+qRKAqDYd
FY6/Qpiv7reYiNiVhM7HGNY27FkKDJDBhsmZRmtTIEdYFfcWPZvv69L7Rf1skOXF
Vm5/to3HArJJF+lz6YGj0C3pE6dZt6sUmQIDAQABMA0GCSqGSIb3DQEBBQUAA4IB
AQAhXgGdXXf0dMPdkfl4jv4dqFNSmax6wmeNc+oJC9qIFVDLsdAaAWXZ+pZHYIMR
UN8mQobsIZdfPQ0gs8CgUwrKziAjA92y2Q/I7vsg83qRLhysGC5etYMD/wlySDDS
AJKraevDPTEdmfNstCblubNG2PIeqV1isWtPMqB2dMsCeyzJXVyfD0QcABzFv4Fs
MMy7JI7MsctNh1tjV/0TsddDMeMLs22rix5fS8MZ6uunFzIuJ0MshFNehXFuvz0B
uNmn0k7djUm3h+2Avs3YGCo/8GtqHapc/lva/9gT+iEW0e7i0Ru5Jhar66VMzJqv
+wEhQafC77d3vWHtXQU8dYmM
-----END CERTIFICATE-----

1
examples/etc/turn_client_cert.pem Symbolic link
View File

@ -0,0 +1 @@
../ca/turn_client_cert.pem

27
examples/etc/turn_client_pkey.pem
View File

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA3huHvPYyvNZBK91bP3O1dBdOj93YQ3812BTcRMjEYnvSyyEo
sxFddEnILgDiFK//pFnDtwm7FxOCtVwRQ0+8qGTH4vH0EIpKTBsaafKH3L9CYe40
pwcmBJHvclOa4vl2Ghi09+M0UEHdokkM77K9rpXx7aZILoICkqnoAuBe0TY8D5PB
XinMgtk7HlrvANxSmPHAAaGQ5t/+jfTWVH1UYCpogTgCKYPbNi+joKu6oEz+qRKA
qDYdFY6/Qpiv7reYiNiVhM7HGNY27FkKDJDBhsmZRmtTIEdYFfcWPZvv69L7Rf1s
kOXFVm5/to3HArJJF+lz6YGj0C3pE6dZt6sUmQIDAQABAoIBAH5ITN8FZEe10gws
qUrkcRD2h3aI/gMyetzGz45UUERmfq17xvY5M1eA884kNmbowoMhfoO9hqBSOYkA
Ndh9p5he5L+GLeyRlDi9WEFQ4iqCnC2uEEW/bMBAcVIhcvkGOT4ROiOPDRlsuaUh
v7cxe2OeYZVra7L1vJzC+eVYyNBN5CgK8w08MPEkupQS9+Jvr0QWCikRz187cG45
EiDMrBKyJNE9lY6u4P8gJ+/NgaASWP/D3kbsjiQ2OwSGLrwDAvWC7Bx2GK3/0goA
btp7YGaWvp+mE5V91cOW+PfweC5Do4MjOr4ToNkczW0AxKE5o94yo56h+II5bX6N
z65VvtkCgYEA/Sq/3S2yup/Oodzj003KG4skWYFrj7KXeXgm7RZcpNwkd8JaFXJ/
Cwl7/3bkRv6RHLmXX/2hcNWlxq3u6Efs1EjtycdArU68kO01vLdExJYIzHKmHikV
n+T4hukxGDzObxn3lH1KcOodh/x572Uufn79dewoZCPzH8t/jiMOWGcCgYEA4JfN
66Kq/oDookqenM9Ij5l6zeeNwzMjIlkU2eG0DAH0KdsBN/hTGGGRQVBk03YREQmK
crEhGAZxzfrX5fK11UVG3C2pqAtrVe6FuD32vFUpP1MO0ftSA889NoEwGdNZV4pV
Mk0+6xVCNOatj2inMXlQq5s68WfCzkiWD7uLCv8CgYBcwuYsF4tuYBGpMzNzAAS2
1OPLu+T6cPiZdFHm+xOVAGiITPkO9LXiCGabsydvb+UhvkrdzCP0IQQt6RsplvkK
y3H9RfnHxprHC3NuI0SaN1Mf/j4pvOoEfTQm0pi/hcAp6zzQ9ptpBg8t/W98LPm9
NbCPHamrD5UMqFajcOrXrwKBgD8D2M8IcRm/aYY/kYlFz4Ia+g3Trj7alj0I6YTI
gw/rbGph/FGL5ySsG2lL+T4rnlY9aw8LC9IF3OCCRRlLpCEWsu8MENIJgjA2IGa1
XAkzi8MstrfL4BMZjn9AeBKG7kZVldnrOoATEuRs5L2cC20iMLQ1dbBOAKaITzJS
2IxZAoGBAKqwr/uennxJrnMtpjLBgcphoU3aXJZvzzDqlOaqzJp6Xmbese4sDEe0
hvVHreigDzOnGnqL/vSjTDWaLqS/O1iE7p+UrGIkZj/Zl6Jk54OX6AHmWE2LhdlU
FYgIQKX7fuocpF1Dpe7xEeVwvdp+UqbDzHQg1CWGe1cBPYDYIkSH
-----END RSA PRIVATE KEY-----

