obs-outputs: Remove server support from librtmp

This code is very old and seems to be non-functional in its current
state. The TLS support is also complicated to maintain across multiple
deprecated mbedtls functions.

plugins/obs-outputs/librtmp/handshake.h

@@ -1178,358 +1178,3 @@ HandShake(RTMP * r, int FP9HandShake)
     RTMP_Log(RTMP_LOGDEBUG, "%s: Handshaking finished....", __FUNCTION__);
     return TRUE;
 }
-
-static int
-SHandShake(RTMP * r)
-{
-    int i, offalg = 0;
-    int dhposServer = 0;
-    int digestPosServer = 0;
-    RC4_handle keyIn = 0;
-    RC4_handle keyOut = 0;
-    int FP9HandShake = FALSE;
-    int encrypted;
-
-#ifndef _DEBUG
-    int32_t *ip;
-#endif
-
-    uint8_t clientsig[RTMP_SIG_SIZE];
-    uint8_t serverbuf[RTMP_SIG_SIZE + 4], *serversig = serverbuf+4;
-    uint8_t type;
-    uint32_t uptime;
-    getoff *getdh = NULL, *getdig = NULL;
-
-    if (ReadN(r, (char *)&type, 1) != 1)	/* 0x03 or 0x06 */
-        return FALSE;
-
-    if (ReadN(r, (char *)clientsig, RTMP_SIG_SIZE) != RTMP_SIG_SIZE)
-        return FALSE;
-
-    RTMP_Log(RTMP_LOGDEBUG, "%s: Type Requested : %02X", __FUNCTION__, type);
-    RTMP_LogHex(RTMP_LOGDEBUG2, clientsig, RTMP_SIG_SIZE);
-
-    if (type == 3)
-    {
-        encrypted = FALSE;
-    }
-    else if (type == 6 || type == 8)
-    {
-        offalg = 1;
-        encrypted = TRUE;
-        FP9HandShake = TRUE;
-        r->Link.protocol |= RTMP_FEATURE_ENC;
-        /* use FP10 if client is capable */
-        if (clientsig[4] == 128)
-            type = 8;
-    }
-    else
-    {
-        RTMP_Log(RTMP_LOGERROR, "%s: Unknown version %02x",
-                 __FUNCTION__, type);
-        return FALSE;
-    }
-
-    if (!FP9HandShake && clientsig[4])
-        FP9HandShake = TRUE;
-
-    serversig[-1] = type;
-
-    r->Link.rc4keyIn = r->Link.rc4keyOut = 0;
-
-    uptime = htonl(RTMP_GetTime());
-    memcpy(serversig, &uptime, 4);
-
-    if (FP9HandShake)
-    {
-        /* Server version */
-        serversig[4] = 3;
-        serversig[5] = 5;
-        serversig[6] = 1;
-        serversig[7] = 1;
-
-        getdig = digoff[offalg];
-        getdh  = dhoff[offalg];
-    }
-    else
-    {
-        memset(&serversig[4], 0, 4);
-    }
-
-    /* generate random data */
-#ifdef _DEBUG
-    memset(serversig+8, 0, RTMP_SIG_SIZE-8);
-#else
-    ip = (int32_t *)(serversig+8);
-    for (i = 2; i < RTMP_SIG_SIZE/4; i++)
-        *ip++ = rand();
-#endif
-
-    /* set handshake digest */
-    if (FP9HandShake)
-    {
-        if (encrypted)
-        {
-            /* generate Diffie-Hellmann parameters */
-            r->Link.dh = DHInit(1024);
-            if (!r->Link.dh)
-            {
-                RTMP_Log(RTMP_LOGERROR, "%s: Couldn't initialize Diffie-Hellmann!",
-                         __FUNCTION__);
-                return FALSE;
-            }
-
-            dhposServer = getdh(serversig, RTMP_SIG_SIZE);
-            RTMP_Log(RTMP_LOGDEBUG, "%s: DH pubkey position: %d", __FUNCTION__, dhposServer);
-
-            if (!DHGenerateKey(r->Link.dh))
-            {
-                RTMP_Log(RTMP_LOGERROR, "%s: Couldn't generate Diffie-Hellmann public key!",
-                         __FUNCTION__);
-                return FALSE;
-            }
-
-            if (!DHGetPublicKey
-                    (r->Link.dh, (uint8_t *) &serversig[dhposServer], 128))
-            {
-                RTMP_Log(RTMP_LOGERROR, "%s: Couldn't write public key!", __FUNCTION__);
-                return FALSE;
-            }
-        }
-
-        digestPosServer = getdig(serversig, RTMP_SIG_SIZE);	/* reuse this value in verification */
-        RTMP_Log(RTMP_LOGDEBUG, "%s: Server digest offset: %d", __FUNCTION__,
-                 digestPosServer);
-
-        CalculateDigest(digestPosServer, serversig, GenuineFMSKey, 36,
-                        &serversig[digestPosServer]);
-
-        RTMP_Log(RTMP_LOGDEBUG, "%s: Initial server digest: ", __FUNCTION__);
-        RTMP_LogHex(RTMP_LOGDEBUG, serversig + digestPosServer,
-                    SHA256_DIGEST_LENGTH);
-    }
-
-    RTMP_Log(RTMP_LOGDEBUG2, "Serversig: ");
-    RTMP_LogHex(RTMP_LOGDEBUG2, serversig, RTMP_SIG_SIZE);
