mirror of
https://github.com/ossrs/srs.git
synced 2025-03-09 15:49:59 +00:00
Config to use RSA or ECDSA
This commit is contained in:
winlin
parent
5e06a2568b
commit
c70a0eb07c
7 changed files with 48 additions and 10 deletions
|
|
@ -399,6 +399,10 @@ rtc_server {
|
||||||
# $CANDIDATE $EIP # TODO: Implements it.
|
# $CANDIDATE $EIP # TODO: Implements it.
|
||||||
# default: *
|
# default: *
|
||||||
candidate *;
|
candidate *;
|
||||||
|
# Whether use ECDSA certificate.
|
||||||
|
# If not, use RSA certificate.
|
||||||
|
# default: on
|
||||||
|
ecdsa on;
|
||||||
}
|
}
|
||||||
|
|
||||||
vhost rtc.vhost.srs.com {
|
vhost rtc.vhost.srs.com {
|
||||||
|
|
|
||||||
|
|
@ -4639,6 +4639,23 @@ std::string SrsConfig::get_rtc_server_candidates()
|
||||||
return (conf->arg0().c_str());
|
return (conf->arg0().c_str());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool SrsConfig::get_rtc_server_ecdsa()
|
||||||
|
{
|
||||||
|
static bool DEFAULT = true;
|
||||||
|
|
||||||
|
SrsConfDirective* conf = root->get("rtc_server");
|
||||||
|
if (!conf) {
|
||||||
|
return DEFAULT;
|
||||||
|
}
|
||||||
|
|
||||||
|
conf = conf->get("ecdsa");
|
||||||
|
if (!conf || conf->arg0().empty()) {
|
||||||
|
return DEFAULT;
|
||||||
|
}
|
||||||
|
|
||||||
|
return SRS_CONF_PERFER_TRUE(conf->arg0());
|
||||||
|
}
|
||||||
|
|
||||||
SrsConfDirective* SrsConfig::get_rtc(string vhost)
|
SrsConfDirective* SrsConfig::get_rtc(string vhost)
|
||||||
{
|
{
|
||||||
SrsConfDirective* conf = get_vhost(vhost);
|
SrsConfDirective* conf = get_vhost(vhost);
|
||||||
|
|
|
||||||
|
|
@ -520,6 +520,7 @@ public:
|
||||||
virtual bool get_rtc_server_enabled(SrsConfDirective* conf);
|
virtual bool get_rtc_server_enabled(SrsConfDirective* conf);
|
||||||
virtual int get_rtc_server_listen();
|
virtual int get_rtc_server_listen();
|
||||||
virtual std::string get_rtc_server_candidates();
|
virtual std::string get_rtc_server_candidates();
|
||||||
|
virtual bool get_rtc_server_ecdsa();
|
||||||
|
|
||||||
SrsConfDirective* get_rtc(std::string vhost);
|
SrsConfDirective* get_rtc(std::string vhost);
|
||||||
bool get_rtc_enabled(std::string vhost);
|
bool get_rtc_enabled(std::string vhost);
|
||||||
|
|
|
||||||
|
|
@ -28,6 +28,8 @@ using namespace std;
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
#include <srs_kernel_log.hpp>
|
#include <srs_kernel_log.hpp>
|
||||||
|
#include <srs_kernel_error.hpp>
|
||||||
|
#include <srs_app_config.hpp>
|
||||||
|
|
||||||
#include <srtp2/srtp.h>
|
#include <srtp2/srtp.h>
|
||||||
#include <openssl/ssl.h>
|
#include <openssl/ssl.h>
|
||||||
|
|
@ -36,17 +38,18 @@ SrsDtls* SrsDtls::_instance = NULL;
|
||||||
|
|
||||||
SrsDtls::SrsDtls()
|
SrsDtls::SrsDtls()
|
||||||
{
|
{
|
||||||
|
dtls_ctx = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
SrsDtls::~SrsDtls()
|
SrsDtls::~SrsDtls()
|
||||||
{
|
{
|
||||||
|
SSL_CTX_free(dtls_ctx);
|
||||||
}
|
}
|
||||||
|
|
||||||
SrsDtls* SrsDtls::instance()
|
SrsDtls* SrsDtls::instance()
|
||||||
{
|
{
|
||||||
if (!_instance) {
|
if (!_instance) {
|
||||||
_instance = new SrsDtls();
|
_instance = new SrsDtls();
|
||||||
_instance->init();
|
|
||||||
}
|
}
|
||||||
return _instance;
|
return _instance;
|
||||||
}
|
}
|
||||||
|
|
@ -66,8 +69,10 @@ static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void SrsDtls::init()
|
srs_error_t SrsDtls::init(const SrsRequest& req)
|
||||||
{
|
{
|
||||||
|
srs_error_t err = srs_success;
|
||||||
|
|
||||||
// Initialize SRTP first.
|
// Initialize SRTP first.
|
||||||
srs_assert(srtp_init() == 0);
|
srs_assert(srtp_init() == 0);
|
||||||
|
|
||||||
|
|
@ -87,10 +92,13 @@ void SrsDtls::init()
|
||||||
//dtls_ctx = SSL_CTX_new(DTLSv1_2_method());
|
//dtls_ctx = SSL_CTX_new(DTLSv1_2_method());
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
// Whether use ECDSA certificate.
