HTTPS: Support config key/cert for HTTPS API. v6.0.137 (#4028)

Co-authored-by: winlin <winlinvip@gmail.com>

trunk/doc/CHANGELOG.md

@@ -7,6 +7,7 @@ The changelog for SRS.
 <a name="v6-changes"></a>
 
 ## SRS 6.0 Changelog
+* v6.0, 2024-07-09, Merge [#4028](https://github.com/ossrs/srs/pull/4028): HTTPS: Support config key/cert for HTTPS API. v6.0.137 (#4028)
 * v6.0, 2024-07-09, Merge [#4109](https://github.com/ossrs/srs/pull/4109): UniquePtr: Support SrsUniquePtr to replace SrsAutoFree. v6.0.136 (#4109)
 * v6.0, 2024-07-08, Merge [#4042](https://github.com/ossrs/srs/pull/4042): Refine config directive token parsing. v6.0.135 (#4042)
 * v6.0, 2024-07-04, Merge [#4106](https://github.com/ossrs/srs/pull/4106): SmartPtr: Fix SRT source memory leaking. v6.0.134 (#4106)

trunk/src/app/srs_app_http_conn.cpp

@@ -300,16 +300,13 @@ void SrsHttpConn::expire()
     trd->interrupt();
 }
 
-SrsHttpxConn::SrsHttpxConn(bool https, ISrsResourceManager* cm, ISrsProtocolReadWriter* io, ISrsHttpServeMux* m, string cip, int port)
+SrsHttpxConn::SrsHttpxConn(ISrsResourceManager* cm, ISrsProtocolReadWriter* io, ISrsHttpServeMux* m, string cip, int port, string key, string cert) : manager(cm), io_(io), enable_stat_(false), ssl_key_file_(key), ssl_cert_file_(cert)
 {
     // Create a identify for this client.
     _srs_context->set_id(_srs_context->generate_id());
 
-    io_ = io;
-    manager = cm;
-    enable_stat_ = false;
-
-    if (https) {
+    if (!ssl_key_file_.empty() &&
+        !ssl_cert_file_.empty()) {
         ssl = new SrsSslConnection(io_);
         conn = new SrsHttpConn(this, ssl, m, cip, port);
     } else {
@@ -381,15 +378,13 @@ srs_error_t SrsHttpxConn::on_start()
     // Do SSL handshake if HTTPS.
     if (ssl)  {
         srs_utime_t starttime = srs_update_system_time();
-        string crt_file = _srs_config->get_https_stream_ssl_cert();
-        string key_file = _srs_config->get_https_stream_ssl_key();
-        if ((err = ssl->handshake(key_file, crt_file)) != srs_success) {
+        if ((err = ssl->handshake(ssl_key_file_, ssl_cert_file_)) != srs_success) {
             return srs_error_wrap(err, "handshake");
         }
 
         int cost = srsu2msi(srs_update_system_time() - starttime);
         srs_trace("https: stream server done, use key %s and cert %s, cost=%dms",
-            key_file.c_str(), crt_file.c_str(), cost);
+            ssl_key_file_.c_str(), ssl_cert_file_.c_str(), cost);
     }
 
     return err;

trunk/src/app/srs_app_http_conn.hpp

@@ -136,8 +136,12 @@ private:
     SrsHttpConn* conn;
     // We should never enable the stat, unless HTTP stream connection requires.
     bool enable_stat_;
+    // ssl key & cert file
+    const std::string ssl_key_file_;
+    const std::string ssl_cert_file_;
+    
 public:
-    SrsHttpxConn(bool https, ISrsResourceManager* cm, ISrsProtocolReadWriter* io, ISrsHttpServeMux* m, std::string cip, int port);
+    SrsHttpxConn(ISrsResourceManager* cm, ISrsProtocolReadWriter* io, ISrsHttpServeMux* m, std::string cip, int port, std::string key, std::string cert);
     virtual ~SrsHttpxConn();
 public:
     // Require statistic about HTTP connection, for HTTP streaming clients only.

trunk/src/app/srs_app_server.cpp

@@ -1207,7 +1207,9 @@ srs_error_t SrsServer::do_on_tcp_client(ISrsListener* listener, srs_netfd_t& stf
         ) {
             resource = new SrsRtcTcpConn(io, ip, port);
         } else {
-            resource = new SrsHttpxConn(listener == http_listener_, this, io, http_server, ip, port);
+            string key = listener == https_listener_ ? _srs_config->get_https_stream_ssl_key() : "";
+            string cert = listener == https_listener_ ? _srs_config->get_https_stream_ssl_cert() : "";
+            resource = new SrsHttpxConn(this, io, http_server, ip, port, key, cert);
         }
     }
 #endif
@@ -1217,19 +1219,20 @@ srs_error_t SrsServer::do_on_tcp_client(ISrsListener* listener, srs_netfd_t& stf
         if (listener == rtmp_listener_) {
             resource = new SrsRtmpConn(this, stfd2, ip, port);
         } else if (listener == api_listener_ || listener == apis_listener_) {
-            bool is_https = listener == apis_listener_;
-            resource = new SrsHttpxConn(is_https, this, new SrsTcpConnection(stfd2), http_api_mux, ip, port);
+            string key = listener == apis_listener_ ? _srs_config->get_https_api_ssl_key() : "";
+            string cert = listener == apis_listener_ ? _srs_config->get_https_api_ssl_cert() : "";
+            resource = new SrsHttpxConn(this, new SrsTcpConnection(stfd2), http_api_mux, ip, port, key, cert);
         } else if (listener == http_listener_ || listener == https_listener_) {
-            bool is_https = listener == https_listener_;
-            resource = new SrsHttpxConn(is_https, this, new SrsTcpConnection(stfd2), http_server, ip, port);
+            string key = listener == https_listener_ ? _srs_config->get_https_stream_ssl_key() : "";
+            string cert = listener == https_listener_ ? _srs_config->get_https_stream_ssl_cert() : "";
+            resource = new SrsHttpxConn(this, new SrsTcpConnection(stfd2), http_server, ip, port, key, cert);
 #ifdef SRS_RTC
         } else if (listener == webrtc_listener_) {
             resource = new SrsRtcTcpConn(new SrsTcpConnection(stfd2), ip, port);
 #endif
         } else if (listener == exporter_listener_) {
             // TODO: FIXME: Maybe should support https metrics.
-            bool is_https = false;
-            resource = new SrsHttpxConn(is_https, this, new SrsTcpConnection(stfd2), http_api_mux, ip, port);
+            resource = new SrsHttpxConn(this, new SrsTcpConnection(stfd2), http_api_mux, ip, port, "", "");
         } else {
             srs_close_stfd(stfd2);
             srs_warn("Close for invalid fd=%d, ip=%s:%d", fd, ip.c_str(), port);

trunk/src/core/srs_core_version6.hpp

@@ -9,6 +9,6 @@
 
 #define VERSION_MAJOR       6
 #define VERSION_MINOR       0
-#define VERSION_REVISION    136
+#define VERSION_REVISION    137
 
 #endif