From: Jack Lau <jacklau1222gm@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Cc: Jack Lau <jacklau1222@qq.com>
Subject: [FFmpeg-devel] [PATCH v5 13/15] avformat/tls: add new option use_srtp to control whether enable it
Date: Tue, 22 Jul 2025 20:36:14 +0800
Message-ID: <20250722123616.53164-14-jacklau1222@qq.com> (raw)
In-Reply-To: <20250722123616.53164-1-jacklau1222@qq.com>
Signed-off-by: Jack Lau <jacklau1222@qq.com>
---
libavformat/tls.h | 2 ++
libavformat/tls_openssl.c | 24 ++++++++++++------------
libavformat/whip.c | 1 +
3 files changed, 15 insertions(+), 12 deletions(-)
diff --git a/libavformat/tls.h b/libavformat/tls.h
index 157c0d0256..a11f8d6afb 100644
--- a/libavformat/tls.h
+++ b/libavformat/tls.h
@@ -51,6 +51,7 @@ typedef struct TLSShared {
URLContext *tcp;
int is_dtls;
+ int use_srtp;
/* The certificate and private key content used for DTLS handshake */
char* cert_buf;
@@ -77,6 +78,7 @@ typedef struct TLSShared {
{"listen", "Listen for incoming connections", offsetof(pstruct, options_field . listen), AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \
{"http_proxy", "Set proxy to tunnel through", offsetof(pstruct, options_field . http_proxy), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
{"external_sock", "Use external socket", offsetof(pstruct, options_field . external_sock), AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \
+ {"use_srtp", "Enable use_srtp DTLS extension", offsetof(pstruct, options_field . use_srtp), AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \
{"mtu", "Maximum Transmission Unit", offsetof(pstruct, options_field . mtu), AV_OPT_TYPE_INT, { .i64 = 0 }, 0, INT_MAX, .flags = TLS_OPTFL}, \
{"cert_pem", "Certificate PEM string", offsetof(pstruct, options_field . cert_buf), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
{"key_pem", "Private key PEM string", offsetof(pstruct, options_field . key_buf), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index 54860857c0..9a8456c438 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -818,12 +818,6 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
int ret = 0;
c->is_dtls = 1;
- /**
- * The profile for OpenSSL's SRTP is SRTP_AES128_CM_SHA1_80, see ssl/d1_srtp.c.
- * The profile for FFmpeg's SRTP is SRTP_AES128_CM_HMAC_SHA1_80, see libavformat/srtp.c.
- */
- const char* profiles = "SRTP_AES128_CM_SHA1_80";
-
p->ctx = SSL_CTX_new(c->listen ? DTLS_server_method() : DTLS_client_method());
if (!p->ctx) {
ret = AVERROR(ENOMEM);
@@ -837,12 +831,18 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
if (c->verify)
SSL_CTX_set_verify(p->ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
- /* Setup the SRTP context */
- if (SSL_CTX_set_tlsext_use_srtp(p->ctx, profiles)) {
- av_log(p, AV_LOG_ERROR, "Init SSL_CTX_set_tlsext_use_srtp failed, profiles=%s, %s\n",
- profiles, openssl_get_error(p));
- ret = AVERROR(EINVAL);
- return ret;
+ if (c->use_srtp) {
+ /**
+ * The profile for OpenSSL's SRTP is SRTP_AES128_CM_SHA1_80, see ssl/d1_srtp.c.
+ * The profile for FFmpeg's SRTP is SRTP_AES128_CM_HMAC_SHA1_80, see libavformat/srtp.c.
+ */
+ const char* profiles = "SRTP_AES128_CM_SHA1_80";
+ if (SSL_CTX_set_tlsext_use_srtp(p->ctx, profiles)) {
+ av_log(p, AV_LOG_ERROR, "Init SSL_CTX_set_tlsext_use_srtp failed, profiles=%s, %s\n",
+ profiles, openssl_get_error(p));
+ ret = AVERROR(EINVAL);
+ return ret;
+ }
}
/* The ssl should not be created unless the ctx has been initialized. */
diff --git a/libavformat/whip.c b/libavformat/whip.c
index cfcb8e8888..82c9cee5c8 100644
--- a/libavformat/whip.c
+++ b/libavformat/whip.c
@@ -1320,6 +1320,7 @@ static int dtls_handshake(AVFormatContext *s)
} else
av_dict_set(&opts, "key_pem", whip->key_buf, 0);
av_dict_set_int(&opts, "external_sock", 1, 0);
+ av_dict_set_int(&opts, "use_srtp", 1, 0);
av_dict_set_int(&opts, "listen", whip->flags & WHIP_FLAG_DTLS_ACTIVE ? 0 : 1, 0);
/* If got the first binding response, start DTLS handshake. */
ret = ffurl_open_whitelist(&whip->dtls_uc, buf, AVIO_FLAG_READ_WRITE, &s->interrupt_callback,
--
2.49.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
next prev parent reply other threads:[~2025-07-22 12:39 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-22 12:36 [FFmpeg-devel] [PATCH v5 00/15] avformat/whip: Add NACK, RTX, DTLS active support Jack Lau
2025-07-22 12:36 ` [FFmpeg-devel] [PATCH v5 01/15] avformat/whip: add whip_flags ignore_ipv6 to skip IPv6 ICE candidates Jack Lau
2025-07-22 12:36 ` [FFmpeg-devel] [PATCH v5 02/15] avformat/whip: fix typos Jack Lau
2025-07-22 12:36 ` [FFmpeg-devel] [PATCH v5 03/15] avformat/whip: fix H264 profile_iop bit map for SDP Jack Lau
2025-07-22 12:36 ` [FFmpeg-devel] [PATCH v5 04/15] WHIP: X509 cert serial number should be positive Jack Lau
2025-07-22 12:36 ` [FFmpeg-devel] [PATCH v5 05/15] avformat/whip: implement NACK and RTX suppport Jack Lau
2025-07-22 12:36 ` [FFmpeg-devel] [PATCH v5 06/15] avformat/whip: reindent whip options Jack Lau
2025-07-22 12:36 ` [FFmpeg-devel] [PATCH v5 07/15] avformat/whip: add support for active dtls role Jack Lau
2025-07-22 12:36 ` [FFmpeg-devel] [PATCH v5 08/15] avformat/whip: remove DTLSState enum Jack Lau
2025-07-22 12:36 ` [FFmpeg-devel] [PATCH v5 09/15] avformat/whip: check the peer whether is ice lite Jack Lau
2025-07-22 12:36 ` [FFmpeg-devel] [PATCH v5 10/15] avformat/whip: remove WHIP_STATE_DTLS_CONNECTING Jack Lau
2025-07-22 12:36 ` [FFmpeg-devel] [PATCH v5 11/15] avformat/whip: simplify and modularize the ICE and DTLS Jack Lau
2025-07-22 12:36 ` [FFmpeg-devel] [PATCH v5 12/15] avformat/tls_openssl: directly use mtu in TLSShared Jack Lau
2025-07-22 12:43 ` Timo Rothenpieler
2025-07-22 12:36 ` Jack Lau [this message]
2025-07-22 12:36 ` [FFmpeg-devel] [PATCH v5 14/15] avformat/tls_openssl: cleanup the pointer name of TLSContext and TLSShared Jack Lau
2025-07-22 12:36 ` [FFmpeg-devel] [PATCH v5 15/15] doc: add doc for dtls and whip Jack Lau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250722123616.53164-14-jacklau1222@qq.com \
--to=jacklau1222gm@gmail.com \
--cc=ffmpeg-devel@ffmpeg.org \
--cc=jacklau1222@qq.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git