Skip to content

Commit

Permalink
RTMPS: refine tls error
Browse files Browse the repository at this point in the history
  • Loading branch information
@xiaozhihong
xiaozhihong committed Oct 30, 2023
1 parent 654bd63 commit 0f7bcb9
Show file tree
Hide file tree
Showing 3 changed files with 54 additions and 54 deletions.
54 changes: 27 additions & 27 deletions trunk/src/app/srs_app_conn.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -750,16 +750,16 @@ srs_error_t SrsSslConnection::handshake(string key_file, string crt_file)

// TODO: Setup callback, see SSL_set_ex_data and SSL_set_info_callback
if ((ssl = SSL_new(ssl_ctx)) == NULL) {
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "SSL_new ssl");
return srs_error_new(ERROR_TLS_HANDSHAKE, "SSL_new ssl");
}

if ((bio_in = BIO_new(BIO_s_mem())) == NULL) {
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "BIO_new in");
return srs_error_new(ERROR_TLS_HANDSHAKE, "BIO_new in");
}

if ((bio_out = BIO_new(BIO_s_mem())) == NULL) {
BIO_free(bio_in);
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "BIO_new out");
return srs_error_new(ERROR_TLS_HANDSHAKE, "BIO_new out");
}

SSL_set_bio(ssl, bio_in, bio_out);
Expand All @@ -772,16 +772,16 @@ srs_error_t SrsSslConnection::handshake(string key_file, string crt_file)
int r0, r1, size;

if ((r0 = SSL_use_RSAPrivateKey_file(ssl, key_file.c_str(), SSL_FILETYPE_PEM)) != 1) {
return srs_error_new(ERROR_HTTPS_KEY_CRT, "use key %s", key_file.c_str());
return srs_error_new(ERROR_TLS_KEY_CRT, "use key %s", key_file.c_str());
}

// Setup the key and cert file for server.
if ((r0 = SSL_use_certificate_chain_file(ssl, crt_file.c_str())) != 1) {
return srs_error_new(ERROR_HTTPS_KEY_CRT, "use cert %s", crt_file.c_str());
return srs_error_new(ERROR_TLS_KEY_CRT, "use cert %s", crt_file.c_str());
}

if ((r0 = SSL_check_private_key(ssl)) != 1) {
return srs_error_new(ERROR_HTTPS_KEY_CRT, "check key %s with cert %s",
return srs_error_new(ERROR_TLS_KEY_CRT, "check key %s with cert %s",
key_file.c_str(), crt_file.c_str());
}
srs_info("ssl: use key %s and cert %s", key_file.c_str(), crt_file.c_str());
Expand All @@ -795,38 +795,38 @@ srs_error_t SrsSslConnection::handshake(string key_file, string crt_file)

if ((r0 = BIO_write(bio_in, buf, nn)) <= 0) {
// TODO: 0 or -1 maybe block, use BIO_should_retry to check.
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "BIO_write r0=%d, data=%p, size=%d", r0, buf, nn);
return srs_error_new(ERROR_TLS_HANDSHAKE, "BIO_write r0=%d, data=%p, size=%d", r0, buf, nn);
}

r0 = SSL_do_handshake(ssl); r1 = SSL_get_error(ssl, r0); ERR_clear_error();
if (r0 != -1 || r1 != SSL_ERROR_WANT_READ) {
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "handshake r0=%d, r1=%d", r0, r1);
return srs_error_new(ERROR_TLS_HANDSHAKE, "handshake r0=%d, r1=%d", r0, r1);
}

if ((size = BIO_get_mem_data(bio_out, &data)) > 0) {
// OK, reset it for the next write.
if ((r0 = BIO_reset(bio_in)) != 1) {
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "BIO_reset r0=%d", r0);
return srs_error_new(ERROR_TLS_HANDSHAKE, "BIO_reset r0=%d", r0);
}
break;
}
}

srs_info("https: ClientHello done");
srs_info("tls: ClientHello done");

// Send ServerHello, Certificate, Server Key Exchange, Server Hello Done
size = BIO_get_mem_data(bio_out, &data);
if (!data || size <= 0) {
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "handshake data=%p, size=%d", data, size);
return srs_error_new(ERROR_TLS_HANDSHAKE, "handshake data=%p, size=%d", data, size);
}
if ((err = transport->write(data, size, NULL)) != srs_success) {
return srs_error_wrap(err, "handshake: write data=%p, size=%d", data, size);
}
if ((r0 = BIO_reset(bio_out)) != 1) {
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "BIO_reset r0=%d", r0);
return srs_error_new(ERROR_TLS_HANDSHAKE, "BIO_reset r0=%d", r0);
}

srs_info("https: ServerHello done");
srs_info("tls: ServerHello done");

// Receive Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
while (true) {
Expand All @@ -837,7 +837,7 @@ srs_error_t SrsSslConnection::handshake(string key_file, string crt_file)

if ((r0 = BIO_write(bio_in, buf, nn)) <= 0) {
// TODO: 0 or -1 maybe block, use BIO_should_retry to check.
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "BIO_write r0=%d, data=%p, size=%d", r0, buf, nn);
return srs_error_new(ERROR_TLS_HANDSHAKE, "BIO_write r0=%d, data=%p, size=%d", r0, buf, nn);
}

r0 = SSL_do_handshake(ssl); r1 = SSL_get_error(ssl, r0); ERR_clear_error();
Expand All @@ -846,33 +846,33 @@ srs_error_t SrsSslConnection::handshake(string key_file, string crt_file)
}

if (r0 != -1 || r1 != SSL_ERROR_WANT_READ) {
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "handshake r0=%d, r1=%d", r0, r1);
return srs_error_new(ERROR_TLS_HANDSHAKE, "handshake r0=%d, r1=%d", r0, r1);
}

if ((size = BIO_get_mem_data(bio_out, &data)) > 0) {
// OK, reset it for the next write.
if ((r0 = BIO_reset(bio_in)) != 1) {
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "BIO_reset r0=%d", r0);
return srs_error_new(ERROR_TLS_HANDSHAKE, "BIO_reset r0=%d", r0);
}
break;
}
}

srs_info("https: Client done");
srs_info("tls: Client done");

// Send New Session Ticket, Change Cipher Spec, Encrypted Handshake Message
size = BIO_get_mem_data(bio_out, &data);
if (!data || size <= 0) {
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "handshake data=%p, size=%d", data, size);
return srs_error_new(ERROR_TLS_HANDSHAKE, "handshake data=%p, size=%d", data, size);
}
if ((err = transport->write(data, size, NULL)) != srs_success) {
return srs_error_wrap(err, "handshake: write data=%p, size=%d", data, size);
}
if ((r0 = BIO_reset(bio_out)) != 1) {
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "BIO_reset r0=%d", r0);
return srs_error_new(ERROR_TLS_HANDSHAKE, "BIO_reset r0=%d", r0);
}

srs_info("https: Server done");
srs_info("tls: Server done");

return err;
}
Expand All @@ -896,7 +896,7 @@ srs_error_t SrsSslConnection::read_fully(void* buf, size_t size, ssize_t* nread)
while (nb < size) {
ssize_t once_nb = 0;
if ((err = read((char*)p + nb, size - nb, &once_nb)) != srs_success) {
return srs_error_wrap(err, "https: read");
return srs_error_wrap(err, "tls: read");
}
nb += once_nb;
}
Expand Down Expand Up @@ -945,20 +945,20 @@ srs_error_t SrsSslConnection::read(void* plaintext, size_t nn_plaintext, ssize_t
// Read the cipher from SSL.
ssize_t nn = 0;
if ((err = transport->read(cipher, nn_cipher, &nn)) != srs_success) {
return srs_error_wrap(err, "https: read");
return srs_error_wrap(err, "tls: read");
}

int r0 = BIO_write(bio_in, cipher, nn);
if (r0 <= 0) {
// TODO: 0 or -1 maybe block, use BIO_should_retry to check.
return srs_error_new(ERROR_HTTPS_READ, "BIO_write r0=%d, cipher=%p, size=%d", r0, cipher, nn);
return srs_error_new(ERROR_TLS_READ, "BIO_write r0=%d, cipher=%p, size=%d", r0, cipher, nn);
}
continue;
}

