Home Explore Help
Register Sign In
Apq
/
coturn
mirror of https://github.com/coturn/coturn.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

MySQL SSL support added

mom040267 11 years ago
parent
f904f07969
commit
00f2a84f56
10 changed files with 67 additions and 8 deletions
Split View Show Diff Stats
  1. 1 0
      ChangeLog
  2. 5 0
      INSTALL
  3. 4 0
      README.turnserver
  4. 2 0
      STATUS
  5. 6 1
      examples/etc/turnserver.conf
  6. 1 1
      man/man1/turnadmin.1
  7. 5 1
      man/man1/turnserver.1
  8. 1 1
      man/man1/turnutils.1
  9. 35 0
      src/apps/relay/dbdrivers/dbd_mysql.c
  10. 7 4
      src/apps/relay/mainrelay.c

+ 1 - 0
ChangeLog
View File 

@@ -2,6 +2,7 @@
 
 Version 4.1.2.1 'Vitari':
 
 	- The origin attribute is verified in the subsequent 
 	session messages.
 
+	- MySQL SSL connection support.
 
 	- Crash fixed when the DB connection string is incorrect.
 
 	- Minor docs fixes.

+ 5 - 0
INSTALL
View File 

@@ -897,6 +897,11 @@ Or in the turnserver.conf file:
 
 
 mysql-userdb="host=localhost dbname=turn user=turn password=turn connect_timeout=30"
 
 
+If you have to use a secure MySQL connection (SSL) then you have to use also
 
+the optional connection string parameters for the secure communications:
 
+ca, capath, cert, key, cipher (see 
+http://dev.mysql.com/doc/refman/5.0/en/mysql-ssl-set.html for the description).
 
+
 
 XVI. MongoDB setup
 
 
 The MongoDB setup is well documented on their site http://docs.mongodb.org/manual/.

+ 4 - 0
README.turnserver
View File 

@@ -118,6 +118,10 @@ User database settings:
 
 		Also, see http://www.mysql.org or http://mariadb.org 
 		for full MySQL documentation.
 
 		
+		Optional connection string parameters for the secure communications (SSL): 
+		ca, capath, cert, key, cipher 
+		(see http://dev.mysql.com/doc/refman/5.0/en/mysql-ssl-set.html for the description).
 
+		
 -J, --mongo-userdb	User database connection string for MongoDB. 
 		This database can be used for long-term and short-term 
 		credentials mechanisms, and it can store the secret value

+ 2 - 0
STATUS
View File 

@@ -102,6 +102,8 @@ compatibility.
 
 43) MongoDB support added.
 
 
 44) Double (dual) allocation added (SSODA draft).
 
+
 
+45) Secure MySQL connection implemented.
 
  
 Things to be implemented in future (the development roadmap) 
 are described in the TODO file.

+ 6 - 1
examples/etc/turnserver.conf
View File 

@@ -263,7 +263,12 @@
 
 # MySQL database connection string in the case that we are using MySQL
 
 # as the user database.
 
 # This database can be used for long-term and short-term credential mechanisms
 
-# and it can store the secret value for secret-based timed authentication in TURN RESP API. 
+# and it can store the secret value for secret-based timed authentication in TURN RESP API.
 
+#
 
+# Optional connection string parameters for the secure communications (SSL): 
+# ca, capath, cert, key, cipher 
+# (see http://dev.mysql.com/doc/refman/5.0/en/mysql-ssl-set.html for the description).
 
