This commit implements the `send_error_reason` option. When
`send_error_reason` is set to `false`, the TURN server will now send an
empty reason phrase ("") in STUN error responses. If `send_error_reason`
is `true` (the default behavior), the original error reason phrase will
be sent.
This change affects how error conditions are communicated to clients,
allowing for configurations where detailed error reasons are suppressed.
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
This commit changes the server's default behavior to omit STUN error
reason phrases in responses. A new option, `--send-error-reason` (and
corresponding config file setting `send-error-reason`), is introduced
to enable the inclusion of these reason phrases if desired.
This change aims to reduce response size by default, while still
allowing you to enable more verbose error messages for debugging.
Changes include:
- Renamed `no_error_reason` to `send_error_reason` in `turn_params_t`.
- Default for `send_error_reason` is now `false` (reasons omitted).
- Command-line option changed to `--send-error-reason` to enable reasons.
- Updated `mainrelay.c` for new option name, logic, and usage string.
- Updated all `turnserver.conf` files (`examples/etc/turnserver.conf`,
`docker/coturn/turnserver.conf`) to reflect the new option and default.
- Adjusted conceptual test cases for the new default behavior.
- Partially updated `ns_turn_server.c` to use the new
`send_error_reason` flag. Due to some limitations I encountered, a full update
to `ns_turn_server.c` could not be reliably completed and will
require your manual review and completion to ensure all error generation
sites correctly adhere to the `send_error_reason` flag (sending
reasons only when it's true).
This commit introduces a new configuration option, `no-error-reason`.
When enabled, the TURN server will send STUN error responses with an
empty reason phrase. This can be useful in environments where minimizing
response size is critical, at the cost of slightly harder debugging.
Changes include:
- Added `no_error_reason` to the `turn_params_t` struct.
- Modified `mainrelay.c` to parse the `--no-error-reason` command-line
option and corresponding configuration file setting.
- Updated `ns_turn_server.c` to check this flag and conditionally
omit the reason phrase when constructing error responses.
- Added the new option to the example `turnserver.conf` file.
- Conceptually outlined test cases for this new functionality.
Set new release version to 4.7.0
Updating minor version due to some breaking changes in options to enable
more secure/robust configuration without additional flags (or relying on
recommended conf file which people seem to skip during updates)
TLSv1 and TLSv1.1 can be enabled using `--tlsv1` and `--tlsv1_1`
arguments accordingly
That assumes openssl version being used has these versions enabled
(which as of openssl-3.5 is not by default)
With notable exceptions of:
src/apps/common/win/*
src/apps/relay/telnet.*
The purpose of this change is to add the SPDX tags from
https://spdx.dev/, which is a linux foundation project, to the source
code.
This provides automated code provenance tools, which are used in setting
up software bill of materials reports, an easy time verifying that the
code license is known and no incompatibilities are present in a
codebase.
No copyright date, author, or license changes are made.
Note also that
7e525c8e1c
is the original commit for the ACME code (acme.h and acme.c) which was
then moved to acme.h and acme.c in this commit
d4686750ee
but neither commit indicates what license the ACME code was submitted
as.
https://github.com/coturn/coturn?tab=License-1-ov-file#readme is the
3-clause BSD license, but https://github.com/coturn/coturn/pull/672
documents that the author's intent was for the MIT license. So I've used
the SPDX tag and content of the MIT license for this change.
Deprecate `--no-stun-backward-compatibility` and set it to true by
default
Add new option `--stun-backward-compatibility`, off by default
Update example/recommended configuration files
This is a breaking change as passing `--no-stun-backward-compatibility`
will be rejected as invalid argument
Invert `--no-rfc5780` option to be true by default
Make it `--rfc5780` to enable it
Update example/recommended configuration files
Passing `--no-rfc5780` will have no effect as this is the default
behavior now
Add basic diagram with modules of coturn inside Developer.md.
I also wanted to move the existing Flow chart to mermaid so that our doc
doesn't depend on external tools but i couldn't find the time to do it
properly (horizontal arrows are hard to represent with mermaid) so i
postponed that part.
This is the result of the mermaid diagram:
When building with default configuration at least in MacOS we get
warnings about those conversions from const char* to char*. Fix it by
making all those argv ""const char*"
This adjusts the code to allow compilation with a C++ compiler, but
doesn't change the build to use a C++ compiler. Everything should
continue working as-is with existing c-compilers. This is just a "let it
work" change, not a "change how it works" change.
Restore the support to return a 200 OK in the root prometheus endpoint
(/) as stated in the documentation.
This feature was lost when removing libpromhttp
Fixes#1672
Address #270
MySQL reconnectiong after priviledge drop and reporting missleading
error log.
"Cannot open MySQL DB connection: <%s>, runtime error\n"
Always include the mysql error message for additional context.
Fixes a regression pointed out at
<https://github.com/coturn/coturn/pull/1488#issuecomment-2801027711>.
