Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F7159218
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
11 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/MANIFEST.in b/MANIFEST.in
index c9bfea3..5f5f31b 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -1,9 +1,10 @@
recursive-include debian changelog compat control copyright rules
recursive-include debian pycompat pyversions
recursive-include debian *.init *.dirs *.default
recursive-include debian/source format
recursive-include resources/sounds *.wav
recursive-include resources/sounds/moh *.wav
+recursive-include tls *.crt
prune debian/tmp
prune debian/sylkserver-*
include INSTALL LICENSE MANIFEST.in *.ini.sample
diff --git a/config.ini.sample b/config.ini.sample
index 05fb392..0fdb63f 100644
--- a/config.ini.sample
+++ b/config.ini.sample
@@ -1,80 +1,80 @@
; SylkServer configuration file
[Server]
; The following settings are the default used by the software, uncomment
; them only if you want to make changes
; default_application = conference
; Map user part of the Request URI to a specific application
; application_map = 123:conference,test:irc-conference
; trace_dir = /var/log/sylkserver
; trace_sip = False
; trace_msrp = False
; trace_notifications = False
; TLS can be used for encryption of SIP signaling and MSRP media. TLS is
; disabled by default. To enable TLS, you must have a valid X.509
; certificate and configure it below, then set the local_tls_port in the SIP
; section and use_tls in MSRP section
; The X.509 Certificate Authorities file
; ca_file = /etc/sylkserver/tls/ca.crt
-; The file containing X.509 certificate and private key in unencrypted format
-; certificate = /etc/sylkserver/tls/sylkserver.crt
+; The file containing X.509 certificate and private key in unencrypted format
+; certificate = /etc/sylkserver/tls/default.crt
; verify_server = False
[SIP]
; SIP transport settings
; IP address used for SIP signaling; empty string or any means listen on interface used
; by the default route
; local_ip =
; Ports used for SIP transports, if not set to any value the transport will be disabled
; local_udp_port = 5060
; local_tcp_port = 5060
; local_tls_port =
; If set all outbound SIP requests will be sent through this SIP proxy
; outbound_proxy =
; A comma-separated list of hosts or networks to trust.
; The elements can be an IP address in CIDR format, a
; hostname or an IP address (in the latter 2 a mask of 32
; is assumed), or the special keywords 'any' and 'none'
; (being equivalent to 0.0.0.0/0 and 0.0.0.0/32
; respectively). It defaults to 'any'.
; trusted_peers =
[MSRP]
; MSRP transport settings
-; By default MSRP media is using TCP, to enable TLS you must configure a
-; X.509 certificate in the server section and enable it here
-; use_tls = False
+; A valid X.509 certificate is required for MSRP to work over TLS.
+; TLS is enabled by default, a default TLS certificate is provided with SylkServer.
+; use_tls = True
[RTP]
; RTP transport settings
; Allowed codec list, valid values: G722, speex, PCMU, PCMA, iLBC, GSM
; audio_codecs = G722,speex,PCMU,PCMA
; Port range used for RTP
; port_range = 50000:50500
; SRTP valid values: disabled, mandatory, optional
; srtp_encryption = optional
; RTP stream timeout, session will be disconnected after this value
; timeout = 30
diff --git a/debian/rules b/debian/rules
index f1e68bc..357f5fc 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,20 +1,21 @@
#!/usr/bin/make -f
#export DH_VERBOSE=1
%:
dh $@ --with python2
override_dh_clean:
dh_clean
rm -rf build dist MANIFEST
override_dh_install:
install -m 0644 config.ini.sample debian/sylkserver/etc/sylkserver/config.ini
install -m 0644 conference.ini.sample debian/sylkserver/etc/sylkserver/conference.ini
+ install -m 0600 tls/default.crt debian/sylkserver/etc/sylkserver/tls/default.crt
dh_install
override_dh_installinit:
