- Why? Because code where conditionals lack braces is much harder to read, and prone to indentation confusion.
- How? Just added an extra flag to .clang-format and re-ran clang-format on all the files.
I also moved .clang-format up to the top level of the repo so that it can be applied to the fuzz targets as well.
For our deployment, it is useful if coturn returns a valid HTTP response to an HTTP request. To do this on the same port as STUN/TURN and without enabling the admin site, I have extended `read_client_connection()` to return a canned HTTP response, in response to an HTTP request, rather than immediately closing the connection.
I tested the code part by using manual and automated tools for more than
2 years.
Fixes#823
When you try to delete an alternate server in the list by using "das :" command on the CLI, the session gets stuck and can't response although alternate server is removed.
The problem appears to be related to calling del_alt_server function in the same function recursively.
Co-authored-by: CUMHUR KARAHAN <cumhur.karahan@turkcell.com.tr>
Reformatting and removing some duplications:
- Some lines have WARNING WARNING: cleaned up.
- Lines printed using perror: only LOG_ mechanism should be used.
- Printing IO mechanism (epoll for example) for each thread: selected
mechanism logged once
- Duplicate lines (perror and also LOG): duplication removed
- Duplicates: clean up (because calling function multiple times -
configuration load)
I would like to get feedback on this and see if people is confortable
with these clang rules.
Right now is using the "llvm" style increasing the line length from 80
to 120 given that coturn is using long lines often.
Co-authored-by: Pavel Punsky <eakraly@users.noreply.github.com>
The following changes have been made:
1. Replace deprecated functions with new standard functions
2. Add corresponding MSVC functions for non-standard functions
3. Remove warnings about unsafe functions
4. CMAKE: modify find pack Libevent and openssl
5. Modify include files
6. Use pthread4W
7. Modify socket in windows
8. Add CI - github action
8.1. msvc
8.2. mingw
10. The database:
9.1. sqlite, pgsql, hiredis, mongo is test compiled.
9.2. mysql, isnot test compiled.
11. The applications、server can be compiled and run successfully!
12. Add vcpkg manifest mode in cmake.
Store sanitized version of DB connection string with password masked
(replace all chars with * which exposes its length)
Use sanitized version when logging connection string
Fixes#1017 and #272
This code is in as back as git can see. Removed for now as it has no use
at all.
Also reduces traffic to redis (though will not reduce any load on redis)
Refs #150
Similar to #989, use a single SSL context for all versions of DTLS
protocol
- Add support for modern API (protocol version independent APIs)
- Add DTLS test to the CI test
- Removing calls to `SSL_CTX_set_read_ahead` in DTLS context (does
nothing as DTLS is datagram protocol - we always get the whole datagram
so this call has no impact)
Fixes#924
openssl allows multiple TLS version support through a single SSL_CTX
object.
This PR replaces 4 per-version SSL_CTX objects with a single object
(DTLS is not yet changed).
SSL context initialization code for openssl with modern API (>=1.1.0)
uses `TLS_server_method` and `SSL_CTX_set_min_proto_version` instead of
enabling specific TLS version. Byproduct of this is TLSv1_3 support when
used with openssl-1.1.1 and above
TLS 1.2 and TLS 1.3 cannot be disabled (as before)
Test plan:
- run_tests.sh script now runs turnserver with SSL certificate (which
enables TLS support)
- run_tests.sh now has one more basic test that uses TLS protocol
Co-authored-by: Pavel Punsky <pavel.punsky@epicgames.com>
Replace all instances of `bzero` with memset by find-replace-edit.
This is straightforward replacement which is suboptimal in a few cases
(for example we could use calloc instead of malloc+memset(0))
Inspired by #855
There are too many defines that are, eventually, used in one place so
just inlining.
Current code generates following warning:
```
warning: macro expansion producing 'defined' has undefined behavior [-Wexpansion-to-defined]
```
With the fix there is no warning
Co-authored-by: Pavel Punsky <pavel.punsky@epicgames.com>
If the configuration contains entries such as:
no-tlsv1
no-tlsv1_1
then the SSL context is NULL. The previous code was simple enough that it
handled this case; the new code needs to deal with it explicitly.
[*] https://github.com/coturn/coturn/issues/770
When openssl_load_certificates() is called as a result of USR2
signal, it has the effect of SSL_free() on certificates.
But pointers to these certificates are borrowed by the ioa_engines
where they are used for new connections.
The tls_mutex when loading the certificates does not prevent this use
because it's released before despatching asynchronous events to each
ioa_engine asking them to pick up the new SSL context.
So there is a race; if a new connection arrives quickly after
openssl_load_certificates() but before the tls_ctx_update_ev.
This patch resolves this using OpenSSL's own fine grained locking.
The ioa_engines now 'copy' the SSL context (actually a refcounted copy)
As discussed in https://github.com/coturn/coturn/pull/478, if the
parameter only controls whether or not to send the software attribute
and not other production-relevant configurations, it should be named
accordingly.
The old --prod configuration option still works, but is now deprecated
and undocumented.
This commit does the following:
* Factor out loading of TLS keys and certificates into turn_params SSL
context so that it can be repeated. (Contexts are not overwritten
when loading encounters errors, but initial contexts will be set
regardless of errors. This keeps existing semantics.)
* Isolate copying of turn_params SSL context to ioa_engine structs
into callback functions appropriate for libevent invocation.
* Chain both of the above to a signal event handler responding to
SIGUSR2.
This allows replacement of keys and certificates during run-time
without interrupting relaying operations.
