fix(dtls/fingerprint): fix kick off and reenter srtp error by update …

…fingerprint, add note about dtls fingerprint

trunk/src/app/srs_app_rtc_conn.cpp

@@ -3221,10 +3221,11 @@ srs_error_t SrsRtcConnection::on_rtcp(char* data, int nb_data)
 
     int nb_unprotected_buf = nb_data;
     if ((err = transport_->unprotect_rtcp(data, &nb_unprotected_buf)) != srs_success) {
-        // has big bug, 5015, 35/101
+        // has big bug, 5015, 35/101, maybe fixed by dtls
         if (srs_error_code(err) == ERROR_RTC_SRTP_UNPROTECT) {
             if (state_ == DOING_DTLS_HANDSHAKE) {
                 state_ = WAITING_STUN;
+                expire();
             }
         }
         return srs_error_wrap(err, "rtcp unprotect by %s@%p", username_.c_str(), this);

trunk/src/app/srs_app_rtc_dtls.cpp

@@ -373,6 +373,72 @@ srs_error_t SrsDtlsCertificate::initialize()
     return err;
 }
 
+void update_fingerprint(X509*& dtls_cert, EVP_PKEY* dtls_pkey, std::string& fingerprint) {
+    assert(dtls_cert);
+    X509_free(dtls_cert);
+
+    // Create certificate, from previous generated pkey.
+    // TODO: Support ECDSA certificate.
+    dtls_cert = X509_new();
+
+    if (true) {
+        X509_NAME* subject = X509_NAME_new();
+        srs_assert(subject);
+
+        int serial = (int)srs_random();
+        ASN1_INTEGER_set(X509_get_serialNumber(dtls_cert), serial);
+
+        const std::string& aor = RTMP_SIG_SRS_DOMAIN;
+        X509_NAME_add_entry_by_txt(subject, "CN", MBSTRING_ASC, (unsigned char *) aor.data(), aor.size(), -1, 0);
+
+        X509_set_issuer_name(dtls_cert, subject);
+        X509_set_subject_name(dtls_cert, subject);
+
+        int expire_day = 365;
+        const long cert_duration = 60*60*24*expire_day;
+
+        X509_gmtime_adj(X509_get_notBefore(dtls_cert), 0);
+        X509_gmtime_adj(X509_get_notAfter(dtls_cert), cert_duration);
+
+        X509_set_version(dtls_cert, 2);
+        int ret = X509_set_pubkey(dtls_cert, dtls_pkey);
+        srs_assert(ret == 1);
+        ret = X509_sign(dtls_cert, dtls_pkey, EVP_sha1());
+        srs_assert(ret != 0);
+
+        X509_NAME_free(subject);
+    }
+
+    // Show DTLS fingerprint
+    if (true) {
+        char fp[100] = {0};
+        char *p = fp;
+        unsigned char md[EVP_MAX_MD_SIZE];
+        unsigned int n = 0;
+
+        // TODO: FIXME: Unused variable.
+        /*int r = */X509_digest(dtls_cert, EVP_sha256(), md, &n);
+
+        for (unsigned int i = 0; i < n; i++, ++p) {
+            sprintf(p, "%02X", md[i]);
+            p += 2;
+
+            if(i < (n-1)) {
+                *p = ':';
+            } else {
+                *p = '\0';
+            }
+        }
+
+        fingerprint.assign(fp, strlen(fp));
+        srs_trace("fingerprint=%s", fingerprint.c_str());
+    }
+}
+
+void SrsDtlsCertificate::update_fingerprint() {
+    ::update_fingerprint(dtls_cert, dtls_pkey, fingerprint);
+}
+
 X509* SrsDtlsCertificate::get_cert()
 {
     return dtls_cert;

trunk/src/app/srs_app_rtc_dtls.hpp

@@ -43,6 +43,7 @@ class SrsDtlsCertificate
     std::string get_fingerprint();
     // whether is ecdsa
     bool is_ecdsa();
+    void update_fingerprint();
 };
 
 // @global config object.