1
examples/etc/turn_client_pkey.pem Symbolic link
View File

@ -0,0 +1 @@
../ca/turn_client_pkey.pem

22
examples/etc/turn_server_cert.pem
View File

@ -1,22 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDsDCCApgCCQCmgrJCiQlGOTANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMC
VVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxXYWxudXQgQ3JlZWsxHDAaBgNVBAoT
E1RVUk4gU2VydmVyIHByb2plY3QxFDASBgNVBAsTC0RldmVsb3BtZW50MQ0wCwYD
VQQDEwRPbGVnMSIwIAYJKoZIhvcNAQkBFhNtb20wNDAyNjdAZ21haWwuY29tMCAX
DTEyMTEyNTA4MjAxNloYDzIxMTIxMTAxMDgyMDE2WjCBmDELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxXYWxudXQgQ3JlZWsxHDAaBgNVBAoTE1RV
Uk4gU2VydmVyIHByb2plY3QxFDASBgNVBAsTC0RldmVsb3BtZW50MQ0wCwYDVQQD
EwRPbGVnMSIwIAYJKoZIhvcNAQkBFhNtb20wNDAyNjdAZ21haWwuY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6bYkERhZ43RjW4EuqCaTq5g+D+l
JI/GwlVzdzQ3+F4clMQDR1kp1nX+9AvwjCXz3AYwY1H9CqjmjGM4R9uNJJseK/aJ
d2DUFADkF+7I674XwX8U2Fy5on9jqWq3jdbb8eg/awcTBdrNLWNPquwfS2KVdooj
9yPkqnO0c3ko1/OzIQCcs09O3l/MPt+aOsHk3B9l79ZRs3zWkylI+we0Fnc+7tZE
psCztA+KCCoiJf7NenOvVhdKg7D1AXuzJ/P/Euvc3+CIiS9HI4pWLopY1k+HydLe
IcopqSbg9CRIKe1HOL8YTvCm2ZoTqgijwWUlGtwEDf2xxUQX/TLYiW8JFQIDAQAB
MA0GCSqGSIb3DQEBBQUAA4IBAQATbrBOLV4e8Qmsby9+srxXsdbNc60PmDZ4WiZ1
IElfWmzM7wGXm9sJg1PX/7T24R1tbwZGLIhZnkhecG372GChULZJ9Pdjh0Ab2nK5
LRKHXTpjp/xOJvx0JMCIIyRnGZT1nABPOk8uEjNW8PaU6yhQ4f5nKaSOgYGRCln6
dcy5vylCsyD9Q7GXs0KOC38XD+Ycv6VLX4zKJ2Yum50Wt643nLjG9RlGT3FXWJ1K
HUbPC5TO6bcYLdiTjaYr+X8xC/x6h/Ngdo/16w7fRmQQ4uS+TVXrg8ITmI71KX/I
m7C9jbsubwzrhW84oZXYf+o/0ATtEAhiVLnHifKCCYikqfVj
-----END CERTIFICATE-----

1
examples/etc/turn_server_cert.pem Symbolic link
View File

@ -0,0 +1 @@
../ca/turn_server_cert.pem

27
examples/etc/turn_server_pkey.pem
View File

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAv6bYkERhZ43RjW4EuqCaTq5g+D+lJI/GwlVzdzQ3+F4clMQD
R1kp1nX+9AvwjCXz3AYwY1H9CqjmjGM4R9uNJJseK/aJd2DUFADkF+7I674XwX8U
2Fy5on9jqWq3jdbb8eg/awcTBdrNLWNPquwfS2KVdooj9yPkqnO0c3ko1/OzIQCc
s09O3l/MPt+aOsHk3B9l79ZRs3zWkylI+we0Fnc+7tZEpsCztA+KCCoiJf7NenOv
VhdKg7D1AXuzJ/P/Euvc3+CIiS9HI4pWLopY1k+HydLeIcopqSbg9CRIKe1HOL8Y
TvCm2ZoTqgijwWUlGtwEDf2xxUQX/TLYiW8JFQIDAQABAoIBADUPHCXUyKLCwKFH
NEf27sGZxX71H+NfaseioLT/3/8DDyagncfDB7I4OL2YEKC8YScpD3xv1n59BFcZ
oRtDzW+1AkVpm+VRCWYAWSXHFhkuJ6WKaVr9UOeMHStqQCcktP/kLKqU6s9UJDnM
pOHNPVzBjl+jHxHs/gGyxuKxSH2Anwkrzpiv5j0obKFnw3QtAqeZRs1NlvPtYt2S
eihZWr8r8LqylPk9ga9MYmO79Yr+EPVaqd6bmz4MpZJ4/7LEjx03Q6azdMCPhFNY
cYzPIDZFEj81Zj/tqA2MU/uTTUUrcXint4dHRJs34m5N68PV1Y1XhhH6FG0+X711
ZymudoECgYEA/ChS5zmmOoLoaq2441+PzQbDP45qR6+G4slHwC8RDZhsYw0hQnp9
n44Qagpt74J4FjxT20BdE714DZP32IqagUwatWRQ+z3UoGafkJSNc5JSEogwZ65C
nC8RI1pPHLEvE8IzBJiqUA1kbMOMfTYW694wdN9JVZang05/AXaJzm8CgYEAwpJ8
nJRR9JFweHRrRgnrVk0Qi+ABbN9T/nhPXYab2vjBfeBOTA1Mob0M3zMJDCnL2i+D
K1GzE6WaYHElr45j2Wfphd/rRTk74WR4BaPpTCGaAhBQNn0ufqUkKsCPEAlTU+nG
iyXP4OvdMPjEBckjbKm/mlX7m0njSHAY6SWNorsCgYEAi8Yubk3efwChpMC3hBIs
vBHLmSdwclwyAPRh+X4djdO4AQ/+J8OObytond86IVHJD0pRkW+UKKUWLzCeakIq
cxGknHgHC72yZ1d7i8FMx4uMQwmLC23lLn5ImbgtslHlLqavcRTPE6DY0hFzhtS8
z/JSGfbLx83C/V49uKnkqbECgYA6h1oYt70XdpCAi3ShcuZp5XCuwslq+JsJlyM4
nP9RFTcPKGQlGHMOzBGNKor0L7Z0gYpRg5f8tvoDPMX7UzfR9CIY9UyOXDMZD+HS
wIWzMwBi0olueqV7zy1b9uSSDFwWh+IDhXJM1GaLDqnYm7KeQ0mxoV+4TLej2KSF
rZg3dQKBgQCVrVxFV8jHBsRsH5PzMx6pUSAollmuyte9mGU1MIE7EZf+LEQIAjGZ
9jvtAILYVJXwVZv1/zNxldUfBNuWc95ft+Gg7FEN0p0uLpdYNXQUcXuJaJ9tJ1td
ZfvRcrUXdFNKYt9/yaGeHVaIQfp4W1faZD7OnII7EOVkUKyv/qNGAA==
-----END RSA PRIVATE KEY-----