// Fail for error.
if (r0 <= 0) {
return srs_error_new(ERROR_HTTPS_READ, "SSL_read r0=%d, r1=%d, r2=%d, r3=%d",
return srs_error_new(ERROR_TLS_READ, "SSL_read r0=%d, r1=%d, r2=%d, r3=%d",
r0, r1, r2, r3);
}
}
Expand All @@ -983,7 +983,7 @@ srs_error_t SrsSslConnection::write(void* plaintext, size_t nn_plaintext, ssize_
int r0 = SSL_write(ssl, (const void*)p, left);
int r1 = SSL_get_error(ssl, r0); ERR_clear_error();
if (r0 <= 0) {
return srs_error_new(ERROR_HTTPS_WRITE, "https: write data=%p, size=%d, r0=%d, r1=%d", p, left, r0, r1);
return srs_error_new(ERROR_TLS_WRITE, "tls: write data=%p, size=%d, r0=%d, r1=%d", p, left, r0, r1);
}

// Move p to the next writing position.
Expand All @@ -995,10 +995,10 @@ srs_error_t SrsSslConnection::write(void* plaintext, size_t nn_plaintext, ssize_
uint8_t* data = NULL;
int size = BIO_get_mem_data(bio_out, &data);
if ((err = transport->write(data, size, NULL)) != srs_success) {
return srs_error_wrap(err, "https: write data=%p, size=%d", data, size);
return srs_error_wrap(err, "tls: write data=%p, size=%d", data, size);
}
if ((r0 = BIO_reset(bio_out)) != 1) {
return srs_error_new(ERROR_HTTPS_WRITE, "BIO_reset r0=%d", r0);
return srs_error_new(ERROR_TLS_WRITE, "BIO_reset r0=%d", r0);
}
}

Expand Down
8 changes: 4 additions & 4 deletions trunk/src/kernel/srs_kernel_error.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -315,10 +315,10 @@
XX(ERROR_BASE64_DECODE , 4039, "Base64Decode", "Failed to decode the BASE64 content") \
XX(ERROR_HTTP_STREAM_EOF , 4040, "HttpStreamEof", "HTTP stream is EOF") \
XX(ERROR_HTTPS_NOT_SUPPORTED , 4041, "HttpsNotSupported", "HTTPS is not supported") \
XX(ERROR_HTTPS_HANDSHAKE , 4042, "HttpsHandshake", "Failed to do handshake for HTTPS") \
XX(ERROR_HTTPS_READ , 4043, "HttpsRead", "Failed to read data from HTTPS stream") \
XX(ERROR_HTTPS_WRITE , 4044, "HttpsWrite", "Failed to write data to HTTPS stream") \
XX(ERROR_HTTPS_KEY_CRT , 4045, "HttpsSslFile", "Failed to load SSL key or crt file for HTTPS") \
XX(ERROR_TLS_HANDSHAKE , 4042, "TlsHandshake", "Failed to do tls handshake") \
XX(ERROR_TLS_READ , 4043, "TlsRead", "TLS read data failed") \
XX(ERROR_TLS_WRITE , 4044, "TlsWrite", "TLS write data failed") \
XX(ERROR_TLS_KEY_CRT , 4045, "TlsSslFile", "Failed to load SSL key or crt file") \
XX(ERROR_GB_SIP_HEADER , 4046, "GbHeaderCallId", "Missing field of SIP header for GB28181") \
XX(ERROR_GB_SIP_MESSAGE , 4047, "GbHeaderCallId", "Invalid SIP message for GB28181") \
XX(ERROR_GB_PS_HEADER , 4048, "GbPsHeader", "Invalid PS header for GB28181") \
Expand Down
46 changes: 23 additions & 23 deletions trunk/src/protocol/srs_protocol_http_client.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,16 +71,16 @@ srs_error_t SrsSslClient::handshake(const std::string& host)

// TODO: Setup callback, see SSL_set_ex_data and SSL_set_info_callback
if ((ssl = SSL_new(ssl_ctx)) == NULL) {
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "SSL_new ssl");
return srs_error_new(ERROR_TLS_HANDSHAKE, "SSL_new ssl");
}

if ((bio_in = BIO_new(BIO_s_mem())) == NULL) {
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "BIO_new in");
return srs_error_new(ERROR_TLS_HANDSHAKE, "BIO_new in");
}

if ((bio_out = BIO_new(BIO_s_mem())) == NULL) {
BIO_free(bio_in);
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "BIO_new out");
return srs_error_new(ERROR_TLS_HANDSHAKE, "BIO_new out");
}

SSL_set_bio(ssl, bio_in, bio_out);
Expand All @@ -96,22 +96,22 @@ srs_error_t SrsSslClient::handshake(const std::string& host)
// Send ClientHello.
int r0 = SSL_do_handshake(ssl); int r1 = SSL_get_error(ssl, r0); ERR_clear_error();
if (r0 != -1 || r1 != SSL_ERROR_WANT_READ) {
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "handshake r0=%d, r1=%d", r0, r1);
return srs_error_new(ERROR_TLS_HANDSHAKE, "handshake r0=%d, r1=%d", r0, r1);
}

uint8_t* data = NULL;
int size = BIO_get_mem_data(bio_out, &data);
if (!data || size <= 0) {
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "handshake data=%p, size=%d", data, size);
return srs_error_new(ERROR_TLS_HANDSHAKE, "handshake data=%p, size=%d", data, size);
}
if ((err = transport->write(data, size, NULL)) != srs_success) {
return srs_error_wrap(err, "handshake: write data=%p, size=%d", data, size);
}
if ((r0 = BIO_reset(bio_out)) != 1) {
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "BIO_reset r0=%d", r0);
return srs_error_new(ERROR_TLS_HANDSHAKE, "BIO_reset r0=%d", r0);
}

srs_info("https: ClientHello done");
srs_info("tls: ClientHello done");

// Receive ServerHello, Certificate, Server Key Exchange, Server Hello Done
while (true) {
Expand All @@ -122,34 +122,34 @@ srs_error_t SrsSslClient::handshake(const std::string& host)

if ((r0 = BIO_write(bio_in, buf, nn)) <= 0) {
// TODO: 0 or -1 maybe block, use BIO_should_retry to check.
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "BIO_write r0=%d, data=%p, size=%d", r0, buf, nn);
return srs_error_new(ERROR_TLS_HANDSHAKE, "BIO_write r0=%d, data=%p, size=%d", r0, buf, nn);
}

r0 = SSL_do_handshake(ssl); r1 = SSL_get_error(ssl, r0); ERR_clear_error();
if (r0 != -1 || r1 != SSL_ERROR_WANT_READ) {
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "handshake r0=%d, r1=%d", r0, r1);
return srs_error_new(ERROR_TLS_HANDSHAKE, "handshake r0=%d, r1=%d", r0, r1);
}

if ((size = BIO_get_mem_data(bio_out, &data)) > 0) {
// OK, reset it for the next write.
if ((r0 = BIO_reset(bio_in)) != 1) {
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "BIO_reset r0=%d", r0);
return srs_error_new(ERROR_TLS_HANDSHAKE, "BIO_reset r0=%d", r0);
}
break;
}
}

srs_info("https: ServerHello done");
srs_info("tls: ServerHello done");

// Send Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
if ((err = transport->write(data, size, NULL)) != srs_success) {
return srs_error_wrap(err, "handshake: write data=%p, size=%d", data, size);
}
if ((r0 = BIO_reset(bio_out)) != 1) {
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "BIO_reset r0=%d", r0);
return srs_error_new(ERROR_TLS_HANDSHAKE, "BIO_reset r0=%d", r0);
}

srs_info("https: Client done");
srs_info("tls: Client done");

