diff options
author | Jordan Bayles <jophba@chromium.org> | 2020-10-09 11:55:35 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2020-10-09 20:05:27 +0000 |
commit | a3f46f23c52688cc3c0de927b7fb8a86ff9e8dff (patch) | |
tree | eaf9703c75cb9e7d210f68b2e37900c8b7e10880 /cast/README.md | |
parent | 71f3a45238af2576f4872396ce5f0de9cb5bf6ed (diff) | |
download | openscreen-a3f46f23c52688cc3c0de927b7fb8a86ff9e8dff.tar.gz |
Add build flag for self-signed certs
This patch changes the standalone receiver and sender implementations to
use a new CAST_ALLOW_DEVELOPER_CERTIFICATE build flag/preprocessor
macro for gating usage of self-signed certificates. When false, the
cast_receiver app is disabled, and the cast_sender app will only connect
to receivers using a proper Google cert.
When the build flag is enabled, the cast sender can use any self-signed
certificate as long as the CA bit is set. The
cast receiver can either take a self-signed certificate and its private
key, or generate
both the private key and the certificate. The resulting private key and
certificate are written out to files, currently:
./generated_root_cast_receiver.(key|crt)
and can then be used with a
cast_sender to start a session.
Bug: b/169796278
Change-Id: I03675f85ac0b2bda76daf1bf11d9d7df064d0b8f
Reviewed-on: https://chromium-review.googlesource.com/c/openscreen/+/2443934
Reviewed-by: Jordan Bayles <jophba@chromium.org>
Reviewed-by: Brandon Tolsch <btolsch@chromium.org>
Reviewed-by: mark a. foltz <mfoltz@chromium.org>
Commit-Queue: Jordan Bayles <jophba@chromium.org>
Diffstat (limited to 'cast/README.md')
-rw-r--r-- | cast/README.md | 43 |
1 files changed, 30 insertions, 13 deletions
diff --git a/cast/README.md b/cast/README.md index a501703b..32de8c76 100644 --- a/cast/README.md +++ b/cast/README.md @@ -7,15 +7,38 @@ applications and streaming to Cast-compatible devices. To run the standalone sender and receivers together, first you need to install the following dependencies: FFMPEG, LibVPX, LibOpus, LibSDL2, as well as their -headers (frequently in a seperate -dev package). From here, you need to generate -a RSA private key and create a self signed certificate with that key. +headers (frequently in a seperate -dev package). From here, you just need a +video to use with the cast_sender, as the cast_receiver can generate a +self-signed certificate and private key for each session. You can also generate +your own RSA private key and either create or have the receiver automatically +create a self signed certificate with that key. If the receiver generates a root +certificate, it will print out the location of that certificate to stdout. -From there, after building Open Screen the `cast_sender` and `cast_receiver` -executables should be ready to use: +Note that we assume that the private key is a PEM-encoded RSA private key, +and the certificate is X509 PEM-encoded. The certificate must also have +the CA bit set in the basic constraints. The easiest way to test with a key +and certificate is to use ones generated by the cast_receiver standalone +application. + +## Developer certificate generation and use + +The easiest way to generate a private key and certificate is to just run +the cast_receiver with `-g`, and both should be written out to files: + +``` + $ /path/to/out/Default/cast_receiver -g + [INFO:../../cast/receiver/channel/static_credentials.cc(161):T0] Generated new private key for session: ./generated_root_cast_receiver.key + [INFO:../../cast/receiver/channel/static_credentials.cc(169):T0] Generated new root certificate for session: ./generated_root_cast_receiver.crt +``` + +These generated credentials can be passed in to start a session, e.g. ``` - $ /path/to/out/Default/cast_sender -s <certificate> <path/to/video> - ... - $ /path/to/out/Default/cast_receiver <interface> -p <private_key> -s <certificate> +./out/Default/cast_receiver -d generated_root_cast_receiver.crt -p generated_root_cast_receiver.key lo0 -x +``` + +And then passed to the cast sender to connect and start a streaming session: +``` + $ ./out/Default/cast_sender -d generated_root_cast_receiver.crt ~/video-1080-mp4.mp4 ``` When running on Mac OS X, also pass the `-x` flag to the cast receiver to @@ -25,9 +48,3 @@ Bonjour. When connecting to a receiver that's not running on the loopback interface (typically `lo` or `lo0`), pass the `-r <receiver IP endpoint>` flag to the `cast_sender` binary. - -An archive containing test running scripts, a video, and a generated RSA -key and certificate is available from google storage. Note that it may require -modification to work on your specific work environment: - -https://storage.googleapis.com/openscreen_standalone/cast_streaming_demo.tar.gz |