THENG
/
ZLMediaKit
mirror of https://gitcode.com/gh_mirrors/zlme/ZLMediaKit.git
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

webrtc dtls默认采用https证书,如果https证书不存在则随机生成 

之前默认随机创建dtls证书,导致每次启动证书都不一致,而Firefox要求同主机的dtls证书必须一致,所以导致每次服务重启,Firefox可能拒绝dtls握手。
并且在集群模式下,如果一个标签页接入多个不同集群实例的webrtc服务,也可能导致webrtc dtls握手失败。
This commit is contained in:
xia-chu 2023-10-25 17:04:09 +08:00
parent a871fc1882
commit 2d81c9969c
2 changed files with 12 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
webrtc/DtlsTransport.cpp
View File

@ -29,6 +29,7 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
#include <cstdio> // std::sprintf(), std::fopen() #include <cstdio> // std::sprintf(), std::fopen()
#include <cstring> // std::memcpy(), std::strcmp() #include <cstring> // std::memcpy(), std::strcmp()
#include "Util/util.h" #include "Util/util.h"
#include "Util/SSLBox.h"
using namespace std; using namespace std;
@ -129,15 +130,14 @@ namespace RTC
MS_TRACE(); MS_TRACE();
// Generate a X509 certificate and private key (unless PEM files are provided). // Generate a X509 certificate and private key (unless PEM files are provided).
if (true /* auto ssl = toolkit::SSL_Initor::Instance().getSSLCtx("", true);
Settings::configuration.dtlsCertificateFile.empty() || if (!ssl)
Settings::configuration.dtlsPrivateKeyFile.empty()*/)
{ {
GenerateCertificateAndPrivateKey(); GenerateCertificateAndPrivateKey();
} }
else else
{ {
ReadCertificateAndPrivateKeyFromFiles(); ReadCertificateAndPrivateKeyFromContext(ssl.get());
} }
// Create a global SSL_CTX. // Create a global SSL_CTX.
@ -297,59 +297,29 @@ namespace RTC
MS_THROW_ERROR("DTLS certificate and private key generation failed"); MS_THROW_ERROR("DTLS certificate and private key generation failed");
} }
void DtlsTransport::DtlsEnvironment::ReadCertificateAndPrivateKeyFromFiles() void DtlsTransport::DtlsEnvironment::ReadCertificateAndPrivateKeyFromContext(SSL_CTX *ctx)
{ {
#if 0
MS_TRACE(); MS_TRACE();
FILE* file{ nullptr }; certificate = SSL_CTX_get0_certificate(ctx);
file = fopen(Settings::configuration.dtlsCertificateFile.c_str(), "r");
if (!file)
{
MS_ERROR("error reading DTLS certificate file: %s", std::strerror(errno));
goto error;
}
certificate = PEM_read_X509(file, nullptr, nullptr, nullptr);
if (!certificate) if (!certificate)
{ {
LOG_OPENSSL_ERROR("PEM_read_X509() failed"); LOG_OPENSSL_ERROR("SSL_CTX_get0_certificate() failed");
goto error; goto error;
} }
X509_up_ref(certificate);
fclose(file); privateKey = SSL_CTX_get0_privatekey(ctx);
file = fopen(Settings::configuration.dtlsPrivateKeyFile.c_str(), "r");
if (!file)
{
MS_ERROR("error reading DTLS private key file: %s", std::strerror(errno));
goto error;
}
privateKey = PEM_read_PrivateKey(file, nullptr, nullptr, nullptr);
if (!privateKey) if (!privateKey)
{ {
LOG_OPENSSL_ERROR("PEM_read_PrivateKey() failed"); LOG_OPENSSL_ERROR("SSL_CTX_get0_privatekey() failed");
goto error; goto error;
} }
EVP_PKEY_up_ref(privateKey);
fclose(file);
return; return;
error: error:
MS_THROW_ERROR("error reading DTLS certificate and private key PEM files"); MS_THROW_ERROR("error reading DTLS certificate and private key PEM files");
#endif
} }
void DtlsTransport::DtlsEnvironment::CreateSslCtx() void DtlsTransport::DtlsEnvironment::CreateSslCtx()

2
webrtc/DtlsTransport.hpp
View File

@ -88,7 +88,7 @@ namespace RTC
private: private:
DtlsEnvironment(); DtlsEnvironment();
void GenerateCertificateAndPrivateKey(); void GenerateCertificateAndPrivateKey();
void ReadCertificateAndPrivateKeyFromFiles(); void ReadCertificateAndPrivateKeyFromContext(SSL_CTX *ctx);
void CreateSslCtx(); void CreateSslCtx();
void GenerateFingerprints(); void GenerateFingerprints();