mirror of
https://github.com/ossrs/srs.git
synced 2025-03-09 15:49:59 +00:00
RTC: delete SrsDTLS single instance
This commit is contained in:
jinxue.cgh
winlin
parent
f3f9636d80
commit
9addade2b4
5 changed files with 30 additions and 44 deletions
|
|
@ -34,6 +34,21 @@ using namespace std;
|
|||
#include <srtp2/srtp.h>
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
// The return value of verify_callback controls the strategy of the further verification process. If verify_callback
|
||||
// returns 0, the verification process is immediately stopped with "verification failed" state. If SSL_VERIFY_PEER is
|
||||
// set, a verification failure alert is sent to the peer and the TLS/SSL handshake is terminated. If verify_callback
|
||||
// returns 1, the verification process is continued. If verify_callback always returns 1, the TLS/SSL handshake will
|
||||
// not be terminated with respect to verification failures and the connection will be established. The calling process
|
||||
// can however retrieve the error code of the last verification error using SSL_get_verify_result(3) or by maintaining
|
||||
// its own error storage managed by verify_callback.
|
||||
// @see https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_verify.html
|
||||
static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
|
||||
{
|
||||
// Always OK, we don't check the certificate of client,
|
||||
// because we allow client self-sign certificate.
|
||||
return 1;
|
||||
}
|
||||
|
||||
SrsDtlsCertificate::SrsDtlsCertificate()
|
||||
{
|
||||
dtls_cert = NULL;
|
||||
|
|
@ -216,7 +231,6 @@ bool SrsDtlsCertificate::is_ecdsa()
|
|||
return ecdsa_mode;
|
||||
}
|
||||
|
||||
SrsDtls* SrsDtls::_instance = NULL;
|
||||
|
||||
SrsDtls::SrsDtls()
|
||||
{
|
||||
|
|
@ -226,29 +240,6 @@ SrsDtls::~SrsDtls()
|
|||
{
|
||||
}
|
||||
|
||||
// The return value of verify_callback controls the strategy of the further verification process. If verify_callback
|
||||
// returns 0, the verification process is immediately stopped with "verification failed" state. If SSL_VERIFY_PEER is
|
||||
// set, a verification failure alert is sent to the peer and the TLS/SSL handshake is terminated. If verify_callback
|
||||
// returns 1, the verification process is continued. If verify_callback always returns 1, the TLS/SSL handshake will
|
||||
// not be terminated with respect to verification failures and the connection will be established. The calling process
|
||||
// can however retrieve the error code of the last verification error using SSL_get_verify_result(3) or by maintaining
|
||||
// its own error storage managed by verify_callback.
|
||||
// @see https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_verify.html
|
||||
static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
|
||||
{
|
||||
// Always OK, we don't check the certificate of client,
|
||||
// because we allow client self-sign certificate.
|
||||
return 1;
|
||||
}
|
||||
|
||||
SrsDtls* SrsDtls::instance()
|
||||
{
|
||||
if (!_instance) {
|
||||
_instance = new SrsDtls();
|
||||
}
|
||||
return _instance;
|
||||
}
|
||||
|
||||
SSL_CTX* SrsDtls::build_dtls_ctx()
|
||||
{
|
||||
SSL_CTX* dtls_ctx;
|
||||
|
|
@ -260,7 +251,7 @@ SSL_CTX* SrsDtls::build_dtls_ctx()
|
|||
//dtls_ctx = SSL_CTX_new(DTLSv1_2_method());
|
||||
#endif
|
||||
|
||||
if (_rtc_dtls_certificate->is_ecdsa()) { // By ECDSA, https://stackoverflow.com/a/6006898
|
||||
if (_srs_rtc_dtls_certificate->is_ecdsa()) { // By ECDSA, https://stackoverflow.com/a/6006898
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L // v1.0.2
|
||||
// For ECDSA, we could set the curves list.
|
||||
|
|
@ -272,7 +263,7 @@ SSL_CTX* SrsDtls::build_dtls_ctx()
|
|||
// @see https://stackoverrun.com/cn/q/10791887
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L // v1.1.x
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10002000L // v1.0.2
|
||||
SSL_CTX_set_tmp_ecdh(dtls_ctx, _rtc_dtls_certificate->get_ecdsa_key());
|
||||
SSL_CTX_set_tmp_ecdh(dtls_ctx, _srs_rtc_dtls_certificate->get_ecdsa_key());
|
||||
#else
|
||||
SSL_CTX_set_ecdh_auto(dtls_ctx, 1);
|
||||
#endif
|
||||
|
|
@ -286,8 +277,8 @@ SSL_CTX* SrsDtls::build_dtls_ctx()
|
|||
srs_assert(SSL_CTX_set_cipher_list(dtls_ctx, "ALL") == 1);
|
||||
|
||||
// Setup the certificate.
|
||||
srs_assert(SSL_CTX_use_certificate(dtls_ctx, _rtc_dtls_certificate->get_cert()) == 1);
|
||||
srs_assert(SSL_CTX_use_PrivateKey(dtls_ctx, _rtc_dtls_certificate->get_public_key()) == 1);
|
||||
srs_assert(SSL_CTX_use_certificate(dtls_ctx, _srs_rtc_dtls_certificate->get_cert()) == 1);
|
||||
srs_assert(SSL_CTX_use_PrivateKey(dtls_ctx, _srs_rtc_dtls_certificate->get_public_key()) == 1);
|
||||
|
||||
// Server will send Certificate Request.
|
||||
// @see https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_verify.html
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue