Page MenuHomePhabricator

No OneTemporary

diff --git a/MANIFEST.in b/MANIFEST.in
index c9bfea3..5f5f31b 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -1,9 +1,10 @@
recursive-include debian changelog compat control copyright rules
recursive-include debian pycompat pyversions
recursive-include debian *.init *.dirs *.default
recursive-include debian/source format
recursive-include resources/sounds *.wav
recursive-include resources/sounds/moh *.wav
+recursive-include tls *.crt
prune debian/tmp
prune debian/sylkserver-*
include INSTALL LICENSE MANIFEST.in *.ini.sample
diff --git a/config.ini.sample b/config.ini.sample
index 05fb392..0fdb63f 100644
--- a/config.ini.sample
+++ b/config.ini.sample
@@ -1,80 +1,80 @@
; SylkServer configuration file
[Server]
; The following settings are the default used by the software, uncomment
; them only if you want to make changes
; default_application = conference
; Map user part of the Request URI to a specific application
; application_map = 123:conference,test:irc-conference
; trace_dir = /var/log/sylkserver
; trace_sip = False
; trace_msrp = False
; trace_notifications = False
; TLS can be used for encryption of SIP signaling and MSRP media. TLS is
; disabled by default. To enable TLS, you must have a valid X.509
; certificate and configure it below, then set the local_tls_port in the SIP
; section and use_tls in MSRP section
; The X.509 Certificate Authorities file
; ca_file = /etc/sylkserver/tls/ca.crt
-; The file containing X.509 certificate and private key in unencrypted format
-; certificate = /etc/sylkserver/tls/sylkserver.crt
+; The file containing X.509 certificate and private key in unencrypted format
+; certificate = /etc/sylkserver/tls/default.crt
; verify_server = False
[SIP]
; SIP transport settings
; IP address used for SIP signaling; empty string or any means listen on interface used
; by the default route
; local_ip =
; Ports used for SIP transports, if not set to any value the transport will be disabled
; local_udp_port = 5060
; local_tcp_port = 5060
; local_tls_port =
; If set all outbound SIP requests will be sent through this SIP proxy
; outbound_proxy =
; A comma-separated list of hosts or networks to trust.
; The elements can be an IP address in CIDR format, a
; hostname or an IP address (in the latter 2 a mask of 32
; is assumed), or the special keywords 'any' and 'none'
; (being equivalent to 0.0.0.0/0 and 0.0.0.0/32
; respectively). It defaults to 'any'.
; trusted_peers =
[MSRP]
; MSRP transport settings
-; By default MSRP media is using TCP, to enable TLS you must configure a
-; X.509 certificate in the server section and enable it here
-; use_tls = False
+; A valid X.509 certificate is required for MSRP to work over TLS.
+; TLS is enabled by default, a default TLS certificate is provided with SylkServer.
+; use_tls = True
[RTP]
; RTP transport settings
; Allowed codec list, valid values: G722, speex, PCMU, PCMA, iLBC, GSM
; audio_codecs = G722,speex,PCMU,PCMA
; Port range used for RTP
; port_range = 50000:50500
; SRTP valid values: disabled, mandatory, optional
; srtp_encryption = optional
; RTP stream timeout, session will be disconnected after this value
; timeout = 30
diff --git a/debian/rules b/debian/rules
index f1e68bc..357f5fc 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,20 +1,21 @@
#!/usr/bin/make -f
#export DH_VERBOSE=1
%:
dh $@ --with python2
override_dh_clean:
dh_clean
rm -rf build dist MANIFEST
override_dh_install:
install -m 0644 config.ini.sample debian/sylkserver/etc/sylkserver/config.ini
install -m 0644 conference.ini.sample debian/sylkserver/etc/sylkserver/conference.ini
+ install -m 0600 tls/default.crt debian/sylkserver/etc/sylkserver/tls/default.crt
dh_install
override_dh_installinit:
