From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id 75C0F4B9E7
	for <ffmpegdev@gitmailbox.com>; Tue, 22 Jul 2025 12:39:13 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id D2A6768D1E7;
	Tue, 22 Jul 2025 15:37:29 +0300 (EEST)
Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com
 [209.85.214.173])
 by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 076A868D1E0
 for <ffmpeg-devel@ffmpeg.org>; Tue, 22 Jul 2025 15:37:27 +0300 (EEST)
Received: by mail-pl1-f173.google.com with SMTP id
 d9443c01a7336-235ea292956so49633845ad.1
 for <ffmpeg-devel@ffmpeg.org>; Tue, 22 Jul 2025 05:37:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1753187846; x=1753792646; darn=ffmpeg.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=fkdnS1A4H2T5/vCduGf4cbtaMLfuRp30ZTy5lHKluIk=;
 b=Al855F1XaUSKXYqaEcGjePJHJaXV72eZqi0gXpFFBxZ+jOL65BMQfVNuRfBM73h7Bp
 vjCxgODGtq7EQMFi1b8yIqbtbnxv4fel2+hf8nPInQ1RI7p9tT6g7WvG1ZXSZshvnpLB
 KXlm5LqgQMCbKXGjS+FgIV3smg32iDPYL8Ho0AM/0K/m2jrObr1UTHHmOXUzkMWBF5qy
 GzYragzJJDngdBGk7MOaaK/UbIKGj5n7NmPmFckG3VUBWCDtR4y4lnTkvtl66bVAE2ux
 y2rkt4jxYdqGgM7rUArYRwATRl8r5hJNQfmgo/aavUfLBo1pi07ThwkWR928N3I2+ot4
 ClIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1753187846; x=1753792646;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=fkdnS1A4H2T5/vCduGf4cbtaMLfuRp30ZTy5lHKluIk=;
 b=RywBPzqYtqidG2by2VSdTkvWA0HlHUJI5VCNy85twuursf8TVGeYdFcpaKoImYGvif
 OaVRhOoZxaxNVXrc311x0RemC1Q1sUJ1ZtYgog861qr64HwmlZPDcJZ+cpxVGcaAYzYR
 OG0DmrFvJ5p3+kWNylzVrYOCCIHThonoeCISl1+Bqt8iFUUpdcbz24pGVTlTEe11nkl4
 6oCe5JWd/p+6r568pUyOMU4pSEyFlhFrUu8Ipp43CFCdBXI0YTP+B4Lt2JBllEr5Kqoa
 T+3UebUOlhtsFFKDAuyBVO3B46c9aC4MBj9U01MMZaTQfB/1ShDNTkukM8bJIEuehvpe
 FfFQ==
X-Gm-Message-State: AOJu0YwVWJMwkxkFLxwdykY+atuGsMPJDsgLbb1YUy7ZADzG+zq3/c+F
 O/731HRgq6/6/LquC/aSFCraFiKfBhvHQcDFBkY/PUT+AKNihqrXb7qd+RLVJcc/R0g=
X-Gm-Gg: ASbGncuIkD98B1f19OjAL8Qx3BBDV1OpZr8KQSKpvW5YFgg33+dz2eXW55Ur5Fb6hIZ
 zqBeL2u/MpecjXLtKf4ajjpDoRcXeZ1kR0fmyeI6HAKjMFF/mpz+rsQCVX7X+5OoZZCUcWk8SPi
 c0NfM7Izec6IHWMzE3kkPzRZtZbCc5BRZLU8IkXb/YUQjNZ5btkpsGC3c3lwDB2ESboJN1Pve3N
 Lf5Wrr03ITCC6baQPNYZGqZ0VO5763IJLXioJGz41gK+PjDk/u+tL3bfWuVhG+DKAGo6llw+Snz
 brNAFqj98OI5DhKpztYqTmPGxtrqks6gd17CjJ1EKfTLo1dxooWa0J1/lgRAkbRIPdzfuwn3R36
 xa0RT+sL/kWKcA2yJnL6/nGC7PFaY5vfE7qpUT2B4KoZngw==
X-Google-Smtp-Source: AGHT+IGk6C47Zef/idu0jbx+QiVmAwZKtVUxa9kXWT/56vwfA2TjZpNdp2uzS/+dUmfs7s2ZVcOH8g==
X-Received: by 2002:a17:902:c949:b0:235:f70:fd44 with SMTP id
 d9443c01a7336-23e256ca838mr339325795ad.21.1753187845815; 
 Tue, 22 Jul 2025 05:37:25 -0700 (PDT)
Received: from localhost.localdomain ([182.126.128.169])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-23e3b60edbasm75740715ad.70.2025.07.22.05.37.24
 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256);
 Tue, 22 Jul 2025 05:37:25 -0700 (PDT)
From: Jack Lau <jacklau1222gm@gmail.com>
X-Google-Original-From: Jack Lau <jacklau1222@qq.com>
To: ffmpeg-devel@ffmpeg.org
Date: Tue, 22 Jul 2025 20:36:14 +0800
Message-ID: <20250722123616.53164-14-jacklau1222@qq.com>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <20250722123616.53164-1-jacklau1222@qq.com>
References: <20250722123616.53164-1-jacklau1222@qq.com>
MIME-Version: 1.0
X-Unsent: 1
Subject: [FFmpeg-devel] [PATCH v5 13/15] avformat/tls: add new option
 use_srtp to control whether enable it
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Jack Lau <jacklau1222@qq.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20250722123616.53164-14-jacklau1222@qq.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

