For #1657, support HTTPS client, for http-callback. 4.0.45

ossrs · Nov 3, 2020 · d552a1a · d552a1a
1 parent 08e1940
commit d552a1a
Show file tree

Hide file tree

Showing 13 changed files with 343 additions and 31 deletions.
diff --git a/README.md b/README.md
@@ -155,6 +155,7 @@ For previous versions, please read:
 
 ## V4 changes
 
+* v4.0, 2020-11-03, For [#1657][bug #1657-1], support HTTPS client, for http-callback. 4.0.45
 * v4.0, 2020-10-31, Support gdb/srs.py to stat coroutines. 4.0.44
 * v4.0, 2020-09-19, RTC: Extract resource manager. Use any UDP packet to keep alive. 4.0.43
 * v4.0, 2020-09-09, RTC: Refine NACK RTT and efficiency. 4.0.42
@@ -1781,6 +1782,7 @@ Winlin
 [bug #1636]: https://github.com/ossrs/srs/issues/1636
 [bug #1657]: https://github.com/ossrs/srs/issues/1657
 [bug #1830]: https://github.com/ossrs/srs/issues/1830
+[bug #1657-1]: https://github.com/ossrs/srs/issues/1657#issuecomment-720889906
 [bug #zzzzzzzzzzzzz]: https://github.com/ossrs/srs/issues/zzzzzzzzzzzzz
 
 [exo #828]: https://github.com/google/ExoPlayer/pull/828

diff --git a/trunk/auto/auto_headers.sh b/trunk/auto/auto_headers.sh
@@ -105,6 +105,12 @@ else
     srs_undefine_macro "SRS_GB28181" $SRS_AUTO_HEADERS_H
 fi
 
+if [ $SRS_HTTPS = YES ]; then
+    srs_define_macro "SRS_HTTPS" $SRS_AUTO_HEADERS_H
+else
+    srs_undefine_macro "SRS_HTTPS" $SRS_AUTO_HEADERS_H
+fi
+
 if [ $SRS_MEM_WATCH = YES ]; then
     srs_define_macro "SRS_MEM_WATCH" $SRS_AUTO_HEADERS_H
 else

diff --git a/trunk/auto/options.sh b/trunk/auto/options.sh
@@ -35,6 +35,7 @@ SRS_GPROF=NO # Performance test: gprof
 SRS_STREAM_CASTER=YES
 SRS_INGEST=YES
 SRS_SSL=YES
+SRS_HTTPS=NO
 SRS_STAT=YES
 SRS_TRANSCODE=YES
 SRS_HTTP_CALLBACK=YES
@@ -145,6 +146,7 @@ Features:
   -h, --help                Print this message and exit 0.
 
   --ssl=on|off              Whether build the rtmp complex handshake, requires openssl-devel installed.
+  --https=on|off            Whether enable HTTPS client and server. Default: off
   --hds=on|off              Whether build the hds streaming, mux RTMP to F4M/F4V files.
   --stream-caster=on|off    Whether build the stream caster to serve other stream over other protocol.
   --stat=on|off             Whether build the the data statistic, for http api.
@@ -272,6 +274,7 @@ function parse_user_option() {
 
         --with-ssl)                     SRS_SSL=YES                 ;;
         --ssl)                          if [[ $value == off ]]; then SRS_SSL=NO; else SRS_SSL=YES; fi    ;;
+        --https)                        if [[ $value == off ]]; then SRS_HTTPS=NO; else SRS_HTTPS=YES; fi ;;
 
         --with-hds)                     SRS_HDS=YES                 ;;
         --without-hds)                  SRS_HDS=NO                  ;;
@@ -526,6 +529,7 @@ function regenerate_options() {
     if [ $SRS_HDS = YES ]; then             SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --hds=on"; else             SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --hds=off"; fi
     if [ $SRS_DVR = YES ]; then             SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --dvr=on"; else             SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --dvr=off"; fi
     if [ $SRS_SSL = YES ]; then             SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ssl=on"; else             SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ssl=off"; fi
+    if [ $SRS_HTTPS = YES ]; then           SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --https=on"; else           SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --https=off"; fi
     if [ $SRS_USE_SYS_SSL = YES ]; then     SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --sys-ssl=on"; else         SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --sys-ssl=off"; fi
     if [ $SRS_TRANSCODE = YES ]; then       SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --transcode=on"; else       SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --transcode=off"; fi
     if [ $SRS_INGEST = YES ]; then          SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ingest=on"; else          SRS_AUTO_CONFIGURE="${SRS_AUTO_CONFIGURE} --ingest=off"; fi

