1 files changed, 0 insertions, 250 deletions
diff --git a/recipes-security/freediameter/files/freeDiameter.conf b/recipes-security/freediameter/files/freeDiameter.conf
deleted file mode 100644
index 7b56d74..0000000
--- a/recipes-security/freediameter/files/freeDiameter.conf
+++ /dev/null
@@ -1,250 +0,0 @@
-# This is a sample configuration file for freeDiameter daemon.
-# Most of the options can be omitted, as they default to reasonable values.
-# Only TLS-related options must be configured properly in usual setups.
-# It is possible to use "include" keyword to import additional files
-# e.g.: include "/etc/freeDiameter.d/*.conf"
-# This is exactly equivalent as copy & paste the content of the included file(s) 
-# where the "include" keyword is found.
-##############################################################
-##  Peer identity and realm 
-# The Diameter Identity of this daemon.
-# This must be a valid FQDN that resolves to the local host.
-# Default: hostname's FQDN
-#Identity = "aaa.koganei.freediameter.net";
-# The Diameter Realm of this daemon.
-# Default: the domain part of Identity (after the first dot).
-#Realm = "koganei.freediameter.net";
-##############################################################
-##  Transport protocol configuration
-# The port this peer is listening on for incoming connections (TCP and SCTP).
-# Default: 3868. Use 0 to disable.
-#Port = 3868;
-# The port this peer is listening on for incoming TLS-protected connections (TCP and SCTP).
-# See TLS_old_method for more information about TLS flavours.
-# Note: we use TLS/SCTP instead of DTLS/SCTP at the moment. This will change in future version of freeDiameter.
-# Default: 5868. Use 0 to disable.
-#SecPort = 5868;
-# Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed 
-# on the unsecure connection. The alternative is RFC6733 mechanism, where TLS protects also the 
-# CER/CEA exchange on a dedicated secure port.
-# This parameter only affects outgoing connections. 
-# The setting can be also defined per-peer (see Peers configuration section).
-# Default: use RFC6733 method with separate port for TLS.
-#TLS_old_method;
-# Disable use of TCP protocol (only listen and connect over SCTP)
-# Default : TCP enabled
-#No_TCP;
-# Disable use of SCTP protocol (only listen and connect over TCP)
-# Default : SCTP enabled
-#No_SCTP;
-# This option is ignored if freeDiameter is compiled with DISABLE_SCTP option.
-# Prefer TCP instead of SCTP for establishing new connections.
-# This setting may be overwritten per peer in peer configuration blocs.
-# Default : SCTP is attempted first.
-#Prefer_TCP;
-# Default number of streams per SCTP associations.
-# This setting may be overwritten per peer basis.
-# Default : 30 streams
-#SCTP_streams = 30;
-##############################################################
-##  Endpoint configuration
-# Disable use of IP addresses (only IPv6)
-# Default : IP enabled
-#No_IP;
-# Disable use of IPv6 addresses (only IP)
-# Default : IPv6 enabled
-#No_IPv6;
-# Specify local addresses the server must bind to
-# Default : listen on all addresses available.
-#ListenOn = "202.249.37.5";
-#ListenOn = "2001:200:903:2::202:1";
-#ListenOn = "fe80::21c:5ff:fe98:7d62%eth0";
-##############################################################
-##  Server configuration
-# How many Diameter peers are allowed to be connecting at the same time ?
-# This parameter limits the number of incoming connections from the time
-# the connection is accepted until the first CER is received.
-# Default: 5 unidentified clients in paralel.
-#ThreadsPerServer = 5;
-##############################################################
-##  TLS Configuration
-# TLS is managed by the GNUTLS library in the freeDiameter daemon.
-# You may find more information about parameters and special behaviors
-# in the relevant documentation.
-# http://www.gnu.org/software/gnutls/manual/
-# Credentials of the local peer
-# The X509 certificate and private key file to use for the local peer.
-# The files must contain PKCS-1 encoded RSA key, in PEM format.
-# (These parameters are passed to gnutls_certificate_set_x509_key_file function)
-# Default : NO DEFAULT
-#TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>";
-#TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key";
-# Certificate authority / trust anchors
-# The file containing the list of trusted Certificate Authorities (PEM list)
-# (This parameter is passed to gnutls_certificate_set_x509_trust_file function)
-# The directive can appear several times to specify several files.
