issue ossrs#4025: fix SSL key&cert config problem.

suzp1984 · Apr 16, 2024 · bc5e821 · bc5e821
1 parent 427104f
commit bc5e821
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 17 deletions.
diff --git a/trunk/src/app/srs_app_http_conn.cpp b/trunk/src/app/srs_app_http_conn.cpp
@@ -301,16 +301,24 @@ void SrsHttpConn::expire()
  trd->interrupt();
 }
 
-SrsHttpxConn::SrsHttpxConn(bool https, ISrsResourceManager* cm, ISrsProtocolReadWriter* io, ISrsHttpServeMux* m, string cip, int port)
+SrsHttpxConn::SrsHttpxConn(ISrsResourceManager* cm,
+ ISrsProtocolReadWriter* io,
+ ISrsHttpServeMux* m,
+ string cip,
+ int port,
+ const std::string& ssl_key_file,
+ const std::string& ssl_cert_file)
+ : manager(cm),
+ io_(io),
+ enable_stat_(false),
+ ssl_key_file(ssl_key_file),
+ ssl_cert_file(ssl_cert_file)
 {
  // Create a identify for this client.
  _srs_context->set_id(_srs_context->generate_id());
 
- io_ = io;
- manager = cm;
- enable_stat_ = false;
-
- if (https) {
+ if (!ssl_key_file.empty() &&
+ !ssl_cert_file.empty()) {
  ssl = new SrsSslConnection(io_);
  conn = new SrsHttpConn(this, ssl, m, cip, port);
  } else {
@@ -382,15 +390,13 @@ srs_error_t SrsHttpxConn::on_start()
  // Do SSL handshake if HTTPS.
  if (ssl) {
  srs_utime_t starttime = srs_update_system_time();
- string crt_file = _srs_config->get_https_stream_ssl_cert();
- string key_file = _srs_config->get_https_stream_ssl_key();
- if ((err = ssl->handshake(key_file, crt_file)) != srs_success) {
+ if ((err = ssl->handshake(ssl_key_file, ssl_cert_file)) != srs_success) {
  return srs_error_wrap(err, "handshake");
  }
 
  int cost = srsu2msi(srs_update_system_time() - starttime);
  srs_trace("https: stream server done, use key %s and cert %s, cost=%dms",
- key_file.c_str(), crt_file.c_str(), cost);
+ ssl_key_file.c_str(), ssl_cert_file.c_str(), cost);
  }
 
  return err;

diff --git a/trunk/src/app/srs_app_http_conn.hpp b/trunk/src/app/srs_app_http_conn.hpp
@@ -136,8 +136,18 @@ class SrsHttpxConn : public ISrsConnection, public ISrsStartable, public ISrsHtt
  SrsHttpConn* conn;
  // We should never enable the stat, unless HTTP stream connection requires.
  bool enable_stat_;
-public:
- SrsHttpxConn(bool https, ISrsResourceManager* cm, ISrsProtocolReadWriter* io, ISrsHttpServeMux* m, std::string cip, int port);
+ // ssl key & cert file
+ std::string ssl_key_file;
+ std::string ssl_cert_file;
+
+public:
+ SrsHttpxConn(ISrsResourceManager* cm,
+ ISrsProtocolReadWriter* io,
+ ISrsHttpServeMux* m,
+ std::string cip,
+ int port,
+ const std::string& ssl_key_file = "",
+ const std::string& ssl_cert_file = "");
  virtual ~SrsHttpxConn();
 public:
  // Require statistic about HTTP connection, for HTTP streaming clients only.

diff --git a/trunk/src/app/srs_app_server.cpp b/trunk/src/app/srs_app_server.cpp
@@ -1196,7 +1196,10 @@ srs_error_t SrsServer::do_on_tcp_client(ISrsListener* listener, srs_netfd_t& stf
  // TODO: FIXME: Should manage this connection by _srs_rtc_manager
  resource = new SrsRtcTcpConn(io, ip, port, this);
  } else {
- resource = new SrsHttpxConn(listener == http_listener_, this, io, http_server, ip, port);
+ bool is_https = listener == https_listener_;
+ resource = new SrsHttpxConn(this, io, http_server, ip, port,
+ is_https ? _srs_config->get_https_stream_ssl_key() : "",
+ is_https ? _srs_config->get_https_stream_ssl_cert() : "");
  }
  }
 #endif
@@ -1207,19 +1210,22 @@ srs_error_t SrsServer::do_on_tcp_client(ISrsListener* listener, srs_netfd_t& stf
  resource = new SrsRtmpConn(this, stfd2, ip, port);
  } else if (listener == api_listener_ || listener == apis_listener_) {
  bool is_https = listener == apis_listener_;
- resource = new SrsHttpxConn(is_https, this, new SrsTcpConnection(stfd2), http_api_mux, ip, port);
+ resource = new SrsHttpxConn(this, new SrsTcpConnection(stfd2), http_api_mux, ip, port,
+ is_https ? _srs_config->get_https_api_ssl_key() : "",
+ is_https ? _srs_config->get_https_api_ssl_cert() : "");
  } else if (listener == http_listener_ || listener == https_listener_) {
  bool is_https = listener == https_listener_;
- resource = new SrsHttpxConn(is_https, this, new SrsTcpConnection(stfd2), http_server, ip, port);
+ resource = new SrsHttpxConn(this, new SrsTcpConnection(stfd2), http_server, ip, port,
+ is_https ? _srs_config->get_https_stream_ssl_key() : "",
+ is_https ? _srs_config->get_https_stream_ssl_cert() : "");
 #ifdef SRS_RTC
  } else if (listener == webrtc_listener_) {
  // TODO: FIXME: Should manage this connection by _srs_rtc_manager
  resource = new SrsRtcTcpConn(new SrsTcpConnection(stfd2), ip, port, this);
 #endif
  } else if (listener == exporter_listener_) {
  // TODO: FIXME: Maybe should support https metrics.
- bool is_https = false;
- resource = new SrsHttpxConn(is_https, this, new SrsTcpConnection(stfd2), http_api_mux, ip, port);
+ resource = new SrsHttpxConn(this, new SrsTcpConnection(stfd2), http_api_mux, ip, port);
  } else {
  srs_close_stfd(stfd2);
  srs_warn("Close for invalid fd=%d, ip=%s:%d", fd, ip.c_str(), port);