diff --git a/README.turnserver b/README.turnserver index 3d6a28d9..da0308b9 100644 --- a/README.turnserver +++ b/README.turnserver @@ -120,12 +120,11 @@ User database settings: (see http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html for the command options description). ---secret-key-file If you want to use password as encrpyted in the mysql connection string MySQL encrypted connection, this is key path. - This is the file path which contain secret key of aes encryption while using password encryption. - This attribute should be use if allow-encoding-with-aes set to 1. ---allow-encoding-with-aes If you want to use password as encrpyted in the mysql connection string. Set allow-encoding-with-aes to 1. - If you want to use clearteaxt password in the mysql connection string. Set allow-encoding-with-aes to 0. - You have to enable secret-key-file attribute above as a key location. +--secret-key-file This is the file path which contain secret key of aes encryption while using MySQL password encryption. + If you want to use in the MySQL connection string the password in encrypted format, + then set in this option the file path of the secret key. The key which is used to encrypt MySQL password. + Warning: If this option is set, then MySQL password must be set in "mysql-userdb" option in encrypted format! + If you want to use cleartext password then do not set this option! -J, --mongo-userdb User database connection string for MongoDB. This database can be used for long-term credentials mechanism, and it can store the secret value diff --git a/examples/etc/turnserver.conf b/examples/etc/turnserver.conf index 8835d4af..0fcb17cb 100644 --- a/examples/etc/turnserver.conf +++ b/examples/etc/turnserver.conf @@ -293,16 +293,16 @@ # #mysql-userdb="host= dbname= user= password= port= connect_timeout= read_timeout=" -#If you want to use password as encrpyted in the mysql connection string MySQL encrypted connection, this is key path. -#This is the file path which contain secret key of aes encryption while using password encryption. -#This attribute should be use if allow-encoding-with-aes set to 1. +# If you want to use in the MySQL connection string the password in encrypted format, +# then set in this option the MySQL password encryption secret key file. +# +# Warning: If this option is set, then mysql password must be set in "mysql-userdb" in encrypted format! +# If you want to use cleartext password then do not set this option! +# +# This is the file path which contain secret key of aes encryption while using password encryption. +# #secret-key-file=/path/ -#If you want to use password as encrpyted in the mysql connection string. Set allow-encoding-with-aes to 1. -#If you want to use clearteaxt password in the mysql connection string. Set allow-encoding-with-aes to 0. -#You have to enable secret-key-file attribute above as a key location. -#allow-encoding-with-aes=1 or 0 - # MongoDB database connection string in the case that we are using MongoDB # as the user database. # This database can be used for long-term credential mechanism diff --git a/man/man1/turnadmin.1 b/man/man1/turnadmin.1 index 9bba5666..785eb7a2 100644 --- a/man/man1/turnadmin.1 +++ b/man/man1/turnadmin.1 @@ -1,5 +1,5 @@ .\" Text automatically generated by txt2man -.TH TURN 1 "06 September 2018" "" "" +.TH TURN 1 "07 September 2018" "" "" .SH GENERAL INFORMATION \fIturnadmin\fP is a TURN administration tool. This tool can be used to manage diff --git a/man/man1/turnserver.1 b/man/man1/turnserver.1 index 69a6b833..3381bd92 100644 --- a/man/man1/turnserver.1 +++ b/man/man1/turnserver.1 @@ -1,5 +1,5 @@ .\" Text automatically generated by txt2man -.TH TURN 1 "06 September 2018" "" "" +.TH TURN 1 "07 September 2018" "" "" .SH GENERAL INFORMATION The \fBTURN Server\fP project contains the source code of a TURN server and TURN client @@ -181,15 +181,11 @@ command \fIoptions\fP description). .TP .B \fB\-\-secret\-key\-file\fP -If you want to use password as encrpyted in the mysql connection string MySQL encrypted connection, this is key path. -This is the file path which contain secret key of aes encryption while using password encryption. -This attribute should be use if allow\-encoding\-with\-aes set to 1. -.TP -.B -\fB\-\-allow\-encoding\-with\-aes\fP -If you want to use password as encrpyted in the mysql connection string. Set allow\-encoding\-with\-aes to 1. -If you want to use clearteaxt password in the mysql connection string. Set allow\-encoding\-with\-aes to 0. -You have to enable secret\-key\-file attribute above as a key location. +This is the file path which contain secret key of aes encryption while using MySQL password encryption. +If you want to use in the MySQL connection string the password in encrypted format, +then set in this option the file path of the secret key. The key which is used to encrypt MySQL password. +Warning: If this option is set, then MySQL password must be set in "mysql\-userdb" option in encrypted format! +If you want to use cleartext password then do not set this option! .TP .B \fB\-J\fP, \fB\-\-mongo\-userdb\fP diff --git a/man/man1/turnutils.1 b/man/man1/turnutils.1 index cc59beb9..a286dc33 100644 --- a/man/man1/turnutils.1 +++ b/man/man1/turnutils.1 @@ -1,5 +1,5 @@ .