-
-    if (!WriteN(r, (char *)serversig-1, RTMP_SIG_SIZE + 1))
-        return FALSE;
-
-    /* decode client response */
-    memcpy(&uptime, clientsig, 4);
-    uptime = ntohl(uptime);
-
-    RTMP_Log(RTMP_LOGDEBUG, "%s: Client Uptime : %d", __FUNCTION__, uptime);
-    RTMP_Log(RTMP_LOGDEBUG, "%s: Player Version: %d.%d.%d.%d", __FUNCTION__, clientsig[4],
-             clientsig[5], clientsig[6], clientsig[7]);
-
-    if (FP9HandShake)
-    {
-        uint8_t digestResp[SHA256_DIGEST_LENGTH];
-        uint8_t *signatureResp = NULL;
-
-        /* we have to use this signature now to find the correct algorithms for getting the digest and DH positions */
-        int digestPosClient = getdig(clientsig, RTMP_SIG_SIZE);
-
-        if (!VerifyDigest(digestPosClient, clientsig, GenuineFPKey, 30))
-        {
-            RTMP_Log(RTMP_LOGWARNING, "Trying different position for client digest!");
-            offalg ^= 1;
-            getdig = digoff[offalg];
-            getdh  = dhoff[offalg];
-
-            digestPosClient = getdig(clientsig, RTMP_SIG_SIZE);
-
-            if (!VerifyDigest(digestPosClient, clientsig, GenuineFPKey, 30))
-            {
-                RTMP_Log(RTMP_LOGERROR, "Couldn't verify the client digest");	/* continuing anyway will probably fail */
-                return FALSE;
-            }
-        }
-
-        /* generate SWFVerification token (SHA256 HMAC hash of decompressed SWF, key are the last 32 bytes of the server handshake) */
-        if (r->Link.SWFSize)
-        {
-            const char swfVerify[] = { 0x01, 0x01 };
-            char *vend = r->Link.SWFVerificationResponse+sizeof(r->Link.SWFVerificationResponse);
-
-            memcpy(r->Link.SWFVerificationResponse, swfVerify, 2);
-            AMF_EncodeInt32(&r->Link.SWFVerificationResponse[2], vend, r->Link.SWFSize);
-            AMF_EncodeInt32(&r->Link.SWFVerificationResponse[6], vend, r->Link.SWFSize);
-            HMACsha256(r->Link.SWFHash, SHA256_DIGEST_LENGTH,
-                       &serversig[RTMP_SIG_SIZE - SHA256_DIGEST_LENGTH],
-                       SHA256_DIGEST_LENGTH,
-                       (uint8_t *)&r->Link.SWFVerificationResponse[10]);
-        }
-
-        /* do Diffie-Hellmann Key exchange for encrypted RTMP */
-        if (encrypted)
-        {
-            int dhposClient, len;
-            /* compute secret key */
-            uint8_t secretKey[128] = { 0 };
-
-            dhposClient = getdh(clientsig, RTMP_SIG_SIZE);
-            RTMP_Log(RTMP_LOGDEBUG, "%s: Client DH public key offset: %d", __FUNCTION__,
-                     dhposClient);
-            len =
-                DHComputeSharedSecretKey(r->Link.dh,
-                                         (uint8_t *) &clientsig[dhposClient], 128,
-                                         secretKey);
-            if (len < 0)
-            {
-                RTMP_Log(RTMP_LOGDEBUG, "%s: Wrong secret key position!", __FUNCTION__);
-                return FALSE;
-            }
-
-            RTMP_Log(RTMP_LOGDEBUG, "%s: Secret key: ", __FUNCTION__);
-            RTMP_LogHex(RTMP_LOGDEBUG, secretKey, 128);
-
-            InitRC4Encryption(secretKey,
-                              (uint8_t *) &clientsig[dhposClient],
-                              (uint8_t *) &serversig[dhposServer],
-                              &keyIn, &keyOut);
-        }
-
-
-        /* calculate response now */
-        signatureResp = clientsig+RTMP_SIG_SIZE-SHA256_DIGEST_LENGTH;
-
-        HMACsha256(&clientsig[digestPosClient], SHA256_DIGEST_LENGTH,
-                   GenuineFMSKey, sizeof(GenuineFMSKey), digestResp);
-        HMACsha256(clientsig, RTMP_SIG_SIZE - SHA256_DIGEST_LENGTH, digestResp,
-                   SHA256_DIGEST_LENGTH, signatureResp);
-#ifdef FP10
-        if (type == 8 )
-        {
-            uint8_t *dptr = digestResp;
-            uint8_t *sig = signatureResp;
-            /* encrypt signatureResp */
-            for (i=0; i<SHA256_DIGEST_LENGTH; i+=8)
-                rtmpe8_sig(sig+i, sig+i, dptr[i] % 15);
-        }
-        else if (type == 9)
-        {
-            uint8_t *dptr = digestResp;
-            uint8_t *sig = signatureResp;
-            /* encrypt signatureResp */
-            for (i=0; i<SHA256_DIGEST_LENGTH; i+=8)
-                rtmpe9_sig(sig+i, sig+i, dptr[i] % 15);
-        }
-#endif
-
-        /* some info output */
-        RTMP_Log(RTMP_LOGDEBUG,
-                 "%s: Calculated digest key from secure key and server digest: ",
-                 __FUNCTION__);
-        RTMP_LogHex(RTMP_LOGDEBUG, digestResp, SHA256_DIGEST_LENGTH);
-
-        RTMP_Log(RTMP_LOGDEBUG, "%s: Server signature calculated:", __FUNCTION__);
-        RTMP_LogHex(RTMP_LOGDEBUG, signatureResp, SHA256_DIGEST_LENGTH);
-    }
-#if 0
-    else
-    {
-        uptime = htonl(RTMP_GetTime());
-        memcpy(clientsig+4, &uptime, 4);
-    }
-#endif
-
-    RTMP_Log(RTMP_LOGDEBUG2, "%s: Sending handshake response: ",
-             __FUNCTION__);
-    RTMP_LogHex(RTMP_LOGDEBUG2, clientsig, RTMP_SIG_SIZE);
-
-    if (!WriteN(r, (char *)clientsig, RTMP_SIG_SIZE))
-        return FALSE;
-
-    /* 2nd part of handshake */
-    if (ReadN(r, (char *)clientsig, RTMP_SIG_SIZE) != RTMP_SIG_SIZE)
-        return FALSE;
-
-    RTMP_Log(RTMP_LOGDEBUG2, "%s: 2nd handshake: ", __FUNCTION__);
-    RTMP_LogHex(RTMP_LOGDEBUG2, clientsig, RTMP_SIG_SIZE);
-
-    if (FP9HandShake)
-    {
-        uint8_t signature[SHA256_DIGEST_LENGTH];
-        uint8_t digest[SHA256_DIGEST_LENGTH];
-
-        RTMP_Log(RTMP_LOGDEBUG, "%s: Client sent signature:", __FUNCTION__);
-        RTMP_LogHex(RTMP_LOGDEBUG, &clientsig[RTMP_SIG_SIZE - SHA256_DIGEST_LENGTH],
-                    SHA256_DIGEST_LENGTH);
-
-        /* verify client response */
-        HMACsha256(&serversig[digestPosServer], SHA256_DIGEST_LENGTH,
-                   GenuineFPKey, sizeof(GenuineFPKey), digest);
-        HMACsha256(clientsig, RTMP_SIG_SIZE - SHA256_DIGEST_LENGTH, digest,
-                   SHA256_DIGEST_LENGTH, signature);
-#ifdef FP10
-        if (type == 8 )
-        {
-            uint8_t *dptr = digest;
-            uint8_t *sig = signature;
-            /* encrypt signatureResp */
-            for (i=0; i<SHA256_DIGEST_LENGTH; i+=8)
-                rtmpe8_sig(sig+i, sig+i, dptr[i] % 15);
-        }
-        else if (type == 9)
-        {
-            uint8_t *dptr = digest;
-            uint8_t *sig = signature;
-            /* encrypt signatureResp */
-            for (i=0; i<SHA256_DIGEST_LENGTH; i+=8)
-                rtmpe9_sig(sig+i, sig+i, dptr[i] % 15);
-        }
-#endif
-
-        /* show some information */
-        RTMP_Log(RTMP_LOGDEBUG, "%s: Digest key: ", __FUNCTION__);
-        RTMP_LogHex(RTMP_LOGDEBUG, digest, SHA256_DIGEST_LENGTH);
-
-        RTMP_Log(RTMP_LOGDEBUG, "%s: Signature calculated:", __FUNCTION__);
-        RTMP_LogHex(RTMP_LOGDEBUG, signature, SHA256_DIGEST_LENGTH);
-        if (memcmp
-                (signature, &clientsig[RTMP_SIG_SIZE - SHA256_DIGEST_LENGTH],
-                 SHA256_DIGEST_LENGTH) != 0)
-        {
-            RTMP_Log(RTMP_LOGWARNING, "%s: Client not genuine Adobe!", __FUNCTION__);
-            return FALSE;
-        }
-        else
-        {
-            RTMP_Log(RTMP_LOGDEBUG, "%s: Genuine Adobe Flash Player", __FUNCTION__);
-        }
-
-        if (encrypted)
-        {
-            char buff[RTMP_SIG_SIZE];
-            /* set keys for encryption from now on */
-            r->Link.rc4keyIn = keyIn;
-            r->Link.rc4keyOut = keyOut;
-
-            /* update the keystreams */
-            if (r->Link.rc4keyIn)
-            {
-                RC4_encrypt(r->Link.rc4keyIn, RTMP_SIG_SIZE, (uint8_t *) buff);
-            }
-
-            if (r->Link.rc4keyOut)
-            {
-                RC4_encrypt(r->Link.rc4keyOut, RTMP_SIG_SIZE, (uint8_t *) buff);
-            }
-        }
-    }
-    else
-    {
-        if (memcmp(serversig, clientsig, RTMP_SIG_SIZE) != 0)
-        {
-            RTMP_Log(RTMP_LOGWARNING, "%s: client signature does not match!",
-                     __FUNCTION__);
-        }
-    }
-
-    // TODO(mgoulet): Should this have an Rc4_free?
-
-    RTMP_Log(RTMP_LOGDEBUG, "%s: Handshaking finished....", __FUNCTION__);
-    return TRUE;
-}

plugins/obs-outputs/librtmp/rtmp.c

@@ -438,99 +438,6 @@ RTMP_TLS_Free(RTMP *r) {
 #endif
 }
 
-void *
-RTMP_TLS_AllocServerContext(RTMP *r, const char* cert, const char* key)
-{
-    void *ctx = NULL;
-#ifdef CRYPTO
-    if (!r->RTMP_TLS_ctx)
-        RTMP_TLS_Init(r);
-#if defined(USE_MBEDTLS)
-    tls_server_ctx *tc = ctx = calloc(1, sizeof(struct tls_server_ctx));
-    tc->conf = &r->RTMP_TLS_ctx->conf;
-    tc->ctr_drbg = &r->RTMP_TLS_ctx->ctr_drbg;
-
-    mbedtls_x509_crt_init(&tc->cert);
-    if (mbedtls_x509_crt_parse_file(&tc->cert, cert))
-    {
-        free(tc);
-        return NULL;
-    }
-
-    mbedtls_pk_init(&tc->key);
-    if (mbedtls_pk_parse_keyfile(&tc->key, key, NULL))
-    {
-        mbedtls_x509_crt_free(&tc->cert);
-        mbedtls_pk_free(&tc->key);
-        free(tc);
-        return NULL;
-    }
-#elif defined(USE_POLARSSL)
-    tls_server_ctx *tc = ctx = calloc(1, sizeof(struct tls_server_ctx));
-    tc->dhm_P = my_dhm_P;
-    tc->dhm_G = my_dhm_G;
-    tc->hs = &RTMP_TLS_ctx->hs;
-    if (x509parse_crtfile(&tc->cert, cert))
-    {
-        free(tc);
-        return NULL;
-    }
-    if (x509parse_keyfile(&tc->key, key, NULL))
-    {
-        x509_free(&tc->cert);
-        free(tc);
-        return NULL;
-    }
-#elif defined(USE_GNUTLS) && !defined(NO_SSL)
-    gnutls_certificate_allocate_credentials((gnutls_certificate_credentials*) &ctx);
-    if (gnutls_certificate_set_x509_key_file(ctx, cert, key, GNUTLS_X509_FMT_PEM) != 0)
-    {
-        gnutls_certificate_free_credentials(ctx);
-        return NULL;
-    }
-#elif !defined(NO_SSL) /* USE_OPENSSL */
-    ctx = SSL_CTX_new(SSLv23_server_method());
-    if (!SSL_CTX_use_certificate_chain_file(ctx, cert))
-    {
-        SSL_CTX_free(ctx);
-        return NULL;
-    }
-    if (!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM))
-    {
-        SSL_CTX_free(ctx);
-        return NULL;
-    }
-#endif
-#else
-    (void)cert;
-    (void)key;
-#endif
-    return ctx;
-}
-
-void
-RTMP_TLS_FreeServerContext(void *ctx)
-{
-#ifdef CRYPTO
-#if defined(USE_MBEDTLS)
-    mbedtls_x509_crt_free(&((tls_server_ctx*)ctx)->cert);
-    mbedtls_pk_free(&((tls_server_ctx*)ctx)->key);
-    free(ctx);
-#elif defined(USE_POLARSSL)
-    x509_free(&((tls_server_ctx*)ctx)->cert);
-    rsa_free(&((tls_server_ctx*)ctx)->key);
-    free(ctx);
-#elif defined(USE_GNUTLS) && !defined(NO_SSL)
-    gnutls_certificate_free_credentials(ctx);
-#elif !defined(NO_SSL) /* USE_OPENSSL */
-    SSL_CTX_free(ctx);
-#endif
-
-#else
-    (void)ctx;
-#endif
-}
-
 RTMP *
 RTMP_Alloc()
 {
@@ -1024,36 +931,6 @@ RTMP_Connect0(RTMP *r, struct sockaddr * service, socklen_t addrlen)
     return TRUE;
 }
 
-int
-RTMP_TLS_Accept(RTMP *r, void *ctx)
-{
-#if defined(CRYPTO) && !defined(NO_SSL)
-    tls_server_ctx *srv_ctx = ctx;
-    TLS_server(srv_ctx, r->m_sb.sb_ssl);
-
-#if defined(USE_MBEDTLS)
-    mbedtls_net_context *client_fd = &r->RTMP_TLS_ctx->net;
-    mbedtls_net_init(client_fd);
-    client_fd->fd = r->m_sb.sb_socket;
-    TLS_setfd(r->m_sb.sb_ssl, client_fd);
-#else
-    TLS_setfd(r->m_sb.sb_ssl, r->m_sb.sb_socket);
-#endif
-
-    int connect_return = TLS_connect(r->m_sb.sb_ssl);
-    if (connect_return < 0)
-    {
-        RTMP_Log(RTMP_LOGERROR, "%s, TLS_Connect failed", __FUNCTION__);
-        return FALSE;
-    }
-    return TRUE;
-#else
-    (void)r;
-    (void)ctx;
-    return FALSE;
-#endif
-}
-
 int
 RTMP_Connect1(RTMP *r, RTMPPacket *cp)
 {
@@ -4137,69 +4014,6 @@ HandShake(RTMP *r, int FP9HandShake)
     (void)FP9HandShake;
     return TRUE;
 }
-
-static int
-SHandShake(RTMP *r)
-{
-    int i;
-    char serverbuf[RTMP_SIG_SIZE + 1], *serversig = serverbuf + 1;
-    char clientsig[RTMP_SIG_SIZE];
-    uint32_t uptime;
-    int bMatch;
-
-    if (ReadN(r, serverbuf, 1) != 1)	/* 0x03 or 0x06 */
-        return FALSE;
-
-    RTMP_Log(RTMP_LOGDEBUG, "%s: Type Request  : %02X", __FUNCTION__, serverbuf[0]);
-
-    if (serverbuf[0] != 3)
-    {
-        RTMP_Log(RTMP_LOGERROR, "%s: Type unknown: client sent %02X",
-                 __FUNCTION__, serverbuf[0]);
-        return FALSE;
-    }
-
-    uptime = htonl(RTMP_GetTime());
-    memcpy(serversig, &uptime, 4);
-
-    memset(&serversig[4], 0, 4);
-#ifdef _DEBUG
-    for (i = 8; i < RTMP_SIG_SIZE; i++)
-        serversig[i] = 0xff;
-#else
-    for (i = 8; i < RTMP_SIG_SIZE; i++)
-        serversig[i] = (char)(rand() % 256);
-#endif
-
-    if (!WriteN(r, serverbuf, RTMP_SIG_SIZE + 1))
-        return FALSE;
-
-    if (ReadN(r, clientsig, RTMP_SIG_SIZE) != RTMP_SIG_SIZE)
-        return FALSE;
-
-    /* decode client response */
-
-    memcpy(&uptime, clientsig, 4);
-    uptime = ntohl(uptime);
-
-    RTMP_Log(RTMP_LOGDEBUG, "%s: Client Uptime : %d", __FUNCTION__, uptime);
-    RTMP_Log(RTMP_LOGDEBUG, "%s: Player Version: %d.%d.%d.%d", __FUNCTION__,
-             clientsig[4], clientsig[5], clientsig[6], clientsig[7]);
-
-    /* 2nd part of handshake */
-    if (!WriteN(r, clientsig, RTMP_SIG_SIZE))
-        return FALSE;
-
-    if (ReadN(r, clientsig, RTMP_SIG_SIZE) != RTMP_SIG_SIZE)
-        return FALSE;
-
-    bMatch = (memcmp(serversig, clientsig, RTMP_SIG_SIZE) == 0);
-    if (!bMatch)
-    {
-        RTMP_Log(RTMP_LOGWARNING, "%s, client signature does not match!", __FUNCTION__);
-    }
-    return TRUE;
-}
 #endif
 
