Fixes https://github.com/coturn/coturn/issues/1239
https to web ui freeze in browser if no_tls option used, because no tls
stuff initialized.
This PR add warning about this and comment aboute this in default config
Environment:
- Windows 10
- Cygwin 2.925
make output:
```
<command-line>: note: this is the location of the previous definition
src/apps/common/ns_turn_utils.c:53:10: fatal error: sys/syscall.h: No such file or directory
53 | #include <sys/syscall.h>
| ^~~~~~~~~~~~~~~
compilation terminated.
In file included from src/client/ns_turn_ioaddr.h:34,
from src/client/ns_turn_msg.h:34,
from src/apps/common/stun_buffer.h:34,
from src/apps/common/stun_buffer.c:31:
src/ns_turn_defs.h:223: warning: "TURN_NO_SCTP" redefined
223 | #define TURN_NO_SCTP
|
<command-line>: note: this is the location of the previous definition
make: *** [Makefile:127: bin/turnutils_oauth] Error 1
```
I tested the code part by using manual and automated tools for more than
2 years.
Fixes#823
When you try to delete an alternate server in the list by using "das :" command on the CLI, the session gets stuck and can't response although alternate server is removed.
The problem appears to be related to calling del_alt_server function in the same function recursively.
Co-authored-by: CUMHUR KARAHAN <cumhur.karahan@turkcell.com.tr>
Update version number, generate authors and changelog files
Release notes (short summary of changes)
```
- Make sure microhttpd starts using epoll if supported
- Add sessioncount to prometheus metrics
- Add STUN request/response/error prometheus counters
- Cleanup logs on turnserver start
- Fix duplicate stdout log output
- Log threadId to logs to aid in multi-threaded debugging
- Optional build info compiled into turnserver binary
- Fix arguments expansion in `docker-entrypoint.sh`
- Santise database connection strings before printing to log
- Support Windows MSVC
- Add configuration option for TLS 1.3 ciphersuites
- Improve openssl3 and FIPS support
- Use single SSL_CTX for TLS and DTLS support
- Update openssl API use to non-deprecated version
- Set string bytes to null to prevent random origin
- Fix memory corruption on socket close
- Fix packet backlog fifo that processed packets in reverse order in some scenarios
- Fix off-by-one when terminating gcm_nonce
- Fixes to Redis memleaks and socketleaks
- Fix malformed response to mobility refresh request
- Fuzzing support
- Ignore raw UDP if no_udp is enabled
- Better detect availability of SCTP protocol
```
---------
Co-authored-by: tyranron <tyranron@gmail.com>
In some cases the prometheus server was started using SELECT even if
EPOLL was supported.
Some flags were changed in microhttpd and now we use MHD_VERSION to make
sure to use the right ones in all cases (support old version, for ubuntu
16.04 for ex).
This fixes the issue #1167
I also added a log to make sure we know which version is used,
especially to inform the user that the SELECT version might lead to
issues on highly used servers.
PR #855 introduced new include <ssys/sysinfo.h>
It is not required for compilation or turnserver function but breaks
OpenBSD build (which does not have this file)
This PR removes the include to restore OpenBSD build compatibility
Fixes#1162
Test Plan:
TBD - need some one to test build
There is no reason to include the license of openssl - coturn uses openssl just like any other library
As a reference - Apache httpd does not have openssl license
#1049
MacOS CI build started to fail in the PRs because when upgrading python
it was not possible to override one existing file (related to 2to3
package). Apparently this happens because MacOS runners some times have
python versions not installed/compatible with brew.
Example of the failure:
https://github.com/coturn/coturn/actions/runs/3850951324
The proposed workaround is taken from here:
https://github.com/actions/runner-images/issues/2322
This pull request is a split of PR #1061
As @KangLin pointed out in the original PR those sockets should ideally
be permanently non-blocking for performance reasons, but they are NOT at
the moment.
Someone with more knowledge about the code in dtls_listener.c should
probably have a look if it would be feasible to change the sockets to
non-blocking already at creation, similar to what is done in
udpserver.c...
Add some basic contributing guidelines based (almost cloned) on the
Redis ones.
There were some questions about how to contribute and get started with
the project. I see this type of document in other projects that I think
can be useful.
This is not a long term documentation works - this is a temp proposal to
modernize existing documentation
- Create docs folder
- Move existing documentation files into docs
- Split one massive INSTALL files into smaller files (no text editing
was done except small markdown header formatting)
- Rename files to be markdowns for nicer rendering
- Bad md rendering is expected in many places
There are two different API's in OpenSSL for configuring TLS ciphers,
one for TLS 1.2 and below, and another for TLS 1.3. coturn only calls
the TLS 1.2 API when handling the `--cipher-list` configuration option,
which means that it's not possible to use non-default ciphersuites with
TLS 1.3 connections.
This PR calls appropriate OpenSSL API to allow TLS 1.3 ciphersuites to be configured.
coturn running inside a docker container runs as PID 1, however PID 1
has special signal handling semantics (see the note at the bottom of the
section
[here](https://docs.docker.com/engine/reference/run/#foreground)).
coturn relies on the default behaviour of SIGTERM to terminate the
process, however as no signal handler is explicitly installed, it
doesn't respond to SIGTERM when running inside a container. This PR
fixes this problem by installing explicit signal handlers for SIGINT and
SIGTERM, which trigger the same termination mechanism as the admin
interface "halt" command.
This is a port of wireapp#6 for upstream.
This PR fixes some typos and formatting, and regenerates the manual
pages from the README files. These changes were originally included in
#1105, however I've split them out into a separate PR as requested.
This PR fixes some errata from #996 and #989:
- Some DTLS code was left over in the common path for allocating and
initialising `SSL_CTX`'s, and the DTLS-specific configuration code was
erroneously operating on the TLS context instead of the DTLS context.
- In both the TLS and DTLS codepaths, the previous refactoring inverted
the logic for the `--no-tlsv1`/`--no-tlsv1_1`/etc command line options,
so that these options would instead *enable* the respective (D)TLS
versions, instead of disabling this. This would mean that by default
coturn would only support TLS 1.3 and DTLS 1.2, and no earlier versions.
I've also regenerated the manual pages (with the `make-man.sh` script)
to match the documentation in the README files.
TURN_USERDB_TYPE enum does not need to be "dynamic" based on what
libraries actually available during the build - all potentially
supported DB options are now enumerated.
Printing (to log or http) the DB type name is done with much less code
(using a helper function `userdb_type_to_string`)