dh_installinit --no-start
.PHONY: override_dh_clean override_dh_install override_dh_installinit
diff --git a/sylk/configuration/__init__.py b/sylk/configuration/__init__.py
index be92048..ea60954 100644
--- a/sylk/configuration/__init__.py
+++ b/sylk/configuration/__init__.py
@@ -1,69 +1,69 @@
# Copyright (C) 2010-2011 AG Projects. See LICENSE for details.
#
from application.configuration import ConfigSection, ConfigSetting
from application.configuration.datatypes import NetworkRangeList, StringList
from application.system import host
from sipsimple.configuration.datatypes import NonNegativeInteger, SRTPEncryption
from sylk import configuration_filename
from sylk.configuration.datatypes import AudioCodecs, IPAddress, NillablePath, Path, Port, PortRange, SIPProxyAddress
from sylk.tls import Certificate, PrivateKey
class ServerConfig(ConfigSection):
__cfgfile__ = configuration_filename
__section__ = 'Server'
ca_file = ConfigSetting(type=NillablePath, value=NillablePath('/etc/sylkserver/tls/ca.crt'))
- certificate = ConfigSetting(type=NillablePath, value=NillablePath('/etc/sylkserver/tls/sylkserver.crt'))
+ certificate = ConfigSetting(type=NillablePath, value=NillablePath('/etc/sylkserver/tls/default.crt'))
verify_server = False
default_application = 'conference'
application_map = ConfigSetting(type=StringList, value='')
trace_dir = ConfigSetting(type=Path, value=Path('/var/log/sylkserver'))
trace_sip = False
trace_msrp = False
trace_notifications = False
class SIPConfig(ConfigSection):
__cfgfile__ = configuration_filename
__section__ = 'SIP'
local_ip = ConfigSetting(type=IPAddress, value=host.default_ip)
local_udp_port = ConfigSetting(type=Port, value=5060)
local_tcp_port = ConfigSetting(type=Port, value=5060)
local_tls_port = ConfigSetting(type=Port, value=None)
outbound_proxy = ConfigSetting(type=SIPProxyAddress, value=None)
trusted_peers = ConfigSetting(type=NetworkRangeList, value=NetworkRangeList('any'))
class MSRPConfig(ConfigSection):
__cfgfile__ = configuration_filename
__section__ = 'MSRP'
- use_tls = False
+ use_tls = True
class RTPConfig(ConfigSection):
__cfgfile__ = configuration_filename
__section__ = 'RTP'
audio_codecs = ConfigSetting(type=AudioCodecs, value=None)
port_range = ConfigSetting(type=PortRange, value=PortRange('50000:50500'))
srtp_encryption = ConfigSetting(type=SRTPEncryption, value='optional')
timeout = ConfigSetting(type=NonNegativeInteger, value=30)
class ThorNodeConfig(ConfigSection):
__cfgfile__ = configuration_filename
__section__ = 'ThorNetwork'
enabled = False
domain = "sipthor.net"
multiply = 1000
certificate = ConfigSetting(type=Certificate, value=None)
private_key = ConfigSetting(type=PrivateKey, value=None)
ca = ConfigSetting(type=Certificate, value=None)
diff --git a/tls/default.crt b/tls/default.crt
new file mode 100644
index 0000000..fad3a4e