dh_installinit --no-start
.PHONY: override_dh_clean override_dh_install override_dh_installinit
diff --git a/sylk/configuration/__init__.py b/sylk/configuration/__init__.py
index be92048..ea60954 100644
--- a/sylk/configuration/__init__.py
+++ b/sylk/configuration/__init__.py
@@ -1,69 +1,69 @@
# Copyright (C) 2010-2011 AG Projects. See LICENSE for details.
#
from application.configuration import ConfigSection, ConfigSetting
from application.configuration.datatypes import NetworkRangeList, StringList
from application.system import host
from sipsimple.configuration.datatypes import NonNegativeInteger, SRTPEncryption
from sylk import configuration_filename
from sylk.configuration.datatypes import AudioCodecs, IPAddress, NillablePath, Path, Port, PortRange, SIPProxyAddress
from sylk.tls import Certificate, PrivateKey
class ServerConfig(ConfigSection):
__cfgfile__ = configuration_filename
__section__ = 'Server'
ca_file = ConfigSetting(type=NillablePath, value=NillablePath('/etc/sylkserver/tls/ca.crt'))
- certificate = ConfigSetting(type=NillablePath, value=NillablePath('/etc/sylkserver/tls/sylkserver.crt'))
+ certificate = ConfigSetting(type=NillablePath, value=NillablePath('/etc/sylkserver/tls/default.crt'))
verify_server = False
default_application = 'conference'
application_map = ConfigSetting(type=StringList, value='')
trace_dir = ConfigSetting(type=Path, value=Path('/var/log/sylkserver'))
trace_sip = False
trace_msrp = False
trace_notifications = False
class SIPConfig(ConfigSection):
__cfgfile__ = configuration_filename
__section__ = 'SIP'
local_ip = ConfigSetting(type=IPAddress, value=host.default_ip)
local_udp_port = ConfigSetting(type=Port, value=5060)
local_tcp_port = ConfigSetting(type=Port, value=5060)
local_tls_port = ConfigSetting(type=Port, value=None)
outbound_proxy = ConfigSetting(type=SIPProxyAddress, value=None)
trusted_peers = ConfigSetting(type=NetworkRangeList, value=NetworkRangeList('any'))
class MSRPConfig(ConfigSection):
__cfgfile__ = configuration_filename
__section__ = 'MSRP'
- use_tls = False
+ use_tls = True
class RTPConfig(ConfigSection):
__cfgfile__ = configuration_filename
__section__ = 'RTP'
audio_codecs = ConfigSetting(type=AudioCodecs, value=None)
port_range = ConfigSetting(type=PortRange, value=PortRange('50000:50500'))
srtp_encryption = ConfigSetting(type=SRTPEncryption, value='optional')
timeout = ConfigSetting(type=NonNegativeInteger, value=30)
class ThorNodeConfig(ConfigSection):
__cfgfile__ = configuration_filename
__section__ = 'ThorNetwork'
enabled = False
domain = "sipthor.net"
multiply = 1000
certificate = ConfigSetting(type=Certificate, value=None)
private_key = ConfigSetting(type=PrivateKey, value=None)
ca = ConfigSetting(type=Certificate, value=None)
diff --git a/tls/default.crt b/tls/default.crt
new file mode 100644
