diff --git a/trunk/doc/CHANGELOG.md b/trunk/doc/CHANGELOG.md index 58b7ab751..9c54cfc36 100644 --- a/trunk/doc/CHANGELOG.md +++ b/trunk/doc/CHANGELOG.md @@ -7,6 +7,7 @@ The changelog for SRS. ## SRS 6.0 Changelog +* v6.0, 2024-07-09, Merge [#4028](https://github.com/ossrs/srs/pull/4028): HTTPS: Support config key/cert for HTTPS API. v6.0.137 (#4028) * v6.0, 2024-07-09, Merge [#4109](https://github.com/ossrs/srs/pull/4109): UniquePtr: Support SrsUniquePtr to replace SrsAutoFree. v6.0.136 (#4109) * v6.0, 2024-07-08, Merge [#4042](https://github.com/ossrs/srs/pull/4042): Refine config directive token parsing. v6.0.135 (#4042) * v6.0, 2024-07-04, Merge [#4106](https://github.com/ossrs/srs/pull/4106): SmartPtr: Fix SRT source memory leaking. v6.0.134 (#4106) diff --git a/trunk/src/app/srs_app_http_conn.cpp b/trunk/src/app/srs_app_http_conn.cpp index 246db282d..c14eb413f 100644 --- a/trunk/src/app/srs_app_http_conn.cpp +++ b/trunk/src/app/srs_app_http_conn.cpp @@ -300,16 +300,13 @@ void SrsHttpConn::expire() trd->interrupt(); } -SrsHttpxConn::SrsHttpxConn(bool https, ISrsResourceManager* cm, ISrsProtocolReadWriter* io, ISrsHttpServeMux* m, string cip, int port) +SrsHttpxConn::SrsHttpxConn(ISrsResourceManager* cm, ISrsProtocolReadWriter* io, ISrsHttpServeMux* m, string cip, int port, string key, string cert) : manager(cm), io_(io), enable_stat_(false), ssl_key_file_(key), ssl_cert_file_(cert) { // Create a identify for this client. _srs_context->set_id(_srs_context->generate_id()); - io_ = io; - manager = cm; - enable_stat_ = false; - - if (https) { + if (!ssl_key_file_.empty() && + !ssl_cert_file_.empty()) { ssl = new SrsSslConnection(io_); conn = new SrsHttpConn(this, ssl, m, cip, port); } else { @@ -381,15 +378,13 @@ srs_error_t SrsHttpxConn::on_start() // Do SSL handshake if HTTPS. if (ssl) { srs_utime_t starttime = srs_update_system_time(); - string crt_file = _srs_config->get_https_stream_ssl_cert(); - string key_file = _srs_config->get_https_stream_ssl_key(); - if ((err = ssl->handshake(key_file, crt_file)) != srs_success) { + if ((err = ssl->handshake(ssl_key_file_, ssl_cert_file_)) != srs_success) { return srs_error_wrap(err, "handshake"); } int cost = srsu2msi(srs_update_system_time() - starttime); srs_trace("https: stream server done, use key %s and cert %s, cost=%dms", - key_file.c_str(), crt_file.c_str(), cost); + ssl_key_file_.c_str(), ssl_cert_file_.c_str(), cost); } return err; diff --git a/trunk/src/app/srs_app_http_conn.hpp b/trunk/src/app/srs_app_http_conn.hpp index de78c8b3c..57f984a49 100644 --- a/trunk/src/app/srs_app_http_conn.hpp +++ b/trunk/src/app/srs_app_http_conn.hpp @@ -136,8 +136,12 @@ private: SrsHttpConn* conn; // We should never enable the stat, unless HTTP stream connection requires. bool enable_stat_; + // ssl key & cert file + const std::string ssl_key_file_; + const std::string ssl_cert_file_; + public: - SrsHttpxConn(bool https, ISrsResourceManager* cm, ISrsProtocolReadWriter* io, ISrsHttpServeMux* m, std::string cip, int port); + SrsHttpxConn(ISrsResourceManager* cm, ISrsProtocolReadWriter* io, ISrsHttpServeMux* m, std::string cip, int port, std::string key, std::string cert); virtual ~SrsHttpxConn(); public: // Require statistic about HTTP connection, for HTTP streaming clients only. diff --git a/trunk/src/app/srs_app_server.cpp b/trunk/src/app/srs_app_server.cpp index 21b50323c..aff62f02e 100644 --- a/trunk/src/app/srs_app_server.cpp +++ b/trunk/src/app/srs_app_server.cpp @@ -1207,7 +1207,9 @@ srs_error_t SrsServer::do_on_tcp_client(ISrsListener* listener, srs_netfd_t& stf ) { resource = new SrsRtcTcpConn(io, ip, port); } else { - resource = new SrsHttpxConn(listener == http_listener_, this, io, http_server, ip, port); + string key = listener == https_listener_ ? _srs_config->get_https_stream_ssl_key() : ""; + string cert = listener == https_listener_ ? _srs_config->get_https_stream_ssl_cert() : ""; + resource = new SrsHttpxConn(this, io, http_server, ip, port, key, cert); } } #endif @@ -1217,19 +1219,20 @@ srs_error_t SrsServer::do_on_tcp_client(ISrsListener* listener, srs_netfd_t& stf if (listener == rtmp_listener_) { resource = new SrsRtmpConn(this, stfd2, ip, port); } else if (listener == api_listener_ || listener == apis_listener_) { - bool is_https = listener == apis_listener_; - resource = new SrsHttpxConn(is_https, this, new SrsTcpConnection(stfd2), http_api_mux, ip, port); + string key = listener == apis_listener_ ? _srs_config->get_https_api_ssl_key() : ""; + string cert = listener == apis_listener_ ? _srs_config->get_https_api_ssl_cert() : ""; + resource = new SrsHttpxConn(this, new SrsTcpConnection(stfd2), http_api_mux, ip, port, key, cert); } else if (listener == http_listener_ || listener == https_listener_) { - bool is_https = listener == https_listener_; - resource = new SrsHttpxConn(is_https, this, new SrsTcpConnection(stfd2), http_server, ip, port); + string key = listener == https_listener_ ? _srs_config->get_https_stream_ssl_key() : ""; + string cert = listener == https_listener_ ? _srs_config->get_https_stream_ssl_cert() : ""; + resource = new SrsHttpxConn(this, new SrsTcpConnection(stfd2), http_server, ip, port, key, cert); #ifdef SRS_RTC } else if (listener == webrtc_listener_) { resource = new SrsRtcTcpConn(new SrsTcpConnection(stfd2), ip, port); #endif } else if (listener == exporter_listener_) { // TODO: FIXME: Maybe should support https metrics. - bool is_https = false; - resource = new SrsHttpxConn(is_https, this, new SrsTcpConnection(stfd2), http_api_mux, ip, port); + resource = new SrsHttpxConn(this, new SrsTcpConnection(stfd2), http_api_mux, ip, port, "", ""); } else { srs_close_stfd(stfd2); srs_warn("Close for invalid fd=%d, ip=%s:%d", fd, ip.c_str(), port); diff --git a/trunk/src/core/srs_core_version6.hpp b/trunk/src/core/srs_core_version6.hpp index f3646d353..29615096f 100644 --- a/trunk/src/core/srs_core_version6.hpp +++ b/trunk/src/core/srs_core_version6.hpp @@ -9,6 +9,6 @@ #define VERSION_MAJOR 6 #define VERSION_MINOR 0 -#define VERSION_REVISION 136 +#define VERSION_REVISION 137 #endif