1
examples/etc/turn_server_pkey.pem Symbolic link
View File

@ -0,0 +1 @@
../ca/turn_server_pkey.pem

12
examples/etc/turnserver.conf
View File

@ -45,6 +45,14 @@
#
#alt-tls-listening-port=0
# Some network setups will require using a TCP reverse proxy in front
# of the STUN server. If the proxy port option is set a single listener
# is started on the given port that accepts connections using the
# haproxy proxy protocol v2.
# (https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)
#
#tcp-proxy-port=5555
# Listener IP address of relay server. Multiple listeners can be specified.
# If no IP(s) specified in the config file or in the command line options,
# then all IPv4 and IPv6 system IPs will be used for listening.
@ -566,7 +574,7 @@
# Implementers SHOULD make usage of the SOFTWARE attribute a
# configurable option (https://tools.ietf.org/html/rfc5389#section-16.1.2)
#
#prod
#no-software-attribute
# Option to suppress STUN functionality, only TURN requests will be processed.
# Run as TURN server only, all STUN requests will be ignored.
@ -631,7 +639,7 @@
# Allocate Address Family according
# If enabled then TURN server allocates address family according the TURN
# Client <=> Server communication address family.
# (By default coTURN works according RFC 6156.)
# (By default Coturn works according RFC 6156.)
# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!!
#
#keep-address-family

2
examples/scripts/longtermsecure/secure_dtls_client_cert.sh
View File

@ -32,5 +32,5 @@ fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -S -i turn_server_cert.pem -k turn_server_pkey.pem -E turn_server_cert.pem -n 1000 -m 10 -l 170 -e 127.0.0.1 -g -u bolt -w kwyjibo -s -X $@ 127.0.0.1
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -S -i turn_server_cert.pem -k turn_server_pkey.pem -E cacert.pem -n 1000 -m 10 -l 170 -e 127.0.0.1 -g -u bolt -w kwyjibo -s -X $@ 127.0.0.1

2
examples/scripts/longtermsecure/secure_relay_cert.sh
View File

@ -36,4 +36,4 @@ fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}:/usr/local/lib/:/usr/local/mysql/lib/
PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --allow-loopback-peers --max-bps=3000000 -f -m 10 --min-port=32355 --max-port=65535 --user=ninefingers:youhavetoberealistic --user=bolt:kwyjibo -r bolt.co --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --CA-file=turn_server_cert.pem --log-file=stdout -v --cipher-list="ALL:!eNULL:!aNULL:!NULL" --cli-password=secret --db=var/db/turndb $@
PATH="./bin/:../bin/:../../bin/:${PATH}" turnserver --syslog -a -L 127.0.0.1 -L ::1 -E 127.0.0.1 -E ::1 --allow-loopback-peers --max-bps=3000000 -f -m 10 --min-port=32355 --max-port=65535 --user=ninefingers:youhavetoberealistic --user=bolt:kwyjibo -r bolt.co --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --CA-file=cacert.pem --log-file=stdout -v --cipher-list="ALL:!eNULL:!aNULL:!NULL" --cli-password=secret --db=var/db/turndb $@

2
examples/scripts/longtermsecure/secure_tls_client_cert.sh
View File

@ -32,5 +32,5 @@ fi
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/local/lib/
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -t -S -i turn_server_cert.pem -k turn_server_pkey.pem -E turn_server_cert.pem -n 1000 -m 10 -l 170 -e 127.0.0.1 -X -g -u bolt -w kwyjibo -s $@ 127.0.0.1
PATH=examples/bin/:../bin:./bin/:${PATH} turnutils_uclient -t -S -i turn_server_cert.pem -k turn_server_pkey.pem -E cacert.pem -n 1000 -m 10 -l 170 -e 127.0.0.1 -X -g -u bolt -w kwyjibo -s $@ 127.0.0.1

