mirror of
https://github.com/ossrs/srs.git
synced 2025-03-09 15:49:59 +00:00
Config to use RSA or ECDSA
This commit is contained in:
winlin
parent
5e06a2568b
commit
c70a0eb07c
7 changed files with 48 additions and 10 deletions
|
|
@ -399,6 +399,10 @@ rtc_server {
|
|||
# $CANDIDATE $EIP # TODO: Implements it.
|
||||
# default: *
|
||||
candidate *;
|
||||
# Whether use ECDSA certificate.
|
||||
# If not, use RSA certificate.
|
||||
# default: on
|
||||
ecdsa on;
|
||||
}
|
||||
|
||||
vhost rtc.vhost.srs.com {
|
||||
|
|
|
|||
|
|
@ -4639,6 +4639,23 @@ std::string SrsConfig::get_rtc_server_candidates()
|
|||
return (conf->arg0().c_str());
|
||||
}
|
||||
|
||||
bool SrsConfig::get_rtc_server_ecdsa()
|
||||
{
|
||||
static bool DEFAULT = true;
|
||||
|
||||
SrsConfDirective* conf = root->get("rtc_server");
|
||||
if (!conf) {
|
||||
return DEFAULT;
|
||||
}
|
||||
|
||||
conf = conf->get("ecdsa");
|
||||
if (!conf || conf->arg0().empty()) {
|
||||
return DEFAULT;
|
||||
}
|
||||
|
||||
return SRS_CONF_PERFER_TRUE(conf->arg0());
|
||||
}
|
||||
|
||||
SrsConfDirective* SrsConfig::get_rtc(string vhost)
|
||||
{
|
||||
SrsConfDirective* conf = get_vhost(vhost);
|
||||
|
|
|
|||
|
|
@ -520,6 +520,7 @@ public:
|
|||
virtual bool get_rtc_server_enabled(SrsConfDirective* conf);
|
||||
virtual int get_rtc_server_listen();
|
||||
virtual std::string get_rtc_server_candidates();
|
||||
virtual bool get_rtc_server_ecdsa();
|
||||
|
||||
SrsConfDirective* get_rtc(std::string vhost);
|
||||
bool get_rtc_enabled(std::string vhost);
|
||||
|
|
|
|||
|
|
@ -28,6 +28,8 @@ using namespace std;
|
|||
#include <string.h>
|
||||
|
||||
#include <srs_kernel_log.hpp>
|
||||
#include <srs_kernel_error.hpp>
|
||||
#include <srs_app_config.hpp>
|
||||
|
||||
#include <srtp2/srtp.h>
|
||||
#include <openssl/ssl.h>
|
||||
|
|
@ -36,17 +38,18 @@ SrsDtls* SrsDtls::_instance = NULL;
|
|||
|
||||
SrsDtls::SrsDtls()
|
||||
{
|
||||
dtls_ctx = NULL;
|
||||
}
|
||||
|
||||
SrsDtls::~SrsDtls()
|
||||
{
|
||||
SSL_CTX_free(dtls_ctx);
|
||||
}
|
||||
|
||||
SrsDtls* SrsDtls::instance()
|
||||
{
|
||||
if (!_instance) {
|
||||
_instance = new SrsDtls();
|
||||
_instance->init();
|
||||
}
|
||||
return _instance;
|
||||
}
|
||||
|
|
@ -66,8 +69,10 @@ static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
|
|||
return 1;
|
||||
}
|
||||
|
||||
void SrsDtls::init()
|
||||
srs_error_t SrsDtls::init(const SrsRequest& req)
|
||||
{
|
||||
srs_error_t err = srs_success;
|
||||
|
||||
// Initialize SRTP first.
|
||||
srs_assert(srtp_init() == 0);
|
||||
|
||||
|
|
@ -87,10 +92,13 @@ void SrsDtls::init()
|
|||
//dtls_ctx = SSL_CTX_new(DTLSv1_2_method());
|
||||
#endif
|
||||
|
||||
// Whether use ECDSA certificate.