index 0000000..fad3a4e
--- /dev/null
+++ b/tls/default.crt
@@ -0,0 +1,83 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJJwIBAAKCAgEAs2FpmmunJwhE7ViR9cI9ESN3tVDoMf4J2PW87cEHUcMdrCkx
+vv7NcD57fG9ev1UI6MwN0ThcAPUoLec/iqQqHrKnB7ES79yBrXKe8wEJLYjf4sNB
+L+tEzuo1UkBszFh2hteDPSHjJEYyBbQf07jtNSgt3O5vWBCFZ7H9Pk6S/vjwH9yi
+Wly/BVFrD6j0MYV+w1CR1UaqoWOyL/IMsCWwQ4vAn6VAud2WcpQNFbue9w32m4pF
+KISupBLH2kpSTJPHmcp0Wr369LElKy732jSzoQXsJG7eKs5VV3eL4XhTqeky9LY/
+RSsY8KRMHqO8tG11q/aFOhSwEhuCsAVOJeEW7DAQsA5/kZZgqoPZNeIrZRupfsor
+ZtG2wMpfOaapvppwWL65I/GSe/WupaGZgzXPA1zS5HBzT0LX3Da58MWNf09POatL
+DaXKbaG4Ip1XqFl72eqnicF/DdZNGI/dMUQZE6zgOr9wKlsjwOeX7PwakrMFM0Gr
+PMzFejFgiURVjczEvkZsIe5e7WqAcolnW09I2paGSyduzl4uXsJdLURTMuexW2Pt
+/Mh4hRKvkNllech+0yrjdjfpW2fEgvurhp3lqX9MerRvgr+A+8LokMhNypzgzhDb
+BIn/lK0B8CC22k1K01u6fh/prfXXrOKPzQ8+iZGhrMtF2SNoXfWcoPUcKhMCAwEA
+AQKCAgByQGNQtaybUcsFGVquG29l0R9X3xZlcRa4l5wkGsQcsZfepcZHjmcvTLy+
+PvksCG9KR12tmqYO/hb/VcDE/1bMgqGcZo5XNC1sWgsfX9OGqx1eg1qruL/0wnv/
+zYT+ioHD1NSERWc1HXiS5W04HxsGtnavtzY38x3lNBrGaql5uPjIcnD9+QC51GfK
+a6RNPmfE4zZfj0jyzlsZ6qNmNjsUapjflhOpzpcal23WH9BaLwyZePIfopLRchzU
+zm2o1J9XNvnxKfwDiijQXnQDCXo331vOwMbEoPL+aOgxTcCMAjowXzvhRFf4Pc01
+3rg8e1NtmfC1U6PphJgyoM5rlfhQmdXr689kxh2MjGChTtp2QjkPyUMLoUjf3Yje
+lS3eK3uihUMG+vSBK/dS1nb4qe9ZtAp3YSiifGzjdU/8Onvta9fi1a9szu7tQm/W
+xrSeXfWhRhy/p57RLjDrKbZIYS3Q99Qy4hh6Hc7APG6aoqol/vnK4/EaYq0aYoP2
+HdK5yTFuy3Rowyiwr0B1YPFxuhMovLNgsTRaBBgxT/glexsNemjeE8GR+W7O3lyN
+DciKaYLEQNSJymRzYcHIKssNWNWWXAJ1tUoxP/7gsvpEE6/XYf7XHaykgo9L+FTA
+pFA5iPsexzkLR9rkjFIUV2G/FA875n3KaXuWtlJLIle68zFlsQKCAQEA4g672yrd
+DBJboGqU+d06BB/yu6lHTdEC6qf+BWv/ZBO0TCyvB9tUIVGoBokQQl9uJzxkvtV1
+6hbRbAahJ7Mi4xF+1FBaIFh6X3hOxP5THtc9hQv3b+RPSaT2d61iUv3wEAzb8neU
+Hmjnfhs6dZsU19UIx4tIV1unSjuCmKjhgiWBBM9O2abNhE6Uk5Fr7+An+M2m/IcR
+zHhYeIRocCb5sU9gW/7+US26PgwymuEwTZW6AJPsVB/VueoGkEvYO9pApWA+11sn
+8u6JxHk7csZTpMYGIZvAQQJ0j2oeJ0kVCePNT5N2iNvL6FRNZpc7flY2jr0KSVTc
+mdtLjKLMLTmtHwKCAQEAyyPuheiaWxF3McEkhdx7WvRVUxf7QWOYISMcMTb0pXE/
+ui8QL6Vk1jykB5sO5J5hEjALwnH58VhBhUqjJNynwssEBTIBPD6LANESbAh+nERH
+pELqZbrTqj3HunFFP72yeY3kb1y5R2h4wytuA1KO0B0INT1woH58OQEuczKOj0Qw
+rarIHjEadz5QHzpQfxYO0bP/CqCfx0+4Dlk7caNbm+3rGyslsr1j2hNSZ9fBOAFp
+HctxtUk19lZb6VYWpKeO9rGBvleLJltqoqGtlkTH+UGYc01uwRjOYOEBIUAnpv81
+CSX/CQb2bl9eZVotXiMp5d/CfTHJHplj4DHEhd4wjQKCAQA/9elDLtKSatNQBTgX
+pneW2S9F17ScGOpZWKTwBcmiGE0oTHBNqcoZD1CaYMef7/5rzZO3xw/w5vnkNc/9
+OptBYh7flciaZE5jmte2tzrve/klHuio2RFyBeHSpNUwJDd7YxgMd7cKD6aIMM4O
+no18MAOm6grS5NTllQbziL0dpNznbnyh6qc1q0IwqrG+kk7c/9siklj/4IEvwE8I
+hI6bk5jxDqoIcAbFLZBX8CVJnnadWT1B5CwFyWiIBV2uOaeW4y+EoX8hJksGs0KV
+y/W4pmrvsXDpM/ek6GKVvQDd5n2d6Vxdhssf9lJcF6g2q9AN/QDfFMrCIaEzrpBU
+r4ADAoIBAFJBPW8ZjY78loAeDhTp/0UIFJit6D5E/q/EUMEY2J05Ky3PqsUwOpGJ
+Qn4V6kTmYLYFoG1ey29PZlB7tW3Sr1dv7zPPWLK1PIHbJpN6KRJLj5rSwajpqpWP