 int
@@ -4443,12 +4257,6 @@ RTMP_SendPacket(RTMP *r, RTMPPacket *packet, int queue)
     return TRUE;
 }
 
-int
-RTMP_Serve(RTMP *r)
-{
-    return SHandShake(r);
-}
-
 void
 RTMP_Close(RTMP *r)
 {

plugins/obs-outputs/librtmp/rtmp.h

@@ -87,14 +87,6 @@ typedef struct tls_ctx
     mbedtls_net_context net;
 } tls_ctx;
 
-typedef struct tls_server_ctx
-{
-  mbedtls_ssl_config *conf;
-  mbedtls_ctr_drbg_context *ctr_drbg;
-  mbedtls_pk_context key;
-  mbedtls_x509_crt cert;
-} tls_server_ctx;
-
 typedef tls_ctx *TLS_CTX;
 
 #define TLS_client(ctx,s)	\
@@ -105,18 +97,6 @@ typedef tls_ctx *TLS_CTX;
   mbedtls_ssl_conf_authmode(&ctx->conf, MBEDTLS_SSL_VERIFY_REQUIRED);\
 	mbedtls_ssl_conf_rng(&ctx->conf, mbedtls_ctr_drbg_random, &ctx->ctr_drbg)
 
-#define TLS_server(ctx,s)\
-  s = malloc(sizeof(mbedtls_ssl_context));\
-  mbedtls_ssl_init(s);\
-  mbedtls_ssl_setup(s, ctx->conf);\
-	mbedtls_ssl_conf_endpoint(ctx->conf, MBEDTLS_SSL_IS_SERVER);\
-  mbedtls_ssl_conf_authmode(ctx->conf, MBEDTLS_SSL_VERIFY_REQUIRED);\
-	mbedtls_ssl_conf_rng(ctx->conf, mbedtls_ctr_drbg_random, ctx->ctr_drbg);\
-	mbedtls_ssl_conf_own_cert(ctx->conf, &ctx->cert, &ctx->key);\
-	mbedtls_ssl_conf_dh_param_bin(ctx->conf,\
-    (const unsigned char *)my_dhm_P, strlen(my_dhm_P),\
-    (const unsigned char *)my_dhm_G, strlen(my_dhm_G))
-
 #define TLS_setfd(s,fd)	mbedtls_ssl_set_bio(s, fd, mbedtls_net_send, mbedtls_net_recv, NULL)
 #define TLS_connect(s)	mbedtls_ssl_handshake(s)
 #define TLS_accept(s)	mbedtls_ssl_handshake(s)
@@ -143,14 +123,6 @@ typedef struct tls_ctx
     havege_state hs;
     ssl_session ssn;
 } tls_ctx;
-typedef struct tls_server_ctx
-{
-    havege_state *hs;
-    x509_cert cert;
-    rsa_context key;
-    ssl_session ssn;
-    const char *dhm_P, *dhm_G;
-} tls_server_ctx;
 