diff --git a/trunk/conf/full.conf b/trunk/conf/full.conf
@@ -1090,6 +1090,8 @@ vhost hooks.callback.srs.com {
         #       0
         # support multiple api hooks, format:
         #       on_connect http://xxx/api0 http://xxx/api1 http://xxx/apiN
+        # @remark For SRS4, the HTTPS url is supported, for example:
+        #       on_connect https://xxx/api0 https://xxx/api1 https://xxx/apiN
         on_connect      http://127.0.0.1:8085/api/v1/clients http://localhost:8085/api/v1/clients;
         # when client close/disconnect to vhost/app/stream, call the hook,
         # the request in the POST data string is a object encode by json:
@@ -1104,6 +1106,8 @@ vhost hooks.callback.srs.com {
         #       0
         # support multiple api hooks, format:
         #       on_close http://xxx/api0 http://xxx/api1 http://xxx/apiN
+        # @remark For SRS4, the HTTPS url is supported, for example:
+        #       on_close https://xxx/api0 https://xxx/api1 https://xxx/apiN
         on_close        http://127.0.0.1:8085/api/v1/clients http://localhost:8085/api/v1/clients;
         # when client(encoder) publish to vhost/app/stream, call the hook,
         # the request in the POST data string is a object encode by json:
@@ -1118,6 +1122,8 @@ vhost hooks.callback.srs.com {
         #       0
         # support multiple api hooks, format:
         #       on_publish http://xxx/api0 http://xxx/api1 http://xxx/apiN
+        # @remark For SRS4, the HTTPS url is supported, for example:
+        #       on_publish https://xxx/api0 https://xxx/api1 https://xxx/apiN
         on_publish      http://127.0.0.1:8085/api/v1/streams http://localhost:8085/api/v1/streams;
         # when client(encoder) stop publish to vhost/app/stream, call the hook,
         # the request in the POST data string is a object encode by json:
@@ -1132,6 +1138,8 @@ vhost hooks.callback.srs.com {
         #       0
         # support multiple api hooks, format:
         #       on_unpublish http://xxx/api0 http://xxx/api1 http://xxx/apiN
+        # @remark For SRS4, the HTTPS url is supported, for example:
+        #       on_unpublish https://xxx/api0 https://xxx/api1 https://xxx/apiN
         on_unpublish    http://127.0.0.1:8085/api/v1/streams http://localhost:8085/api/v1/streams;
         # when client start to play vhost/app/stream, call the hook,
         # the request in the POST data string is a object encode by json:
@@ -1147,6 +1155,8 @@ vhost hooks.callback.srs.com {
         #       0
         # support multiple api hooks, format:
         #       on_play http://xxx/api0 http://xxx/api1 http://xxx/apiN
+        # @remark For SRS4, the HTTPS url is supported, for example:
+        #       on_play https://xxx/api0 https://xxx/api1 https://xxx/apiN
         on_play         http://127.0.0.1:8085/api/v1/sessions http://localhost:8085/api/v1/sessions;
         # when client stop to play vhost/app/stream, call the hook,
         # the request in the POST data string is a object encode by json:
@@ -1161,6 +1171,8 @@ vhost hooks.callback.srs.com {
         #       0
         # support multiple api hooks, format:
         #       on_stop http://xxx/api0 http://xxx/api1 http://xxx/apiN
+        # @remark For SRS4, the HTTPS url is supported, for example:
+        #       on_stop https://xxx/api0 https://xxx/api1 https://xxx/apiN
         on_stop         http://127.0.0.1:8085/api/v1/sessions http://localhost:8085/api/v1/sessions;
         # when srs reap a dvr file, call the hook,
         # the request in the POST data string is a object encode by json:

diff --git a/trunk/configure b/trunk/configure
@@ -699,6 +699,11 @@ if [ $SRS_RTC = YES ]; then
 else
     echo -e "${GREEN}Warning: RTC is disabled.${BLACK}"
 fi
+if [ $SRS_HTTPS = YES ]; then
+    echo -e "${YELLOW}Experiment: HTTPS is enabled. https://github.com/ossrs/srs/issues/1657${BLACK}"
+else
+    echo -e "${GREEN}Warning: HTTPS is disabled.${BLACK}"
+fi
 if [ $SRS_DVR = YES ]; then
     echo -e "${GREEN}DVR is enabled.${BLACK}"
 else

diff --git a/trunk/src/app/srs_app_heartbeat.cpp b/trunk/src/app/srs_app_heartbeat.cpp
@@ -87,7 +87,7 @@ srs_error_t SrsHttpHeartbeat::do_heartbeat()
     }
 
     SrsHttpClient http;
-    if ((err = http.initialize(uri.get_host(), uri.get_port())) != srs_success) {
+    if ((err = http.initialize(uri.get_schema(), uri.get_host(), uri.get_port())) != srs_success) {
         return srs_error_wrap(err, "init uri=%s", uri.get_url().c_str());
     }
 

diff --git a/trunk/src/app/srs_app_http_hooks.cpp b/trunk/src/app/srs_app_http_hooks.cpp
@@ -371,7 +371,7 @@ srs_error_t SrsHttpHooks::on_hls_notify(SrsContextId c, std::string url, SrsRequ
     }
 
     SrsHttpClient http;
-    if ((err = http.initialize(uri.get_host(), uri.get_port(), SRS_HLS_NOTIFY_TIMEOUT)) != srs_success) {
+    if ((err = http.initialize(uri.get_schema(), uri.get_host(), uri.get_port(), SRS_HLS_NOTIFY_TIMEOUT)) != srs_success) {
         return srs_error_wrap(err, "http: init client for %s", url.c_str());
     }
 
