zishuo/webrtc
1
0
Fork 0
mirror of https://github.com/pion/webrtc.git synced 2025-10-05 23:26:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

Return error on certificate fingerprint failure

Browse Source 
Instead of printing the error to stdout return the error to the user.
This may not be a hard error (as later certificates would have passed)
but it never is good to be in a state where you have certificates in a
broken state.

Resolves #586
This commit is contained in:
Sean DuBois
2019-04-04 21:26:26 -07:00
parent 6e26cd208f
commit 4c781e64d9
8 changed files with 46 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
certificate.go
View File

@@ -93,7 +93,7 @@ func (c Certificate) Expires() time.Time {
// GetFingerprints returns the list of certificate fingerprints, one of which
// is computed with the digest algorithm used in the certificate signature.
func (c Certificate) GetFingerprints() []DTLSFingerprint {
func (c Certificate) GetFingerprints() ([]DTLSFingerprint, error) {
fingerprintAlgorithms := []dtls.HashAlgorithm{dtls.HashAlgorithmSHA256}
res := make([]DTLSFingerprint, len(fingerprintAlgorithms))
@@ -101,8 +101,7 @@ func (c Certificate) GetFingerprints() []DTLSFingerprint {
for _, algo := range fingerprintAlgorithms {
value, err := dtls.Fingerprint(c.x509Cert, algo)
if err != nil {
fmt.Printf("Failed to create fingerprint: %v\n", err)
continue
return nil, fmt.Errorf("failed to create fingerprint: %v", err)
}
res[i] = DTLSFingerprint{
Algorithm: algo.String(),
@@ -110,7 +109,7 @@ func (c Certificate) GetFingerprints() []DTLSFingerprint {
}
}
return res[:i+1]
return res[:i+1], nil
}
// GenerateCertificate causes the creation of an X.509 certificate and

5
datachannel_ortc_test.go
View File

@@ -133,7 +133,10 @@ func (s *testORTCStack) getSignal() (*testORTCSignal, error) {
return nil, err
}
dtlsParams := s.dtls.GetLocalParameters()
dtlsParams, err := s.dtls.GetLocalParameters()
if err != nil {
return nil, err
}
sctpCapabilities := s.sctp.GetCapabilities()

10
dtlstransport.go
View File

@@ -82,18 +82,22 @@ func (t *DTLSTransport) ICETransport() *ICETransport {
}
// GetLocalParameters returns the DTLS parameters of the local DTLSTransport upon construction.
func (t *DTLSTransport) GetLocalParameters() DTLSParameters {
func (t *DTLSTransport) GetLocalParameters() (DTLSParameters, error) {
fingerprints := []DTLSFingerprint{}
for _, c := range t.certificates {
prints := c.GetFingerprints() // TODO: Should be only one?
prints, err := c.GetFingerprints() // TODO: Should be only one?
if err != nil {
return DTLSParameters{}, err
}
fingerprints = append(fingerprints, prints...)
}
return DTLSParameters{
Role: DTLSRoleAuto, // always returns the default role
Fingerprints: fingerprints,
}
}, nil
}
// GetRemoteCertificate returns the certificate chain in use by the remote side

5
examples/ortc-quic/main.go
View File

@@ -73,7 +73,10 @@ func main() {
panic(err)
}
quicParams := qt.GetLocalParameters()
quicParams, err := qt.GetLocalParameters()
if err != nil {
panic(err)
}
s := Signal{
ICECandidates: iceCandidates,

5
examples/ortc/main.go
View File

@@ -71,7 +71,10 @@ func main() {
panic(err)
}
dtlsParams := dtls.GetLocalParameters()
dtlsParams, err := dtls.GetLocalParameters()
if err != nil {
panic(err)
}
sctpCapabilities := sctp.GetCapabilities()

17
peerconnection.go
View File

@@ -446,7 +446,9 @@ func (pc *PeerConnection) CreateOffer(options *OfferOptions) (SessionDescription
}
d := sdp.NewJSEPSessionDescription(useIdentity)
pc.addFingerprint(d)
if err := pc.addFingerprint(d); err != nil {
return SessionDescription{}, err
}
iceParams, err := pc.iceGatherer.GetLocalParameters()
if err != nil {
@@ -560,7 +562,9 @@ func (pc *PeerConnection) CreateAnswer(options *AnswerOptions) (SessionDescripti
}
d := sdp.NewJSEPSessionDescription(useIdentity)
pc.addFingerprint(d)
if err = pc.addFingerprint(d); err != nil {
return SessionDescription{}, err
}
getDirection := func(media *sdp.MediaDescription) RTPTransceiverDirection {
for _, a := range media.Attributes {
@@ -1475,11 +1479,16 @@ func (pc *PeerConnection) iceStateChange(newState ICEConnectionState) {
pc.onICEConnectionStateChange(newState)
}
func (pc *PeerConnection) addFingerprint(d *sdp.SessionDescription) {
func (pc *PeerConnection) addFingerprint(d *sdp.SessionDescription) error {
// TODO: Handle multiple certificates
for _, fingerprint := range pc.configuration.Certificates[0].GetFingerprints() {
fingerprints, err := pc.configuration.Certificates[0].GetFingerprints()
if err != nil {
return err
}
for _, fingerprint := range fingerprints {
d.WithFingerprint(fingerprint.Algorithm, strings.ToUpper(fingerprint.Value))
}
return nil
}
func (pc *PeerConnection) addTransceiverSDP(d *sdp.SessionDescription, t *RTPTransceiver, midOffset int, iceParams ICEParameters, candidates []ICECandidate, dtlsRole sdp.ConnectionRole) {

10
quictransport.go
View File

@@ -63,18 +63,22 @@ func (api *API) NewQUICTransport(transport *ICETransport, certificates []Certifi
}
// GetLocalParameters returns the Quic parameters of the local QUICParameters upon construction.
func (t *QUICTransport) GetLocalParameters() QUICParameters {
func (t *QUICTransport) GetLocalParameters() (QUICParameters, error) {
fingerprints := []DTLSFingerprint{}
for _, c := range t.certificates {
prints := c.GetFingerprints() // TODO: Should be only one?
prints, err := c.GetFingerprints() // TODO: Should be only one?
if err != nil {
return QUICParameters{}, err
}
fingerprints = append(fingerprints, prints...)
}
return QUICParameters{
Role: QUICRoleAuto, // always returns the default role
Fingerprints: fingerprints,
}
}, nil
}
// Start Quic transport with the parameters of the remote

5
quictransport_test.go
View File

@@ -126,7 +126,10 @@ func (s *testQuicStack) getSignal() (*testQuicSignal, error) {
return nil, err
}
quicParams := s.quic.GetLocalParameters()
quicParams, err := s.quic.GetLocalParameters()
if err != nil {
return nil, err
}
return &testQuicSignal{
ICECandidates: iceCandidates,