 #define TLS_CTX tls_ctx *
 #define TLS_client(ctx,s)	s = malloc(sizeof(ssl_context)); ssl_init(s);\
@@ -158,13 +130,6 @@ typedef struct tls_server_ctx
 	ssl_set_rng(s, havege_random, &ctx->hs);\
 	ssl_set_ciphersuites(s, ssl_default_ciphersuites);\
 	SSL_SET_SESSION(s, 1, 600, &ctx->ssn)
-#define TLS_server(ctx,s)	s = malloc(sizeof(ssl_context)); ssl_init(s);\
-	ssl_set_endpoint(s, SSL_IS_SERVER); ssl_set_authmode(s, SSL_VERIFY_NONE);\
-	ssl_set_rng(s, havege_random, ((tls_server_ctx*)ctx)->hs);\
-	ssl_set_ciphersuites(s, ssl_default_ciphersuites);\
-	SSL_SET_SESSION(s, 1, 600, &((tls_server_ctx*)ctx)->ssn);\
-	ssl_set_own_cert(s, &((tls_server_ctx*)ctx)->cert, &((tls_server_ctx*)ctx)->key);\
-	ssl_set_dh_param(s, ((tls_server_ctx*)ctx)->dhm_P, ((tls_server_ctx*)ctx)->dhm_G)
 #define TLS_setfd(s,fd)	ssl_set_bio(s, net_recv, &fd, net_send, &fd)
 #define TLS_connect(s)	ssl_handshake(s)
 #define TLS_accept(s)	ssl_handshake(s)
@@ -183,7 +148,6 @@ typedef struct tls_ctx
 } tls_ctx;
 #define TLS_CTX	tls_ctx *
 #define TLS_client(ctx,s)	gnutls_init((gnutls_session_t *)(&s), GNUTLS_CLIENT); gnutls_priority_set(s, ctx->prios); gnutls_credentials_set(s, GNUTLS_CRD_CERTIFICATE, ctx->cred)
-#define TLS_server(ctx,s)	gnutls_init((gnutls_session_t *)(&s), GNUTLS_SERVER); gnutls_priority_set_direct(s, "NORMAL", NULL); gnutls_credentials_set(s, GNUTLS_CRD_CERTIFICATE, ctx)
 #define TLS_setfd(s,fd)	gnutls_transport_set_ptr(s, (gnutls_transport_ptr_t)(long)fd)
 #define TLS_connect(s)	gnutls_handshake(s)
 #define TLS_accept(s)	gnutls_handshake(s)
@@ -200,7 +164,6 @@ typedef struct tls_ctx
 #else	/* USE_OPENSSL */
 #define TLS_CTX	SSL_CTX *
 #define TLS_client(ctx,s)	s = SSL_new(ctx)
-#define TLS_server(ctx,s)	s = SSL_new(ctx)
 #define TLS_setfd(s,fd)	SSL_set_fd(s,fd)
 #define TLS_connect(s)	SSL_connect(s)
 #define TLS_accept(s)	SSL_accept(s)
@@ -527,8 +490,6 @@ extern "C"
     struct sockaddr;
     int RTMP_Connect0(RTMP *r, struct sockaddr *svc, socklen_t addrlen);
     int RTMP_Connect1(RTMP *r, RTMPPacket *cp);
-    int RTMP_Serve(RTMP *r);
-    int RTMP_TLS_Accept(RTMP *r, void *ctx);
 
     int RTMP_ReadPacket(RTMP *r, RTMPPacket *packet);
     int RTMP_SendPacket(RTMP *r, RTMPPacket *packet, int queue);
@@ -552,9 +513,6 @@ extern "C"
     void RTMP_Free(RTMP *r);
     void RTMP_EnableWrite(RTMP *r);
 
-    void *RTMP_TLS_AllocServerContext(RTMP *r, const char* cert, const char* key);
-    void RTMP_TLS_FreeServerContext(void *ctx);
-
     int RTMP_LibVersion(void);
     void RTMP_UserInterrupt(void);	/* user typed Ctrl-C */