@@ -478,7 +478,7 @@ srs_error_t SrsHttpHooks::do_post(SrsHttpClient* hc, std::string url, std::strin
         return srs_error_wrap(err, "http: post failed. url=%s", url.c_str());
     }
 
-    if ((err = hc->initialize(uri.get_host(), uri.get_port())) != srs_success) {
+    if ((err = hc->initialize(uri.get_schema(), uri.get_host(), uri.get_port())) != srs_success) {
         return srs_error_wrap(err, "http: init client");
     }
 

diff --git a/trunk/src/app/srs_app_rtc_dtls.cpp b/trunk/src/app/srs_app_rtc_dtls.cpp
@@ -40,20 +40,8 @@ using namespace std;
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 
-// The return value of verify_callback controls the strategy of the further verification process. If verify_callback
-// returns 0, the verification process is immediately stopped with "verification failed" state. If SSL_VERIFY_PEER is
-// set, a verification failure alert is sent to the peer and the TLS/SSL handshake is terminated. If verify_callback
-// returns 1, the verification process is continued. If verify_callback always returns 1, the TLS/SSL handshake will
-// not be terminated with respect to verification failures and the connection will be established. The calling process
-// can however retrieve the error code of the last verification error using SSL_get_verify_result(3) or by maintaining
-// its own error storage managed by verify_callback.
-// @see https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_verify.html
-int srs_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
-{
-    // Always OK, we don't check the certificate of client,
-    // because we allow client self-sign certificate.
-    return 1;
-}
+// Defined in HTTP/HTTPS client.
+extern int srs_verify_callback(int preverify_ok, X509_STORE_CTX *ctx);
 
 // Print the information of SSL, DTLS alert as such.
 void ssl_on_info(const SSL* dtls, int where, int ret)
@@ -213,6 +201,11 @@ srs_error_t SrsDtlsCertificate::initialize()
     // @see https://www.openssl.org/docs/man1.1.0/man3/OpenSSL_add_ssl_algorithms.html
     // @see https://web.archive.org/web/20150806185102/http://sctp.fh-muenster.de:80/dtls/dtls_udp_echo.c
     OpenSSL_add_ssl_algorithms();
+#else
+    // As of version 1.1.0 OpenSSL will automatically allocate all resources that it needs so no explicit
+    // initialisation is required. Similarly it will also automatically deinitialise as required.
+    // @see https://www.openssl.org/docs/man1.1.0/man3/OPENSSL_init_ssl.html
+    // OPENSSL_init_ssl();
 #endif
 
     // Initialize SRTP first.
@@ -456,6 +449,7 @@ srs_error_t SrsDtlsImpl::do_on_dtls(char* data, int nb_data)
     srs_error_t err = srs_success;
 
     int r0 = 0;
+    // TODO: FIXME: Why reset it before writing?
     if ((r0 = BIO_reset(bio_in)) != 1) {
         return srs_error_new(ERROR_OpenSslBIOReset, "BIO_reset r0=%d", r0);
     }

diff --git a/trunk/src/core/srs_core_version4.hpp b/trunk/src/core/srs_core_version4.hpp
@@ -24,6 +24,6 @@
 #ifndef SRS_CORE_VERSION4_HPP
 #define SRS_CORE_VERSION4_HPP
 
-#define SRS_VERSION4_REVISION 44
+#define SRS_VERSION4_REVISION 45
 
 #endif
diff --git a/trunk/src/kernel/srs_kernel_error.hpp b/trunk/src/kernel/srs_kernel_error.hpp
@@ -324,6 +324,10 @@
 #define ERROR_HTTP_302_INVALID              4038
 #define ERROR_BASE64_DECODE                 4039
 #define ERROR_HTTP_STREAM_EOF               4040
+#define ERROR_HTTPS_NOT_SUPPORTED           4041
+#define ERROR_HTTPS_HANDSHAKE               4042
+#define ERROR_HTTPS_READ                    4043
+#define ERROR_HTTPS_WRITE                   4044
 
 ///////////////////////////////////////////////////////
 // RTC protocol error.

diff --git a/trunk/src/main/srs_main_ingest_hls.cpp b/trunk/src/main/srs_main_ingest_hls.cpp
@@ -370,7 +370,7 @@ int SrsIngestHlsInput::parseM3u8(SrsHttpUri* url, double& td, double& duration)
     SrsHttpClient client;
     srs_trace("parse input hls %s", url->get_url().c_str());
 
-    if ((err = client.initialize(url->get_host(), url->get_port())) != srs_success) {
+    if ((err = client.initialize(url->get_schema(), url->get_host(), url->get_port())) != srs_success) {
         // TODO: FIXME: Use error
         ret = srs_error_code(err);
         srs_freep(err);
@@ -609,7 +609,7 @@ int SrsIngestHlsInput::SrsTsPiece::fetch(string m3u8)
     }
 
     // initialize the fresh http client.
-    if ((ret = client.initialize(uri.get_host(), uri.get_port()) != ERROR_SUCCESS)) {
+    if ((ret = client.initialize(uri.get_schema(), uri.get_host(), uri.get_port()) != ERROR_SUCCESS)) {
         return ret;
     }