From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 97E774C593 for ; Tue, 6 May 2025 13:52:39 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 394F4687CA4; Tue, 6 May 2025 16:52:35 +0300 (EEST) Received: from mail-wr1-f51.google.com (mail-wr1-f51.google.com [209.85.221.51]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 6D973687DD4 for ; Tue, 6 May 2025 16:52:28 +0300 (EEST) Received: by mail-wr1-f51.google.com with SMTP id ffacd0b85a97d-3a0b308856fso166880f8f.2 for ; Tue, 06 May 2025 06:52:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1746539547; x=1747144347; darn=ffmpeg.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=YQc25IwV6oQ5L64H2m3MCNvlJAnWmDTuFrwOMSg+Enc=; b=B7vPFFO+SAl0ow65hSpG8B8hnHggUqDElpRg2N1Uy0WrRm8mXzhchDjGHrutgMzpec aUkzkZ1Ce3xPSQKrmT29BWTXbVi+xkHsFbavs8ldMP8MZokCRdnrPAMIBtivOjqB7zRS r+/XuC/I7xTwtLzxFr7CufSWHrPX8D7lEX89k1S3zVZB0BAsRkiebSUyFJfP8ElHorsk WfFHgy9pv7C9ztBQwkexKTW2j2KIRpv+rPE8pqB1AMe0Cwu1DOU5apJLMuSn3/z6UUWY a/0DumkDi0eJ+6XI1jHEsriHbOitfvA2pTMXQPLlwQ1kQ/RquQvSMJV3pHFSGBgx1/ho 5D0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1746539547; x=1747144347; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YQc25IwV6oQ5L64H2m3MCNvlJAnWmDTuFrwOMSg+Enc=; b=pFl693El7tv68pGzFPsqFIdNCqMD1Rh8jymZERAEmcGTQ0cJRAaMd3qMlejsGFz/Ha 4evOAXmn9BFyHkA3DYSItlapOOZ3wV96J+3gJUkZX8/OdrtFI3RWfJQ/W0tJBw+NTPzj 6JfrfZ11rKO28VgP9Q6MH0dwW7FuK+kJndoLPf1KcfXbOdVP4Fr2+YksaYu7bTgmFmlL ZK/OVCOhwFdpA+ca5Exv01mljCLzYx9URBxXzRvXS2zP1TaNaLpCribRDwih/yOrw1W0 KaJk4bPSL1Rq85VhQEZsfun6VGUUU5qNcQkwrRzRWuxFWtRHG9SwgBeXvLDhbquCsr5b YQRg== X-Gm-Message-State: AOJu0YzmHwFU7Fn5qwutzdL8OiAUxeEYlLLDJNs3AIPtvgNEzcbOxMMD xcYgaRg/TOdTUliUEX7XEyNTPrr8eloMO7vn1fnVtWFhNovx/2GA8LMHmg== X-Gm-Gg: ASbGncunOFjomxCo/DOlFjMR1yua92llw7pkIVZYpYIEuCyDvpK2if7v8bXW5tsZK6g 3gqai7YFSXjAlOitubDsiobkwTMQfckKYsJZOkSJ2VKnUdPBgyus+MLW3/wpQsfPsww5x3fo4kI ldMvcMV/sm4CGq7PEDBf38MztKYflkTgmUNs8/jeCtPk7Vnh5VHONHf61BAfEJcv4mGghzYilxJ w8oNYt2wjFeCHhZj/m8oDAUzTu4tNcIjWPFz9hpzySIM2aqH3gi0tEqJCokUVVI/cDB/n7Kn62p 5Jk4Ivv0y8VkQkyETPQXSQyBLSVdY5Ft6ihIOfs0xNmVCFrhkW7tIUducvPRPRGa8KKhPSaaMHp wgmibexH6bJ0EQwg67ktK6SRUBKMWYRb3lhmTaPeeTSsuXMBgh7mwvUSUdBg= X-Google-Smtp-Source: AGHT+IGizj4S98NFGbDax2urQl9UambvSI9Z5BhppdD/mav8JlhRGizlnzzEYrWwQbXKkBf+G5OYOw== X-Received: by 2002:adf:f982:0:b0:3a0:b1f7:c1da with SMTP id ffacd0b85a97d-3a0b1f7c5b9mr1417481f8f.46.1746539547408; Tue, 06 May 2025 06:52:27 -0700 (PDT) Received: from localhost.localdomain (p200300cccf18bd0095a43c2d94fd16e1.dip0.t-ipconnect.de. [2003:cc:cf18:bd00:95a4:3c2d:94fd:16e1]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-441b89ed4f5sm172306615e9.18.2025.05.06.06.52.26 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Tue, 06 May 2025 06:52:26 -0700 (PDT) From: Marvin Scholz To: ffmpeg-devel@ffmpeg.org Date: Tue, 6 May 2025 15:51:01 +0200 Message-Id: <20250506135101.32529-1-epirat07@gmail.com> X-Mailer: git-send-email 2.39.5 (Apple Git-154) MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH] avformat/rtsp: add TLS options X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Marvin Scholz Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: From: Daniel N Pettersson Add TLS options to RTSP for when TLS is used for the lower protocol. Signed-off-by: Marvin Scholz Co-authored-by: Marvin Scholz --- libavformat/rtsp.c | 30 +++++++++++++++++++++++++++++- libavformat/rtsp.h | 9 +++++++++ 2 files changed, 38 insertions(+), 1 