From 9addade2b4baa51068ca26545c189ae9cbdfd30d Mon Sep 17 00:00:00 2001 From: "jinxue.cgh" Date: Wed, 24 Jun 2020 20:21:36 +0800 Subject: [PATCH] RTC: delete SrsDTLS single instance --- trunk/src/app/srs_app_rtc_conn.cpp | 2 +- trunk/src/app/srs_app_rtc_dtls.cpp | 47 +++++++++++----------------- trunk/src/app/srs_app_rtc_dtls.hpp | 11 +++---- trunk/src/app/srs_app_rtc_server.cpp | 13 ++++---- trunk/src/app/srs_app_rtc_server.hpp | 1 - 5 files changed, 30 insertions(+), 44 deletions(-) diff --git a/trunk/src/app/srs_app_rtc_conn.cpp b/trunk/src/app/srs_app_rtc_conn.cpp index 5ce7c8b55..9b27f7893 100644 --- a/trunk/src/app/srs_app_rtc_conn.cpp +++ b/trunk/src/app/srs_app_rtc_conn.cpp @@ -150,7 +150,7 @@ srs_error_t SrsRtcDtls::initialize(SrsRequest* r) srs_error_t err = srs_success; // TODO: FIXME: Leak for SSL_CTX* return by build_dtls_ctx. - if ((dtls = SSL_new(SrsDtls::instance()->build_dtls_ctx())) == NULL) { + if ((dtls = SSL_new(SrsDtls::build_dtls_ctx())) == NULL) { return srs_error_new(ERROR_OpenSslCreateSSL, "SSL_new dtls"); } diff --git a/trunk/src/app/srs_app_rtc_dtls.cpp b/trunk/src/app/srs_app_rtc_dtls.cpp index 2a3dab050..3bbdc5ee9 100644 --- a/trunk/src/app/srs_app_rtc_dtls.cpp +++ b/trunk/src/app/srs_app_rtc_dtls.cpp @@ -34,6 +34,21 @@ using namespace std; #include #include +// The return value of verify_callback controls the strategy of the further verification process. If verify_callback +// returns 0, the verification process is immediately stopped with "verification failed" state. If SSL_VERIFY_PEER is +// set, a verification failure alert is sent to the peer and the TLS/SSL handshake is terminated. If verify_callback +// returns 1, the verification process is continued. If verify_callback always returns 1, the TLS/SSL handshake will +// not be terminated with respect to verification failures and the connection will be established. The calling process +// can however retrieve the error code of the last verification error using SSL_get_verify_result(3) or by maintaining +// its own error storage managed by verify_callback. +// @see https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_verify.html +static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) +{ + // Always OK, we don't check the certificate of client, + // because we allow client self-sign certificate. + return 1; +} + SrsDtlsCertificate::SrsDtlsCertificate() { dtls_cert = NULL; @@ -216,7 +231,6 @@ bool SrsDtlsCertificate::is_ecdsa() return ecdsa_mode; } -SrsDtls* SrsDtls::_instance = NULL; SrsDtls::SrsDtls() { @@ -226,29 +240,6 @@ SrsDtls::~SrsDtls() { } -// The return value of verify_callback controls the strategy of the further verification process. If verify_callback -// returns 0, the verification process is immediately stopped with "verification failed" state. If SSL_VERIFY_PEER is -// set, a verification failure alert is sent to the peer and the TLS/SSL handshake is terminated. If verify_callback -// returns 1, the verification process is continued. If verify_callback always returns 1, the TLS/SSL handshake will -// not be terminated with respect to verification failures and the connection will be established. The calling process -// can however retrieve the error code of the last verification error using SSL_get_verify_result(3) or by maintaining -// its own error storage managed by verify_callback. -// @see https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_verify.html -static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) -{ - // Always OK, we don't check the certificate of client, - // because we allow client self-sign certificate. - return 1; -} - -SrsDtls* SrsDtls::instance() -{ - if (!