webrtc dtls默认采用https证书，如果https证书不存在则随机生成 (#2928)

之前默认随机创建dtls证书，导致每次启动证书都不一致，而Firefox要求同主机的dtls证书必须一致，所以导致每次服务重启，Firefox可能拒绝dtls握手。
并且在集群模式下，如果Firefox接入多个不同集群实例的webrtc服务，也可能导致webrtc dtls握手失败。

3rdpart/ZLToolKit

@@ -1 +1 @@
-Subproject commit 273592b6ba39babe6407021ffc089bfe7328e447
+Subproject commit 3fd2b856b6856dd679a32c673431561c0affdd0c

webrtc/DtlsTransport.cpp

@@ -29,6 +29,8 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 #include <cstdio>  // std::sprintf(), std::fopen()
 #include <cstring> // std::memcpy(), std::strcmp()
 #include "Util/util.h"
+#include "Util/SSLBox.h"
+#include "Util/SSLUtil.h"
 
 using namespace std;
 
@@ -129,16 +131,10 @@ namespace RTC
         MS_TRACE();
 
         // Generate a X509 certificate and private key (unless PEM files are provided).
-        if (true /*
-          Settings::configuration.dtlsCertificateFile.empty() ||
-          Settings::configuration.dtlsPrivateKeyFile.empty()*/)
-        {
+        auto ssl = toolkit::SSL_Initor::Instance().getSSLCtx("", true);
+        if (!ssl || !ReadCertificateAndPrivateKeyFromContext(ssl.get())) {
             GenerateCertificateAndPrivateKey();
         }
-        else
-        {
-            ReadCertificateAndPrivateKeyFromFiles();
-        }
 
         // Create a global SSL_CTX.
         CreateSslCtx();
@@ -297,59 +293,22 @@ namespace RTC
         MS_THROW_ERROR("DTLS certificate and private key generation failed");
     }
 
-    void DtlsTransport::DtlsEnvironment::ReadCertificateAndPrivateKeyFromFiles()
+    bool DtlsTransport::DtlsEnvironment::ReadCertificateAndPrivateKeyFromContext(SSL_CTX *ctx)
     {
-#if 0
         MS_TRACE();
-
-        FILE* file{ nullptr };
-
-        file = fopen(Settings::configuration.dtlsCertificateFile.c_str(), "r");
-
-        if (!file)
-        {
-            MS_ERROR("error reading DTLS certificate file: %s", std::strerror(errno));
-
-            goto error;
+        certificate = SSL_CTX_get0_certificate(ctx);
+        if (!certificate) {
+            return false;
         }
+        X509_up_ref(certificate);
 
-        certificate = PEM_read_X509(file, nullptr, nullptr, nullptr);
-
-        if (!certificate)
-        {
-            LOG_OPENSSL_ERROR("PEM_read_X509() failed");
-
-            goto error;
+        privateKey = SSL_CTX_get0_privatekey(ctx);
+        if (!privateKey) {
+            return false;
         }
-
-        fclose(file);
-
-        file = fopen(Settings::configuration.dtlsPrivateKeyFile.c_str(), "r");
-
-        if (!file)
-        {
-            MS_ERROR("error reading DTLS private key file: %s", std::strerror(errno));
-
-            goto error;
-        }
-
-        privateKey = PEM_read_PrivateKey(file, nullptr, nullptr, nullptr);
-
-        if (!privateKey)
-        {
-            LOG_OPENSSL_ERROR("PEM_read_PrivateKey() failed");
-
-            goto error;
-        }
-
-        fclose(file);
-
-        return;
-
-    error:
-
-        MS_THROW_ERROR("error reading DTLS certificate and private key PEM files");
-#endif
+        EVP_PKEY_up_ref(privateKey);
+        InfoL << "Load webrtc dtls certificate: " << toolkit::SSLUtil::getServerName(certificate);
+        return true;
     }
 
     void DtlsTransport::DtlsEnvironment::CreateSslCtx()

webrtc/DtlsTransport.hpp

@@ -88,7 +88,7 @@ namespace RTC
         private:
             DtlsEnvironment();
             void GenerateCertificateAndPrivateKey();
-            void ReadCertificateAndPrivateKeyFromFiles();
+            bool ReadCertificateAndPrivateKeyFromContext(SSL_CTX *ctx);
             void CreateSslCtx();
             void GenerateFingerprints();
 

webrtc/WebRtcTransport.cpp

@@ -251,7 +251,7 @@ void WebRtcTransport::sendSockData(const char *buf, size_t len, RTC::TransportTu
 }
 
 Session::Ptr WebRtcTransport::getSession() const {
-    auto tuple = _ice_server->GetSelectedTuple(true);
+    auto tuple = _ice_server ? _ice_server->GetSelectedTuple(true) : nullptr;
     return tuple ? static_pointer_cast<Session>(tuple->shared_from_this()) : nullptr;
 }