SSL support for "out of band" applications is added in OpenSim commit 8ca793875318efc8db3339b25bf7fa5ddeeac218 . I have tested the region server with the remote-admin plugin and also completed the lsl function - llRequestSecureURL(). In Robust, I tested using a custom service to expose a service that gets user information over https. I will post the code for that soon as an example.
*Certificates To use it, you will need a certificate in the PFX/PKCS12 format. These may be certs purchased from someone like VeriSign, Thawte or others providing CA services. You may also use a self signed cert for testing. If you are using Mono, see http://www.mono-project.com/FAQ:_Security and page down to "Can I make my own certificates ? ", and Windows users, here: http://blogs.technet.com/b/jhoward/archive/2005/02/02/365323.aspx for instructions. If you have an existing cert that is not in the PFX format, such as *.crt - you may use openssl to copy it into the proper format. See http://security.ncsa.illinois.edu/research/grid-howtos/usefulopenssl.html for some background information for using openssl to create certs or convert between formats. *Configuration The region server may use ssl as an auxiliary port. The options are in the OpenSimDefaults.ini. Copy them to your OpenSim.ini and adjust the settings to your setup... [Network] http_listener_port = 9000 https_listener = True https_port = 9080 cert_path = "/home/opensim/etc/os_server.p12" cert_pass = "mypassword" [RemoteAdmin] enabled = true port = 9080 access_password = "woohooo" Then, set your remote-admin client to use the port and make the calls using https. I used code from http://xyzzyxyzzy.net/2008/01/23/using-pythons-xmlrpclib-with-opensim/ to test the remote-admin. Modifying it to use my port and https. For applications in Robust, you have a couple of options. First, you can add an auxiliary port, as in the region server. But, in-case you want to split out your https application to a separate Robust server, you can make the main listener talk on https. Same options as the region server with one addition - the https_main option. Set that one to True to get your Robust main listener on https. Or set it to False to add an auxiliary https port to the main server. Then, in your application, set the port in your ServiceConnectors line to tell your application to use it... [Startup] ServiceConnectors = "8114/WxService.dll:WxServiceConnector" ; ^^^^ <-- Here [Network] port = 8113 ;; ^^^^ <-- Main listener https_main = False ;; Create http listener true / false https_listener = True ;; Set our listener to this port https_port = 8114 ;; ^^^^ <-- And Here ;; Path to X.509 cert cert_path = "/home/opensim/etc/os_server.p12" ;; Password for cert cert_pass = "mypassword" Have fun! BlueWall _______________________________________________ Opensim-dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/opensim-dev
