RTC: delete SrsDTLS single instance

trunk/src/app/srs_app_rtc_conn.cpp

@@ -150,7 +150,7 @@ srs_error_t SrsRtcDtls::initialize(SrsRequest* r)
     srs_error_t err = srs_success;
 
     // TODO: FIXME: Leak for SSL_CTX* return by build_dtls_ctx.
-    if ((dtls = SSL_new(SrsDtls::instance()->build_dtls_ctx())) == NULL) {
+    if ((dtls = SSL_new(SrsDtls::build_dtls_ctx())) == NULL) {
         return srs_error_new(ERROR_OpenSslCreateSSL, "SSL_new dtls");
     }
 

trunk/src/app/srs_app_rtc_dtls.cpp

@@ -34,6 +34,21 @@ using namespace std;
 #include <srtp2/srtp.h>
 #include <openssl/ssl.h>
 
+// The return value of verify_callback controls the strategy of the further verification process. If verify_callback
+// returns 0, the verification process is immediately stopped with "verification failed" state. If SSL_VERIFY_PEER is
+// set, a verification failure alert is sent to the peer and the TLS/SSL handshake is terminated. If verify_callback
+// returns 1, the verification process is continued. If verify_callback always returns 1, the TLS/SSL handshake will
+// not be terminated with respect to verification failures and the connection will be established. The calling process
+// can however retrieve the error code of the last verification error using SSL_get_verify_result(3) or by maintaining
+// its own error storage managed by verify_callback.
+// @see https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_verify.html
+static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
+{
+    // Always OK, we don't check the certificate of client,
+    // because we allow client self-sign certificate.
+    return 1;
+}
+
 SrsDtlsCertificate::SrsDtlsCertificate()
 {
     dtls_cert = NULL;
@@ -216,7 +231,6 @@ bool SrsDtlsCertificate::is_ecdsa()
     return ecdsa_mode;
 }
 
-SrsDtls* SrsDtls::_instance = NULL;
 
 SrsDtls::SrsDtls()
 {
@@ -226,29 +240,6 @@ SrsDtls::~SrsDtls()
 {
 }
 
-// The return value of verify_callback controls the strategy of the further verification process. If verify_callback
-// returns 0, the verification process is immediately stopped with "verification failed" state. If SSL_VERIFY_PEER is
-// set, a verification failure alert is sent to the peer and the TLS/SSL handshake is terminated. If verify_callback
-// returns 1, the verification process is continued. If verify_callback always returns 1, the TLS/SSL handshake will
-// not be terminated with respect to verification failures and the connection will be established. The calling process
-// can however retrieve the error code of the last verification error using SSL_get_verify_result(3) or by maintaining
-// its own error storage managed by verify_callback.
-// @see https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_verify.html
-static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
-{
-    // Always OK, we don't check the certificate of client,
-    // because we allow client self-sign certificate.
-    return 1;
-}
-
-SrsDtls* SrsDtls::instance()
-{
-    if (!_instance) {
-        _instance = new SrsDtls();
-    }
-    return _instance;
-}
-
 SSL_CTX* SrsDtls::build_dtls_ctx()
 {
     SSL_CTX* dtls_ctx;
@@ -260,7 +251,7 @@ SSL_CTX* SrsDtls::build_dtls_ctx()
     //dtls_ctx = SSL_CTX_new(DTLSv1_2_method());
 #endif
 
-    if (_rtc_dtls_certificate->is_ecdsa()) { // By ECDSA, https://stackoverflow.com/a/6006898
+    if (_srs_rtc_dtls_certificate->is_ecdsa()) { // By ECDSA, https://stackoverflow.com/a/6006898
 
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L // v1.0.2
         // For ECDSA, we could set the curves list.
@@ -272,7 +263,7 @@ SSL_CTX* SrsDtls::build_dtls_ctx()
         // @see https://stackoverrun.com/cn/q/10791887
 #if OPENSSL_VERSION_NUMBER < 0x10100000L // v1.1.x
     #if OPENSSL_VERSION_NUMBER < 0x10002000L // v1.0.2
-        SSL_CTX_set_tmp_ecdh(dtls_ctx, _rtc_dtls_certificate->get_ecdsa_key());
+        SSL_CTX_set_tmp_ecdh(dtls_ctx, _srs_rtc_dtls_certificate->get_ecdsa_key());
     #else
         SSL_CTX_set_ecdh_auto(dtls_ctx, 1);
     #endif
@@ -286,8 +277,8 @@ SSL_CTX* SrsDtls::build_dtls_ctx()
         srs_assert(SSL_CTX_set_cipher_list(dtls_ctx, "ALL") == 1);
 
