mirror of
https://github.com/bluenviron/mediamtx
synced 2025-01-24 16:02:59 +00:00
40 lines
801 B
Go
40 lines
801 B
Go
package core
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"crypto/tls"
|
|
"encoding/hex"
|
|
"fmt"
|
|
"strings"
|
|
)
|
|
|
|
type fingerprintValidatorFunc func(tls.ConnectionState) error
|
|
|
|
func fingerprintValidator(fingerprint string) fingerprintValidatorFunc {
|
|
fingerprintLower := strings.ToLower(fingerprint)
|
|
|
|
return func(cs tls.ConnectionState) error {
|
|
h := sha256.New()
|
|
h.Write(cs.PeerCertificates[0].Raw)
|
|
hstr := hex.EncodeToString(h.Sum(nil))
|
|
|
|
if hstr != fingerprintLower {
|
|
return fmt.Errorf("source fingerprint does not match: expected %s, got %s",
|
|
fingerprintLower, hstr)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func tlsConfigForFingerprint(fingerprint string) *tls.Config {
|
|
if fingerprint == "" {
|
|
return nil
|
|
}
|
|
|
|
return &tls.Config{
|
|
InsecureSkipVerify: true,
|
|
VerifyConnection: fingerprintValidator(fingerprint),
|
|
}
|
|
}
|