Add the following content in the acceptors part in config.lua.
This is for Win7 configuration and remember that we have to use double '\' instead of single for path.
The cipherSuite parameter, we could reference http://www.openssl.
RTMP library
The library is main from rtmpdump. The webpage is http://rtmpdump.mplayerhq.hu.
The libssl library - SSLv23 method is used in the RTMPdump.
- SSLv23 method
A TLS/SSL connection established with these methods will understand the SSLv2, SSLv3, and TLSv1 protocol.
A client will send out SSLv2 client hello messages and will indicate that it also understands SSLv3 and TLSv1.
A server will understand SSLv2, SSLv3, and TLSv1 client hello messages.
This is the best choice when compatibility is a concern.
- SSLv23 related files in the openssl/ssl/ folder
* s23_clnt.c
* s23_lib.c
the ssl23_connect() function handle the hello message between client and server.
the client's related method will be created according to the server's hello message.
we can look into the ssl23_get_server_hello() function for more detailed.
we can compare with the network packet by Wireshark. We use the TLSv1_client_method().
* s23_meth.c
* s23_pkt.c
* s23_srvr.c
* ssl_locl.h -> the marco and function were defined in this header file.
- the client hello information by Wireshark.
- the server hello information by Wireshark.
- According the Wireshark packet, let's dig into TLSv1_client_method() function.
* the TLSv1_client_method() define in the t1_clnt.c file.
* the TLS method is define in the ssl_locl.h file.
- TLSv1_enc_data(), this is a SSL3_ENC_METHOD structure define in ssl_locl.h and instantiate in t1_lib.c.
- ENGINE_setup_bsd_cryptodev(), this should be called to enable the 'cryptodev' engine support.
- ENGINE_load_builtin_engines is related to OPENSSL_NO_HW and it is define in crypto/opensslconf.h.
However, this is not called to load the cryptodev by default.
- we have to add the ENGINE_setup_bsd_cryptodev() in rtmp library.
cryptodev-linux package http://cryptodev-
- cryptodev, call iotcl() in cryptodev-linux/ioctl.c to access the crypto hardware engine.
* CIOCGSESSION: to do crypto_create_session()->
* CIOCCRYPT: the crypto_run() is in the cryptodev-linux/main.c.
* crypto_run()->__crypto_run_zc(
* cryptodev_cipher_encrypt() is in the cryptlib.c. The function ablkcipher_request_set_crypt()
and crypto_ablkcipher_encrypt(
Kernel crypto driver support
- crypto algorithm structure
- Asynchronous block cipher algorithm structue.
- Synchronous block cipher.
- crypto TFM(transform) structure
* synchronous block cipher transform structure
- The cryptodev-linux is using the asynchronous block cipher method. We can create a kernel driver.
There are example in the linux/drivers/crypto/ folder.
I assume that the kernel driver we create is abc_crypto.ko. We can insmod both the abc_crypto.ko and cryptodev.ko. Then the rtmp library support the rtmps through OpenSSL with hardware crypto engine.
沒有留言:
張貼留言