|
||||
bool is_ecdsa = _srs_config->get_rtc_server_ecdsa();
|
||||
|
||||
// Create keys by RSA or ECDSA.
|
||||
EVP_PKEY* dtls_pkey = EVP_PKEY_new();
|
||||
srs_assert(dtls_pkey);
|
||||
if (false) { // By RSA
|
||||
if (!is_ecdsa) { // By RSA
|
||||
RSA* rsa = RSA_new();
|
||||
srs_assert(rsa);
|
||||
|
||||
|
|
@ -110,7 +118,7 @@ void SrsDtls::init()
|
|||
RSA_free(rsa);
|
||||
BN_free(exponent);
|
||||
}
|
||||
if (true) { // By ECDSA, https://stackoverflow.com/a/6006898
|
||||
if (is_ecdsa) { // By ECDSA, https://stackoverflow.com/a/6006898
|
||||
EC_KEY* eckey = EC_KEY_new();
|
||||
srs_assert(eckey);
|
||||
|
||||
|
|
@ -240,4 +248,6 @@ void SrsDtls::init()
|
|||
fingerprint.assign(fp, strlen(fp));
|
||||
srs_trace("fingerprint=%s", fingerprint.c_str());
|
||||
}
|
||||
|
||||
return err;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -28,6 +28,8 @@
|
|||
|
||||
#include <string>
|
||||
|
||||
class SrsRequest;
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
class SrsDtls
|
||||
|
|
@ -40,8 +42,8 @@ private:
|
|||
private:
|
||||
SrsDtls();
|
||||
virtual ~SrsDtls();
|
||||
|
||||
void init();
|
||||
public:
|
||||
srs_error_t init(const SrsRequest& req);
|
||||
public:
|
||||
static SrsDtls* instance();
|
||||
SSL_CTX* get_dtls_ctx() { return dtls_ctx; }
|
||||
|
|
|
|||
|
|
@ -142,10 +142,14 @@ SrsDtlsSession::~SrsDtlsSession()
|
|||
}
|
||||
}
|
||||
|
||||
srs_error_t SrsDtlsSession::initialize()
|
||||
srs_error_t SrsDtlsSession::initialize(const SrsRequest& req)
|
||||
{
|
||||
srs_error_t err = srs_success;
|
||||
|
||||
if ((err = SrsDtls::instance()->init(req)) != srs_success) {
|
||||
return srs_error_wrap(err, "DTLS init");
|
||||
}
|
||||
|
||||
if ((dtls = SSL_new(SrsDtls::instance()->get_dtls_ctx())) == NULL) {
|
||||
return srs_error_new(ERROR_OpenSslCreateSSL, "SSL_new dtls");
|
||||
}
|
||||
|
|
@ -593,7 +597,7 @@ SrsRtcSession::SrsRtcSession(SrsRtcServer* rtc_svr, const SrsRequest& req, const
|
|||
rtc_server = rtc_svr;
|
||||
session_state = INIT;
|
||||
dtls_session = new SrsDtlsSession(this);
|
||||
dtls_session->initialize();
|
||||
dtls_session->initialize(req);
|
||||
strd = NULL;
|
||||
|
||||
username = un;
|
||||
|
|
|
|||
|
|
@ -97,7 +97,7 @@ public:
|
|||
SrsDtlsSession(SrsRtcSession* s);
|
||||
virtual ~SrsDtlsSession();
|
||||
|
||||
srs_error_t initialize();
|
||||
srs_error_t initialize(const SrsRequest& req);
|
||||
|
||||
srs_error_t on_dtls(SrsUdpMuxSocket* udp_mux_skt);
|
||||
srs_error_t on_dtls_handshake_done(SrsUdpMuxSocket* udp_mux_skt);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue