Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Supporting EC SSL Crypto #3802

Closed
agg23 opened this issue Sep 15, 2023 · 1 comment
Closed

Supporting EC SSL Crypto #3802

agg23 opened this issue Sep 15, 2023 · 1 comment
Labels
EnglishNative This issue is conveyed exclusively in English.

Comments

@agg23
Copy link

agg23 commented Sep 15, 2023

Note: Please read FAQ before file an issue, see #2716

Description

Please description your issue here

  1. SRS Version: 6.0.72

  2. SRS Log:

[2023-09-15 23:19:59.878][ERROR][1][6028y584][2] serve error code=4045(HttpsSslFile)(Failed to load SSL key or crt file for HTTPS) : start : handshake : use cert ./conf/watch.crt
thread [1][6028y584]: do_cycle() [./src/app/srs_app_http_conn.cpp:155][errno=2]
thread [1][6028y584]: on_start() [./src/app/srs_app_http_conn.cpp:388][errno=2]
thread [1][6028y584]: handshake() [./src/app/srs_app_conn.cpp:776][errno=2](No such file or directory)
  1. SRS Config:
listen              1935;
max_connections     1000;
daemon              off;
srs_log_tank        console;

http_server {
    enabled         on;
    listen          8080;
    dir             ./objs/nginx/html;
    https {
        enabled on;
        listen 8088;
        key ./conf/watch.key;
        cert ./conf/watch.crt;
    }
}

http_api {
    enabled         on;
    listen          1985;
    https {
        enabled on;
        listen 1986;
        key ./conf/watch.key;
        cert ./conf/watch.crt;
    }
}
stats {
    network         0;
}
rtc_server {
    enabled on;
    listen 8000; # UDP port
    # @see https://ossrs.net/lts/zh-cn/docs/v4/doc/webrtc#config-candidate
    candidate $CANDIDATE;
}

vhost __defaultVhost__ {
    rtc {
        enabled     on;
        # @see https://ossrs.net/lts/zh-cn/docs/v4/doc/webrtc#rtmp-to-rtc
        rtmp_to_rtc on;
    }
}

Replay

Please describe how to replay the bug?

Step 1: Create an elliptic curve SSL cert (Let's Encrypt works for this)
Step 2: Provide that to SRS
Step 3: Hit a HTTPS endpoint

Expect

Expect the server to be able to apply encryption to WebRTC streams using Let's Encrypt and elliptic curve cryptography. It appears the server is hardcoded to only accept RSA:

https://github.com/ossrs/srs/blob/develop/trunk/src/app/srs_app_conn.cpp#L779-L781
@winlinvip winlinvip added the EnglishNative This issue is conveyed exclusively in English. label Sep 15, 2023
@hskent
Copy link

hskent commented Sep 27, 2023

Got same issue with 5.0.176, this is my temporary solution.
I obtained a certificate with the parameter "--key-type rsa" in Certbot, and it works well.

@ossrs ossrs locked and limited conversation to collaborators Mar 30, 2024
@winlinvip winlinvip converted this issue into discussion #4007 Mar 30, 2024

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
EnglishNative This issue is conveyed exclusively in English.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@agg23 @winlinvip @hskent