external/srs
1
0
Fork 0
mirror of https://github.com/ossrs/srs.git synced 2025-03-09 15:49:59 +00:00
Code Issues Releases Wiki Activity

For #1657, enable HTTPS by default

Browse source
This commit is contained in:
winlin 2020-11-03 16:56:05 +08:00
parent 5577d19b61
commit d2df045d0e
4 changed files with 17 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

4
trunk/auto/depends.sh
View file

@ -495,9 +495,9 @@ if [[ $SRS_SSL == YES && $SRS_USE_SYS_SSL != YES ]]; then
if [[ $SRS_OSX == YES ]]; then if [[ $SRS_OSX == YES ]]; then
export KERNEL_BITS=64; export KERNEL_BITS=64;
fi fi
# Which openssl we choose, openssl-1.0.* for SRTP with ASM, others we use openssl-1.1.* # Default to openssl 1.1, use 1.0 if required.
OPENSSL_CANDIDATE="openssl-1.1.0e" && OPENSSL_UNZIP="unzip -q ../../3rdparty/$OPENSSL_CANDIDATE.zip" OPENSSL_CANDIDATE="openssl-1.1.0e" && OPENSSL_UNZIP="unzip -q ../../3rdparty/$OPENSSL_CANDIDATE.zip"
if [[ $SRS_SRTP_ASM == YES ]]; then if [[ $SRS_SSL_1_0 == YES ]]; then
OPENSSL_CANDIDATE="openssl-OpenSSL_1_0_2u" && OPENSSL_UNZIP="tar xf ../../3rdparty/$OPENSSL_CANDIDATE.tar.gz" OPENSSL_CANDIDATE="openssl-OpenSSL_1_0_2u" && OPENSSL_UNZIP="tar xf ../../3rdparty/$OPENSSL_CANDIDATE.tar.gz"
fi fi
# cross build not specified, if exists flag, need to rebuild for no-arm platform. # cross build not specified, if exists flag, need to rebuild for no-arm platform.

11
trunk/auto/options.sh
View file

@ -35,7 +35,8 @@ SRS_GPROF=NO # Performance test: gprof
SRS_STREAM_CASTER=YES SRS_STREAM_CASTER=YES
SRS_INGEST=YES SRS_INGEST=YES
SRS_SSL=YES SRS_SSL=YES
SRS_HTTPS=NO SRS_SSL_1_0=NO
SRS_HTTPS=YES
SRS_STAT=YES SRS_STAT=YES
SRS_TRANSCODE=YES SRS_TRANSCODE=YES
SRS_HTTP_CALLBACK=YES SRS_HTTP_CALLBACK=YES
@ -275,6 +276,7 @@ function parse_user_option() {
--with-ssl) SRS_SSL=YES ;; --with-ssl) SRS_SSL=YES ;;
--ssl) if [[ $value == off ]]; then SRS_SSL=NO; else SRS_SSL=YES; fi ;; --ssl) if [[ $value == off ]]; then SRS_SSL=NO; else SRS_SSL=YES; fi ;;
--https) if [[ $value == off ]]; then SRS_HTTPS=NO; else SRS_HTTPS=YES; fi ;; --https) if [[ $value == off ]]; then SRS_HTTPS=NO; else SRS_HTTPS=YES; fi ;;
--ssl-1-0) if [[ $value == off ]]; then SRS_SSL_1_0=NO; else SRS_SSL_1_0=YES; fi ;;
--with-hds) SRS_HDS=YES ;; --with-hds) SRS_HDS=YES ;;
--without-hds) SRS_HDS=NO ;; --without-hds) SRS_HDS=NO ;;
@ -513,6 +515,12 @@ function apply_detail_options() {
SRS_SRTP_ASM=NO SRS_SRTP_ASM=NO
fi fi
# Which openssl we choose, openssl-1.0.* for SRTP with ASM, others we use openssl-1.1.*
if [[ $SRS_SRTP_ASM == YES && $SRS_SSL_1_0 == NO ]]; then
echo "Use openssl-1.0 for SRTP ASM."
SRS_SSL_1_0=YES
fi
if [[ $SRS_OSX == YES && $SRS_SENDMMSG == YES ]]; then if [[ $SRS_OSX == YES && $SRS_SENDMMSG == YES ]]; then
echo "Disable sendmmsg for OSX" echo "Disable sendmmsg for OSX"
SRS_SENDMMSG=NO SRS_SENDMMSG=NO
@ -530,6 +538,7 @@ function regenerate_options() {
if [ $SRS_DVR = YES ]; then SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --dvr=on"; else SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --dvr=off"; fi if [ $SRS_DVR = YES ]; then SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --dvr=on"; else SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --dvr=off"; fi
if [ $SRS_SSL = YES ]; then SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ssl=on"; else SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ssl=off"; fi if [ $SRS_SSL = YES ]; then SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ssl=on"; else SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ssl=off"; fi
if [ $SRS_HTTPS = YES ]; then SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --https=on"; else SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --https=off"; fi if [ $SRS_HTTPS = YES ]; then SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --https=on"; else SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --https=off"; fi
if [ $SRS_SSL_1_0 = YES ]; then SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ssl-1-0=on"; else SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ssl-1-0=off"; fi
if [ $SRS_USE_SYS_SSL = YES ]; then SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --sys-ssl=on"; else SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --sys-ssl=off"; fi if [ $SRS_USE_SYS_SSL = YES ]; then SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --sys-ssl=on"; else SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --sys-ssl=off"; fi
if [ $SRS_TRANSCODE = YES ]; then SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --transcode=on"; else SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --transcode=off"; fi if [ $SRS_TRANSCODE = YES ]; then SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --transcode=on"; else SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --transcode=off"; fi
if [ $SRS_INGEST = YES ]; then SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ingest=on"; else SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ingest=off"; fi if [ $SRS_INGEST = YES ]; then SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ingest=on"; else SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ingest=off"; fi

