Config to use RSA or ECDSA

5 years ago · c70a0eb07c
parent 5e06a2568b
commit c70a0eb07c
7 changed files with 48 additions and 10 deletions
--- a/trunk/conf/full.conf
+++ b/trunk/conf/full.conf
@ -399,6 +399,10 @@ rtc_server {
    #       $CANDIDATE $EIP # TODO: Implements it.
    # default: *
    candidate       *;
    # Whether use ECDSA certificate.
    # If not, use RSA certificate.
    # default: on
    ecdsa           on;
 }
 vhost rtc.vhost.srs.com {
--- a/trunk/src/app/srs_app_config.cpp
+++ b/trunk/src/app/srs_app_config.cpp
@ -4639,6 +4639,23 @@ std::string SrsConfig::get_rtc_server_candidates()
    return (conf->arg0().c_str());
 }
 bool SrsConfig::get_rtc_server_ecdsa()
 {
    static bool DEFAULT = true;
    SrsConfDirective* conf = root->get("rtc_server");
    if (!conf) {
        return DEFAULT;
    }
    conf = conf->get("ecdsa");
    if (!conf || conf->arg0().empty()) {
        return DEFAULT;
    }
    return SRS_CONF_PERFER_TRUE(conf->arg0());
 }
 SrsConfDirective* SrsConfig::get_rtc(string vhost)
 {
    SrsConfDirective* conf = get_vhost(vhost);
--- a/trunk/src/app/srs_app_config.hpp
+++ b/trunk/src/app/srs_app_config.hpp
@ -520,6 +520,7 @@ public:
    virtual bool get_rtc_server_enabled(SrsConfDirective* conf);
    virtual int get_rtc_server_listen();
    virtual std::string get_rtc_server_candidates();
    virtual bool get_rtc_server_ecdsa();
    SrsConfDirective* get_rtc(std::string vhost);
    bool get_rtc_enabled(std::string vhost);
--- a/trunk/src/app/srs_app_dtls.cpp
+++ b/trunk/src/app/srs_app_dtls.cpp
@ -28,6 +28,8 @@ using namespace std;
 #include <string.h>
 #include <srs_kernel_log.hpp>
 #include <srs_kernel_error.hpp>
 #include <srs_app_config.hpp>
 #include <srtp2/srtp.h>
 #include <openssl/ssl.h>
@ -36,17 +38,18 @@ SrsDtls* SrsDtls::_instance = NULL;
 SrsDtls::SrsDtls()
 {
    dtls_ctx = NULL;
 }
 SrsDtls::~SrsDtls()
 {
    SSL_CTX_free(dtls_ctx);
 }
 SrsDtls* SrsDtls::instance()
 {
    if (!_instance) {
        _instance = new SrsDtls();
        _instance->init();
    }   
    return _instance;
 }
@ -66,8 +69,10 @@ static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
    return 1;
 }
-void SrsDtls::init()
+srs_error_t SrsDtls::init(const SrsRequest& req)
 {
    srs_error_t err = srs_success;
    // Initialize SRTP first.
    srs_assert(srtp_init() == 0);
@ -87,10 +92,13 @@ void SrsDtls::init()
    //dtls_ctx = SSL_CTX_new(DTLSv1_2_method());
 #endif
    // Whether use ECDSA certificate.
    bool is_ecdsa = _srs_config->get_rtc_server_ecdsa();
    // Create keys by RSA or ECDSA.
    EVP_PKEY* dtls_pkey = EVP_PKEY_new();
    srs_assert(dtls_pkey);
-    if (false) { // By RSA
+    if (!is_ecdsa) { // By RSA
        RSA* rsa = RSA_new();
        srs_assert(rsa);
@ -110,7 +118,7 @@ void SrsDtls::init()
        RSA_free(rsa);
        BN_free(exponent);
    }
-    if (true) { // By ECDSA, https://stackoverflow.com/a/6006898
+    if (is_ecdsa) { // By ECDSA, https://stackoverflow.com/a/6006898
        EC_KEY* eckey = EC_KEY_new();
        srs_assert(eckey);
@ -240,4 +248,6 @@ void SrsDtls::init()
        fingerprint.assign(fp, strlen(fp));
        srs_trace("fingerprint=%s", fingerprint.c_str());
    }
    return err;
 }
--- a/trunk/src/app/srs_app_dtls.hpp
+++ b/trunk/src/app/srs_app_dtls.hpp
@ -28,6 +28,8 @@
 #include <string>
 class SrsRequest;
 #include <openssl/ssl.h>
 class SrsDtls
@ -36,12 +38,12 @@ private:
    static SrsDtls* _instance;
 private:
    std::string fingerprint;
-    SSL_CTX*    dtls_ctx;
+    SSL_CTX* dtls_ctx;
 private:
    SrsDtls();
    virtual ~SrsDtls();
-
+public:
-    void init();
+    srs_error_t init(const SrsRequest& req);
 public:
    static SrsDtls* instance();
    SSL_CTX* get_dtls_ctx() { return dtls_ctx; }
--- a/trunk/src/app/srs_app_rtc_conn.cpp
+++ b/trunk/src/app/srs_app_rtc_conn.cpp
@ -142,10 +142,14 @@ SrsDtlsSession::~SrsDtlsSession()
    }
 }
-srs_error_t SrsDtlsSession::initialize()
+srs_error_t SrsDtlsSession::initialize(const SrsRequest& req)
 {    
    srs_error_t err = srs_success;
    if ((err = SrsDtls::instance()->init(req)) != srs_success) {
        return srs_error_wrap(err, "DTLS init");
    }
    if ((dtls = SSL_new(SrsDtls::instance()->get_dtls_ctx())) == NULL) {
        return srs_error_new(ERROR_OpenSslCreateSSL, "SSL_new dtls");
    }
@ -593,7 +597,7 @@ SrsRtcSession::SrsRtcSession(SrsRtcServer* rtc_svr, const SrsRequest& req, const
    rtc_server = rtc_svr;
    session_state = INIT;
    dtls_session = new SrsDtlsSession(this);
-    dtls_session->initialize();
+    dtls_session->initialize(req);
    strd = NULL;
    username = un;
--- a/trunk/src/app/srs_app_rtc_conn.hpp
+++ b/trunk/src/app/srs_app_rtc_conn.hpp
@ -97,7 +97,7 @@ public:
    SrsDtlsSession(SrsRtcSession* s);
    virtual ~SrsDtlsSession();
-    srs_error_t initialize();
+    srs_error_t initialize(const SrsRequest& req);
    srs_error_t on_dtls(SrsUdpMuxSocket* udp_mux_skt);
    srs_error_t on_dtls_handshake_done(SrsUdpMuxSocket* udp_mux_skt);