-# Default : GNUTLS default behavior
-#TLS_CA = "<file.PEM>";
-# Certificate Revocation List file
-# The information about revoked certificates.
-# The file contains a list of trusted CRLs in PEM format. They should have been verified before. 
-# (This parameter is passed to gnutls_certificate_set_x509_crl_file function)
-# Note: openssl CRL format might have interoperability issue with GNUTLS format.
-# Default : GNUTLS default behavior
-#TLS_CRL = "<file.PEM>";
-# GNU TLS Priority string
-# This string allows to configure the behavior of GNUTLS key exchanges 
-# algorithms. See gnutls_priority_init function documentation for information.
-# You should also refer to the Diameter required TLS support here:
-#   http://tools.ietf.org/html/rfc6733#section-13.1
-# Default : "NORMAL"
-# Example: TLS_Prio = "NONE:+VERS-TLS1.1:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL";
-#TLS_Prio = "NORMAL";
-# Diffie-Hellman parameters size
-# Set the number of bits for generated DH parameters
-# Valid value should be 768, 1024, 2048, 3072 or 4096.
-# (This parameter is passed to gnutls_dh_params_generate2 function, 
-# it usually should match RSA key size)
-# Default : 1024
-#TLS_DH_Bits = 1024;
-# Alternatively, you can specify a file to load the PKCS#3 encoded
-# DH parameters directly from. This accelerates the daemon start 
-# but is slightly less secure. If this file is provided, the
-# TLS_DH_Bits parameters has no effect.
-# Default : no default.
-#TLS_DH_File = "<file.PEM>";
-##############################################################
-##  Timers configuration
-# The Tc timer of this peer.
-# It is the delay before a new attempt is made to reconnect a disconnected peer.
-# The value is expressed in seconds. The recommended value is 30 seconds.
-# Default: 30
-#TcTimer = 30;
-# The Tw timer of this peer.
-# It is the delay before a watchdog message is sent, as described in RFC 3539.
-# The value is expressed in seconds. The default value is 30 seconds. Value must
-# be greater or equal to 6 seconds. See details in the RFC.
-# Default: 30
-#TwTimer = 30;
-##############################################################
-##  Applications configuration
-# Disable the relaying of Diameter messages?
-# For messages not handled locally, the default behavior is to forward the
-# message to another peer if any is available, according to the routing 
-# algorithms. In addition the "0xffffff" application is advertised in CER/CEA 
-# exchanges.
-# Default: Relaying is enabled.
-#NoRelay;
-# Number of server threads that can handle incoming messages at the same time.
-# Default: 4
-#AppServThreads = 4;
-# Other applications are configured by loaded extensions.
-##############################################################
-##  Extensions configuration
-#  The freeDiameter framework merely provides support for
-# Diameter Base Protocol. The specific application behaviors,
-# as well as advanced functions, are provided
-# by loadable extensions (plug-ins).
-#  These extensions may in addition receive the name of a 
-# configuration file, the format of which is extension-specific.
-#
-# Format:
-#LoadExtension = "/path/to/extension" [ : "/optional/configuration/file" ] ;
-#
-# Examples:
-#LoadExtension = "extensions/sample.fdx";
-#LoadExtension = "extensions/sample.fdx":"conf/sample.conf";
-# Extensions are named as follow:
-# dict_* for extensions that add content to the dictionary definitions.
-# dbg_*  for extensions useful only to retrieve more information on the framework execution.
-# acl_*  : Access control list, to control which peers are allowed to connect.
-# rt_*   : routing extensions that impact how messages are forwarded to other peers.
-# app_*  : applications, these extensions usually register callbacks to handle specific messages.
-# test_* : dummy extensions that are useful only in testing environments.
-# The dbg_msg_dump.fdx extension allows you to tweak the way freeDiameter displays some
-# information about some events. This extension does not actually use a configuration file
-# but receives directly a parameter in the string passed to the extension. Here are some examples:
-## LoadExtension = "dbg_msg_dumps.fdx" : "0x1111"; # Removes all default hooks, very quiet even in case of errors.
-## LoadExtension = "dbg_msg_dumps.fdx" : "0x2222"; # Display all events with few details.
-## LoadExtension = "dbg_msg_dumps.fdx" : "0x0080"; # Dump complete information about sent and received messages.
-# The four digits respectively control: connections, routing decisions, sent/received messages, errors.
-# The values for each digit are:
-#  0 - default - keep the default behavior
-#  1 - quiet   - remove any specific log
-#  2 - compact - display only a summary of the information
-#  4 - full    - display the complete information on a single long line
-#  8 - tree    - display the complete information in an easier to read format spanning several lines.
-##############################################################
-##  Peers configuration
-#  The local server listens for incoming connections. By default,
-# all unknown connecting peers are rejected. Extensions can override this behavior (e.g., acl_wl).
-# 
-#  In addition to incoming connections, the local peer can
-# be configured to establish and maintain connections to some 
-# Diameter nodes and allow connections from these nodes.
-#  This is achieved with the ConnectPeer directive described below.
-#
-# Note that the configured Diameter Identity MUST match
-# the information received inside CEA, or the connection will be aborted.
-#
-# Format:
-#ConnectPeer = "diameterid" [ { parameter1; parameter2; ...} ] ;
-# Parameters that can be specified in the peer's parameter list:
-#  No_TCP; No_SCTP; No_IP; No_IPv6; Prefer_TCP; TLS_old_method;
-#  No_TLS;       # assume transparent security instead of TLS. DTLS is not supported yet (will change in future versions).
-#  Port = 5868;  # The port to connect to
-#  TcTimer = 30;
-#  TwTimer = 30;
-#  ConnectTo = "202.249.37.5";
-#  ConnectTo = "2001:200:903:2::202:1";
-#  TLS_Prio = "NORMAL";
-#  Realm = "realm.net"; # Reject the peer if it does not advertise this realm.
-# Examples:
-#ConnectPeer = "aaa.wide.ad.jp";
-#ConnectPeer = "old.diameter.serv" { TcTimer = 60; TLS_old_method; No_SCTP; Port=3868; } ;
-##############################################################

diff --git a/recipes-security/freediameter/files/freeDiameter.conf b/recipes-security/freediameter/files/freeDiameter.conf deleted file mode 100644 index 7b56d74..0000000 --- a/recipes-security/freediameter/files/freeDiameter.conf +++ /dev/null
@@ -1,250 +0,0 @@
1	# This is a sample configuration file for freeDiameter daemon.
2
3	# Most of the options can be omitted, as they default to reasonable values.
4	# Only TLS-related options must be configured properly in usual setups.
5
6	# It is possible to use "include" keyword to import additional files
7	# e.g.: include "/etc/freeDiameter.d/*.conf"
8	# This is exactly equivalent as copy & paste the content of the included file(s)
9	# where the "include" keyword is found.
10
11
12	##############################################################
13	## Peer identity and realm
14
15	# The Diameter Identity of this daemon.
16	# This must be a valid FQDN that resolves to the local host.
17	# Default: hostname's FQDN
18	#Identity = "aaa.koganei.freediameter.net";
19
20	# The Diameter Realm of this daemon.
21	# Default: the domain part of Identity (after the first dot).
22	#Realm = "koganei.freediameter.net";
23
24	##############################################################
25	## Transport protocol configuration
26
27	# The port this peer is listening on for incoming connections (TCP and SCTP).
28	# Default: 3868. Use 0 to disable.
29	#Port = 3868;
30
31	# The port this peer is listening on for incoming TLS-protected connections (TCP and SCTP).
32	# See TLS_old_method for more information about TLS flavours.
33	# Note: we use TLS/SCTP instead of DTLS/SCTP at the moment. This will change in future version of freeDiameter.
34	# Default: 5868. Use 0 to disable.
35	#SecPort = 5868;
36
37	# Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed
38	# on the unsecure connection. The alternative is RFC6733 mechanism, where TLS protects also the
39	# CER/CEA exchange on a dedicated secure port.
40	# This parameter only affects outgoing connections.
41	# The setting can be also defined per-peer (see Peers configuration section).
42	# Default: use RFC6733 method with separate port for TLS.
43	#TLS_old_method;
44
45	# Disable use of TCP protocol (only listen and connect over SCTP)
46	# Default : TCP enabled
47	#No_TCP;
48
49	# Disable use of SCTP protocol (only listen and connect over TCP)
50	# Default : SCTP enabled
51	#No_SCTP;
52	# This option is ignored if freeDiameter is compiled with DISABLE_SCTP option.
53
54	# Prefer TCP instead of SCTP for establishing new connections.