--- /dev/null
+++ b/tls/default.crt
@@ -0,0 +1,83 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJJwIBAAKCAgEAs2FpmmunJwhE7ViR9cI9ESN3tVDoMf4J2PW87cEHUcMdrCkx
+vv7NcD57fG9ev1UI6MwN0ThcAPUoLec/iqQqHrKnB7ES79yBrXKe8wEJLYjf4sNB
+L+tEzuo1UkBszFh2hteDPSHjJEYyBbQf07jtNSgt3O5vWBCFZ7H9Pk6S/vjwH9yi
+Wly/BVFrD6j0MYV+w1CR1UaqoWOyL/IMsCWwQ4vAn6VAud2WcpQNFbue9w32m4pF
+KISupBLH2kpSTJPHmcp0Wr369LElKy732jSzoQXsJG7eKs5VV3eL4XhTqeky9LY/
+RSsY8KRMHqO8tG11q/aFOhSwEhuCsAVOJeEW7DAQsA5/kZZgqoPZNeIrZRupfsor
+ZtG2wMpfOaapvppwWL65I/GSe/WupaGZgzXPA1zS5HBzT0LX3Da58MWNf09POatL
+DaXKbaG4Ip1XqFl72eqnicF/DdZNGI/dMUQZE6zgOr9wKlsjwOeX7PwakrMFM0Gr
+PMzFejFgiURVjczEvkZsIe5e7WqAcolnW09I2paGSyduzl4uXsJdLURTMuexW2Pt
+/Mh4hRKvkNllech+0yrjdjfpW2fEgvurhp3lqX9MerRvgr+A+8LokMhNypzgzhDb
+BIn/lK0B8CC22k1K01u6fh/prfXXrOKPzQ8+iZGhrMtF2SNoXfWcoPUcKhMCAwEA
+AQKCAgByQGNQtaybUcsFGVquG29l0R9X3xZlcRa4l5wkGsQcsZfepcZHjmcvTLy+
+PvksCG9KR12tmqYO/hb/VcDE/1bMgqGcZo5XNC1sWgsfX9OGqx1eg1qruL/0wnv/
+zYT+ioHD1NSERWc1HXiS5W04HxsGtnavtzY38x3lNBrGaql5uPjIcnD9+QC51GfK
+a6RNPmfE4zZfj0jyzlsZ6qNmNjsUapjflhOpzpcal23WH9BaLwyZePIfopLRchzU
+zm2o1J9XNvnxKfwDiijQXnQDCXo331vOwMbEoPL+aOgxTcCMAjowXzvhRFf4Pc01
+3rg8e1NtmfC1U6PphJgyoM5rlfhQmdXr689kxh2MjGChTtp2QjkPyUMLoUjf3Yje
+lS3eK3uihUMG+vSBK/dS1nb4qe9ZtAp3YSiifGzjdU/8Onvta9fi1a9szu7tQm/W
+xrSeXfWhRhy/p57RLjDrKbZIYS3Q99Qy4hh6Hc7APG6aoqol/vnK4/EaYq0aYoP2
+HdK5yTFuy3Rowyiwr0B1YPFxuhMovLNgsTRaBBgxT/glexsNemjeE8GR+W7O3lyN
+DciKaYLEQNSJymRzYcHIKssNWNWWXAJ1tUoxP/7gsvpEE6/XYf7XHaykgo9L+FTA
+pFA5iPsexzkLR9rkjFIUV2G/FA875n3KaXuWtlJLIle68zFlsQKCAQEA4g672yrd
+DBJboGqU+d06BB/yu6lHTdEC6qf+BWv/ZBO0TCyvB9tUIVGoBokQQl9uJzxkvtV1
+6hbRbAahJ7Mi4xF+1FBaIFh6X3hOxP5THtc9hQv3b+RPSaT2d61iUv3wEAzb8neU
+Hmjnfhs6dZsU19UIx4tIV1unSjuCmKjhgiWBBM9O2abNhE6Uk5Fr7+An+M2m/IcR
+zHhYeIRocCb5sU9gW/7+US26PgwymuEwTZW6AJPsVB/VueoGkEvYO9pApWA+11sn
+8u6JxHk7csZTpMYGIZvAQQJ0j2oeJ0kVCePNT5N2iNvL6FRNZpc7flY2jr0KSVTc
+mdtLjKLMLTmtHwKCAQEAyyPuheiaWxF3McEkhdx7WvRVUxf7QWOYISMcMTb0pXE/
+ui8QL6Vk1jykB5sO5J5hEjALwnH58VhBhUqjJNynwssEBTIBPD6LANESbAh+nERH
+pELqZbrTqj3HunFFP72yeY3kb1y5R2h4wytuA1KO0B0INT1woH58OQEuczKOj0Qw
+rarIHjEadz5QHzpQfxYO0bP/CqCfx0+4Dlk7caNbm+3rGyslsr1j2hNSZ9fBOAFp
+HctxtUk19lZb6VYWpKeO9rGBvleLJltqoqGtlkTH+UGYc01uwRjOYOEBIUAnpv81
+CSX/CQb2bl9eZVotXiMp5d/CfTHJHplj4DHEhd4wjQKCAQA/9elDLtKSatNQBTgX
+pneW2S9F17ScGOpZWKTwBcmiGE0oTHBNqcoZD1CaYMef7/5rzZO3xw/w5vnkNc/9
+OptBYh7flciaZE5jmte2tzrve/klHuio2RFyBeHSpNUwJDd7YxgMd7cKD6aIMM4O
+no18MAOm6grS5NTllQbziL0dpNznbnyh6qc1q0IwqrG+kk7c/9siklj/4IEvwE8I
+hI6bk5jxDqoIcAbFLZBX8CVJnnadWT1B5CwFyWiIBV2uOaeW4y+EoX8hJksGs0KV
+y/W4pmrvsXDpM/ek6GKVvQDd5n2d6Vxdhssf9lJcF6g2q9AN/QDfFMrCIaEzrpBU
+r4ADAoIBAFJBPW8ZjY78loAeDhTp/0UIFJit6D5E/q/EUMEY2J05Ky3PqsUwOpGJ
+Qn4V6kTmYLYFoG1ey29PZlB7tW3Sr1dv7zPPWLK1PIHbJpN6KRJLj5rSwajpqpWP
+qJU1Em5J+L/BldMF/7wLcILOziAoSM26Q72TIEzMiq5mbRGWUiVu3iskMR4Qkf/g
