mirror of
https://github.com/aler9/rtsp-simple-server
synced 2025-10-04 23:32:44 +08:00
39 lines
816 B
Go
39 lines
816 B
Go
// Package tls contains TLS utilities.
|
|
package tls
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"crypto/tls"
|
|
"encoding/hex"
|
|
"fmt"
|
|
"strings"
|
|
)
|
|
|
|
// MakeConfig returns a tls.Config with:
|
|
// - server name indicator (SNI) support
|
|
// - fingerprint support
|
|
func MakeConfig(serverName string, fingerprint string) *tls.Config {
|
|
conf := &tls.Config{
|
|
ServerName: serverName,
|
|
}
|
|
|
|
if fingerprint != "" {
|
|
fingerprintLower := strings.ToLower(fingerprint)
|
|
conf.InsecureSkipVerify = true
|
|
conf.VerifyConnection = func(cs tls.ConnectionState) error {
|
|
h := sha256.New()
|
|
h.Write(cs.PeerCertificates[0].Raw)
|
|
hstr := hex.EncodeToString(h.Sum(nil))
|
|
|
|
if hstr != fingerprintLower {
|
|
return fmt.Errorf("source fingerprint does not match: expected %s, got %s",
|
|
fingerprintLower, hstr)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
}
|
|
|
|
return conf
|
|
}
|