From 2d81c9969cd02183d6232fac7cfca64c1bb7e556 Mon Sep 17 00:00:00 2001 From: xia-chu <771730766@qq.com> Date: Wed, 25 Oct 2023 17:04:09 +0800 Subject: [PATCH] =?UTF-8?q?webrtc=20dtls=E9=BB=98=E8=AE=A4=E9=87=87?= =?UTF-8?q?=E7=94=A8https=E8=AF=81=E4=B9=A6=EF=BC=8C=E5=A6=82=E6=9E=9Chttp?= =?UTF-8?q?s=E8=AF=81=E4=B9=A6=E4=B8=8D=E5=AD=98=E5=9C=A8=E5=88=99?= =?UTF-8?q?=E9=9A=8F=E6=9C=BA=E7=94=9F=E6=88=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 之前默认随机创建dtls证书,导致每次启动证书都不一致,而Firefox要求同主机的dtls证书必须一致,所以导致每次服务重启,Firefox可能拒绝dtls握手。 并且在集群模式下,如果一个标签页接入多个不同集群实例的webrtc服务,也可能导致webrtc dtls握手失败。 --- webrtc/DtlsTransport.cpp | 52 +++++++++------------------------------- webrtc/DtlsTransport.hpp | 2 +- 2 files changed, 12 insertions(+), 42 deletions(-) diff --git a/webrtc/DtlsTransport.cpp b/webrtc/DtlsTransport.cpp index 66183f8e..de6c18d1 100644 --- a/webrtc/DtlsTransport.cpp +++ b/webrtc/DtlsTransport.cpp @@ -29,6 +29,7 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. #include // std::sprintf(), std::fopen() #include // std::memcpy(), std::strcmp() #include "Util/util.h" +#include "Util/SSLBox.h" using namespace std; @@ -129,15 +130,14 @@ namespace RTC MS_TRACE(); // Generate a X509 certificate and private key (unless PEM files are provided). - if (true /* - Settings::configuration.dtlsCertificateFile.empty() || - Settings::configuration.dtlsPrivateKeyFile.empty()*/) + auto ssl = toolkit::SSL_Initor::Instance().getSSLCtx("", true); + if (!ssl) { GenerateCertificateAndPrivateKey(); } else { - ReadCertificateAndPrivateKeyFromFiles(); + ReadCertificateAndPrivateKeyFromContext(ssl.get()); } // Create a global SSL_CTX. @@ -297,59 +297,29 @@ namespace RTC MS_THROW_ERROR("DTLS certificate and private key generation failed"); } - void DtlsTransport::DtlsEnvironment::ReadCertificateAndPrivateKeyFromFiles() + void DtlsTransport::DtlsEnvironment::ReadCertificateAndPrivateKeyFromContext(SSL_CTX *ctx) { -#if 0 MS_TRACE(); - FILE* file{ nullptr }; - - file = fopen(Settings::configuration.dtlsCertificateFile.c_str(), "r"); - - if (!file) - { - MS_ERROR("error reading DTLS certificate file: %s", std::strerror(errno)); - - goto error; - } - - certificate = PEM_read_X509(file, nullptr, nullptr, nullptr); - + certificate = SSL_CTX_get0_certificate(ctx); if (!certificate) { - LOG_OPENSSL_ERROR("PEM_read_X509() failed"); - + LOG_OPENSSL_ERROR("SSL_CTX_get0_certificate() failed"); goto error; } + X509_up_ref(certificate); - fclose(file); - - file = fopen(Settings::configuration.dtlsPrivateKeyFile.c_str(), "r"); - - if (!file) - { - MS_ERROR("error reading DTLS private key file: %s", std::strerror(errno)); - - goto error; - } - - privateKey = PEM_read_PrivateKey(file, nullptr, nullptr, nullptr); - + privateKey = SSL_CTX_get0_privatekey(ctx); if (!privateKey) { - LOG_OPENSSL_ERROR("PEM_read_PrivateKey() failed"); - + LOG_OPENSSL_ERROR("SSL_CTX_get0_privatekey() failed"); goto error; } - - fclose(file); - + EVP_PKEY_up_ref(privateKey); return; error: - MS_THROW_ERROR("error reading DTLS certificate and private key PEM files"); -#endif } void DtlsTransport::DtlsEnvironment::CreateSslCtx() diff --git a/webrtc/DtlsTransport.hpp b/webrtc/DtlsTransport.hpp index bf57d01d..34fc8fc7 100644 --- a/webrtc/DtlsTransport.hpp +++ b/webrtc/DtlsTransport.hpp @@ -88,7 +88,7 @@ namespace RTC private: DtlsEnvironment(); void GenerateCertificateAndPrivateKey(); - void ReadCertificateAndPrivateKeyFromFiles(); + void ReadCertificateAndPrivateKeyFromContext(SSL_CTX *ctx); void CreateSslCtx(); void GenerateFingerprints();