On Tue, Apr 24, 2018 at 10:00:00AM +0200, Luca Barbato wrote: > --- a/Changelog > +++ b/Changelog > @@ -24,6 +24,7 @@ version <next>: > - Haivision SRT protocol via libsrt > - Dropped support for building for Windows XP. The minimum supported Windows > version is Windows Vista. > +- support mbedTLS based TLS
mbedTLS-based > --- a/configure > +++ b/configure > @@ -2507,7 +2509,7 @@ xcbgrab_indev_suggest="libxcb_shm libxcb_xfixes" > > # protocols > ffrtmpcrypt_protocol_conflict="librtmp_protocol" > -ffrtmpcrypt_protocol_deps_any="gmp openssl" > +ffrtmpcrypt_protocol_deps_any="gmp openssl mbedtls" order > @@ -2547,7 +2549,7 @@ sctp_protocol_deps="struct_sctp_event_subscribe" > tcp_protocol_select="network" > -tls_protocol_deps_any="gnutls openssl" > +tls_protocol_deps_any="gnutls openssl mbedtls" same > --- a/libavformat/rtmpdh.c > +++ b/libavformat/rtmpdh.c > @@ -38,6 +38,11 @@ > > +#if CONFIG_MBEDTLS > +#include <mbedtls/ctr_drbg.h> > +#include <mbedtls/entropy.h> > +#endif For the other external crypto libs these #includes are in rtmpdh.h. > --- /dev/null > +++ b/libavformat/tls_mbedtls.c > @@ -0,0 +1,351 @@ > + * This file is part of FFmpeg. Nah. > +#include <mbedtls/certs.h> > +#include <mbedtls/config.h> > +#include <mbedtls/ctr_drbg.h> > +#include <mbedtls/entropy.h> > +#include <mbedtls/net.h> > +#include <mbedtls/platform.h> > +#include <mbedtls/ssl.h> > +#include <mbedtls/x509_crt.h> > + > +#include "avformat.h" > +#include "internal.h" > +#include "url.h" > +#include "tls.h" > +#include "libavutil/parseutils.h" Move the libavutil #include into canonical order. > +static int mbedtls_recv(void *ctx, unsigned char *buf, size_t len) > +{ > + URLContext *h = (URLContext*) ctx; pointless void* cast > +static void handle_handshake_error(URLContext *h, int ret) > +{ > + switch (ret) { > + case MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE: > + av_log(h, AV_LOG_ERROR, "None of the common ciphersuites is usable. > Was the local certificate correctly set?\n"); set correctly > + break; > + case MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE: > + av_log(h, AV_LOG_ERROR, "A fatal alert message was received from the > peer, has the peer a correct certificate?\n"); does the peer have a correct certificate > + break; > + case MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED: > + av_log(h, AV_LOG_ERROR, "No CA chain is set, but required to > operate. Was the CA correctly set?\n"); set correctly > + // set I/O functions to use FFmpeg internal code for transport layer libavformat-internal > +static int handle_tls_error(URLContext *h, const char* func_name, int ret) *func_name > +static const AVOption options[] = { > + TLS_COMMON_OPTIONS(TLSContext, tls_shared), \ > + {"key_password", "Password for the private key file", > OFFSET(priv_key_pw), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \ space after { > +const URLProtocol ff_tls_protocol = { > + .name = "tls", > + .url_open2 = tls_open, > + .url_read = tls_read, > + .url_write = tls_write, > + .url_close = tls_close, > + .url_get_file_handle = tls_get_file_handle, > + .priv_data_size = sizeof(TLSContext), > + .flags = URL_PROTOCOL_FLAG_NETWORK, > + .priv_data_class = &tls_class, > +}; nit: align Diego _______________________________________________ libav-devel mailing list libav-devel@libav.org https://lists.libav.org/mailman/listinfo/libav-devel