_instance) { - _instance = new SrsDtls(); - } - return _instance; -} - SSL_CTX* SrsDtls::build_dtls_ctx() { SSL_CTX* dtls_ctx; @@ -260,7 +251,7 @@ SSL_CTX* SrsDtls::build_dtls_ctx() //dtls_ctx = SSL_CTX_new(DTLSv1_2_method()); #endif - if (_rtc_dtls_certificate->is_ecdsa()) { // By ECDSA, https://stackoverflow.com/a/6006898 + if (_srs_rtc_dtls_certificate->is_ecdsa()) { // By ECDSA, https://stackoverflow.com/a/6006898 #if OPENSSL_VERSION_NUMBER >= 0x10002000L // v1.0.2 // For ECDSA, we could set the curves list. @@ -272,7 +263,7 @@ SSL_CTX* SrsDtls::build_dtls_ctx() // @see https://stackoverrun.com/cn/q/10791887 #if OPENSSL_VERSION_NUMBER < 0x10100000L // v1.1.x #if OPENSSL_VERSION_NUMBER < 0x10002000L // v1.0.2 - SSL_CTX_set_tmp_ecdh(dtls_ctx, _rtc_dtls_certificate->get_ecdsa_key()); + SSL_CTX_set_tmp_ecdh(dtls_ctx, _srs_rtc_dtls_certificate->get_ecdsa_key()); #else SSL_CTX_set_ecdh_auto(dtls_ctx, 1); #endif @@ -286,8 +277,8 @@ SSL_CTX* SrsDtls::build_dtls_ctx() srs_assert(SSL_CTX_set_cipher_list(dtls_ctx, "ALL") == 1); // Setup the certificate. - srs_assert(SSL_CTX_use_certificate(dtls_ctx, _rtc_dtls_certificate->get_cert()) == 1); - srs_assert(SSL_CTX_use_PrivateKey(dtls_ctx, _rtc_dtls_certificate->get_public_key()) == 1); + srs_assert(SSL_CTX_use_certificate(dtls_ctx, _srs_rtc_dtls_certificate->get_cert()) == 1); + srs_assert(SSL_CTX_use_PrivateKey(dtls_ctx, _srs_rtc_dtls_certificate->get_public_key()) == 1); // Server will send Certificate Request. // @see https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_verify.html diff --git a/trunk/src/app/srs_app_rtc_dtls.hpp b/trunk/src/app/srs_app_rtc_dtls.hpp index e132ff8d7..6ed55b3ce 100644 --- a/trunk/src/app/srs_app_rtc_dtls.hpp +++ b/trunk/src/app/srs_app_rtc_dtls.hpp @@ -58,19 +58,16 @@ public: bool is_ecdsa(); }; -// @global dtls certficate for rtc module. -SrsDtlsCertificate* _rtc_dtls_certificate = new SrsDtlsCertificate(); +// @global config object. +extern SrsDtlsCertificate* _srs_rtc_dtls_certificate; class SrsDtls { -private: - static SrsDtls* _instance; -private: +public: SrsDtls(); virtual ~SrsDtls(); public: - static SrsDtls* instance(); - SSL_CTX* build_dtls_ctx(); + static SSL_CTX* build_dtls_ctx(); }; #endif diff --git a/trunk/src/app/srs_app_rtc_server.cpp b/trunk/src/app/srs_app_rtc_server.cpp index 5c1ce5e51..5ecc50d65 100644 --- a/trunk/src/app/srs_app_rtc_server.cpp +++ b/trunk/src/app/srs_app_rtc_server.cpp @@ -40,6 +40,9 @@ #include #include +// @global dtls certficate for rtc module. +SrsDtlsCertificate* _srs_rtc_dtls_certificate = new SrsDtlsCertificate(); + using namespace std; static bool is_stun(const uint8_t* data, const int size) @@ -333,7 +336,7 @@ srs_error_t SrsRtcServer::create_session( local_sdp.set_ice_ufrag(local_ufrag); local_sdp.set_ice_pwd(local_pwd); local_sdp.set_fingerprint_algo("sha-256"); - local_sdp.set_fingerprint(_rtc_dtls_certificate->get_fingerprint()); + local_sdp.set_fingerprint(_srs_rtc_dtls_certificate->get_fingerprint()); // We allows to mock the eip of server. if (!mock_eip.empty()) { @@ -366,7 +369,7 @@ srs_error_t SrsRtcServer::create_session2(SrsSdp& local_sdp, SrsRtcSession** pse local_sdp.set_ice_ufrag(local_ufrag); local_sdp.set_ice_pwd(local_pwd); local_sdp.set_fingerprint_algo("sha-256"); - local_sdp.set_fingerprint(_rtc_dtls_certificate->get_fingerprint()); + local_sdp.set_fingerprint(_srs_rtc_dtls_certificate->get_fingerprint()); // We allows to mock the eip of server. std::vector candidate_ips = get_candidate_ips(); @@ -521,17 +524,13 @@ RtcServerAdapter::RtcServerAdapter() RtcServerAdapter::~RtcServerAdapter() { srs_freep(rtc); - - if (_rtc_dtls_certificate) { - srs_freep(_rtc_dtls_certificate); - } } srs_error_t RtcServerAdapter::initialize() { srs_error_t err = srs_success; - if ((err = _rtc_dtls_certificate->initialize()) != srs_success) { + if ((err = _srs_rtc_dtls_certificate->initialize()) != srs_success) { return srs_error_wrap(err, "rtc dtls certificate initialize"); } diff --git a/trunk/src/app/srs_app_rtc_server.hpp b/trunk/src/app/srs_app_rtc_server.hpp index a39fce66b..164971710 100644 --- a/trunk/src/app/srs_app_rtc_server.hpp +++ b/trunk/src/app/srs_app_rtc_server.hpp @@ -31,7 +31,6 @@ #include #include #include -#include #include