Hi. I am working on a project that requires RTSP over TLS with cafile
support. I patched 3.1.3 to work with openssl. If this is something of
interest, I am happy to finish out the patch - please advise if a different
approach is preferred.
Thank you.
Jay Ridgeway
diff -x '*.[oda]' -Naur ffmpeg-3.1.3/libavformat/rtsp.c
ffmpeg-3.1.3_patched/libavformat/rtsp.c
--- ffmpeg-3.1.3/libavformat/rtsp.c 2016-06-26 19:54:30.000000000 -0400
+++ ffmpeg-3.1.3_patched/libavformat/rtsp.c 2016-09-23 11:36:51.000000000
-0400
@@ -97,6 +97,8 @@
{ "stimeout", "set timeout (in microseconds) of socket TCP I/O
operations", OFFSET(stimeout), AV_OPT_TYPE_INT, {.i64 = 0}, INT_MIN,
INT_MAX, DEC },
COMMON_OPTS(),
{ "user-agent", "override User-Agent header", OFFSET(user_agent),
AV_OPT_TYPE_STRING, {.str = LIBAVFORMAT_IDENT}, 0, 0, DEC },
+ { "ca_file", "Certificate Authority database file",
OFFSET(ca_file), AV_OPT_TYPE_STRING, {.str = NULL}, 0, 0, DEC|ENC },
+ { "tls_verify", "Verify the peer certificate", OFFSET(verify),
AV_OPT_TYPE_INT, {.i64 = 0}, 0, 1, DEC|ENC},
{ NULL },
};
@@ -1803,9 +1805,25 @@
} else {
int ret;
/* open the tcp connection */
- ff_url_join(tcpname, sizeof(tcpname), lower_rtsp_proto, NULL,
- host, port,
- "?timeout=%d", rt->stimeout);
+ if (strncmp("tls", lower_rtsp_proto, 3) == 0) {
+ if (rt->ca_file != NULL) {
+ ff_url_join(tcpname, sizeof(tcpname), lower_rtsp_proto, NULL,
+ host, port,
+ "?timeout=%d&verify=%d&cafile=%s",
+ rt->stimeout, rt->verify, rt->ca_file);
+ } else {
+ ff_url_join(tcpname, sizeof(tcpname), lower_rtsp_proto, NULL,
+ host, port,
+ "?timeout=%d&verify=%d",
+ rt->stimeout, rt->verify);
+ }
+ } else {
+ ff_url_join(tcpname, sizeof(tcpname), lower_rtsp_proto, NULL,
+ host, port,
+ "?timeout=%d", rt->stimeout);
+ }
+ av_log(NULL, AV_LOG_INFO, "tcpname='%s'\n", tcpname);
+
if ((ret = ffurl_open_whitelist(&rt->rtsp_hd, tcpname,
AVIO_FLAG_READ_WRITE,
&s->interrupt_callback, NULL,
s->protocol_whitelist, s->protocol_blacklist, NULL)) < 0) {
err = ret;
diff -x '*.[oda]' -Naur ffmpeg-3.1.3/libavformat/rtsp.h
ffmpeg-3.1.3_patched/libavformat/rtsp.h
--- ffmpeg-3.1.3/libavformat/rtsp.h 2016-06-26 19:54:30.000000000 -0400
+++ ffmpeg-3.1.3_patched/libavformat/rtsp.h 2016-09-22 17:04:48.000000000
-0400
@@ -408,6 +408,9 @@
char default_lang[4];
int buffer_size;
+
+ char *ca_file;
+ int verify;
} RTSPState;
#define RTSP_FLAG_FILTER_SRC 0x1 /**< Filter incoming UDP packets -
diff -x '*.[oda]' -Naur ffmpeg-3.1.3/libavformat/tls_openssl.c
ffmpeg-3.1.3_patched/libavformat/tls_openssl.c
--- ffmpeg-3.1.3/libavformat/tls_openssl.c 2016-06-26 19:54:30.000000000
-0400
+++ ffmpeg-3.1.3_patched/libavformat/tls_openssl.c 2016-09-23
11:38:19.000000000 -0400
@@ -283,6 +283,12 @@
return print_tls_error(h, ret);
}
+static int tls_get_file_handle(URLContext *h)
+{
+ TLSContext *c = h->priv_data;
+ return ffurl_get_file_handle(c->tls_shared.tcp);
+}
+
static const AVOption options[] = {
TLS_COMMON_OPTIONS(TLSContext, tls_shared),
{ NULL }
@@ -301,6 +307,7 @@
.url_read = tls_read,
.url_write = tls_write,
.url_close = tls_close,
+ .url_get_file_handle = tls_get_file_handle,
.priv_data_size = sizeof(TLSContext),
.flags = URL_PROTOCOL_FLAG_NETWORK,
.priv_data_class = &tls_class,
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
