mirror of
https://github.com/bluenviron/mediamtx.git
synced 2026-01-23 20:09:49 -08:00
35aceaa4a9
Some checks are pending
code_lint / go (push) Waiting to run
code_lint / go_mod (push) Waiting to run
code_lint / docs (push) Waiting to run
code_lint / api_docs (push) Waiting to run
code_test / test_64 (push) Waiting to run
code_test / test_32 (push) Waiting to run
code_test / test_e2e (push) Waiting to run
38 lines
816 B
Go
38 lines
816 B
Go
// Package tls contains TLS utilities.
|
|
package tls
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"crypto/tls"
|
|
"encoding/hex"
|
|
"fmt"
|
|
"strings"
|
|
)
|
|
|
|
// MakeConfig returns a tls.Config with:
|
|
// - server name indicator (SNI) support
|
|
// - fingerprint support
|
|
func MakeConfig(serverName string, fingerprint string) *tls.Config {
|
|
conf := &tls.Config{
|
|
ServerName: serverName,
|
|
}
|
|
|
|
if fingerprint != "" {
|
|
fingerprintLower := strings.ToLower(fingerprint)
|
|
conf.InsecureSkipVerify = true
|
|
conf.VerifyConnection = func(cs tls.ConnectionState) error {
|
|
h := sha256.New()
|
|
h.Write(cs.PeerCertificates[0].Raw)
|
|
hstr := hex.EncodeToString(h.Sum(nil))
|
|
|
|
if hstr != fingerprintLower {
|
|
return fmt.Errorf("source fingerprint does not match: expected %s, got %s",
|
|
fingerprintLower, hstr)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
}
|
|
|
|
return conf
|
|
}
|