+yn6qlTewjdWaBdaezbPd8tBUj35nQEv2XbHFmeEzUQBXvJFxyrpLz+2RmHxopaIW
+u+bSxh5r/rajj76sIhso/xfVUb28IiEqz3k4zHUB/2c5FMUK/kNfqXEH4qocGKL+
+mPF/P0mUAX4kSdN52k86mzeHz2TJYG0CggEALpLGQz37voXzMuFguQ1eao8GdHFD
+yjlY6dbYtA58ZE8IK7JRPt9NZ7twn30GzfwcQG0knz2VtfIA74cdC+EaRO2hrXOv
+b/lDCg3hYTiszu55xzQOtaw7589gLYLJgnm+p6Vj8Ne4KpCQoQXhkiff4PqHuFzi
+CAAz9+3Mrdq5zfp4TBg37WwCJHsGiPGjo1OzrzQk4Nw5puaVrun6C7KM5TaHD/Fb
+yFCvARVV/7Bqs6jTmglP6mMbl1wK1lUTOOcblGI8u1wFWm4s0pQLi7GnKptx+zRF
+cgaVlnIJeo/UN9MhCm32VXhl/VJ5SEQmBbLVB6uvpvz9t4onGBVY8GNNpg==
+-----END RSA PRIVATE KEY-----
+
+-----BEGIN CERTIFICATE-----
+MIIFSzCCBLSgAwIBAgIBCzANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCTkwx
+FjAUBgNVBAgTDU5vb3JkLUhvbGxhbmQxEDAOBgNVBAcTB0hhYXJsZW0xFDASBgNV
+BAoTC0FHLVByb2plY3RzMRcwFQYDVQQDEw5BRy1Qcm9qZWN0cyBDQTEmMCQGCSqG
+SIb3DQEJARYXc3VwcG9ydEBhZy1wcm9qZXRjcy5jb20wHhcNMTEwNjE1MDgyMTE1
+WhcNMTIwNjE0MDgyMTE1WjBpMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQt
+SG9sbGFuZDEQMA4GA1UEBxMHSGFhcmxlbTEUMBIGA1UEChMLQUctUHJvamVjdHMx
+GjAYBgNVBAMTEWJsaW5rLmV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOC
+Ag8AMIICCgKCAgEAs2FpmmunJwhE7ViR9cI9ESN3tVDoMf4J2PW87cEHUcMdrCkx
+vv7NcD57fG9ev1UI6MwN0ThcAPUoLec/iqQqHrKnB7ES79yBrXKe8wEJLYjf4sNB
+L+tEzuo1UkBszFh2hteDPSHjJEYyBbQf07jtNSgt3O5vWBCFZ7H9Pk6S/vjwH9yi
+Wly/BVFrD6j0MYV+w1CR1UaqoWOyL/IMsCWwQ4vAn6VAud2WcpQNFbue9w32m4pF
+KISupBLH2kpSTJPHmcp0Wr369LElKy732jSzoQXsJG7eKs5VV3eL4XhTqeky9LY/
+RSsY8KRMHqO8tG11q/aFOhSwEhuCsAVOJeEW7DAQsA5/kZZgqoPZNeIrZRupfsor
+ZtG2wMpfOaapvppwWL65I/GSe/WupaGZgzXPA1zS5HBzT0LX3Da58MWNf09POatL
+DaXKbaG4Ip1XqFl72eqnicF/DdZNGI/dMUQZE6zgOr9wKlsjwOeX7PwakrMFM0Gr
+PMzFejFgiURVjczEvkZsIe5e7WqAcolnW09I2paGSyduzl4uXsJdLURTMuexW2Pt
+/Mh4hRKvkNllech+0yrjdjfpW2fEgvurhp3lqX9MerRvgr+A+8LokMhNypzgzhDb
+BIn/lK0B8CC22k1K01u6fh/prfXXrOKPzQ8+iZGhrMtF2SNoXfWcoPUcKhMCAwEA
+AaOCAVcwggFTMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgSwMCsGCWCGSAGG
++EIBDQQeFhxUaW55Q0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSW
+/ufbnmFBpqJmPHw1pLkLKEeJTTCBwwYDVR0jBIG7MIG4gBSUGO6ky74q4yoqQ48z
+IFjvzXuvF6GBlKSBkTCBjjELMAkGA1UEBhMCTkwxFjAUBgNVBAgTDU5vb3JkLUhv
+bGxhbmQxEDAOBgNVBAcTB0hhYXJsZW0xFDASBgNVBAoTC0FHLVByb2plY3RzMRcw
+FQYDVQQDEw5BRy1Qcm9qZWN0cyBDQTEmMCQGCSqGSIb3DQEJARYXc3VwcG9ydEBh
+Zy1wcm9qZXRjcy5jb22CCQCnj7ANVIQRVTAJBgNVHRIEAjAAMAkGA1UdEQQCMAAw
+CwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBBQUAA4GBAApKLZ0MSgYumbm9LFRYPVR7
+q4v2q5sYvcfq5Vn4tTFqcZ14iDPfxon5ChD+3PNMU8Um0sHjqa1uMkkf5oHW5nD0
+de8+S3qNIupqyhcWr0haJDA6ZJhJIZT+zzZXD6tlOWb1ZhHvKEuexVWPkR5dpks9
+fNnOsHzyln60u0xwHXig
+-----END CERTIFICATE-----
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Sat, Nov 23, 3:26 AM (14 h, 6 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3406673
Default Alt Text
(11 KB)
Attached To
Mode
rSYLK SylkServer
Attached
Detach File
Event Timeline
Log In to Comment