From: Daniel N Pettersson <danie...@axis.com>
Add TLS options to RTSP for when TLS is used for the lower protocol.
Signed-off-by: Marvin Scholz <epira...@gmail.com>
Co-authored-by: Marvin Scholz <epira...@gmail.com>
---
libavformat/rtsp.c | 30 +++++++++++++++++++++++++++++-
libavformat/rtsp.h | 9 +++++++++
2 files changed, 38 insertions(+), 1 deletion(-)
diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c
index 5ea471b40c..afa0528626 100644
--- a/libavformat/rtsp.c
+++ b/libavformat/rtsp.c
@@ -103,6 +103,14 @@ const AVOption ff_rtsp_options[] = {
{ "timeout", "set timeout (in microseconds) of socket I/O operations",
OFFSET(stimeout), AV_OPT_TYPE_INT64, {.i64 = 0}, INT_MIN, INT64_MAX, DEC },
COMMON_OPTS(),
{ "user_agent", "override User-Agent header", OFFSET(user_agent),
AV_OPT_TYPE_STRING, {.str = LIBAVFORMAT_IDENT}, 0, 0, DEC },
+
+ // TLS options
+ { "ca_file", "Certificate Authority database file", OFFSET(tls_ca_file),
AV_OPT_TYPE_STRING, {.str = NULL}, 0, 0, DEC|ENC },
+ { "cafile", "Certificate Authority database file", OFFSET(tls_ca_file),
AV_OPT_TYPE_STRING, {.str = NULL}, 0, 0, DEC|ENC },
+ { "tls_verify", "Verify the peer certificate", OFFSET(tls_verify),
AV_OPT_TYPE_BOOL, {.i64 = 0}, 0, 1, DEC|ENC},
+ { "cert_file", "Certificate file", OFFSET(tls_cert_file),
AV_OPT_TYPE_STRING, {.str = NULL}, 0, 0, DEC|ENC },
+ { "key_file", "Private key file", OFFSET(tls_key_file),
AV_OPT_TYPE_STRING, {.str = NULL}, 0, 0, DEC|ENC },
+ { "verifyhost", "Verify against a specific hostname", OFFSET(tls_host),
AV_OPT_TYPE_STRING, {.str = NULL}, 0, 0, DEC|ENC },
{ NULL },
};
@@ -139,6 +147,18 @@ static AVDictionary *map_to_opts(RTSPState *rt)
return opts;
}
+/**
+ * Add the TLS options of the given RTSPState to the dict
+ */
+static void copy_tls_opts_dict(RTSPState *rt, AVDictionary **dict)
+{
+ av_dict_set_int(dict, "tls_verify", rt->tls_verify, 0);
+ av_dict_set(dict, "ca_file", rt->tls_ca_file, 0);
+ av_dict_set(dict, "cert_file", rt->tls_cert_file, 0);
+ av_dict_set(dict, "key_file", rt->tls_key_file, 0);
+ av_dict_set(dict, "verifyhost", rt->tls_host, 0);
+}
+
static void get_word_until_chars(char *buf, int buf_size,
const char *sep, const char **pp)
{
@@ -1814,6 +1834,8 @@ redirect:
AVDictionary *options = NULL;
av_dict_set_int(&options, "timeout", rt->stimeout, 0);
+ if (https_tunnel)
+ copy_tls_opts_dict(rt, &options);
ff_url_join(httpname, sizeof(httpname), https_tunnel ? "https" :
"http", auth, host, port, "%s", path);
snprintf(sessioncookie, sizeof(sessioncookie), "%08x%08x",
@@ -1898,14 +1920,20 @@ redirect:
} else {
int ret;
/* open the tcp connection */
+ AVDictionary *proto_opts = NULL;
+ if (strcmp("tls", lower_rtsp_proto) == 0)
+ copy_tls_opts_dict(rt, &proto_opts);
+
ff_url_join(tcpname, sizeof(tcpname), lower_rtsp_proto, NULL,
host, port,
"?timeout=%"PRId64, rt->stimeout);
if ((ret = ffurl_open_whitelist(&rt->rtsp_hd, tcpname,
AVIO_FLAG_READ_WRITE,
- &s->interrupt_callback, NULL, s->protocol_whitelist,
s->protocol_blacklist, NULL)) < 0) {
+ &s->interrupt_callback, &proto_opts,
s->protocol_whitelist, s->protocol_blacklist, NULL)) < 0) {
+ av_dict_free(&proto_opts);
err = ret;
goto fail;
}
+ av_dict_free(&proto_opts);
rt->rtsp_hd_out = rt->rtsp_hd;
}
rt->seq = 0;
diff --git a/libavformat/rtsp.h b/libavformat/rtsp.h
index 83b2e3f4fb..114629f249 100644
--- a/libavformat/rtsp.h
+++ b/libavformat/rtsp.h
@@ -419,6 +419,15 @@ typedef struct RTSPState {
int buffer_size;
int pkt_size;
char *localaddr;
+
+ /** The following are used for TLS based RTSP streams. */
+ //@{
+ char *tls_ca_file;
+ int tls_verify;
+ char *tls_cert_file;
+ char *tls_key_file;
+ char *tls_host;
+ //@}
} RTSPState;
#define RTSP_FLAG_FILTER_SRC 0x1 /**< Filter incoming UDP packets -
--
2.39.5 (Apple Git-154)
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