+qJU1Em5J+L/BldMF/7wLcILOziAoSM26Q72TIEzMiq5mbRGWUiVu3iskMR4Qkf/g
+yn6qlTewjdWaBdaezbPd8tBUj35nQEv2XbHFmeEzUQBXvJFxyrpLz+2RmHxopaIW
+u+bSxh5r/rajj76sIhso/xfVUb28IiEqz3k4zHUB/2c5FMUK/kNfqXEH4qocGKL+
+mPF/P0mUAX4kSdN52k86mzeHz2TJYG0CggEALpLGQz37voXzMuFguQ1eao8GdHFD
+yjlY6dbYtA58ZE8IK7JRPt9NZ7twn30GzfwcQG0knz2VtfIA74cdC+EaRO2hrXOv
+b/lDCg3hYTiszu55xzQOtaw7589gLYLJgnm+p6Vj8Ne4KpCQoQXhkiff4PqHuFzi
+CAAz9+3Mrdq5zfp4TBg37WwCJHsGiPGjo1OzrzQk4Nw5puaVrun6C7KM5TaHD/Fb
+yFCvARVV/7Bqs6jTmglP6mMbl1wK1lUTOOcblGI8u1wFWm4s0pQLi7GnKptx+zRF
+cgaVlnIJeo/UN9MhCm32VXhl/VJ5SEQmBbLVB6uvpvz9t4onGBVY8GNNpg==
+-----END RSA PRIVATE KEY-----
+
+-----BEGIN CERTIFICATE-----
+MIIFSzCCBLSgAwIBAgIBCzANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCTkwx
+FjAUBgNVBAgTDU5vb3JkLUhvbGxhbmQxEDAOBgNVBAcTB0hhYXJsZW0xFDASBgNV
+BAoTC0FHLVByb2plY3RzMRcwFQYDVQQDEw5BRy1Qcm9qZWN0cyBDQTEmMCQGCSqG
+SIb3DQEJARYXc3VwcG9ydEBhZy1wcm9qZXRjcy5jb20wHhcNMTEwNjE1MDgyMTE1
+WhcNMTIwNjE0MDgyMTE1WjBpMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQt
+SG9sbGFuZDEQMA4GA1UEBxMHSGFhcmxlbTEUMBIGA1UEChMLQUctUHJvamVjdHMx
+GjAYBgNVBAMTEWJsaW5rLmV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOC
+Ag8AMIICCgKCAgEAs2FpmmunJwhE7ViR9cI9ESN3tVDoMf4J2PW87cEHUcMdrCkx
+vv7NcD57fG9ev1UI6MwN0ThcAPUoLec/iqQqHrKnB7ES79yBrXKe8wEJLYjf4sNB
+L+tEzuo1UkBszFh2hteDPSHjJEYyBbQf07jtNSgt3O5vWBCFZ7H9Pk6S/vjwH9yi
+Wly/BVFrD6j0MYV+w1CR1UaqoWOyL/IMsCWwQ4vAn6VAud2WcpQNFbue9w32m4pF
+KISupBLH2kpSTJPHmcp0Wr369LElKy732jSzoQXsJG7eKs5VV3eL4XhTqeky9LY/
+RSsY8KRMHqO8tG11q/aFOhSwEhuCsAVOJeEW7DAQsA5/kZZgqoPZNeIrZRupfsor
+ZtG2wMpfOaapvppwWL65I/GSe/WupaGZgzXPA1zS5HBzT0LX3Da58MWNf09POatL
+DaXKbaG4Ip1XqFl72eqnicF/DdZNGI/dMUQZE6zgOr9wKlsjwOeX7PwakrMFM0Gr
+PMzFejFgiURVjczEvkZsIe5e7WqAcolnW09I2paGSyduzl4uXsJdLURTMuexW2Pt
+/Mh4hRKvkNllech+0yrjdjfpW2fEgvurhp3lqX9MerRvgr+A+8LokMhNypzgzhDb
+BIn/lK0B8CC22k1K01u6fh/prfXXrOKPzQ8+iZGhrMtF2SNoXfWcoPUcKhMCAwEA
+AaOCAVcwggFTMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgSwMCsGCWCGSAGG
++EIBDQQeFhxUaW55Q0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSW
+/ufbnmFBpqJmPHw1pLkLKEeJTTCBwwYDVR0jBIG7MIG4gBSUGO6ky74q4yoqQ48z
+IFjvzXuvF6GBlKSBkTCBjjELMAkGA1UEBhMCTkwxFjAUBgNVBAgTDU5vb3JkLUhv
+bGxhbmQxEDAOBgNVBAcTB0hhYXJsZW0xFDASBgNVBAoTC0FHLVByb2plY3RzMRcw
+FQYDVQQDEw5BRy1Qcm9qZWN0cyBDQTEmMCQGCSqGSIb3DQEJARYXc3VwcG9ydEBh
+Zy1wcm9qZXRjcy5jb22CCQCnj7ANVIQRVTAJBgNVHRIEAjAAMAkGA1UdEQQCMAAw
+CwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBBQUAA4GBAApKLZ0MSgYumbm9LFRYPVR7
+q4v2q5sYvcfq5Vn4tTFqcZ14iDPfxon5ChD+3PNMU8Um0sHjqa1uMkkf5oHW5nD0
+de8+S3qNIupqyhcWr0haJDA6ZJhJIZT+zzZXD6tlOWb1ZhHvKEuexVWPkR5dpks9
+fNnOsHzyln60u0xwHXig
+-----END CERTIFICATE-----

File Metadata

Mime Type
text/x-diff
Expires
Sat, Nov 23, 3:26 AM (20 h, 17 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3406673
Default Alt Text
(11 KB)

Event Timeline