datachannel-sys 0.23.0+0.23.2

Native bindings to libdatachannel.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

/**
 * Copyright (c) 2020 Paul-Louis Ageneau
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at https://mozilla.org/MPL/2.0/.
 */

#include "verifiedtlstransport.hpp"
#include "common.hpp"

#if RTC_ENABLE_WEBSOCKET

namespace rtc::impl {

static const string PemBeginCertificateTag = "-----BEGIN CERTIFICATE-----";

VerifiedTlsTransport::VerifiedTlsTransport(
    variant<shared_ptr<TcpTransport>, shared_ptr<HttpProxyTransport>> lower, string host,
    certificate_ptr certificate, state_callback callback, [[maybe_unused]] optional<string> cacert)
    : TlsTransport(std::move(lower), std::move(host), std::move(certificate), std::move(callback)) {

	PLOG_DEBUG << "Setting up TLS certificate verification";

#if USE_GNUTLS
	gnutls_session_set_verify_cert(mSession, mHost->c_str(), 0);
#elif USE_MBEDTLS
	mbedtls_ssl_conf_authmode(&mConf, MBEDTLS_SSL_VERIFY_REQUIRED);
	mbedtls_x509_crt_init(&mCaCert);
	try {
		if (cacert) {
			if (cacert->find(PemBeginCertificateTag) == string::npos) {
				// *cacert is a file path
				mbedtls::check(mbedtls_x509_crt_parse_file(&mCaCert, cacert->c_str()));
			} else {
				// *cacert is a PEM content
				mbedtls::check(mbedtls_x509_crt_parse(
				    &mCaCert, reinterpret_cast<const unsigned char *>(cacert->c_str()),
				    cacert->size() + 1));
			}
			mbedtls_ssl_conf_ca_chain(&mConf, &mCaCert, NULL);
		}
	} catch (...) {
		mbedtls_x509_crt_free(&mCaCert);
		throw;
	}
#else
	if (cacert) {
		if (cacert->find(PemBeginCertificateTag) == string::npos) {
			// *cacert is a file path
			openssl::check(SSL_CTX_load_verify_locations(mCtx, cacert->c_str(), NULL), "Failed to load CA certificate");
		} else {
			// *cacert is a PEM content
			PLOG_WARNING << "CA certificate as PEM is not supported for OpenSSL";
		}
	}
	SSL_set_verify(mSsl, SSL_VERIFY_PEER, NULL);
	SSL_set_verify_depth(mSsl, 4);
#endif
}

VerifiedTlsTransport::~VerifiedTlsTransport() {
	stop();
#if USE_MBEDTLS
	mbedtls_x509_crt_free(&mCaCert);
#endif
}

} // namespace rtc::impl

#endif