Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support SRT encryption passphrases on configured paths #2385

Merged
merged 17 commits into from
Sep 23, 2023
Merged

Support SRT encryption passphrases on configured paths #2385

merged 17 commits into from
Sep 23, 2023

Conversation

rmcnew
Copy link
Contributor

@rmcnew rmcnew commented Sep 20, 2023

Add support for SRT encryption passphrases on configured MediaMTX paths.

SRT supports encryption to protect payload data. SRT Passphrases must be strings between 10 and 79 characters long. Setting a SRT passphrase means that a publisher or reader using SRT MUST use the passphrase to publish or read.

Note that setting SRT passphrases does not prevent unencrypted reading from the path using another protocol!

@codecov
Copy link

codecov bot commented Sep 21, 2023
edited
Loading

Codecov Report

Merging #2385 (4325dc7) into main (cadc6b3) will decrease coverage by 0.01%.
The diff coverage is 61.11%.

@@            Coverage Diff             @@
##             main    #2385      +/-   ##
==========================================
- Coverage   61.59%   61.58%   -0.01%     
==========================================
  Files         129      129              
  Lines       14440    14476      +36     
==========================================
+ Hits         8894     8915      +21     
- Misses       4875     4887      +12     
- Partials      671      674       +3
Files Changed Coverage Δ
internal/core/srt_conn.go 55.21% <40.00%> (-0.62%) ⬇️
internal/conf/path.go 28.36% <87.50%> (+3.55%) ⬆️

... and 3 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@aler9
Copy link
Member

aler9 commented Sep 21, 2023

Hello, this is a useful feature but this PR needs a couple of improvements:

  • move checks from checkSrtPassphrase() to internal/conf/path.go
  • avoid using getPathConfs() and pathConfs[pathName], pathName may not correspond to a configuration with the same name, since configurations can use regular expressions as names; use res.path.conf, that is available after addReader() and addPublisher
  • fix lint errors

thanks

@rmcnew
Copy link
Contributor Author

rmcnew commented Sep 21, 2023

Thank you for the feedback. Making changes to fix those items.

@rmcnew
Copy link
Contributor Author

rmcnew commented Sep 21, 2023
edited
Loading

Updates made based on feedback and lint output.

I was trying manually run the lint workflow, but then discovered that it runs when I pushed to main on my fork. lint.yml should be unchanged.

@rmcnew
Copy link
Contributor Author

rmcnew commented Sep 22, 2023

Added unit tests for CheckSrtPassphrase. Use safeConf to prevent race conditions.

@aler9
Copy link
Member

aler9 commented Sep 23, 2023

i added some improvements:

  • update API docs
  • split configuration checks from connection checks
  • add tests
  • rename publishSRTPassphrase into srtPublishPassphrase, readSRTPassphrase into srtReadPassphrase
  • remove redundant alias

and merged. Thanks!

@aler9 aler9 merged commit 75f518a into bluenviron:main Sep 23, 2023
6 of 8 checks passed
@rmcnew rmcnew deleted the srt_passphrase branch September 23, 2023 16:09
@github-actions github-actions bot locked and limited conversation to collaborators Mar 28, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rmcnew @aler9