Signed-off-by: Jack Lau <jacklau1222@qq.com>
---
 libavformat/tls.h         |  2 ++
 libavformat/tls_openssl.c | 24 ++++++++++++------------
 libavformat/whip.c        |  1 +
 3 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/libavformat/tls.h b/libavformat/tls.h
index 157c0d0256..a11f8d6afb 100644
--- a/libavformat/tls.h
+++ b/libavformat/tls.h
@@ -51,6 +51,7 @@ typedef struct TLSShared {
     URLContext *tcp;
 
     int is_dtls;
+    int use_srtp;
 
     /* The certificate and private key content used for DTLS handshake */
     char* cert_buf;
@@ -77,6 +78,7 @@ typedef struct TLSShared {
     {"listen",     "Listen for incoming connections",     offsetof(pstruct, options_field . listen),    AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \
     {"http_proxy", "Set proxy to tunnel through",         offsetof(pstruct, options_field . http_proxy), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
     {"external_sock", "Use external socket",              offsetof(pstruct, options_field . external_sock), AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \
+    {"use_srtp", "Enable use_srtp DTLS extension",        offsetof(pstruct, options_field . use_srtp), AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \
     {"mtu", "Maximum Transmission Unit", offsetof(pstruct, options_field . mtu), AV_OPT_TYPE_INT,  { .i64 = 0 }, 0, INT_MAX, .flags = TLS_OPTFL}, \
     {"cert_pem",   "Certificate PEM string",              offsetof(pstruct, options_field . cert_buf),  AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
     {"key_pem",    "Private key PEM string",              offsetof(pstruct, options_field . key_buf),   AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index 54860857c0..9a8456c438 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -818,12 +818,6 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
     int ret = 0;
     c->is_dtls = 1;
 
-    /**
-     * The profile for OpenSSL's SRTP is SRTP_AES128_CM_SHA1_80, see ssl/d1_srtp.c.
-     * The profile for FFmpeg's SRTP is SRTP_AES128_CM_HMAC_SHA1_80, see libavformat/srtp.c.
-     */
-    const char* profiles = "SRTP_AES128_CM_SHA1_80";
-
     p->ctx = SSL_CTX_new(c->listen ? DTLS_server_method() : DTLS_client_method());
     if (!p->ctx) {
         ret = AVERROR(ENOMEM);
@@ -837,12 +831,18 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
     if (c->verify)
         SSL_CTX_set_verify(p->ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
 
-    /* Setup the SRTP context */
-    if (SSL_CTX_set_tlsext_use_srtp(p->ctx, profiles)) {
-        av_log(p, AV_LOG_ERROR, "Init SSL_CTX_set_tlsext_use_srtp failed, profiles=%s, %s\n",
-            profiles, openssl_get_error(p));
-        ret = AVERROR(EINVAL);
-        return ret;
+    if (c->use_srtp) {
+        /**
+         * The profile for OpenSSL's SRTP is SRTP_AES128_CM_SHA1_80, see ssl/d1_srtp.c.
+         * The profile for FFmpeg's SRTP is SRTP_AES128_CM_HMAC_SHA1_80, see libavformat/srtp.c.
+         */
+        const char* profiles = "SRTP_AES128_CM_SHA1_80";
+        if (SSL_CTX_set_tlsext_use_srtp(p->ctx, profiles)) {
+            av_log(p, AV_LOG_ERROR, "Init SSL_CTX_set_tlsext_use_srtp failed, profiles=%s, %s\n",
+                profiles, openssl_get_error(p));
+            ret = AVERROR(EINVAL);
+            return ret;
+        }
     }
 
     /* The ssl should not be created unless the ctx has been initialized. */
diff --git a/libavformat/whip.c b/libavformat/whip.c
index cfcb8e8888..82c9cee5c8 100644
--- a/libavformat/whip.c
+++ b/libavformat/whip.c
@@ -1320,6 +1320,7 @@ static int dtls_handshake(AVFormatContext *s)
     } else
         av_dict_set(&opts, "key_pem", whip->key_buf, 0);
     av_dict_set_int(&opts, "external_sock", 1, 0);
+    av_dict_set_int(&opts, "use_srtp", 1, 0);
     av_dict_set_int(&opts, "listen", whip->flags & WHIP_FLAG_DTLS_ACTIVE ? 0 : 1, 0);
     /* If got the first binding response, start DTLS handshake. */
     ret = ffurl_open_whitelist(&whip->dtls_uc, buf, AVIO_FLAG_READ_WRITE, &s->interrupt_callback,
-- 
2.49.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".