external/srs
1
0
Fork 0
mirror of https://github.com/ossrs/srs.git synced 2025-03-09 15:49:59 +00:00
Code Issues Releases Wiki Activity

For #1657, enable HTTPS by default

Browse source
This commit is contained in:
winlin 2020-11-03 16:56:05 +08:00
parent 5577d19b61
commit d2df045d0e
4 changed files with 17 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

4
trunk/auto/depends.sh
View file

@ -495,9 +495,9 @@ if [[ $SRS_SSL == YES && $SRS_USE_SYS_SSL != YES ]]; then
if [[ $SRS_OSX == YES ]]; then
export KERNEL_BITS=64;
fi
# Which openssl we choose, openssl-1.0.* for SRTP with ASM, others we use openssl-1.1.*
# Default to openssl 1.1, use 1.0 if required.
OPENSSL_CANDIDATE="openssl-1.1.0e" && OPENSSL_UNZIP="unzip -q ../../3rdparty/$OPENSSL_CANDIDATE.zip"
if [[ $SRS_SRTP_ASM == YES ]]; then
if [[ $SRS_SSL_1_0 == YES ]]; then
OPENSSL_CANDIDATE="openssl-OpenSSL_1_0_2u" && OPENSSL_UNZIP="tar xf ../../3rdparty/$OPENSSL_CANDIDATE.tar.gz"
fi
# cross build not specified, if exists flag, need to rebuild for no-arm platform.

11
trunk/auto/options.sh
View file

@ -35,7 +35,8 @@ SRS_GPROF=NO # Performance test: gprof
SRS_STREAM_CASTER=YES
SRS_INGEST=YES
SRS_SSL=YES
SRS_HTTPS=NO
SRS_SSL_1_0=NO
SRS_HTTPS=YES
SRS_STAT=YES
SRS_TRANSCODE=YES
SRS_HTTP_CALLBACK=YES
@ -275,6 +276,7 @@ function parse_user_option() {
--with-ssl) SRS_SSL=YES ;;
--ssl) if [[ $value == off ]]; then SRS_SSL=NO; else SRS_SSL=YES; fi ;;
--https) if [[ $value == off ]]; then SRS_HTTPS=NO; else SRS_HTTPS=YES; fi ;;
--ssl-1-0) if [[ $value == off ]]; then SRS_SSL_1_0=NO; else SRS_SSL_1_0=YES; fi ;;
--with-hds) SRS_HDS=YES ;;
--without-hds) SRS_HDS=NO ;;
@ -513,6 +515,12 @@ function apply_detail_options() {
SRS_SRTP_ASM=NO
fi
# Which openssl we choose, openssl-1.0.* for SRTP with ASM, others we use openssl-1.1.*
if [[ $SRS_SRTP_ASM == YES && $SRS_SSL_1_0 == NO ]]; then
echo "Use openssl-1.0 for SRTP ASM."
SRS_SSL_1_0=YES
fi
if [[ $SRS_OSX == YES && $SRS_SENDMMSG == YES ]]; then
echo "Disable sendmmsg for OSX"
SRS_SENDMMSG=NO
@ -530,6 +538,7 @@ function regenerate_options() {
if [ $SRS_DVR = YES ]; then SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --dvr=on"; else SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --dvr=off"; fi
if [ $SRS_SSL = YES ]; then SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ssl=on"; else SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ssl=off"; fi
if [ $SRS_HTTPS = YES ]; then SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --https=on"; else SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --https=off"; fi
if [ $SRS_SSL_1_0 = YES ]; then SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ssl-1-0=on"; else SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ssl-1-0=off"; fi
if [ $SRS_USE_SYS_SSL = YES ]; then SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --sys-ssl=on"; else SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --sys-ssl=off"; fi
if [ $SRS_TRANSCODE = YES ]; then SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --transcode=on"; else SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --transcode=off"; fi
if [ $SRS_INGEST = YES ]; then SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ingest=on"; else SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ingest=off"; fi

4
trunk/src/protocol/srs_service_http_client.cpp
View file

@ -76,7 +76,11 @@ srs_error_t SrsSslClient::handshake()
srs_error_t err = srs_success;
// For HTTPS, try to connect over security transport.
#if (OPENSSL_VERSION_NUMBER < 0x10002000L) // v1.0.2
SSL_CTX* ssl_ctx = SSL_CTX_new(TLS_method());
#else
SSL_CTX* ssl_ctx = SSL_CTX_new(TLSv1_2_method());
#endif
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, srs_verify_callback);
srs_assert(SSL_CTX_set_cipher_list(ssl_ctx, "ALL") == 1);

6
trunk/src/protocol/srs_service_http_client.hpp
View file

@ -31,12 +31,6 @@
#include <openssl/ssl.h>
#ifdef SRS_HTTPS
#if (OPENSSL_VERSION_NUMBER < 0x10002000L) // v1.0.2
#error "For https, we requires openssl 1.0.2+"
#endif
#endif
#include <srs_service_st.hpp>
#include <srs_http_stack.hpp>