55	# This setting may be overwritten per peer in peer configuration blocs.
56	# Default : SCTP is attempted first.
57	#Prefer_TCP;
58
59	# Default number of streams per SCTP associations.
60	# This setting may be overwritten per peer basis.
61	# Default : 30 streams
62	#SCTP_streams = 30;
63
64	##############################################################
65	## Endpoint configuration
66
67	# Disable use of IP addresses (only IPv6)
68	# Default : IP enabled
69	#No_IP;
70
71	# Disable use of IPv6 addresses (only IP)
72	# Default : IPv6 enabled
73	#No_IPv6;
74
75	# Specify local addresses the server must bind to
76	# Default : listen on all addresses available.
77	#ListenOn = "202.249.37.5";
78	#ListenOn = "2001:200:903:2::202:1";
79	#ListenOn = "fe80::21c:5ff:fe98:7d62%eth0";
80
81
82	##############################################################
83	## Server configuration
84
85	# How many Diameter peers are allowed to be connecting at the same time ?
86	# This parameter limits the number of incoming connections from the time
87	# the connection is accepted until the first CER is received.
88	# Default: 5 unidentified clients in paralel.
89	#ThreadsPerServer = 5;
90
91	##############################################################
92	## TLS Configuration
93
94	# TLS is managed by the GNUTLS library in the freeDiameter daemon.
95	# You may find more information about parameters and special behaviors
96	# in the relevant documentation.
97	# http://www.gnu.org/software/gnutls/manual/
98
99	# Credentials of the local peer
100	# The X509 certificate and private key file to use for the local peer.
101	# The files must contain PKCS-1 encoded RSA key, in PEM format.
102	# (These parameters are passed to gnutls_certificate_set_x509_key_file function)
103	# Default : NO DEFAULT
104	#TLS_Cred = "<x509 certif file.PEM>" , "<x509 private key file.PEM>";
105	#TLS_Cred = "/etc/ssl/certs/freeDiameter.pem", "/etc/ssl/private/freeDiameter.key";
106
107	# Certificate authority / trust anchors
108	# The file containing the list of trusted Certificate Authorities (PEM list)
109	# (This parameter is passed to gnutls_certificate_set_x509_trust_file function)
110	# The directive can appear several times to specify several files.
111	# Default : GNUTLS default behavior
112	#TLS_CA = "<file.PEM>";
113
114	# Certificate Revocation List file
115	# The information about revoked certificates.
116	# The file contains a list of trusted CRLs in PEM format. They should have been verified before.
117	# (This parameter is passed to gnutls_certificate_set_x509_crl_file function)
118	# Note: openssl CRL format might have interoperability issue with GNUTLS format.
119	# Default : GNUTLS default behavior
120	#TLS_CRL = "<file.PEM>";
121
122	# GNU TLS Priority string
123	# This string allows to configure the behavior of GNUTLS key exchanges
124	# algorithms. See gnutls_priority_init function documentation for information.
125	# You should also refer to the Diameter required TLS support here:
126	# http://tools.ietf.org/html/rfc6733#section-13.1
127	# Default : "NORMAL"
128	# Example: TLS_Prio = "NONE:+VERS-TLS1.1:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL";
129	#TLS_Prio = "NORMAL";
130
131	# Diffie-Hellman parameters size
132	# Set the number of bits for generated DH parameters
133	# Valid value should be 768, 1024, 2048, 3072 or 4096.
134	# (This parameter is passed to gnutls_dh_params_generate2 function,
135	# it usually should match RSA key size)
136	# Default : 1024
137	#TLS_DH_Bits = 1024;
138
139	# Alternatively, you can specify a file to load the PKCS#3 encoded
140	# DH parameters directly from. This accelerates the daemon start
141	# but is slightly less secure. If this file is provided, the
142	# TLS_DH_Bits parameters has no effect.
143	# Default : no default.
144	#TLS_DH_File = "<file.PEM>";
145
146
147	##############################################################
148	## Timers configuration
149
150	# The Tc timer of this peer.
151	# It is the delay before a new attempt is made to reconnect a disconnected peer.
152	# The value is expressed in seconds. The recommended value is 30 seconds.
153	# Default: 30
154	#TcTimer = 30;
155
156	# The Tw timer of this peer.
157	# It is the delay before a watchdog message is sent, as described in RFC 3539.