deletion(-) diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c index 5ea471b40c..afa0528626 100644 --- a/libavformat/rtsp.c +++ b/libavformat/rtsp.c @@ -103,6 +103,14 @@ const AVOption ff_rtsp_options[] = { { "timeout", "set timeout (in microseconds) of socket I/O operations", OFFSET(stimeout), AV_OPT_TYPE_INT64, {.i64 = 0}, INT_MIN, INT64_MAX, DEC }, COMMON_OPTS(), { "user_agent", "override User-Agent header", OFFSET(user_agent), AV_OPT_TYPE_STRING, {.str = LIBAVFORMAT_IDENT}, 0, 0, DEC }, + + // TLS options + { "ca_file", "Certificate Authority database file", OFFSET(tls_ca_file), AV_OPT_TYPE_STRING, {.str = NULL}, 0, 0, DEC|ENC }, + { "cafile", "Certificate Authority database file", OFFSET(tls_ca_file), AV_OPT_TYPE_STRING, {.str = NULL}, 0, 0, DEC|ENC }, + { "tls_verify", "Verify the peer certificate", OFFSET(tls_verify), AV_OPT_TYPE_BOOL, {.i64 = 0}, 0, 1, DEC|ENC}, + { "cert_file", "Certificate file", OFFSET(tls_cert_file), AV_OPT_TYPE_STRING, {.str = NULL}, 0, 0, DEC|ENC }, + { "key_file", "Private key file", OFFSET(tls_key_file), AV_OPT_TYPE_STRING, {.str = NULL}, 0, 0, DEC|ENC }, + { "verifyhost", "Verify against a specific hostname", OFFSET(tls_host), AV_OPT_TYPE_STRING, {.str = NULL}, 0, 0, DEC|ENC }, { NULL }, }; @@ -139,6 +147,18 @@ static AVDictionary *map_to_opts(RTSPState *rt) return opts; } +/** + * Add the TLS options of the given RTSPState to the dict + */ +static void copy_tls_opts_dict(RTSPState *rt, AVDictionary **dict) +{ + av_dict_set_int(dict, "tls_verify", rt->tls_verify, 0); + av_dict_set(dict, "ca_file", rt->tls_ca_file, 0); + av_dict_set(dict, "cert_file", rt->tls_cert_file, 0); + av_dict_set(dict, "key_file", rt->tls_key_file, 0); + av_dict_set(dict, "verifyhost", rt->tls_host, 0); +} + static void get_word_until_chars(char *buf, int buf_size, const char *sep, const char **pp) { @@ -1814,6 +1834,8 @@ redirect: AVDictionary *options = NULL; av_dict_set_int(&options, "timeout", rt->stimeout, 0); + if (https_tunnel) + copy_tls_opts_dict(rt, &options); ff_url_join(httpname, sizeof(httpname), https_tunnel ? "https" : "http", auth, host, port, "%s", path); snprintf(sessioncookie, sizeof(sessioncookie), "%08x%08x", @@ -1898,14 +1920,20 @@ redirect: } else { int ret; /* open the tcp connection */ + AVDictionary *proto_opts = NULL; + if (strcmp("tls", lower_rtsp_proto) == 0) + copy_tls_opts_dict(rt, &proto_opts); + ff_url_join(tcpname, sizeof(tcpname), lower_rtsp_proto, NULL, host, port, "?timeout=%"PRId64, rt->stimeout); if ((ret = ffurl_open_whitelist(&rt->rtsp_hd, tcpname, AVIO_FLAG_READ_WRITE, - &s->interrupt_callback, NULL, s->protocol_whitelist, s->protocol_blacklist, NULL)) < 0) { + &s->interrupt_callback, &proto_opts, s->protocol_whitelist, s->protocol_blacklist, NULL)) < 0) { + av_dict_free(&proto_opts); err = ret; goto fail; } + av_dict_free(&proto_opts); rt->rtsp_hd_out = rt->rtsp_hd; } rt->seq = 0; diff --git a/libavformat/rtsp.h b/libavformat/rtsp.h index 83b2e3f4fb..114629f249 100644 --- a/libavformat/rtsp.h +++ b/libavformat/rtsp.h @@ -419,6 +419,15 @@ typedef struct RTSPState { int buffer_size; int pkt_size; char *localaddr; + + /** The following are used for TLS based RTSP streams. */ + //@{ + char *tls_ca_file; + int tls_verify; + char *tls_cert_file; + char *tls_key_file; + char *tls_host; + //@} } RTSPState; #define RTSP_FLAG_FILTER_SRC 0x1 /**< Filter incoming UDP packets - -- 2.39.5 (Apple Git-154) _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".