On Tue, Apr 24, 2018 at 10:00:00AM +0200, Luca Barbato wrote:
> --- a/Changelog
> +++ b/Changelog
> @@ -24,6 +24,7 @@ version <next>:
> - Haivision SRT protocol via libsrt
> - Dropped support for building for Windows XP. The minimum supported Windows
> version is Windows Vista.
> +- support mbedTLS based TLS
mbedTLS-based
> --- a/configure
> +++ b/configure
> @@ -2507,7 +2509,7 @@ xcbgrab_indev_suggest="libxcb_shm libxcb_xfixes"
>
> # protocols
> ffrtmpcrypt_protocol_conflict="librtmp_protocol"
> -ffrtmpcrypt_protocol_deps_any="gmp openssl"
> +ffrtmpcrypt_protocol_deps_any="gmp openssl mbedtls"
order
> @@ -2547,7 +2549,7 @@ sctp_protocol_deps="struct_sctp_event_subscribe"
> tcp_protocol_select="network"
> -tls_protocol_deps_any="gnutls openssl"
> +tls_protocol_deps_any="gnutls openssl mbedtls"
same
> --- a/libavformat/rtmpdh.c
> +++ b/libavformat/rtmpdh.c
> @@ -38,6 +38,11 @@
>
> +#if CONFIG_MBEDTLS
> +#include <mbedtls/ctr_drbg.h>
> +#include <mbedtls/entropy.h>
> +#endif
For the other external crypto libs these #includes are in rtmpdh.h.
> --- /dev/null
> +++ b/libavformat/tls_mbedtls.c
> @@ -0,0 +1,351 @@
> + * This file is part of FFmpeg.
Nah.
> +#include <mbedtls/certs.h>
> +#include <mbedtls/config.h>
> +#include <mbedtls/ctr_drbg.h>
> +#include <mbedtls/entropy.h>
> +#include <mbedtls/net.h>
> +#include <mbedtls/platform.h>
> +#include <mbedtls/ssl.h>
> +#include <mbedtls/x509_crt.h>
> +
> +#include "avformat.h"
> +#include "internal.h"
> +#include "url.h"
> +#include "tls.h"
> +#include "libavutil/parseutils.h"
Move the libavutil #include into canonical order.
> +static int mbedtls_recv(void *ctx, unsigned char *buf, size_t len)
> +{
> + URLContext *h = (URLContext*) ctx;
pointless void* cast
> +static void handle_handshake_error(URLContext *h, int ret)
> +{
> + switch (ret) {
> + case MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE:
> + av_log(h, AV_LOG_ERROR, "None of the common ciphersuites is usable.
> Was the local certificate correctly set?\n");
set correctly
> + break;
> + case MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE:
> + av_log(h, AV_LOG_ERROR, "A fatal alert message was received from the
> peer, has the peer a correct certificate?\n");
does the peer have a correct certificate
> + break;
> + case MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED:
> + av_log(h, AV_LOG_ERROR, "No CA chain is set, but required to
> operate. Was the CA correctly set?\n");
set correctly
> + // set I/O functions to use FFmpeg internal code for transport layer
libavformat-internal
> +static int handle_tls_error(URLContext *h, const char* func_name, int ret)
*func_name
> +static const AVOption options[] = {
> + TLS_COMMON_OPTIONS(TLSContext, tls_shared), \
> + {"key_password", "Password for the private key file",
> OFFSET(priv_key_pw), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
space after {
> +const URLProtocol ff_tls_protocol = {
> + .name = "tls",
> + .url_open2 = tls_open,
> + .url_read = tls_read,
> + .url_write = tls_write,
> + .url_close = tls_close,
> + .url_get_file_handle = tls_get_file_handle,
> + .priv_data_size = sizeof(TLSContext),
> + .flags = URL_PROTOCOL_FLAG_NETWORK,
> + .priv_data_class = &tls_class,
> +};
nit: align
Diego
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