25
man/man1/turnadmin.1
View File

@ -55,14 +55,19 @@ because data for multiple realms can be stored in the same database.
\fBturnadmin \fP\- a TURN relay administration tool.
\fB
.SS SYNOPSIS
.nf
.fam C
$ \fIturnadmin\fP [\fIcommand\fP] [\fIoptions\fP]
$ \fIturnadmin\fP [command] [options]
.PP
$ \fIturnadmin\fP [ \fB\-h\fP | \fB\-\-help\fP]
.fam T
.fi
.fam T
.fi
.SS DESCRIPTION
.TP
.B
Commands:
.TP
.B
@ -135,15 +140,14 @@ List origin\-to\-realm relations.
Set realm params: max\-bps, total\-quota, user\-quota.
.TP
.B
\fB\-G\fP, \fB\-\-list\-realm\-options\fP
\fB\-G\fP, \fB\-\-list\-realm\fP\-\fIoptions\fP
List realm params.
.TP
.B
\fB\-E\fP, \fB\-\-generate\-encrypted\-password\-aes\fP
Generate and print to the standard output
an encrypted form of password with AES\-128
.TP
.B
.PP
Options with required values:
.TP
.B
@ -215,8 +219,7 @@ Set value of realm's user\-quota parameter.
.B
\fB\-h\fP, \fB\-\-help\fP
Help.
.TP
.B
.PP
Command examples:
.PP
Generate an encrypted form of a password:
@ -282,8 +285,6 @@ $ \fIturnadmin\fP \fB\-\-file\-key\-path\fP <key\-file> \fB\-v\fP <encrypted>
.PP
.RS
.TP
.B
Help:
.PP
$ \fIturnadmin\fP \fB\-h\fP
@ -291,7 +292,7 @@ $ \fIturnadmin\fP \fB\-h\fP
=======================================
.SS DOCS
After installation, run the command:
After installation, run the \fIcommand\fP:
.PP
$ man \fIturnadmin\fP
.PP

31
man/man1/turnserver.1
View File

@ -96,8 +96,6 @@ $ \fIturnserver\fP \fB\-h\fP
.fi
.SS DESCRIPTION
.TP
.B
Config file settings:
.TP
.B
@ -126,8 +124,7 @@ upper directory level etc/
.IP \(bu 3
installation directory /etc
.RE
.TP
.B
.PP
User database settings:
.TP
.B
@ -219,8 +216,7 @@ See the INSTALL file for more explanations and examples.
.PP
Also, see http://redis.io for full Redis documentation.
.RE
.TP
.B
.PP
Flags:
.TP
.B
@ -234,10 +230,8 @@ Extra verbose mode, very annoying and not recommended.
.B
\fB\-o\fP, \fB\-\-daemon\fP
Run server as daemon.
.TP
.B
\fB\-\-prod\fP
Production mode: hide the software version.
.PP
\fB\-\-no\-software\-attribute\fP Production mode: hide the software version.
.TP
.B
\fB\-f\fP, \fB\-\-fingerprint\fP
@ -281,11 +275,11 @@ Support oAuth authentication, as in the third\-party STUN/TURN RFC 7635.
.TP
.B
\fB\-\-dh566\fP
Use 566 bits predefined DH TLS key. Default size of the key is 1066.
Use 566 bits predefined DH TLS key. Default size of the key is 2066.
.TP
.B
\fB\-\-dh2066\fP
Use 2066 bits predefined DH TLS key. Default size of the key is 1066.
\fB\-\-dh1066\fP
Use 1066 bits predefined DH TLS key. Default size of the key is 2066.
.TP
.B
\fB\-\-no\-tlsv1\fP
@ -406,8 +400,7 @@ initially used by the session).
.B
\fB\-h\fP
Help.
.TP
.B
.PP
Options with values:
.TP
.B
@ -483,6 +476,12 @@ Alternative listening port for TLS and DTLS protocols.
Default (or zero) value means "TLS listening port plus one".
.TP
.B
\fB\-\-tcp\-proxy\-port\fP
Support connections from TCP loadbalancer on this port. The loadbalancer
should use the binary proxy protocol.
(https://www.haproxy.org/download/1.8/doc/proxy\-protocol.txt)
.TP
.B
\fB\-\-aux\-server\fP
Auxiliary STUN/TURN server listening endpoint.
Aux servers have almost full TURN and STUN functionality.
@ -681,7 +680,7 @@ by this option.
.B
\fB\-\-dh\-file\fP
Use custom DH TLS key, stored in PEM format in the file.
Flags \fB\-\-dh566\fP and \fB\-\-dh2066\fP are ignored when the DH key is taken from a file.
Flags \fB\-\-dh566\fP and \fB\-\-dh1066\fP are ignored when the DH key is taken from a file.
.TP
.B
\fB\-l\fP, \fB\-\-log\-file\fP

1
src/apps/common/apputils.c
View File

@ -439,6 +439,7 @@ int set_raw_socket_tos(evutil_socket_t fd, int family, int tos)
int is_stream_socket(int st) {
switch(st) {
case TCP_SOCKET:
case TCP_SOCKET_PROXY:
case TLS_SOCKET:
case TENTATIVE_TCP_SOCKET:
case SCTP_SOCKET:

