static int openssl_verify_callback (int preverify_ok, X509_STORE_CTX * x509_ctx) { GstDtlsConnection *self; SSL *ssl; BIO *bio; gchar *pem = NULL; gboolean accepted = FALSE; ssl = X509_STORE_CTX_get_ex_data (x509_ctx, SSL_get_ex_data_X509_STORE_CTX_idx ()); self = SSL_get_ex_data (ssl, connection_ex_index); g_return_val_if_fail (GST_IS_DTLS_CONNECTION (self), FALSE); pem = _gst_dtls_x509_to_pem (X509_STORE_CTX_get0_cert (x509_ctx)); if (!pem) { GST_WARNING_OBJECT (self, "failed to convert received certificate to pem format"); } else { bio = BIO_new (BIO_s_mem ()); if (bio) { gchar buffer[2048]; gint len; len = X509_NAME_print_ex (bio, X509_get_subject_name (X509_STORE_CTX_get0_cert (x509_ctx)), 1, XN_FLAG_MULTILINE); BIO_read (bio, buffer, len); buffer[len] = '\0'; GST_DEBUG_OBJECT (self, "Peer certificate received:\n%s", buffer); BIO_free (bio); } else { GST_DEBUG_OBJECT (self, "failed to create certificate print membio"); } g_signal_emit (self, signals[SIGNAL_ON_PEER_CERTIFICATE], 0, pem, &accepted); g_free (pem); } return accepted; }
static void init_generated (GstDtlsCertificate * self) { GstDtlsCertificatePrivate *priv = self->priv; RSA *rsa; X509_NAME *name = NULL; g_return_if_fail (!priv->x509); g_return_if_fail (!priv->private_key); priv->private_key = EVP_PKEY_new (); if (!priv->private_key) { GST_WARNING_OBJECT (self, "failed to create private key"); return; } priv->x509 = X509_new (); if (!priv->x509) { GST_WARNING_OBJECT (self, "failed to create certificate"); EVP_PKEY_free (priv->private_key); priv->private_key = NULL; return; } rsa = RSA_generate_key (2048, RSA_F4, NULL, NULL); if (!rsa) { GST_WARNING_OBJECT (self, "failed to generate RSA"); EVP_PKEY_free (priv->private_key); priv->private_key = NULL; X509_free (priv->x509); priv->x509 = NULL; return; } if (!EVP_PKEY_assign_RSA (priv->private_key, rsa)) { GST_WARNING_OBJECT (self, "failed to assign RSA"); RSA_free (rsa); rsa = NULL; EVP_PKEY_free (priv->private_key); priv->private_key = NULL; X509_free (priv->x509); priv->x509 = NULL; return; } rsa = NULL; X509_set_version (priv->x509, 2); ASN1_INTEGER_set (X509_get_serialNumber (priv->x509), 0); X509_gmtime_adj (X509_get_notBefore (priv->x509), 0); X509_gmtime_adj (X509_get_notAfter (priv->x509), 31536000L); /* A year */ X509_set_pubkey (priv->x509, priv->private_key); name = X509_get_subject_name (priv->x509); X509_NAME_add_entry_by_txt (name, "C", MBSTRING_ASC, (unsigned char *) "SE", -1, -1, 0); X509_NAME_add_entry_by_txt (name, "CN", MBSTRING_ASC, (unsigned char *) "OpenWebRTC", -1, -1, 0); X509_set_issuer_name (priv->x509, name); name = NULL; if (!X509_sign (priv->x509, priv->private_key, EVP_sha256 ())) { GST_WARNING_OBJECT (self, "failed to sign certificate"); EVP_PKEY_free (priv->private_key); priv->private_key = NULL; X509_free (priv->x509); priv->x509 = NULL; return; } self->priv->pem = _gst_dtls_x509_to_pem (priv->x509); }