Re: [Live-devel] RTSPS and PKI

Sat, 19 Jul 2025 02:40:17 -0700

--- Begin Message --- 
Classified as: {OPEN}

I don't understand how to implement ClientTLSState::setupExtra without having 
to modify the source code.

I'd suggest adding a basic verify_callback function to the code, then adding 
two properties to the RTSPCLient class: fSSLVerifyPeer and fSSCAFileName.

These parameters can be set using RTSPClient::setSSLCAFileName(char const* 
CAFileName RTSPClient::setSSLVerifyPeer(Boolean Verify) to control RTSPClient's 
SSL verification behavior. No modification of the RTSPClient constructor is 
required.

If fSSLVerifyPeer is enabled, the server certificate will be verified using the 
system CA store, unless fSSCAFileName is set.

If fSSLVerifyPeer is not enabled, live behaves as usual, i.e. there is no SSL 
certificate verification. 

The above propositions are described in the attached patch.

Most TLS clients offer the option of using a private CA file. It would be nice 
if live555 could do this.

Yahia


{OPEN}

-----Message d'origine-----
De : live-devel <live-devel-boun...@us.live555.com> De la part de Ross Finlayson
Envoyé : jeudi 10 juillet 2025 06:43
À : LIVE555 Streaming Media - development & use <live-de...@us.live555.com>
Objet : Re: [Live-devel] RTSPS and PKI

I have just installed a new version (2025.07.10) of the code that makes it 
possible for RTSP clients to do extra work (e.g., certificate checking) while 
setting up a TLS connection.

To do this, you must compile “TLSState.cpp” with
        CLIENT_TLS_SETUP_EXTRA
defined, and then implement the member function
        Boolean ClientTLSState::setupExtra(int socketNum); (This member 
function exists only if CLIENT_TLS_SETUP_EXTRA is defined.)

Your implementation of this member function can do whatever it wants, but it 
must eventually call “setupContinue()” (perhaps within a callback function).  
The function must also return True (unless it fails).


Ross Finlayson
Live Networks, Inc.
http://www.live555.com/


_______________________________________________
live-devel mailing list
live-devel@lists.live555.com
http://lists.live555.com/mailman/listinfo/live-devel

Attachment: live555-CA.patch
Description: live555-CA.patch


--- End Message ---
_______________________________________________
live-devel mailing list
live-devel@lists.live555.com
http://lists.live555.com/mailman/listinfo/live-devel

Reply via email to