mirror of
https://github.com/aler9/rtsp-simple-server
synced 2026-04-22 15:07:19 +08:00
Alessandro Ros
d4c6f95291
when dumpPackets is true, embed TLS master keys into the dump, in a format which is natively compatible with Wireshark.
37 lines
754 B
Go
37 lines
754 B
Go
// Package tls contains TLS utilities.
|
|
package tls //nolint:revive
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"crypto/tls"
|
|
"encoding/hex"
|
|
"fmt"
|
|
"strings"
|
|
)
|
|
|
|
// MakeConfig returns a tls.Config with fingerprint support.
|
|
func MakeConfig(fingerprint string) *tls.Config {
|
|
if fingerprint != "" {
|
|
conf := &tls.Config{}
|
|
|
|
fingerprintLower := strings.ToLower(fingerprint)
|
|
conf.InsecureSkipVerify = true
|
|
conf.VerifyConnection = func(cs tls.ConnectionState) error {
|
|
h := sha256.New()
|
|
h.Write(cs.PeerCertificates[0].Raw)
|
|
hstr := hex.EncodeToString(h.Sum(nil))
|
|
|
|
if hstr != fingerprintLower {
|
|
return fmt.Errorf("source fingerprint does not match: expected %s, got %s",
|
|
fingerprintLower, hstr)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
return conf
|
|
}
|
|
|
|
return nil
|
|
}
|