|
||||||
|
bool is_ecdsa = _srs_config->get_rtc_server_ecdsa();
|
||||||
|
|
||||||
// Create keys by RSA or ECDSA.
|
// Create keys by RSA or ECDSA.
|
||||||
EVP_PKEY* dtls_pkey = EVP_PKEY_new();
|
EVP_PKEY* dtls_pkey = EVP_PKEY_new();
|
||||||
srs_assert(dtls_pkey);
|
srs_assert(dtls_pkey);
|
||||||
if (false) { // By RSA
|
if (!is_ecdsa) { // By RSA
|
||||||
RSA* rsa = RSA_new();
|
RSA* rsa = RSA_new();
|
||||||
srs_assert(rsa);
|
srs_assert(rsa);
|
||||||
|
|
||||||
|
|
@ -110,7 +118,7 @@ void SrsDtls::init()
|
||||||
RSA_free(rsa);
|
RSA_free(rsa);
|
||||||
BN_free(exponent);
|
BN_free(exponent);
|
||||||
}
|
}
|
||||||
if (true) { // By ECDSA, https://stackoverflow.com/a/6006898
|
if (is_ecdsa) { // By ECDSA, https://stackoverflow.com/a/6006898
|
||||||
EC_KEY* eckey = EC_KEY_new();
|
EC_KEY* eckey = EC_KEY_new();
|
||||||
srs_assert(eckey);
|
srs_assert(eckey);
|
||||||
|
|
||||||
|
|
@ -240,4 +248,6 @@ void SrsDtls::init()
|
||||||
fingerprint.assign(fp, strlen(fp));
|
fingerprint.assign(fp, strlen(fp));
|
||||||
srs_trace("fingerprint=%s", fingerprint.c_str());
|
srs_trace("fingerprint=%s", fingerprint.c_str());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return err;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -28,6 +28,8 @@
|
||||||
|
|
||||||
#include <string>
|
#include <string>
|
||||||
|
|
||||||
|
class SrsRequest;
|
||||||
|
|
||||||
#include <openssl/ssl.h>
|
#include <openssl/ssl.h>
|
||||||
|
|
||||||
class SrsDtls
|
class SrsDtls
|
||||||
|
|
@ -40,8 +42,8 @@ private:
|
||||||
private:
|
private:
|
||||||
SrsDtls();
|
SrsDtls();
|
||||||
virtual ~SrsDtls();
|
virtual ~SrsDtls();
|
||||||
|
public:
|
||||||
void init();
|
srs_error_t init(const SrsRequest& req);
|
||||||
public:
|
public:
|
||||||
static SrsDtls* instance();
|
static SrsDtls* instance();
|
||||||
SSL_CTX* get_dtls_ctx() { return dtls_ctx; }
|
SSL_CTX* get_dtls_ctx() { return dtls_ctx; }
|
||||||
|
|
|
||||||
|
|
@ -142,10 +142,14 @@ SrsDtlsSession::~SrsDtlsSession()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
srs_error_t SrsDtlsSession::initialize()
|
srs_error_t SrsDtlsSession::initialize(const SrsRequest& req)
|
||||||
{
|
{
|
||||||
srs_error_t err = srs_success;
|
srs_error_t err = srs_success;
|
||||||
|
|
||||||
|
if ((err = SrsDtls::instance()->init(req)) != srs_success) {
|
||||||
|
return srs_error_wrap(err, "DTLS init");
|
||||||
|
}
|
||||||
|
|
||||||
if ((dtls = SSL_new(SrsDtls::instance()->get_dtls_ctx())) == NULL) {
|
if ((dtls = SSL_new(SrsDtls::instance()->get_dtls_ctx())) == NULL) {
|
||||||
return srs_error_new(ERROR_OpenSslCreateSSL, "SSL_new dtls");
|
return srs_error_new(ERROR_OpenSslCreateSSL, "SSL_new dtls");
|
||||||
}
|
}
|
||||||
|
|
@ -593,7 +597,7 @@ SrsRtcSession::SrsRtcSession(SrsRtcServer* rtc_svr, const SrsRequest& req, const
|
||||||
rtc_server = rtc_svr;
|
rtc_server = rtc_svr;
|
||||||
session_state = INIT;
|
session_state = INIT;
|
||||||
dtls_session = new SrsDtlsSession(this);
|
dtls_session = new SrsDtlsSession(this);
|
||||||
dtls_session->initialize();
|
dtls_session->initialize(req);
|
||||||
strd = NULL;
|
strd = NULL;
|
||||||
|
|
||||||
username = un;
|
username = un;
|
||||||
|
|
|
||||||
|
|
@ -97,7 +97,7 @@ public:
|
||||||
SrsDtlsSession(SrsRtcSession* s);
|
SrsDtlsSession(SrsRtcSession* s);
|
||||||
virtual ~SrsDtlsSession();
|
virtual ~SrsDtlsSession();
|
||||||
|
|
||||||
srs_error_t initialize();
|
srs_error_t initialize(const SrsRequest& req);
|
||||||
|
|
||||||
srs_error_t on_dtls(SrsUdpMuxSocket* udp_mux_skt);
|
srs_error_t on_dtls(SrsUdpMuxSocket* udp_mux_skt);
|
||||||
srs_error_t on_dtls_handshake_done(SrsUdpMuxSocket* udp_mux_skt);
|
srs_error_t on_dtls_handshake_done(SrsUdpMuxSocket* udp_mux_skt);
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue