From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id F25D94FA27 for ; Tue, 24 Jun 2025 19:25:19 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 34CD568CB4E; Tue, 24 Jun 2025 22:23:58 +0300 (EEST) Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com [209.85.221.52]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id AC94168D215 for ; Tue, 24 Jun 2025 22:23:54 +0300 (EEST) Received: by mail-wr1-f52.google.com with SMTP id ffacd0b85a97d-3a548a73ff2so784604f8f.0 for ; Tue, 24 Jun 2025 12:23:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1750793034; x=1751397834; darn=ffmpeg.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=sqvxa5KgySovYlPxXq/48V69sfbltZOEgBd0YiYK3/Q=; b=iUQeMA0Asd2y7oxxQzxHCrjUgDJ80rhzwwozmZ7ao8JTrkk/kHWzPFydDxveJECDeM ok7aa5czcMTjKXY+OMcX3QdwNyu63DRV+ED2k1jhL9CuW6I7NpvSwgoybwsQRlmEpkY2 7csaY4leiCWkKIDyUQQ8zWyRuLqmKigc7nJxD4DZPwb/SOI+kEvw00As8IVttNbhgW4y YZfIbDzdfF9SINPkWBYiKTucjRpb211rxNXCwJGneChgtcBvPwB3mn1KFQwRlTCZhlN7 g2a13weJm1s1wn1nid0p5aWzyCYyU7im2tddl4wVdbIezeQE/nhRLWXOuBu+daR7/kM8 BOsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750793034; x=1751397834; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sqvxa5KgySovYlPxXq/48V69sfbltZOEgBd0YiYK3/Q=; b=G8DH/GDORfko9gT7WSo656NmH/b5/BXK+ULOd3te0OtsoIitX00vK1S8qNnG9ZLyDH XxnigRilq2yqe6rEBVwGYhKQ1hnixBkiN1vLg44bT5/OkEAe4biU41xCroUxik6pm+5p OUAQ4Q4rkpAA64PvTs3xfl5r3LCO3b27DcVwjVoWPdmM/GQaX784EehW//zt+2/bth+G heH7qYzWG8MEDDp6dtcp8iZ+6ajk2JqV347GSraMxqU9jWjzqlOtpYmuY+drugNxFKwh mNVVlv3JS+vWh0xAkOKQiqmaUEG80dsfS1LUdk2pfBoC1rOaqjHLqQvu98Fh3yFusolq Il+g== X-Gm-Message-State: AOJu0Yyfp0pcsYecO4yDmc6wcvbxIQEAvRVElJVAhdAtKoFwr6oyHjiF v4cxjddPdchXZ36PlWFDb8D/8lhzQ2ajb0765boKFRYniYiSmy/oSME3b06X+w== X-Gm-Gg: ASbGncuNCJEGTOueTkQm5YKoQ7aiWjFEIXbq2zXQupAmz0VZQkTo/Mf1mN46peiQ5PS sH7BEHfREdSpVONXUiM7kbJ3N8fZwr9oQ90EHG49qQwt/43kTYwylgYKbfUJZvlRyzkPdY2C4Po CcxbV2vFXHNFDybBHoa98PAHgD6k4N5gUf2oAi7wAgxu72y+KfFZjMWPUD467E2gzLVDYo6WJwU 1DXb8cve0ghM/brabq716cxVWnc+zWYJbTWJfof+hr+XPk8pSjcf2Im+1M/Y9VYBuu7V7TacELz MROYfb/TGGip8A6QOP0EM0qN2od0mH4P4wScoKjeVA+UM9+0UFlYxYclj81Af0PDfYkA3hAco/E H2JtS7LJuzA3vCxdHHoWe7lt/PC6FCHgve1l+ky5moQRhmQDP65nKg7hJ5hXf3vsBq/1qmDJFj8 ncBGY= X-Google-Smtp-Source: AGHT+IGN2vdAV1hB60zLwm0pujhwNS4y2gQsKLb7g/HdVxpvo0OnvKKPQhwnpunCEJ27tPoC0wAYBQ== X-Received: by 2002:a5d:64ce:0:b0:3a4:f513:7f03 with SMTP id ffacd0b85a97d-3a6d1303b0fmr14348013f8f.44.1750793033457; Tue, 24 Jun 2025 12:23:53 -0700 (PDT) Received: from ArmedBeast.fritz.box (p20030102370045006de90db78179531b.dip0.t-ipconnect.de. [2003:102:3700:4500:6de9:db7:8179:531b]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-453646d7d8fsm148296155e9.15.2025.06.24.12.23.52 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Tue, 24 Jun 2025 12:23:53 -0700 (PDT) From: Marvin Scholz To: ffmpeg-devel@ffmpeg.org Date: Tue, 24 Jun 2025 21:23:45 +0200 Message-Id: <20250624192345.44376-2-epirat07@gmail.com> X-Mailer: git-send-email 2.39.5 (Apple Git-154) In-Reply-To: <20250624192345.44376-1-epirat07@gmail.com> References: <20250624192345.44376-1-epirat07@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 2/2] avformat/rtsp: add TLS options X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Marvin Scholz Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: From: Daniel N Pettersson Add TLS options to RTSP for when TLS is used for the lower protocol. Signed-off-by: Marvin Scholz Co-authored-by: Marvin Scholz --- libavformat/rtsp.c | 26 +++++++++++++++++++++++++- libavformat/rtsp.h | 11 +++++++++++ 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c index 3f2966414f..8d360b375f 100644 --- a/libavformat/rtsp.c +++ b/libavformat/rtsp.c @@ -53,6 +53,7 @@ #include "rtpdec_formats.h" #include "rtpenc_chain.h" #include "url.h" +#include "tls.h" #include "rtpenc.h" #include "mpegts.h" #include "version.h" @@ -103,6 +104,9 @@ const AVOption ff_rtsp_options[] = { { "timeout", "set timeout (in microseconds) of socket I/O operations", OFFSET(stimeout), AV_OPT_TYPE_INT64, {.i64 = 0}, INT_MIN, INT64_MAX, DEC }, COMMON_OPTS(), { "user_agent", "override User-Agent header", OFFSET(user_agent), AV_OPT_TYPE_STRING, {.str = LIBAVFORMAT_IDENT}, 0, 0, DEC }, + + // TLS options + FF_TLS_CLIENT_OPTIONS(RTSPState, tls_opts), { NULL }, }; @@ -139,6 +143,18 @@ static AVDictionary *map_to_opts(RTSPState *rt) return opts; } +/** + * Add the TLS options of the given RTSPState to the dict + */ +static void copy_tls_opts_dict(RTSPState *rt, AVDictionary **dict) +{ + av_dict_set_int(dict, "tls_verify", rt->tls_opts.verify, 0); + av_dict_set(dict, "ca_file", rt->tls_opts.ca_file, 0); + av_dict_set(dict, "cert_file", rt->tls_opts.cert_file, 0); + av_dict_set(dict, "key_file", rt->tls_opts.key_file, 0); + av_dict_set(dict, "verifyhost", rt->tls_opts.host, 0); +} + static void get_word_until_chars(char *buf, int buf_size, const char *sep, const char **pp) { @@ -1821,6 +1837,8 @@ redirect: AVDictionary *options = NULL; av_dict_set_int(&options, "timeout", rt->stimeout, 0); + if (https_tunnel) + copy_tls_opts_dict(rt, &options); ff_url_join(httpname, sizeof(httpname), https_tunnel ? "https" : "http", auth, host, port, "%s", path); snprintf(sessioncookie, sizeof(sessioncookie), "%08x%08x", @@ -1905,14 +1923,20 @@ redirect: } else { int ret; /* open the tcp connection */ + AVDictionary *proto_opts = NULL; + if (strcmp("tls", lower_rtsp_proto) == 0) + copy_tls_opts_dict(rt, &proto_opts); + ff_url_join(tcpname, sizeof(tcpname), lower_rtsp_proto, NULL, host, port, "?timeout=%"PRId64, rt->stimeout); if ((ret = ffurl_open_whitelist(&rt->rtsp_hd, tcpname, AVIO_FLAG_READ_WRITE, - &s->interrupt_callback, NULL, s->protocol_whitelist, s->protocol_blacklist, NULL)) < 0) { + &s->interrupt_callback, &proto_opts, s->protocol_whitelist, s->protocol_blacklist, NULL)) < 0) { + av_dict_free(&proto_opts); err = ret; goto fail; } + av_dict_free(&proto_opts); rt->rtsp_hd_out = rt->rtsp_hd; } rt->seq = 0; diff --git a/libavformat/rtsp.h b/libavformat/rtsp.h index 83b2e3f4fb..ca278acd43 100644 --- a/libavformat/rtsp.h +++ b/libavformat/rtsp.h @@ -419,6 +419,17 @@ typedef struct RTSPState { int buffer_size; int pkt_size; char *localaddr; + + /** + * Options used for TLS based RTSP streams. + */ + struct { + char *ca_file; + int verify; + char *cert_file; + char *key_file; + char *host; + } tls_opts; } RTSPState; #define RTSP_FLAG_FILTER_SRC 0x1 /**< Filter incoming UDP packets - -- 2.39.5 (Apple Git-154) _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".