6
trunk/src/protocol/srs_service_http_client.cpp
View file

@ -76,7 +76,11 @@ srs_error_t SrsSslClient::handshake()
srs_error_t err = srs_success; srs_error_t err = srs_success;
// For HTTPS, try to connect over security transport. // For HTTPS, try to connect over security transport.
#if (OPENSSL_VERSION_NUMBER < 0x10002000L) // v1.0.2
SSL_CTX* ssl_ctx = SSL_CTX_new(TLS_method()); SSL_CTX* ssl_ctx = SSL_CTX_new(TLS_method());
#else
SSL_CTX* ssl_ctx = SSL_CTX_new(TLSv1_2_method());
#endif
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, srs_verify_callback); SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, srs_verify_callback);
srs_assert(SSL_CTX_set_cipher_list(ssl_ctx, "ALL") == 1); srs_assert(SSL_CTX_set_cipher_list(ssl_ctx, "ALL") == 1);
@ -461,7 +465,7 @@ srs_error_t SrsHttpClient::connect()
ssl_transport = new SrsSslClient(transport); ssl_transport = new SrsSslClient(transport);
srs_utime_t starttime = srs_update_system_time(); srs_utime_t starttime = srs_update_system_time();
if ((err = ssl_transport->handshake()) != srs_success) { if ((err = ssl_transport->handshake()) != srs_success) {
disconnect(); disconnect();
return srs_error_wrap(err, "http: ssl connect %s %s:%d to=%dms, rto=%dms", return srs_error_wrap(err, "http: ssl connect %s %s:%d to=%dms, rto=%dms",

6
trunk/src/protocol/srs_service_http_client.hpp
View file

@ -31,12 +31,6 @@
#include <openssl/ssl.h> #include <openssl/ssl.h>
#ifdef SRS_HTTPS
#if (OPENSSL_VERSION_NUMBER < 0x10002000L) // v1.0.2
#error "For https, we requires openssl 1.0.2+"
#endif
#endif
#include <srs_service_st.hpp> #include <srs_service_st.hpp>
#include <srs_http_stack.hpp> #include <srs_http_stack.hpp>