50
src/apps/relay/mainrelay.c
View File

@ -90,7 +90,7 @@ NULL,
NULL,
#endif
DH_1066, "", "", "",
DH_2066, "", "", "",
"turn_server_cert.pem","turn_server_pkey.pem", "", "",
0,0,0,
#if !TLS_SUPPORTED
@ -110,8 +110,8 @@ NULL, PTHREAD_MUTEX_INITIALIZER,
//////////////// Common params ////////////////////
TURN_VERBOSE_NONE,0,0,0,0,
"/var/run/turnserver.pid",
DEFAULT_STUN_PORT,DEFAULT_STUN_TLS_PORT,0,0,1,
0,0,0,0,
DEFAULT_STUN_PORT,DEFAULT_STUN_TLS_PORT,0,0,0,1,
0,0,0,0,0,
"",
"",0,
{
@ -405,6 +405,8 @@ static char Usage[] = "Usage: turnserver [options]\n"
" or in old RFC 3489 sense, default is \"listening port plus one\").\n"
" --alt-tls-listening-port <port> Alternative listening port for TLS and DTLS,\n"
" the default is \"TLS/DTLS port plus one\".\n"
" --tcp-proxy-port <port> Support connections from TCP loadbalancer on this port. The loadbalancer should\n"
" use the binary proxy protocol (https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)\n"
" -L, --listening-ip <ip> Listener IP address of relay server. Multiple listeners can be specified.\n"
" --aux-server <ip:port> Auxiliary STUN/TURN server listening endpoint.\n"
" Auxiliary servers do not have alternative ports and\n"
@ -451,7 +453,7 @@ static char Usage[] = "Usage: turnserver [options]\n"
" -v, --verbose 'Moderate' verbose mode.\n"
" -V, --Verbose Extra verbose mode, very annoying (for debug purposes only).\n"
" -o, --daemon Start process as daemon (detach from current shell).\n"
" --prod Production mode: hide the software version.\n"
" --no-software-attribute Production mode: hide the software version (formerly --prod).\n"
" -f, --fingerprint Use fingerprints in the TURN messages.\n"
" -a, --lt-cred-mech Use the long-term credential mechanism.\n"
" -z, --no-auth Do not use any credential mechanism, allow anonymous access.\n"
@ -561,10 +563,10 @@ static char Usage[] = "Usage: turnserver [options]\n"
" if pre-OpenSSL 1.0.2 is used. With OpenSSL 1.0.2+,\n"
" an optimal curve will be automatically calculated, if not defined\n"
" by this option.\n"
" --dh566 Use 566 bits predefined DH TLS key. Default size of the predefined key is 1066.\n"
" --dh2066 Use 2066 bits predefined DH TLS key. Default size of the predefined key is 1066.\n"
" --dh566 Use 566 bits predefined DH TLS key. Default size of the predefined key is 2066.\n"
" --dh1066 Use 1066 bits predefined DH TLS key. Default size of the predefined key is 2066.\n"
" --dh-file <dh-file-name> Use custom DH TLS key, stored in PEM format in the file.\n"
" Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.\n"
" Flags --dh566 and --dh1066 are ignored when the DH key is taken from a file.\n"
" --no-tlsv1 Do not allow TLSv1/DTLSv1 protocol.\n"
" --no-tlsv1_1 Do not allow TLSv1.1 protocol.\n"
" --no-tlsv1_2 Do not allow TLSv1.2/DTLSv1.2 protocol.\n"
@ -719,6 +721,7 @@ static char AdminUsage[] = "Usage: turnadmin [command] [options]\n"
enum EXTRA_OPTS {
NO_UDP_OPT=256,
NO_TCP_OPT,
TCP_PROXY_PORT_OPT,
NO_TLS_OPT,
NO_DTLS_OPT,
NO_UDP_RELAY_OPT,
@ -775,7 +778,7 @@ enum EXTRA_OPTS {
CLI_MAX_SESSIONS_OPT,
EC_CURVE_NAME_OPT,
DH566_OPT,
DH2066_OPT,
DH1066_OPT,
NE_TYPE_OPT,
NO_SSLV2_OPT, /*deprecated*/
NO_SSLV3_OPT, /*deprecated*/
@ -788,7 +791,7 @@ enum EXTRA_OPTS {
ADMIN_USER_QUOTA_OPT,
SERVER_NAME_OPT,
OAUTH_OPT,
PROD_OPT,
NO_SOFTWARE_ATTRIBUTE_OPT,
NO_HTTP_OPT,
SECRET_KEY_OPT
};
@ -814,6 +817,7 @@ static const struct myoption long_options[] = {
{ "tls-listening-port", required_argument, NULL, TLS_PORT_OPT },
{ "alt-listening-port", required_argument, NULL, ALT_PORT_OPT },
{ "alt-tls-listening-port", required_argument, NULL, ALT_TLS_PORT_OPT },
{ "tcp-proxy-port", required_argument, NULL, TCP_PROXY_PORT_OPT },
{ "listening-ip", required_argument, NULL, 'L' },
{ "relay-device", required_argument, NULL, 'i' },
{ "relay-ip", required_argument, NULL, 'E' },
@ -856,7 +860,8 @@ static const struct myoption long_options[] = {
{ "verbose", optional_argument, NULL, 'v' },
{ "Verbose", optional_argument, NULL, 'V' },
{ "daemon", optional_argument, NULL, 'o' },
{ "prod", optional_argument, NULL, PROD_OPT },
/* deprecated: */ { "prod", optional_argument, NULL, NO_SOFTWARE_ATTRIBUTE_OPT },
{ "no-software-attribute", optional_argument, NULL, NO_SOFTWARE_ATTRIBUTE_OPT },
{ "fingerprint", optional_argument, NULL, 'f' },
{ "check-origin-consistency", optional_argument, NULL, CHECK_ORIGIN_CONSISTENCY_OPT },
{ "no-udp", optional_argument, NULL, NO_UDP_OPT },
@ -908,7 +913,7 @@ static const struct myoption long_options[] = {
{ "cli-max-output-sessions", required_argument, NULL, CLI_MAX_SESSIONS_OPT },
{ "ec-curve-name", required_argument, NULL, EC_CURVE_NAME_OPT },
{ "dh566", optional_argument, NULL, DH566_OPT },
{ "dh2066", optional_argument, NULL, DH2066_OPT },
{ "dh1066", optional_argument, NULL, DH1066_OPT },
{ "ne", required_argument, NULL, NE_TYPE_OPT },
{ "no-sslv2", optional_argument, NULL, NO_SSLV2_OPT }, /* deprecated */
{ "no-sslv3", optional_argument, NULL, NO_SSLV3_OPT }, /* deprecated */
@ -1174,9 +1179,9 @@ static void set_option(int c, char *value)
if(get_bool_value(value))
turn_params.dh_key_size = DH_566;
break;
case DH2066_OPT:
case DH1066_OPT:
if(get_bool_value(value))
turn_params.dh_key_size = DH_2066;
turn_params.dh_key_size = DH_1066;
break;
case EC_CURVE_NAME_OPT:
STRCPY(turn_params.ec_curve_name,value);
@ -1278,6 +1283,10 @@ static void set_option(int c, char *value)
case ALT_TLS_PORT_OPT:
turn_params.alt_tls_listener_port = atoi(value);
break;
case TCP_PROXY_PORT_OPT:
turn_params.tcp_proxy_port = atoi(value);
turn_params.tcp_use_proxy = 1;
break;
case MIN_PORT_OPT:
turn_params.min_port = atoi(value);
break;
@ -1390,8 +1399,8 @@ static void set_option(int c, char *value)
anon_credentials = 1;
}
break;
case PROD_OPT:
turn_params.prod = get_bool_value(value);
case NO_SOFTWARE_ATTRIBUTE_OPT:
turn_params.no_software_attribute = get_bool_value(value);
break;
case 'f':
turn_params.fingerprint = get_bool_value(value);
@ -2082,6 +2091,7 @@ static void set_network_engine(void)
static void drop_privileges(void)
{
setgroups(0, NULL);
if(procgroupid_set) {
if(getgid() != procgroupid) {
if (setgid(procgroupid) != 0) {
@ -2287,13 +2297,13 @@ int main(int argc, char **argv)
if(turn_params.allow_loopback_peers) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "CONFIG WARNING: allow_loopback_peers opens a possible security vulnerability. Do not use in production!!\n");
if(cli_password[0]==0) {
if(cli_password[0]==0 && use_cli) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "\nCONFIG ERROR: allow_loopback_peers and empty cli password cannot be used together.\n");
exit(-1);
}
}
if(use_cli && cli_password[0]==0) {
if(use_cli && cli_password[0]==0 && use_cli) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "\nCONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!\n");
use_cli = 0;
}
@ -2920,10 +2930,10 @@ static void set_ctx(SSL_CTX** out, const char *protocol, const SSL_METHOD* metho
if(!dh) {
if(turn_params.dh_key_size == DH_566)
dh = get_dh566();
else if(turn_params.dh_key_size == DH_2066)
dh = get_dh2066();
else
else if(turn_params.dh_key_size == DH_1066)
dh = get_dh1066();
else
dh = get_dh2066();
}
/*

4
src/apps/relay/mainrelay.h
View File

@ -213,7 +213,7 @@ typedef struct _turn_params_ {
int verbose;
int turn_daemon;
int prod;
int no_software_attribute;
int web_admin_listen_on_workers;
int do_not_use_config_file;
@ -226,10 +226,12 @@ typedef struct _turn_params_ {
int tls_listener_port;
int alt_listener_port;
int alt_tls_listener_port;
int tcp_proxy_port;
int rfc5780;
int no_udp;
int no_tcp;
int tcp_use_proxy;
vint no_tcp_relay;
vint no_udp_relay;

10
src/apps/relay/netengine.c
View File

@ -1473,7 +1473,7 @@ static void setup_tcp_listener_servers(ioa_engine_handle e, struct relay_server
/* Create listeners */
/* Aux TCP servers */
if(!turn_params.no_tls || !turn_params.no_tcp) {
if(!turn_params.tcp_use_proxy && (!turn_params.no_tls || !turn_params.no_tcp)) {
for(i=0; i<turn_params.aux_servers_list.size; i++) {
@ -1494,15 +1494,15 @@ static void setup_tcp_listener_servers(ioa_engine_handle e, struct relay_server
/* TCP: */
if(!turn_params.no_tcp) {
tcp_services[index] = create_tls_listener_server(turn_params.listener_ifname, turn_params.listener.addrs[i], turn_params.listener_port, turn_params.verbose, e, send_socket_to_general_relay, relay_server);
tcp_services[index] = create_tls_listener_server(turn_params.listener_ifname, turn_params.listener.addrs[i], turn_params.tcp_use_proxy?turn_params.tcp_proxy_port:turn_params.listener_port, turn_params.verbose, e, send_socket_to_general_relay, relay_server);
if(turn_params.rfc5780)
tcp_services[index+1] = create_tls_listener_server(turn_params.listener_ifname, turn_params.listener.addrs[i], get_alt_listener_port(), turn_params.verbose, e, send_socket_to_general_relay, relay_server);
tcp_services[index+1] = turn_params.tcp_use_proxy?NULL:create_tls_listener_server(turn_params.listener_ifname, turn_params.listener.addrs[i], get_alt_listener_port(), turn_params.verbose, e, send_socket_to_general_relay, relay_server);
} else {
tcp_services[index] = NULL;
if(turn_params.rfc5780)
tcp_services[index+1] = NULL;
}
if(!turn_params.no_tls && (turn_params.no_tcp || (turn_params.listener_port != turn_params.tls_listener_port))) {
if(!turn_params.no_tls && !turn_params.tcp_use_proxy && (turn_params.no_tcp || (turn_params.listener_port != turn_params.tls_listener_port))) {
tls_services[index] = create_tls_listener_server(turn_params.listener_ifname, turn_params.listener.addrs[i], turn_params.tls_listener_port, turn_params.verbose, e, send_socket_to_general_relay, relay_server);
if(turn_params.rfc5780)
tls_services[index+1] = create_tls_listener_server(turn_params.listener_ifname, turn_params.listener.addrs[i], get_alt_tls_listener_port(), turn_params.verbose, e, send_socket_to_general_relay, relay_server);
@ -1651,7 +1651,7 @@ static void setup_relay_server(struct relay_server *rs, ioa_engine_handle e, int
&turn_params.permission_lifetime,
&turn_params.stun_only,
&turn_params.no_stun,
&turn_params.prod,
&turn_params.no_software_attribute,
&turn_params.web_admin_listen_on_workers,
&turn_params.alternate_servers_list,
&turn_params.tls_alternate_servers_list,

124
src/apps/relay/ns_ioalib_engine_impl.c
View File

@ -2157,6 +2157,67 @@ static TURN_TLS_TYPE check_tentative_tls(ioa_socket_raw fd)
}
#endif
static ssize_t socket_parse_proxy_v2(ioa_socket_handle s, uint8_t *buf, size_t len)
{
if(len < 16){
return 0 ;
}
/* Check for proxy-v2 magic field */
char magic[] = {0x0D, 0x0A, 0x0D, 0x0A, 0x00, 0x0D, 0x0A, 0x51, 0x55, 0x49, 0x54, 0x0A};
if(memcmp(magic, buf, sizeof(magic))){
return -1;
}
/* Check version */
uint8_t version = buf[12] >> 4;
if(version != 2) return -1;
/* Read data */
uint8_t command = buf[12] & 0xF;
uint8_t family = buf[13] >> 4;
uint8_t proto = buf[13] & 0xF;
size_t plen = ((size_t)buf[14] << 8) | buf[15];
size_t tlen = 16 + plen;
if(len < tlen) return 0;
/* A local connection is used by the proxy itself and does not carry a valid address */
if(command == 0) return tlen;
/* Accept only proxied TCP connections */
if(command != 1 || proto != 1) return -1;
/* Read the address */
if(family == 1 && plen >= 12){ /* IPv4 */
struct sockaddr_in remote, local;
remote.sin_family = local.sin_family = AF_INET;
memcpy(&remote.sin_addr.s_addr, &buf[16], 4);
memcpy(&local.sin_addr.s_addr, &buf[20], 4);
memcpy(&remote.sin_port, &buf[24], 2);
memcpy(&local.sin_port, &buf[26], 2);
addr_cpy4(&(s->local_addr), &local);
addr_cpy4(&(s->remote_addr), &remote);
}else if(family == 2 && plen >= 36){ /* IPv6 */
struct sockaddr_in6 remote, local;
remote.sin6_family = local.sin6_family = AF_INET6;
memcpy(&remote.sin6_addr.s6_addr, &buf[16], 16);
memcpy(&local.sin6_addr.s6_addr, &buf[32], 16);
memcpy(&remote.sin6_port, &buf[48], 2);
memcpy(&local.sin6_port, &buf[50], 2);
addr_cpy6(&(s->local_addr), &local);
addr_cpy6(&(s->remote_addr), &remote);
}else{
return -1;
}
return tlen;
}
static int socket_input_worker(ioa_socket_handle s)
{
int len = 0;
@ -2372,39 +2433,57 @@ static int socket_input_worker(ioa_socket_handle s)
struct evbuffer *inbuf = bufferevent_get_input(s->bev);
if(inbuf) {
ev_ssize_t blen = evbuffer_copyout(inbuf, buf_elem->buf.buf, STUN_BUFFER_SIZE);
if(blen>0) {
int mlen = 0;
if(blen>(ev_ssize_t)STUN_BUFFER_SIZE)
blen=(ev_ssize_t)STUN_BUFFER_SIZE;
if(is_stream_socket(s->st) && ((s->sat == TCP_CLIENT_DATA_SOCKET)||(s->sat==TCP_RELAY_DATA_SOCKET))) {
mlen = blen;
} else {
mlen = stun_get_message_len_str(buf_elem->buf.buf, blen, 1, &app_msg_len);
}
if(mlen>0 && mlen<=(int)blen) {
len = (int)bufferevent_read(s->bev, buf_elem->buf.buf, mlen);
if(len < 0) {
ret = -1;
if(s->st == TCP_SOCKET_PROXY){
ssize_t tlen = socket_parse_proxy_v2(s, buf_elem->buf.buf, blen);
blen = 0;
if (tlen < 0){
s->tobeclosed = 1;
s->broken = 1;
log_socket_event(s, "socket read failed, to be closed",1);
} else if((s->st == TLS_SOCKET)||(s->st == TLS_SCTP_SOCKET)) {
#if TLS_SUPPORTED
SSL *ctx = bufferevent_openssl_get_ssl(s->bev);
if(!ctx || SSL_get_shutdown(ctx)) {
ret = -1;
s->tobeclosed = 1;
}
#endif
}
if(ret != -1) {
ret = len;
ret = -1;
log_socket_event(s, "proxy protocol violated",1);
}else if(tlen > 0){
bufferevent_read(s->bev, buf_elem->buf.buf, tlen);
blen = evbuffer_copyout(inbuf, buf_elem->buf.buf, STUN_BUFFER_SIZE);
s->st = TCP_SOCKET;
}
}
if(blen){
if(is_stream_socket(s->st) && ((s->sat == TCP_CLIENT_DATA_SOCKET)||(s->sat==TCP_RELAY_DATA_SOCKET))) {
mlen = blen;
} else {
mlen = stun_get_message_len_str(buf_elem->buf.buf, blen, 1, &app_msg_len);
}
if(mlen>0 && mlen<=(int)blen) {
len = (int)bufferevent_read(s->bev, buf_elem->buf.buf, mlen);
if(len < 0) {
ret = -1;
s->tobeclosed = 1;
s->broken = 1;
log_socket_event(s, "socket read failed, to be closed",1);
} else if((s->st == TLS_SOCKET)||(s->st == TLS_SCTP_SOCKET)) {
#if TLS_SUPPORTED
SSL *ctx = bufferevent_openssl_get_ssl(s->bev);
if(!ctx || SSL_get_shutdown(ctx)) {
ret = -1;
s->tobeclosed = 1;
}
#endif
}
if(ret != -1) {
ret = len;
}
}
}
} else if(blen<0) {
s->tobeclosed = 1;
s->broken = 1;
@ -3277,6 +3356,7 @@ int register_callback_on_ioa_socket(ioa_engine_handle e, ioa_socket_handle s, in
break;
case SCTP_SOCKET:
case TCP_SOCKET:
case TCP_SOCKET_PROXY:
if(s->bev) {
if(!clean_preexisting) {
TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR,