158	# The value is expressed in seconds. The default value is 30 seconds. Value must
159	# be greater or equal to 6 seconds. See details in the RFC.
160	# Default: 30
161	#TwTimer = 30;
162
163	##############################################################
164	## Applications configuration
165
166	# Disable the relaying of Diameter messages?
167	# For messages not handled locally, the default behavior is to forward the
168	# message to another peer if any is available, according to the routing
169	# algorithms. In addition the "0xffffff" application is advertised in CER/CEA
170	# exchanges.
171	# Default: Relaying is enabled.
172	#NoRelay;
173
174	# Number of server threads that can handle incoming messages at the same time.
175	# Default: 4
176	#AppServThreads = 4;
177
178	# Other applications are configured by loaded extensions.
179
180	##############################################################
181	## Extensions configuration
182
183	# The freeDiameter framework merely provides support for
184	# Diameter Base Protocol. The specific application behaviors,
185	# as well as advanced functions, are provided
186	# by loadable extensions (plug-ins).
187	# These extensions may in addition receive the name of a
188	# configuration file, the format of which is extension-specific.
189	#
190	# Format:
191	#LoadExtension = "/path/to/extension" [ : "/optional/configuration/file" ] ;
192	#
193	# Examples:
194	#LoadExtension = "extensions/sample.fdx";
195	#LoadExtension = "extensions/sample.fdx":"conf/sample.conf";
196
197	# Extensions are named as follow:
198	# dict_* for extensions that add content to the dictionary definitions.
199	# dbg_* for extensions useful only to retrieve more information on the framework execution.
200	# acl_* : Access control list, to control which peers are allowed to connect.
201	# rt_* : routing extensions that impact how messages are forwarded to other peers.
202	# app_* : applications, these extensions usually register callbacks to handle specific messages.
203	# test_* : dummy extensions that are useful only in testing environments.
204
205
206	# The dbg_msg_dump.fdx extension allows you to tweak the way freeDiameter displays some
207	# information about some events. This extension does not actually use a configuration file
208	# but receives directly a parameter in the string passed to the extension. Here are some examples:
209	## LoadExtension = "dbg_msg_dumps.fdx" : "0x1111"; # Removes all default hooks, very quiet even in case of errors.
210	## LoadExtension = "dbg_msg_dumps.fdx" : "0x2222"; # Display all events with few details.
211	## LoadExtension = "dbg_msg_dumps.fdx" : "0x0080"; # Dump complete information about sent and received messages.
212	# The four digits respectively control: connections, routing decisions, sent/received messages, errors.
213	# The values for each digit are:
214	# 0 - default - keep the default behavior
215	# 1 - quiet - remove any specific log
216	# 2 - compact - display only a summary of the information
217	# 4 - full - display the complete information on a single long line
218	# 8 - tree - display the complete information in an easier to read format spanning several lines.
219
220
221	##############################################################
222	## Peers configuration
223
224	# The local server listens for incoming connections. By default,
225	# all unknown connecting peers are rejected. Extensions can override this behavior (e.g., acl_wl).
226	#
227	# In addition to incoming connections, the local peer can
228	# be configured to establish and maintain connections to some
229	# Diameter nodes and allow connections from these nodes.
230	# This is achieved with the ConnectPeer directive described below.
231	#
232	# Note that the configured Diameter Identity MUST match
233	# the information received inside CEA, or the connection will be aborted.
234	#
235	# Format:
236	#ConnectPeer = "diameterid" [ { parameter1; parameter2; ...} ] ;
237	# Parameters that can be specified in the peer's parameter list:
238	# No_TCP; No_SCTP; No_IP; No_IPv6; Prefer_TCP; TLS_old_method;
239	# No_TLS; # assume transparent security instead of TLS. DTLS is not supported yet (will change in future versions).
240	# Port = 5868; # The port to connect to
241	# TcTimer = 30;
242	# TwTimer = 30;
243	# ConnectTo = "202.249.37.5";
244	# ConnectTo = "2001:200:903:2::202:1";
245	# TLS_Prio = "NORMAL";
246	# Realm = "realm.net"; # Reject the peer if it does not advertise this realm.
247	# Examples:
248	#ConnectPeer = "aaa.wide.ad.jp";
249	#ConnectPeer = "old.diameter.serv" { TcTimer = 60; TLS_old_method; No_SCTP; Port=3868; } ;
250	##############################################################