\" Text automatically generated by txt2man -.TH TURN 1 "06 September 2018" "" "" +.TH TURN 1 "07 September 2018" "" "" .SH GENERAL INFORMATION A set of turnutils_* programs provides some utility functionality to be used diff --git a/src/apps/relay/dbdrivers/dbd_mysql.c b/src/apps/relay/dbdrivers/dbd_mysql.c index 39537966..6b6bd6fd 100644 --- a/src/apps/relay/dbdrivers/dbd_mysql.c +++ b/src/apps/relay/dbdrivers/dbd_mysql.c @@ -263,7 +263,7 @@ static MYSQL *get_mydb_connection(void) { mysql_ssl_set(mydbconnection, co->key, co->cert, co->ca, co->capath, co->cipher); } - if(turn_params.allow_encoding){ + if(turn_params.secret_key_file[0]){ co->password = decryptPassword(co->password, turn_params.secret_key); } @@ -278,8 +278,10 @@ static MYSQL *get_mydb_connection(void) { mydbconnection=NULL; } else if(!donot_print_connection_success) { TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "MySQL DB connection success: %s\n",pud->userdb); - if(turn_params.allow_encoding) - TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Connection is secure.\n"); + if(turn_params.secret_key_file[0]) { + TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Encryption with AES is activated.\n"); + TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Connection is secure.\n"); + } else TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Connection is not secure.\n"); donot_print_connection_success = 1; diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c index fa14814b..eabc3f3a 100644 --- a/src/apps/relay/mainrelay.c +++ b/src/apps/relay/mainrelay.c @@ -155,7 +155,6 @@ DEFAULT_CPUS_NUMBER, ///////// Encryption ///////// "", /* secret_key_file */ "", /* secret_key */ -0, /* allow_encoding */ 0 /* keep_address_family */ }; @@ -498,12 +497,11 @@ static char Usage[] = "Usage: turnserver [options]\n" " (see http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html for the\n" " command options description).\n\n" " All connection-string parameters are optional.\n\n" -"--secret-key-file If you want to use password as encrpyted in the mysql connection string MySQL encrypted connection, this is key path.\n" -" This is the file path which contain secret key of aes encryption while using password encryption.\n" -" This attribute should be use if allow-encoding-with-aes set to 1.\n" -"--allow-encoding-with-aes <1/0> If you want to use password as encrpyted in the mysql connection string. Set allow-encoding-with-aes to 1.\n" -" If you want to use clearteaxt password in the mysql connection string. Set allow-encoding-with-aes to 0.\n" -" You have to enable secret-key-file attribute above as a key location.\n" +"--secret-key-file This is the file path which contain secret key of aes encryption while using MySQL password encryption.\n" +" If you want to use in the MySQL connection string the password in encrypted format,\n" +" then set in this option the file path of the secret key. The key which is used to encrypt MySQL password.\n" +" Warning: If this option is set, then MySQL password must be set in \"mysql-userdb\" option in encrypted format!\n" +" If you want to use cleartext password then do not set this option!\n" #endif #if !defined(TURN_NO_MONGO) " -J, --mongo-userdb MongoDB connection string, if used (default - empty, no MongoDB used).\n" @@ -771,8 +769,7 @@ enum EXTRA_OPTS { OAUTH_OPT, PROD_OPT, NO_HTTP_OPT, - SECRET_KEY_OPT, - ALLOW_ENCODING_OPT + SECRET_KEY_OPT }; struct myoption { @@ -892,7 +889,6 @@ static const struct myoption long_options[] = { { "no-tlsv1_1", optional_argument, NULL, NO_TLSV1_1_OPT }, { "no-tlsv1_2", optional_argument, NULL, NO_TLSV1_2_OPT }, { "secret-key-file", required_argument, NULL, SECRET_KEY_OPT }, - { "allow-encoding-with-aes", required_argument, NULL, ALLOW_ENCODING_OPT}, { "keep-address-family", optional_argument, NULL, 'K' }, { NULL, no_argument, NULL, 0 } }; @@ -1475,9 +1471,6 @@ static void set_option(int c, char *value) case SECRET_KEY_OPT: STRCPY(turn_params.secret_key_file,value); break; - case ALLOW_ENCODING_OPT: - turn_params.allow_encoding = atoi(value); - break; case PKEY_FILE_OPT: STRCPY(turn_params.pkey_file,value); break; @@ -2155,9 +2148,6 @@ int main(int argc, char **argv) TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Domain name: %s\n",turn_params.domain); TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "Default realm: %s\n",get_realm(NULL)->options.name); - if(turn_params.allow_encoding){ - TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "allow-encoding-with-aes activated.\n"); - } if(turn_params.oauth && turn_params.oauth_server_name[0]) { TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "oAuth server name: %s\n",turn_params.oauth_server_name); diff --git a/src/apps/relay/mainrelay.h b/src/apps/relay/mainrelay.h index 0a23e232..42f26054 100644 --- a/src/apps/relay/mainrelay.h +++ b/src/apps/relay/mainrelay.h @@ -317,7 +317,6 @@ typedef struct _turn_params_ { ///////// Encryption ///////// char secret_key_file[1025]; unsigned char secret_key[1025]; - int allow_encoding; int keep_address_family; } turn_params_t;