4

我正在使用 Red5 1.0.3,并尝试使用自签名证书通过端口 8443 完成 RTMPS。

我已经做了什么:

  • 在 conf/red5-core.xml 中启用 RTMPS
  • 将我的自签名证书添加到密钥库和信任库
  • 确认 keystore 和 truststore 的密码是正确的(这是一个测试,所以为了简单起见密码是一样的)
  • 通过在我的浏览器中接受异常解决了“不受信任的证书”问题(在 Ubuntu 上使用 Chrome)
  • 确保 Red5 正在侦听 8443 并且端口可连接

我遇到的下一个障碍是尝试连接到 Red5 时浏览器中的“空响应”。

从 Red5 日志中:

[DEBUG] [NioProcessor-30] org.red5.server.net.rtmps.RTMPSMinaIoHandler - SSL provider is: SunJSSE version 1.7
[DEBUG] [NioProcessor-30] org.red5.server.BaseConnection - New BaseConnection - type: persistent
[DEBUG] [NioProcessor-30] org.red5.server.BaseConnection - Generated session id: 7DTVIWZ5UXILR
[DEBUG] [NioProcessor-30] org.red5.server.net.rtmp.RTMPConnection - startWaitForHandshake - 7DTVIWZ5UXILR
[DEBUG] [NioProcessor-30] org.red5.server.net.rtmp.RTMPMinaIoHandler - Session opened: 77 id: 7DTVIWZ5UXILR
[DEBUG] [NioProcessor-30] org.red5.server.net.rtmp.RTMPMinaIoHandler - Session closed: 77 id: 7DTVIWZ5UXILR
[DEBUG] [NioProcessor-30] org.red5.server.net.rtmp.BaseRTMPHandler - connectionClosed: 7DTVIWZ5UXILR
[DEBUG] [NioProcessor-30] org.red5.server.net.rtmp.RTMPConnection - close: 7DTVIWZ5UXILR
[DEBUG] [NioProcessor-30] org.red5.server.net.rtmp.RTMPConnection - State: connect
[DEBUG] [NioProcessor-30] org.red5.server.api.Red5 - Set connection: 7DTVIWZ5UXILR with thread: NioProcessor-30
[DEBUG] [NioProcessor-30] org.red5.server.net.rtmp.RTMPConnection - Stream service was not found for scope: null or non-existant
[DEBUG] [NioProcessor-30] org.red5.server.BaseConnection - Close, not connected nothing to do
[DEBUG] [NioProcessor-30] org.red5.server.net.rtmp.RTMPConnection - Shutting down scheduler
[DEBUG] [NioProcessor-30] org.red5.server.net.rtmp.RTMPConnection - Scheduler - shutdown: true queued: 0
[DEBUG] [NioProcessor-30] org.red5.server.net.rtmp.RTMPConnection - Shutting down executor
[DEBUG] [NioProcessor-30] org.red5.server.net.rtmp.RTMPConnection - Executor - shutdown: true queued: 0
[DEBUG] [NioProcessor-30] org.red5.server.net.rtmp.RTMPMinaConnection - IO Session closing: true
[DEBUG] [NioProcessor-30] org.red5.server.net.rtmp.RTMPMinaConnection - Connection state: RTMP [state=disconnecting, encrypted=false, readChunkSize=128, writeChunkSize=128, encoding=AMF0]
[DEBUG] [NioProcessor-30] org.red5.server.net.rtmp.BaseRTMPHandler - connectionClosed: 7DTVIWZ5UXILR
[DEBUG] [NioProcessor-30] org.red5.server.api.Red5 - Set connection: null with thread: NioProcessor-30
[DEBUG] [NioProcessor-31] org.red5.server.net.rtmps.RTMPSMinaIoHandler - SSL provider is: SunJSSE version 1.7
[DEBUG] [NioProcessor-31] org.red5.server.BaseConnection - New BaseConnection - type: persistent
[DEBUG] [NioProcessor-31] org.red5.server.BaseConnection - Generated session id: UB7GI0V7POCE2
[DEBUG] [NioProcessor-31] org.red5.server.net.rtmp.RTMPConnection - startWaitForHandshake - UB7GI0V7POCE2
[DEBUG] [NioProcessor-31] org.red5.server.net.rtmp.RTMPMinaIoHandler - Session opened: 78 id: UB7GI0V7POCE2
[DEBUG] [NioProcessor-31] org.red5.server.api.Red5 - Get connection on thread: NioProcessor-31
[DEBUG] [NioProcessor-31] org.red5.server.api.Red5 - Set connection: UB7GI0V7POCE2 with thread: NioProcessor-31
[DEBUG] [NioProcessor-31] org.red5.server.net.rtmp.codec.RTMPProtocolDecoder - decodeHandshake - state: RTMPDecodeState [sessionId=UB7GI0V7POCE2, decoderState=0, decoderBufferAmount=0] buffer: HeapBuffer[pos=0 lim=377 cap=1536: 50 4F 53 54 20 2F 6F 70 65 6E 2F 31 20 48 54 54...]
[DEBUG] [NioProcessor-31] org.red5.server.net.rtmp.codec.RTMPProtocolDecoder - Handshake init too small, buffering. remaining: 377
[DEBUG] [NioProcessor-31] org.red5.server.api.Red5 - Set connection: null with thread: NioProcessor-31
[WARN] [RTMPConnectionExecutor#14164738195671] org.red5.server.net.rtmp.RTMPConnection - Closing UB7GI0V7POCE2, due to long handshake. State: connect
[DEBUG] [RTMPConnectionExecutor#14164738195671] org.red5.server.net.rtmp.RTMPConnection - close: UB7GI0V7POCE2
[DEBUG] [RTMPConnectionExecutor#14164738195671] org.red5.server.net.rtmp.RTMPConnection - State: connect
[DEBUG] [RTMPConnectionExecutor#14164738195671] org.red5.server.api.Red5 - Set connection: UB7GI0V7POCE2 with thread: RTMPConnectionExecutor#14164738195671
[DEBUG] [RTMPConnectionExecutor#14164738195671] org.red5.server.net.rtmp.RTMPConnection - Stream service was not found for scope: null or non-existant
[DEBUG] [RTMPConnectionExecutor#14164738195671] org.red5.server.BaseConnection - Close, not connected nothing to do
[DEBUG] [RTMPConnectionExecutor#14164738195671] org.red5.server.net.rtmp.RTMPConnection - Shutting down scheduler
[DEBUG] [RTMPConnectionExecutor#14164738195671] org.red5.server.net.rtmp.RTMPConnection - Scheduler - shutdown: true queued: 0
[DEBUG] [RTMPConnectionExecutor#14164738195671] org.red5.server.net.rtmp.RTMPConnection - Shutting down executor
[DEBUG] [RTMPConnectionExecutor#14164738195671] org.red5.server.net.rtmp.RTMPConnection - Executor - shutdown: true queued: 0
[DEBUG] [RTMPConnectionExecutor#14164738195671] org.red5.server.net.rtmp.RTMPMinaConnection - IO Session closing: false
[DEBUG] [NioProcessor-31] org.red5.server.net.rtmp.RTMPMinaIoHandler - Session closed: 78 id: UB7GI0V7POCE2
[DEBUG] [NioProcessor-31] org.red5.server.net.rtmp.BaseRTMPHandler - connectionClosed: UB7GI0V7POCE2
[DEBUG] [NioProcessor-31] org.red5.server.api.Red5 - Set connection: null with thread: NioProcessor-31
[DEBUG] [RTMPConnectionExecutor#14164738195671] org.red5.server.net.rtmp.RTMPMinaConnection - Connection close future: org.apache.mina.core.future.DefaultCloseFuture@41fb8175
[DEBUG] [RTMPConnectionExecutor#14164738195671] org.red5.server.net.rtmp.RTMPMinaConnection - Connection is closed
[WARN] [RTMPConnectionExecutor#14164738195671] org.red5.server.net.rtmp.RTMPConnManager - Connection not found for UB7GI0V7POCE2
[DEBUG] [RTMPConnectionExecutor#14164738195671] org.red5.server.net.rtmp.RTMPMinaConnection - Connection state: RTMP [state=disconnected, encrypted=false, readChunkSize=128, writeChunkSize=128, encoding=AMF0]