// Receive New Session Ticket, Change Cipher Spec, Encrypted Handshake Message
while (true) {
Expand All @@ -161,7 +161,7 @@ srs_error_t SrsSslClient::handshake(const std::string& host)

if ((r0 = BIO_write(bio_in, buf, nn)) <= 0) {
// TODO: 0 or -1 maybe block, use BIO_should_retry to check.
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "BIO_write r0=%d, data=%p, size=%d", r0, buf, nn);
return srs_error_new(ERROR_TLS_HANDSHAKE, "BIO_write r0=%d, data=%p, size=%d", r0, buf, nn);
}

r0 = SSL_do_handshake(ssl); r1 = SSL_get_error(ssl, r0); ERR_clear_error();
Expand All @@ -170,11 +170,11 @@ srs_error_t SrsSslClient::handshake(const std::string& host)
}

if (r0 != -1 || r1 != SSL_ERROR_WANT_READ) {
return srs_error_new(ERROR_HTTPS_HANDSHAKE, "handshake r0=%d, r1=%d", r0, r1);
return srs_error_new(ERROR_TLS_HANDSHAKE, "handshake r0=%d, r1=%d", r0, r1);
}
}

srs_info("https: Server done");
srs_info("tls: Server done");

return err;
}
Expand All @@ -198,7 +198,7 @@ srs_error_t SrsSslClient::read_fully(void* buf, size_t size, ssize_t* nread)
while (nb < size) {
ssize_t once_nb = 0;
if ((err = read((char*)p + nb, size - nb, &once_nb)) != srs_success) {
return srs_error_wrap(err, "https: read");
return srs_error_wrap(err, "tls: read");
}
nb += once_nb;
}
Expand Down Expand Up @@ -247,20 +247,20 @@ srs_error_t SrsSslClient::read(void* plaintext, size_t nn_plaintext, ssize_t* nr
// Read the cipher from SSL.
ssize_t nn = 0;
if ((err = transport->read(cipher, nn_cipher, &nn)) != srs_success) {
return srs_error_wrap(err, "https: read");
return srs_error_wrap(err, "tls: read");
}

int r0 = BIO_write(bio_in, cipher, nn);
if (r0 <= 0) {
// TODO: 0 or -1 maybe block, use BIO_should_retry to check.
return srs_error_new(ERROR_HTTPS_READ, "BIO_write r0=%d, cipher=%p, size=%d", r0, cipher, nn);
return srs_error_new(ERROR_TLS_READ, "BIO_write r0=%d, cipher=%p, size=%d", r0, cipher, nn);
}
continue;
}

// Fail for error.
if (r0 <= 0) {
return srs_error_new(ERROR_HTTPS_READ, "SSL_read r0=%d, r1=%d, r2=%d, r3=%d",
return srs_error_new(ERROR_TLS_READ, "SSL_read r0=%d, r1=%d, r2=%d, r3=%d",
r0, r1, r2, r3);
}
}
Expand All @@ -285,7 +285,7 @@ srs_error_t SrsSslClient::write(void* plaintext, size_t nn_plaintext, ssize_t* n
int r0 = SSL_write(ssl, (const void*)p, left);
int r1 = SSL_get_error(ssl, r0); ERR_clear_error();
if (r0 <= 0) {
return srs_error_new(ERROR_HTTPS_WRITE, "https: write data=%p, size=%d, r0=%d, r1=%d", p, left, r0, r1);
return srs_error_new(ERROR_TLS_WRITE, "tls: write data=%p, size=%d, r0=%d, r1=%d", p, left, r0, r1);
}

// Move p to the next writing position.
Expand All @@ -297,10 +297,10 @@ srs_error_t SrsSslClient::write(void* plaintext, size_t nn_plaintext, ssize_t* n
uint8_t* data = NULL;
int size = BIO_get_mem_data(bio_out, &data);
if ((err = transport->write(data, size, NULL)) != srs_success) {
return srs_error_wrap(err, "https: write data=%p, size=%d", data, size);
return srs_error_wrap(err, "tls: write data=%p, size=%d", data, size);
}
if ((r0 = BIO_reset(bio_out)) != 1) {
return srs_error_new(ERROR_HTTPS_WRITE, "BIO_reset r0=%d", r0);
return srs_error_new(ERROR_TLS_WRITE, "BIO_reset r0=%d", r0);
}
}

Expand Down

0 comments on commit 0f7bcb9

Please sign in to comment.