+#
 
 # Use string format as below (space separated parameters, all optional):
 
 #
 
 #mysql-userdb="host=<host> dbname=<database-name> user=<database-user> password=<database-user-password> port=<port> connect_timeout=<seconds>"

+ 1 - 1
man/man1/turnadmin.1
View File 

@@ -1,5 +1,5 @@
 
 .\" Text automatically generated by txt2man
 
-.TH TURN 1 "11 August 2014" "" ""
 
+.TH TURN 1 "15 August 2014" "" ""
 
 .SH GENERAL INFORMATION
 
 
 \fIturnadmin\fP is a TURN administration tool. This tool can be used to manage

+ 5 - 1
man/man1/turnserver.1
View File 

@@ -1,5 +1,5 @@
 
 .\" Text automatically generated by txt2man
 
-.TH TURN 1 "11 August 2014" "" ""
 
+.TH TURN 1 "15 August 2014" "" ""
 
 .SH GENERAL INFORMATION
 
 
 The \fBTURN Server\fP project contains the source code of a TURN server and TURN client 
@@ -175,6 +175,10 @@ See the INSTALL file for more explanations and examples.
 
 .PP
 
 Also, see http://www.mysql.org or http://mariadb.org 
 for full MySQL documentation.
 
+.PP
 
+Optional connection string parameters for the secure communications (SSL): 
+ca, capath, cert, key, cipher 
+(see http://dev.mysql.com/doc/refman/5.0/en/mysql\-ssl\-set.html for the description).
 
 .RE
 
 .TP
 
 .B

+ 1 - 1
man/man1/turnutils.1
View File 

@@ -1,5 +1,5 @@
 
 .\" Text automatically generated by txt2man
 
-.TH TURN 1 "11 August 2014" "" ""
 
+.TH TURN 1 "15 August 2014" "" ""
 
 .SH GENERAL INFORMATION
 
 
 A set of turnutils_* programs provides some utility functionality to be used

+ 35 - 0
src/apps/relay/dbdrivers/dbd_mysql.c
View File 

@@ -46,6 +46,13 @@ struct _Myconninfo {
 
 	char *password;
 
 	unsigned int port;
 
 	unsigned int connect_timeout;
 
+	/* SSL ==>> */
 
+	char *key;
 
+	char *ca;
 
+	char *cert;
 
+	char *capath;
 
+	char *cipher;
 
+	/* <<== SSL : see http://dev.mysql.com/doc/refman/5.0/en/mysql-ssl-set.html */
 
 };
 
 
 typedef struct _Myconninfo Myconninfo;
 
@@ -56,6 +63,11 @@ static void MyconninfoFree(Myconninfo *co) {
 
 		if(co->dbname) turn_free(co->dbname, strlen(co->dbname)+1);
 
 		if(co->user) turn_free(co->user, strlen(co->user)+1);
 
 		if(co->password) turn_free(co->password, strlen(co->password)+1);
 
+		if(co->key) turn_free(co->key, strlen(co->key)+1);
 
+		if(co->ca) turn_free(co->ca, strlen(co->ca)+1);
 
+		if(co->cert) turn_free(co->cert, strlen(co->cert)+1);
 
+		if(co->capath) turn_free(co->capath, strlen(co->capath)+1);
 
+		if(co->cipher) turn_free(co->cipher, strlen(co->cipher)+1);
 
 		ns_bzero(co,sizeof(Myconninfo));
 
 	}
 
 }
 
@@ -127,6 +139,26 @@ static Myconninfo *MyconninfoParse(char *userdb, char **errmsg) {
 
 				co->connect_timeout = (unsigned int)atoi(seq+1);
 
 			else if(!strcmp(s,"timeout"))
 
 				co->connect_timeout = (unsigned int)atoi(seq+1);
 
+			else if(!strcmp(s,"key"))
 
+				co->key = strdup(seq+1);
 
+			else if(!strcmp(s,"ssl-key"))
 
+				co->key = strdup(seq+1);
 
+			else if(!strcmp(s,"ca"))
 
+				co->ca = strdup(seq+1);
 
+			else if(!strcmp(s,"ssl-ca"))
 
+				co->ca = strdup(seq+1);
 
+			else if(!strcmp(s,"capath"))
 
+				co->capath = strdup(seq+1);
 