连接只是关闭。在仔细检查 Wireshark 后,我发现了一个加密警报 (21),据我了解,这意味着解密失败。目前还没有关于它失败的原因的提示,但它确实做到了。

在浏览器(Flash 客户端)中,控制台输出

POST https://10.32.1.218:8443/open/1 net::ERR_EMPTY_RESPONSE 10.32.1.218:8443/open/1:1
DEBUG: Flash says: NetworkManager: NetConnection.Connect.Failed 

阅读Red5 和 RTMPS 自签名证书后,我开始使用真实证书(来自 StartCom),但是当使用该证书连接到 Red5 时,我收到

javax.net.ssl.SSLHandshakeException: SSL handshake failed.
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common

我尝试使用 -keyalg RSA(明确地说)将证书重新添加到密钥库和信任库,但这没有帮助。

所以回到自签名证书......无论如何现在。

建议?也许客户端不接受不受信任的证书并在握手时超时?任何向下看的新途径将不胜感激。

更新

更新 Flash 客户端并设置 NetConnection 属性proxyType = "best"后,Flash 现在输出NetworkManager: NetConnection.Connect.SSLHandshakeFailed

更新二

我意识到我错误地将证书添加到密钥库和信任库。我已将密钥添加到密钥库,而没有添加它们的私钥。

为此,我使用了以下答案

我还从自签名证书转移到 CA 签名证书。对于我的情况,自签名的问题不值得解决。

4

0 回答 0