4
src/apps/relay/tls_listener.c
View File

@ -82,7 +82,9 @@ static void server_input_handler(struct evconnlistener *l, evutil_socket_t fd,
SOCKET_TYPE st = TENTATIVE_TCP_SOCKET;
if(turn_params.no_tls)
if(turn_params.tcp_use_proxy)
st = TCP_SOCKET_PROXY;
else if(turn_params.no_tls)
st = TCP_SOCKET;
else if(turn_params.no_tcp)
st = TLS_SOCKET;

2
src/apps/relay/turn_admin_server.c
View File

@ -1659,7 +1659,7 @@ static void https_finish_page(struct str_buffer *sb, ioa_socket_handle s, int cc
str_buffer_append(sb,"</body>\r\n</html>\r\n");
send_str_from_ioa_socket_tcp(s,"HTTP/1.1 200 OK\r\nServer: ");
if(!turn_params.prod) {
if(!turn_params.no_software_attribute) {
send_str_from_ioa_socket_tcp(s,TURN_SOFTWARE);
}
send_str_from_ioa_socket_tcp(s,"\r\n");

1
src/server/ns_turn_ioalib.h
View File

@ -90,6 +90,7 @@ enum _SOCKET_TYPE {
SCTP_SOCKET=132,
TLS_SCTP_SOCKET=133,
DTLS_SOCKET=250,
TCP_SOCKET_PROXY=253,
TENTATIVE_SCTP_SOCKET=254,
TENTATIVE_TCP_SOCKET=255
};

6
src/server/ns_turn_server.c
View File

@ -64,7 +64,7 @@ static inline int get_family(int stun_family, ioa_engine_handle e, ioa_socket_ha
////////////////////////////////////////////////
const char * get_version(turn_turnserver *server) {
if(server && !*server->prod) {
if(server && !*server->no_software_attribute) {
return (const char *) TURN_SOFTWARE;
} else {
return (const char *) "None";
@ -4900,7 +4900,7 @@ void init_turn_server(turn_turnserver* server,
vintp permission_lifetime,
vintp stun_only,
vintp no_stun,
vintp prod,
vintp no_software_attribute,
vintp web_admin_listen_on_workers,
turn_server_addrs_list_t *alternate_servers_list,
turn_server_addrs_list_t *tls_alternate_servers_list,
@ -4962,7 +4962,7 @@ void init_turn_server(turn_turnserver* server,
server->permission_lifetime = permission_lifetime;
server->stun_only = stun_only;
server->no_stun = no_stun;
server->prod = prod;
server->no_software_attribute = no_software_attribute;
server-> web_admin_listen_on_workers = web_admin_listen_on_workers;
server->dont_fragment = dont_fragment;

4
src/server/ns_turn_server.h
View File

@ -120,7 +120,7 @@ struct _turn_turnserver {
vintp permission_lifetime;
vintp stun_only;
vintp no_stun;
vintp prod;
vintp no_software_attribute;
vintp web_admin_listen_on_workers;
vintp secure_stun;
turn_credential_type ct;
@ -199,7 +199,7 @@ void init_turn_server(turn_turnserver* server,
vintp permission_lifetime,
vintp stun_only,
vintp no_stun,
vintp prod,
vintp no_software_attribute,
vintp web_admin_listen_on_workers,
turn_server_addrs_list_t *alternate_servers_list,
turn_server_addrs_list_t *tls_alternate_servers_list,