rtsp source: set ServerName when using TLS (#708)

2025-10-04 23:32:44 +08:00 · 2021-12-03 23:15:21 +01:00
parent 0d8f14388e
commit a1fed6fb38
5 changed files with 42 additions and 30 deletions
--- a/go.mod
+++ b/go.mod
@@ -3,7 +3,7 @@ module github.com/aler9/rtsp-simple-server
 go 1.17
 require (
-	github.com/aler9/gortsplib v0.0.0-20211130212324-870687d91d98
+	github.com/aler9/gortsplib v0.0.0-20211203221149-9c3ee269f2a9
 	github.com/asticode/go-astits v1.10.0
 	github.com/fsnotify/fsnotify v1.4.9
 	github.com/gin-gonic/gin v1.7.2
--- a/go.sum
+++ b/go.sum
@@ -2,8 +2,8 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 h1:JYp7IbQjafo
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d h1:UQZhZ2O0vMHr2cI+DC1Mbh0TJxzA3RcLoMsFw+aXw7E=
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
-github.com/aler9/gortsplib v0.0.0-20211130212324-870687d91d98 h1:ryT1GvDYfldjOHcrlzuJczryXxAxPLkqnHAQmhakB1E=
+github.com/aler9/gortsplib v0.0.0-20211203221149-9c3ee269f2a9 h1:K2kyqBoKnz8FWbtum8/Fvsixpy0jIT1EZiG8XYbY++I=
-github.com/aler9/gortsplib v0.0.0-20211130212324-870687d91d98/go.mod h1:fyQrQyHo8QvdR/h357tkv1g36VesZlzEPsdAu2VrHHc=
+github.com/aler9/gortsplib v0.0.0-20211203221149-9c3ee269f2a9/go.mod h1:fyQrQyHo8QvdR/h357tkv1g36VesZlzEPsdAu2VrHHc=
 github.com/aler9/rtmp v0.0.0-20210403095203-3be4a5535927 h1:95mXJ5fUCYpBRdSOnLAQAdJHHKxxxJrVCiaqDi965YQ=
 github.com/aler9/rtmp v0.0.0-20210403095203-3be4a5535927/go.mod h1:vzuE21rowz+lT1NGsWbreIvYulgBpCGnQyeTyFblUHc=
 github.com/asticode/go-astikit v0.20.0 h1:+7N+J4E4lWx2QOkRdOf6DafWJMv6O4RRfgClwQokrH8=
--- a/internal/core/api_test.go
+++ b/internal/core/api_test.go
@@ -2,6 +2,7 @@ package core
 import (
 	"bytes"
 	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -202,7 +203,9 @@ func TestAPIPathsList(t *testing.T) {
 	}()
 	func() {
-		source := gortsplib.Client{}
+		source := gortsplib.Client{
 			TLSConfig: &tls.Config{InsecureSkipVerify: true},
 		}
 		err := source.StartPublishing("rtsps://localhost:8555/mypath",
 			gortsplib.Tracks{track})
@@ -261,7 +264,9 @@ func TestAPIList(t *testing.T) {
 				defer source.Close()
 			case "rtsps":
-				source := gortsplib.Client{}
+				source := gortsplib.Client{
 					TLSConfig: &tls.Config{InsecureSkipVerify: true},
 				}
 				err := source.StartPublishing("rtsps://localhost:8555/mypath",
 					gortsplib.Tracks{track})
@@ -390,7 +395,9 @@ func TestAPIKick(t *testing.T) {
 				defer source.Close()
 			case "rtsps":
-				source := gortsplib.Client{}
+				source := gortsplib.Client{
 					TLSConfig: &tls.Config{InsecureSkipVerify: true},
 				}
 				err := source.StartPublishing("rtsps://localhost:8555/mypath",
 					gortsplib.Tracks{track})
--- a/internal/core/rtsp_source.go
+++ b/internal/core/rtsp_source.go
@@ -120,21 +120,24 @@ func (s *rtspSource) run() {
 func (s *rtspSource) runInner() bool {
 	s.log(logger.Debug, "connecting")
-	tlsConfig := &tls.Config{}
+	var tlsConfig *tls.Config
 	if s.fingerprint != "" {
-		tlsConfig.InsecureSkipVerify = true
+		tlsConfig = &tls.Config{
-		tlsConfig.VerifyConnection = func(cs tls.ConnectionState) error {
+			InsecureSkipVerify: true,
-			h := sha256.New()
+			VerifyConnection: func(cs tls.ConnectionState) error {
-			h.Write(cs.PeerCertificates[0].Raw)
+				h := sha256.New()
-			hstr := hex.EncodeToString(h.Sum(nil))
+				h.Write(cs.PeerCertificates[0].Raw)
-			fingerprintLower := strings.ToLower(s.fingerprint)
+				hstr := hex.EncodeToString(h.Sum(nil))
 				fingerprintLower := strings.ToLower(s.fingerprint)
-			if hstr != fingerprintLower {
+				if hstr != fingerprintLower {
-				return fmt.Errorf("server fingerprint do not match: expected %s, got %s",
+					return fmt.Errorf("server fingerprint do not match: expected %s, got %s",
-					fingerprintLower, hstr)
+						fingerprintLower, hstr)
-			}
+				}
-			return nil
+				return nil
 			},
 		}
 	}
--- a/internal/hls/client.go
+++ b/internal/hls/client.go
@@ -472,22 +472,24 @@ func NewClient(
 	ctx, ctxCancel := context.WithCancel(context.Background())
-	tlsConfig := &tls.Config{}
+	var tlsConfig *tls.Config
 	if fingerprint != "" {
-		tlsConfig.InsecureSkipVerify = true
+		tlsConfig = &tls.Config{
-		tlsConfig.VerifyConnection = func(cs tls.ConnectionState) error {
+			InsecureSkipVerify: true,
-			h := sha256.New()
+			VerifyConnection: func(cs tls.ConnectionState) error {
-			h.Write(cs.PeerCertificates[0].Raw)
+				h := sha256.New()
-			hstr := hex.EncodeToString(h.Sum(nil))
+				h.Write(cs.PeerCertificates[0].Raw)
-			fingerprintLower := strings.ToLower(fingerprint)
+				hstr := hex.EncodeToString(h.Sum(nil))
 				fingerprintLower := strings.ToLower(fingerprint)
-			if hstr != fingerprintLower {
+				if hstr != fingerprintLower {
-				return fmt.Errorf("server fingerprint do not match: expected %s, got %s",
+					return fmt.Errorf("server fingerprint do not match: expected %s, got %s",
-					fingerprintLower, hstr)
+						fingerprintLower, hstr)
-			}
+				}
-			return nil
+				return nil
 			},
 		}
 	}