From d1159087f1d921fe4a7039f6fe6652971d0a4a14 Mon Sep 17 00:00:00 2001 From: Richard Stanway Date: Sat, 25 Jan 2020 16:49:11 +0100 Subject: [PATCH] obs-outputs: Add additional paths for root certificates on Linux Fixes https://github.com/obsproject/obs-studio/issues/2350. Also adds some log file output for when the root certificates can't be loaded to make it more obvious what the problem is. --- plugins/obs-outputs/librtmp/rtmp.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/plugins/obs-outputs/librtmp/rtmp.c b/plugins/obs-outputs/librtmp/rtmp.c index d3236aea6..f71b0b18d 100644 --- a/plugins/obs-outputs/librtmp/rtmp.c +++ b/plugins/obs-outputs/librtmp/rtmp.c @@ -344,14 +344,25 @@ RTMP_TLS_LoadCerts(RTMP *r) { CFRelease(keychain_ref); #elif defined(__linux__) if (mbedtls_x509_crt_parse_path(chain, "/etc/ssl/certs/") < 0) { + RTMP_Log(RTMP_LOGERROR, "mbedtls_x509_crt_parse_path: Couldn't parse " + "/etc/ssl/certs"); goto error; } + + // mbedtls_x509_crt_parse_path ignores symlinks which causes an issue on + // some distributions. try parsing the most common CA bundles directly + // to work around this (we don't care if it fails) + mbedtls_x509_crt_parse_file(chain, "/etc/ssl/certs/ca-bundle.crt"); + mbedtls_x509_crt_parse_file(chain, "/etc/ssl/certs/ca-certificates.crt"); #endif mbedtls_ssl_conf_ca_chain(&r->RTMP_TLS_ctx->conf, chain, NULL); return; error: + RTMP_Log(RTMP_LOGERROR, "RTMP_TLS_LoadCerts: Failed to load " + "root certificate chains, RTMPS connections will likely " + "fail"); mbedtls_x509_crt_free(chain); free(chain); r->RTMP_TLS_ctx->cacert = NULL;