For context, we use str0m as an SFU. Due to our unique setup, a single browser client may be connected to multiple SFUs at the same time. Our SFUs generate one DTLS certificate each on startup and then re-use it for all of that SFU's rooms.
Firefox clients fail to connect to the second SFU in this setup, with an error of:
This seems like a resurfacing of https://github.com/versatica/mediasoup/issues/127, which we have a workaround for here. The problem is that both SFUs generate their certificate with the same starting serial number of 1, since they are different processes. This brings us to the same situation again - same serial + issuer, but different certificate.
The problem seemed to be fixed when I replaced this atomic increment with a randomly-generated 128-bit number. Would that be an okay solution?
For context, we use str0m as an SFU. Due to our unique setup, a single browser client may be connected to multiple SFUs at the same time. Our SFUs generate one DTLS certificate each on startup and then re-use it for all of that SFU's rooms.
Firefox clients fail to connect to the second SFU in this setup, with an error of:
This seems like a resurfacing of https://github.com/versatica/mediasoup/issues/127, which we have a workaround for here. The problem is that both SFUs generate their certificate with the same starting serial number of
1
, since they are different processes. This brings us to the same situation again - same serial + issuer, but different certificate.The problem seemed to be fixed when I replaced this atomic increment with a randomly-generated 128-bit number. Would that be an okay solution?