+			else if(!strcmp(s,"ssl-capath"))
 
+				co->capath = strdup(seq+1);
 
+			else if(!strcmp(s,"cert"))
 
+				co->cert = strdup(seq+1);
 
+			else if(!strcmp(s,"ssl-cert"))
 
+				co->cert = strdup(seq+1);
 
+			else if(!strcmp(s,"cipher"))
 
+				co->cipher = strdup(seq+1);
 
+			else if(!strcmp(s,"ssl-cipher"))
 
+				co->cipher = strdup(seq+1);
 
 			else {
 
 				MyconninfoFree(co);
 
 				co = NULL;
 
@@ -192,6 +224,9 @@ static MYSQL *get_mydb_connection(void) {
 
 			} else {
 
 				if(co->connect_timeout)
 
 					mysql_options(mydbconnection,MYSQL_OPT_CONNECT_TIMEOUT,&(co->connect_timeout));
 
+				if(co->ca || co->capath || co->cert || co->cipher || co->key) {
 
+					mysql_ssl_set(mydbconnection, co->key, co->cert, co->ca, co->capath, co->cipher);
 
+				}
 
 				MYSQL *conn = mysql_real_connect(mydbconnection, co->host, co->user, co->password, co->dbname, co->port, NULL, CLIENT_IGNORE_SIGPIPE);
 
 				if(!conn) {
 
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Cannot open MySQL DB connection: <%s>, runtime error\n",pud->userdb);

+ 7 - 4
src/apps/relay/mainrelay.c
View File 

@@ -425,8 +425,11 @@ static char Usage[] = "Usage: turnserver [options]\n"
 
 "	                                	This database can be used for long-term and short-term credentials mechanisms,\n"
 
 "		                                and it can store the secret value(s) for secret-based timed authentication in TURN RESP API.\n"
 
 "						The connection string my be space-separated list of parameters:\n"
 
-"	        	          		\"host=<ip-addr> dbname=<database-name> user=<database-user> \\\n								password=<database-user-password> port=<db-port> connect_timeout=<seconds>\".\n"
 
-"	        	          		All parameters are optional.\n"
 
+"	        	          		\"host=<ip-addr> dbname=<database-name> user=<database-user> \\\n								password=<database-user-password> port=<db-port> connect_timeout=<seconds>\".\n\n"
 
+"						The connection string parameters for the secure communications (SSL):\n"
 
+"						ca, capath, cert, key, cipher\n"
 
+"						(see http://dev.mysql.com/doc/refman/5.0/en/mysql-ssl-set.html for the description).\n\n"
 
+"	        	          		All connection-string parameters are optional.\n\n"
 
 #endif
 
 #if !defined(TURN_NO_MONGO)
 
 " -J, --mongo-userdb	<connection-string>	MongoDB connection string, if used (default - empty, no MongoDB used).\n"
 
@@ -438,8 +441,8 @@ static char Usage[] = "Usage: turnserver [options]\n"
 
 "	                                	This database can be used for long-term and short-term credentials mechanisms,\n"
 
 "		                                and it can store the secret value(s) for secret-based timed authentication in TURN RESP API.\n"
 
 "						The connection string my be space-separated list of parameters:\n"
 
-"	        	          		\"host=<ip-addr> dbname=<db-number> \\\n								password=<database-user-password> port=<db-port> connect_timeout=<seconds>\".\n"
 
-"	        	          		All parameters are optional.\n"
 
+"	        	          		\"host=<ip-addr> dbname=<db-number> \\\n								password=<database-user-password> port=<db-port> connect_timeout=<seconds>\".\n\n"
 
+"	        	          		All connection-string parameters are optional.\n\n"
 
 " -O, --redis-statsdb	<connection-string>	Redis status and statistics database connection string, if used \n"
 
 "						(default - empty, no Redis stats DB used).\n"
 
 "	                                	This database keeps allocations status information, and it can be also used for publishing\n"