mirror of
https://github.com/ZLMediaKit/ZLMediaKit.git
synced 2024-11-22 10:40:05 +08:00
webrtc dtls默认采用https证书,如果https证书不存在则随机生成 (#2928)
之前默认随机创建dtls证书,导致每次启动证书都不一致,而Firefox要求同主机的dtls证书必须一致,所以导致每次服务重启,Firefox可能拒绝dtls握手。 并且在集群模式下,如果Firefox接入多个不同集群实例的webrtc服务,也可能导致webrtc dtls握手失败。
This commit is contained in:
parent
0a19627d86
commit
ae662fa083
@ -1 +1 @@
|
|||||||
Subproject commit 273592b6ba39babe6407021ffc089bfe7328e447
|
Subproject commit 3fd2b856b6856dd679a32c673431561c0affdd0c
|
@ -29,6 +29,8 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|||||||
#include <cstdio> // std::sprintf(), std::fopen()
|
#include <cstdio> // std::sprintf(), std::fopen()
|
||||||
#include <cstring> // std::memcpy(), std::strcmp()
|
#include <cstring> // std::memcpy(), std::strcmp()
|
||||||
#include "Util/util.h"
|
#include "Util/util.h"
|
||||||
|
#include "Util/SSLBox.h"
|
||||||
|
#include "Util/SSLUtil.h"
|
||||||
|
|
||||||
using namespace std;
|
using namespace std;
|
||||||
|
|
||||||
@ -129,16 +131,10 @@ namespace RTC
|
|||||||
MS_TRACE();
|
MS_TRACE();
|
||||||
|
|
||||||
// Generate a X509 certificate and private key (unless PEM files are provided).
|
// Generate a X509 certificate and private key (unless PEM files are provided).
|
||||||
if (true /*
|
auto ssl = toolkit::SSL_Initor::Instance().getSSLCtx("", true);
|
||||||
Settings::configuration.dtlsCertificateFile.empty() ||
|
if (!ssl || !ReadCertificateAndPrivateKeyFromContext(ssl.get())) {
|
||||||
Settings::configuration.dtlsPrivateKeyFile.empty()*/)
|
|
||||||
{
|
|
||||||
GenerateCertificateAndPrivateKey();
|
GenerateCertificateAndPrivateKey();
|
||||||
}
|
}
|
||||||
else
|
|
||||||
{
|
|
||||||
ReadCertificateAndPrivateKeyFromFiles();
|
|
||||||
}
|
|
||||||
|
|
||||||
// Create a global SSL_CTX.
|
// Create a global SSL_CTX.
|
||||||
CreateSslCtx();
|
CreateSslCtx();
|
||||||
@ -297,59 +293,22 @@ namespace RTC
|
|||||||
MS_THROW_ERROR("DTLS certificate and private key generation failed");
|
MS_THROW_ERROR("DTLS certificate and private key generation failed");
|
||||||
}
|
}
|
||||||
|
|
||||||
void DtlsTransport::DtlsEnvironment::ReadCertificateAndPrivateKeyFromFiles()
|
bool DtlsTransport::DtlsEnvironment::ReadCertificateAndPrivateKeyFromContext(SSL_CTX *ctx)
|
||||||
{
|
{
|
||||||
#if 0
|
|
||||||
MS_TRACE();
|
MS_TRACE();
|
||||||
|
certificate = SSL_CTX_get0_certificate(ctx);
|
||||||
FILE* file{ nullptr };
|
if (!certificate) {
|
||||||
|
return false;
|
||||||
file = fopen(Settings::configuration.dtlsCertificateFile.c_str(), "r");
|
|
||||||
|
|
||||||
if (!file)
|
|
||||||
{
|
|
||||||
MS_ERROR("error reading DTLS certificate file: %s", std::strerror(errno));
|
|
||||||
|
|
||||||
goto error;
|
|
||||||
}
|
}
|
||||||
|
X509_up_ref(certificate);
|
||||||
|
|
||||||
certificate = PEM_read_X509(file, nullptr, nullptr, nullptr);
|
privateKey = SSL_CTX_get0_privatekey(ctx);
|
||||||
|
if (!privateKey) {
|
||||||
if (!certificate)
|
return false;
|
||||||
{
|
|
||||||
LOG_OPENSSL_ERROR("PEM_read_X509() failed");
|
|
||||||
|
|
||||||
goto error;
|
|
||||||
}
|
}
|
||||||
|
EVP_PKEY_up_ref(privateKey);
|
||||||
fclose(file);
|
InfoL << "Load webrtc dtls certificate: " << toolkit::SSLUtil::getServerName(certificate);
|
||||||
|
return true;
|
||||||
file = fopen(Settings::configuration.dtlsPrivateKeyFile.c_str(), "r");
|
|
||||||
|
|
||||||
if (!file)
|
|
||||||
{
|
|
||||||
MS_ERROR("error reading DTLS private key file: %s", std::strerror(errno));
|
|
||||||
|
|
||||||
goto error;
|
|
||||||
}
|
|
||||||
|
|
||||||
privateKey = PEM_read_PrivateKey(file, nullptr, nullptr, nullptr);
|
|
||||||
|
|
||||||
if (!privateKey)
|
|
||||||
{
|
|
||||||
LOG_OPENSSL_ERROR("PEM_read_PrivateKey() failed");
|
|
||||||
|
|
||||||
goto error;
|
|
||||||
}
|
|
||||||
|
|
||||||
fclose(file);
|
|
||||||
|
|
||||||
return;
|
|
||||||
|
|
||||||
error:
|
|
||||||
|
|
||||||
MS_THROW_ERROR("error reading DTLS certificate and private key PEM files");
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void DtlsTransport::DtlsEnvironment::CreateSslCtx()
|
void DtlsTransport::DtlsEnvironment::CreateSslCtx()
|
||||||
|
@ -88,7 +88,7 @@ namespace RTC
|
|||||||
private:
|
private:
|
||||||
DtlsEnvironment();
|
DtlsEnvironment();
|
||||||
void GenerateCertificateAndPrivateKey();
|
void GenerateCertificateAndPrivateKey();
|
||||||
void ReadCertificateAndPrivateKeyFromFiles();
|
bool ReadCertificateAndPrivateKeyFromContext(SSL_CTX *ctx);
|
||||||
void CreateSslCtx();
|
void CreateSslCtx();
|
||||||
void GenerateFingerprints();
|
void GenerateFingerprints();
|
||||||
|
|
||||||
|
@ -251,7 +251,7 @@ void WebRtcTransport::sendSockData(const char *buf, size_t len, RTC::TransportTu
|
|||||||
}
|
}
|
||||||
|
|
||||||
Session::Ptr WebRtcTransport::getSession() const {
|
Session::Ptr WebRtcTransport::getSession() const {
|
||||||
auto tuple = _ice_server->GetSelectedTuple(true);
|
auto tuple = _ice_server ? _ice_server->GetSelectedTuple(true) : nullptr;
|
||||||
return tuple ? static_pointer_cast<Session>(tuple->shared_from_this()) : nullptr;
|
return tuple ? static_pointer_cast<Session>(tuple->shared_from_this()) : nullptr;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user