As discussed in https://github.com/coturn/coturn/pull/478, if the
parameter only controls whether or not to send the software attribute
and not other production-relevant configurations, it should be named
accordingly.
The old --prod configuration option still works, but is now deprecated
and undocumented.
* Changed type from int to size_t to avoid warning
warning: comparison between signed and unsigned integer expressions
* Fixed string truncation warning
Previously this was being done in stun_attr_get_next_str() to check that the previous attribute didn't exceed the size of the underlying buffer, however by that point any maliciously crafted attributes would have already had their chance to attack the caller.
Because we're building with a FIPS enabled OpenSSL instead of the FIPS
canister, the resulting build should be usable on both FIPS and non-FIPS
enabled systems. Since we can't rely on building with a FIPS enabled
OpenSSL, defer the check to runtime.
This is one of those special cases where a non approved cryptographic
algorithm is allowed when operating in FIPS mode. Inform OpenSSL that
this is the case.
In the STUN RFC the long-term credential mechanism requires that the key
used in the HMAC-SHA1 generation be the MD5 of specific values:
https://tools.ietf.org/html/rfc5389#section-15.4
Since this is obfuscating parameters to be used in an approved
cryptographic algorithm, this is allowed usage per the [FIPS 140-2 Implementation Guidance](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/fips140-2/fips1402ig.pdf).
See page 81.
Without this change, coturn crashes when trying to set up any long-term
credential mechanism.
Coturn does not disconnect database properly when shutdown.
This behavior causes accumulation of sockets for database with TIME_WAIT.
Especially, `turnadmin` is recommended to manage userdb,
but use of `turnadmin` from other application or scripts
can run out of socket resource due to above problem.
This patch adds database disconnection when shutdown
for both of `turnserver` and `turnadmin`.
Fixes#366
