static int
openssl_verify_callback (int preverify_ok, X509_STORE_CTX * x509_ctx)
{
GstDtlsConnection *self;
SSL *ssl;
BIO *bio;
gchar *pem = NULL;
gboolean accepted = FALSE;
ssl =
X509_STORE_CTX_get_ex_data (x509_ctx,
SSL_get_ex_data_X509_STORE_CTX_idx ());
self = SSL_get_ex_data (ssl, connection_ex_index);
g_return_val_if_fail (GST_IS_DTLS_CONNECTION (self), FALSE);
pem = _gst_dtls_x509_to_pem (X509_STORE_CTX_get0_cert (x509_ctx));
if (!pem) {
GST_WARNING_OBJECT (self,
"failed to convert received certificate to pem format");
} else {
bio = BIO_new (BIO_s_mem ());
if (bio) {
gchar buffer[2048];
gint len;
len =
X509_NAME_print_ex (bio,
X509_get_subject_name (X509_STORE_CTX_get0_cert (x509_ctx)), 1,
XN_FLAG_MULTILINE);
BIO_read (bio, buffer, len);
buffer[len] = '\0';
GST_DEBUG_OBJECT (self, "Peer certificate received:\n%s", buffer);
BIO_free (bio);
} else {
GST_DEBUG_OBJECT (self, "failed to create certificate print membio");
}
g_signal_emit (self, signals[SIGNAL_ON_PEER_CERTIFICATE], 0, pem,
&accepted);
g_free (pem);
}
return accepted;
}
static void
init_generated (GstDtlsCertificate * self)
{
GstDtlsCertificatePrivate *priv = self->priv;
RSA *rsa;
X509_NAME *name = NULL;
g_return_if_fail (!priv->x509);
g_return_if_fail (!priv->private_key);
priv->private_key = EVP_PKEY_new ();
if (!priv->private_key) {
GST_WARNING_OBJECT (self, "failed to create private key");
return;
}
priv->x509 = X509_new ();
if (!priv->x509) {
GST_WARNING_OBJECT (self, "failed to create certificate");
EVP_PKEY_free (priv->private_key);
priv->private_key = NULL;
return;
}
rsa = RSA_generate_key (2048, RSA_F4, NULL, NULL);
if (!rsa) {
GST_WARNING_OBJECT (self, "failed to generate RSA");
EVP_PKEY_free (priv->private_key);
priv->private_key = NULL;
X509_free (priv->x509);
priv->x509 = NULL;
return;
}
if (!EVP_PKEY_assign_RSA (priv->private_key, rsa)) {
GST_WARNING_OBJECT (self, "failed to assign RSA");
RSA_free (rsa);
rsa = NULL;
EVP_PKEY_free (priv->private_key);
priv->private_key = NULL;
X509_free (priv->x509);
priv->x509 = NULL;
return;
}
rsa = NULL;
X509_set_version (priv->x509, 2);
ASN1_INTEGER_set (X509_get_serialNumber (priv->x509), 0);
X509_gmtime_adj (X509_get_notBefore (priv->x509), 0);
X509_gmtime_adj (X509_get_notAfter (priv->x509), 31536000L); /* A year */
X509_set_pubkey (priv->x509, priv->private_key);
name = X509_get_subject_name (priv->x509);
X509_NAME_add_entry_by_txt (name, "C", MBSTRING_ASC, (unsigned char *) "SE",
-1, -1, 0);
X509_NAME_add_entry_by_txt (name, "CN", MBSTRING_ASC,
(unsigned char *) "OpenWebRTC", -1, -1, 0);
X509_set_issuer_name (priv->x509, name);
name = NULL;
if (!X509_sign (priv->x509, priv->private_key, EVP_sha256 ())) {
GST_WARNING_OBJECT (self, "failed to sign certificate");
EVP_PKEY_free (priv->private_key);
priv->private_key = NULL;
X509_free (priv->x509);
priv->x509 = NULL;
return;
}
self->priv->pem = _gst_dtls_x509_to_pem (priv->x509);
}