A regression was introduced in the last PR where the dbname parameter
was not respected if using redis without authentication. The logic for
sending the select command responsible for switching to the correct
database was wrongly guarded behind authentication being provided. This
PR flattens the control flow so the select command is always sent,
whether using authentication or not.
Fix#1657
This log was added in a recent refactor for draining support and it is
very noisy. With this change the log is moved behind the "verbose" flag
and also does a minor cleanup to not have 2 duplicated lines for logging
when one is enough.
Co-authored-by: Gustavo Garcia <gustavogb@mail.com>
The `#allocation-default-address-family="ipv4"` line is repeated twice
in the example config, changed the second one to be `"ipv6"` which I
assume it was intended to be.
In version 4.5.1.3, there was a handling of TURN_NO_TLS environment
variable and the TURN_xxx environment variables can be set in the
following manner:
**export TURN_NO_TLS=1**
export TURN_NO_PQ=1
export TURN_NO_MYSQL=1
export TURN_NO_MONGO=1
export TURN_NO_SQLITE=1
./configure
In versions 4.5.2 and later, handling of TURN_NO_TLS was removed, and
with this TURN_NO_TLS is set as-is OSCFLAGS:
831b7245aa/configure (L1021)
And now, to set no-tls properly during compile time, we have to do the
following:
**export TURN_NO_TLS=-DTURN_NO_TLS**
export TURN_NO_PQ=1
export TURN_NO_GCM=1
Otherwise, if leave previous approach, it obviously causes an error
during compile time:
```
cc: error: 1: linker input file not found: No such file or directory
```
With this PR i would like to restore consistency of environment
variables that used for ./configure
rebase and refactor of [this
pr](https://github.com/coturn/coturn/pull/1400) from last year that was
never merged
rename of cmake YAML file to match others and extraction of dependencies
to already existing composite action
approach was as follows, for the `_turn_params_` struct:
- if a variable of type `int` or `vint` was only being used as a
boolean, replace it with bool as defined in `<stdbool.h>`
- replace its declaration with true/false, depending on prior assignment
as 0/1
changes were only made when i was certain the variables were not being
used as an `int`, so i may have missed some
no changes were made to other sections of the code as int-to-bool
assignment is allowed in C, only code within the structs were changed,
but that can be changed with a later commit
---
from a documentation perspective, it's not clear as to what purpose or
benefit the vint alias has. the definition in `ns_turn_defs.h` simply
reads
```c
typedef int vint;
typedef vint *vintp;
```
with no comments, and it seems most (but not all) `vint`s are being used
as interim booleans through the code. this may just be from lack of
knowledge of the codebase, but it doesn't seem useful in any way, so it
would be helpful if someone with more expertise could clarify
---------
Co-authored-by: Pavel Punsky <eakraly@users.noreply.github.com>
- libsystemd does not exist on macOS - ignore it and reduce warnings
during cmake step
- mongo-c has cmake file on macOS - reusing the same code path and
reduce warnings
With requiring openssl version at least 1.1.1 all versions of TLS (up to
and including 1.3) and DTLS 1.2 are supported
With that, no detection or ability to disable a version will be provided
Add a `--prometheus-path` parameter which allows users to specify at
what
path the metrics should be exposed.
This simplifies serving metrics on a specific path behind some
restrictive reverse proxies that expect the upstream server to serve
URLs with paths matching the requested path.
Co-authored-by: Pavel Punsky <eakraly@users.noreply.github.com>
Openssl 1.1.1 is end-of-life in September 2023.
This PR removes support for versions of openssl OLDER than 1.1.1
1.1.1 should still be usable after this change is merged.
I don't see any value in supporting 1.1.1, but didn't see a reason to
purge support for 1.1.1 when there are so few checks for >= 3.0.
Note that this does also remove CI support for Ubuntu 16.04. The
official version of OpenSSL from Ubuntu for this release is listed here:
https://launchpad.net/ubuntu/+source/openssl as 1.0.2g
Since no newer releases of coturn will be backported by Canonical to
Ubuntu 16.04, anyone using Coturn on this operating system will have to
download and compile it themselves. They may build their own version of
OpenSSL if they somehow cannot upgrade to a newer version of Ubuntu.
My position is that these users should prefer to upgrade to a newer
operating system than worry about chasing newer releases of Coturn.
Co-authored-by: Pavel Punsky <eakraly@users.noreply.github.com>
Following configuration options deleted:
- `--secret-ts-exp-time`
- `--prod` - disables SOFTWARE_ATTRIBUTE in messages. Now it is default.
To enable SOFTWARE_ATTRIBUTE use `--software-attribute`
- `--no-sslv2`, `--no-sslv3` - old versions of SSL are not supported and
it is not possible to enable them
These are breaking changes - if the CLI command has any of those
arguments it will cause turnserver to terminate and notify about unknown
argument