         // Setup the certificate.
-        srs_assert(SSL_CTX_use_certificate(dtls_ctx, _rtc_dtls_certificate->get_cert()) == 1);
+        srs_assert(SSL_CTX_use_certificate(dtls_ctx, _srs_rtc_dtls_certificate->get_cert()) == 1);
-        srs_assert(SSL_CTX_use_PrivateKey(dtls_ctx, _rtc_dtls_certificate->get_public_key()) == 1);
+        srs_assert(SSL_CTX_use_PrivateKey(dtls_ctx, _srs_rtc_dtls_certificate->get_public_key()) == 1);
 
         // Server will send Certificate Request.
         // @see https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_verify.html

trunk/src/app/srs_app_rtc_dtls.hpp

@@ -58,19 +58,16 @@ public:
     bool is_ecdsa();
 };
 
-// @global dtls certficate for rtc module.
+// @global config object.
-SrsDtlsCertificate* _rtc_dtls_certificate = new SrsDtlsCertificate();
+extern SrsDtlsCertificate* _srs_rtc_dtls_certificate;
 
 class SrsDtls
 {
-private:
+public:
-    static SrsDtls* _instance;
-private:
     SrsDtls();
     virtual ~SrsDtls();
 public:
-    static SrsDtls* instance();
+    static SSL_CTX* build_dtls_ctx();
-    SSL_CTX* build_dtls_ctx();
 };
 
 #endif

trunk/src/app/srs_app_rtc_server.cpp

@@ -40,6 +40,9 @@
 #include <srs_app_rtc_source.hpp>
 #include <srs_app_rtc_api.hpp>
 
+// @global dtls certficate for rtc module.
+SrsDtlsCertificate* _srs_rtc_dtls_certificate = new SrsDtlsCertificate();
+
 using namespace std;
 
 static bool is_stun(const uint8_t* data, const int size)
@@ -333,7 +336,7 @@ srs_error_t SrsRtcServer::create_session(
     local_sdp.set_ice_ufrag(local_ufrag);
     local_sdp.set_ice_pwd(local_pwd);
     local_sdp.set_fingerprint_algo("sha-256");
-    local_sdp.set_fingerprint(_rtc_dtls_certificate->get_fingerprint());
+    local_sdp.set_fingerprint(_srs_rtc_dtls_certificate->get_fingerprint());
 
     // We allows to mock the eip of server.
     if (!mock_eip.empty()) {
@@ -366,7 +369,7 @@ srs_error_t SrsRtcServer::create_session2(SrsSdp& local_sdp, SrsRtcSession** pse
     local_sdp.set_ice_ufrag(local_ufrag);
     local_sdp.set_ice_pwd(local_pwd);
     local_sdp.set_fingerprint_algo("sha-256");
-    local_sdp.set_fingerprint(_rtc_dtls_certificate->get_fingerprint());
+    local_sdp.set_fingerprint(_srs_rtc_dtls_certificate->get_fingerprint());
 
     // We allows to mock the eip of server.
     std::vector<string> candidate_ips = get_candidate_ips();
@@ -521,17 +524,13 @@ RtcServerAdapter::RtcServerAdapter()
 RtcServerAdapter::~RtcServerAdapter()
 {
     srs_freep(rtc);
-    
-    if (_rtc_dtls_certificate) {
-        srs_freep(_rtc_dtls_certificate);
-    }
 }
 
 srs_error_t RtcServerAdapter::initialize()
 {
     srs_error_t err = srs_success;
 
-    if ((err = _rtc_dtls_certificate->initialize()) != srs_success) {
+    if ((err = _srs_rtc_dtls_certificate->initialize()) != srs_success) {
         return srs_error_wrap(err, "rtc dtls certificate initialize");
     }
 

trunk/src/app/srs_app_rtc_server.hpp

@@ -31,7 +31,6 @@
 #include <srs_app_reload.hpp>
 #include <srs_app_hourglass.hpp>
 #include <srs_app_hybrid.hpp>
-#include <srs_app_rtc_dtls.hpp>
 
 #include <string>