srs
srs copied to clipboard
ossrs
Supporting EC SSL Crypto
Note: Please read FAQ before file an issue, see #2716
Description
Please description your issue here
-
SRS Version: 6.0.72
-
SRS Log:
[2023-09-15 23:19:59.878][ERROR][1][6028y584][2] serve error code=4045(HttpsSslFile)(Failed to load SSL key or crt file for HTTPS) : start : handshake : use cert ./conf/watch.crt
thread [1][6028y584]: do_cycle() [./src/app/srs_app_http_conn.cpp:155][errno=2]
thread [1][6028y584]: on_start() [./src/app/srs_app_http_conn.cpp:388][errno=2]
thread [1][6028y584]: handshake() [./src/app/srs_app_conn.cpp:776][errno=2](No such file or directory)
- SRS Config:
listen 1935;
max_connections 1000;
daemon off;
srs_log_tank console;
http_server {
enabled on;
listen 8080;
dir ./objs/nginx/html;
https {
enabled on;
listen 8088;
key ./conf/watch.key;
cert ./conf/watch.crt;
}
}
http_api {
enabled on;
listen 1985;
https {
enabled on;
listen 1986;
key ./conf/watch.key;
cert ./conf/watch.crt;
}
}
stats {
network 0;
}
rtc_server {
enabled on;
listen 8000; # UDP port
# @see https://ossrs.net/lts/zh-cn/docs/v4/doc/webrtc#config-candidate
candidate $CANDIDATE;
}
vhost __defaultVhost__ {
rtc {
enabled on;
# @see https://ossrs.net/lts/zh-cn/docs/v4/doc/webrtc#rtmp-to-rtc
rtmp_to_rtc on;
}
}
Replay
Please describe how to replay the bug?
Step 1: Create an elliptic curve SSL cert (Let's Encrypt works for this) Step 2: Provide that to SRS Step 3: Hit a HTTPS endpoint
Expect
Expect the server to be able to apply encryption to WebRTC streams using Let's Encrypt and elliptic curve cryptography. It appears the server is hardcoded to only accept RSA:
https://github.com/ossrs/srs/blob/develop/trunk/src/app/srs_app_conn.cpp#L779-L781
Got same issue with 5.0.176, this is my temporary solution. I obtained a certificate with the parameter "--key-type rsa" in Certbot, and it works well.
