From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id 7DD924E715
	for <ffmpegdev@gitmailbox.com>; Fri, 11 Jul 2025 14:56:36 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 86563690073;
	Fri, 11 Jul 2025 17:56:33 +0300 (EEST)
Received: from mail-ed1-f45.google.com (mail-ed1-f45.google.com
 [209.85.208.45])
 by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 74407690060
 for <ffmpeg-devel@ffmpeg.org>; Fri, 11 Jul 2025 17:56:26 +0300 (EEST)
Received: by mail-ed1-f45.google.com with SMTP id
 4fb4d7f45d1cf-60707b740a6so3294478a12.0
 for <ffmpeg-devel@ffmpeg.org>; Fri, 11 Jul 2025 07:56:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1752245786; x=1752850586; darn=ffmpeg.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=PGRPJIPfzNz8oCVQiPzZ8b04SPY6i1LHMopG2WNpTuw=;
 b=VAms0Cu23SpM0sD+pHonZG4054ZE5klQSDH67LWXtDu1/ptKpasYXzANzrC8NrP/QG
 rOowxj8yFGf1XYi5h4rAe34f06Kdzar0lfMc1AmiWHa9tJkGaZLopmsUM75gkLZwLvsa
 E4toqQQ/Snhwv5075so0fkAhVSl6vB+8CU3zYSdxPsNpzURHRgIH2vDwaeW+7jKb5PvX
 t/km3uFzuoZDDbh3WoSEWhAlxTTmWypVtx41XTtW1eXvG+X8/aVpack0fOPjDUsvMw5v
 H6HJcteCbZeBdbKAuIGNuGNzcI1Ebi8wUB9FREV05cuow1Fk3fOUDl4fe2mORMASI7It
 dN/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1752245786; x=1752850586;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=PGRPJIPfzNz8oCVQiPzZ8b04SPY6i1LHMopG2WNpTuw=;
 b=YvNG7MR7JFj60XEiVDF359ong6B2fP0jnE7A2nXteTKPhyLkTYdKldGtezDi4Cp64Q
 0So8f8VyIdst+R94KpOWfm0MvbzxhnSqFcdwIebDoBN+FdoXJU5qBEM6NKXXMg09uFCK
 QeZ5NNp9KFi4be4SHA23J5J14nlS31VQOxXwMOx1s/fkuB3Cz/CAIKxa2B7w/mX2ssDL
 GUtM1Mu8+dEfzGlWWO/Qhl5blE3RLKW8fstDKS8R0/l4rrWo9Cm8FB0N1KllMyktEOwZ
 5wGwto0H+NkAVSvPUSu0i3CZgnkZHFtg0e+NwS3gE7Zq2xDkowWTr+jLisSjM7s4Ebte
 VmOw==
X-Gm-Message-State: AOJu0YxoXRhiG0kNWqas+gGbfSu8hezVS0tL6jwLba7oefQtdyMDuiwf
 NJ5L0c1XqPW/256gVGjRqQCDEuI7dinH6vI3BqS3HseCzrqmNtGd6u31flo9cg==
X-Gm-Gg: ASbGncsjv40p4pRRJ2H6J/mf8SLIvWhQ0VoH/uD2Xw3JpKKG6eujOH8r0b2cMO3vMzf
 8CR91ST7iSK8WeQHUBO4aqReYtEqqkAq9/UGZJNLvgQF+Qpe9aWJq6RCy52CB8OAB6g7ODVZYKe
 7qbRy2wJvzx37jHoSI183GFu7wPfG3hXdA6UvzjfMrSr1KVIrgu7YJtDWiJTdWcIJaBX7sKV7U2
 CnwUGAP3d1PBcNrc1DprUs9d3EWT5rYw3/2xo68TEtUVeESj279RHHWuIHS5/FldLLseXGHiLx6
 uey6ceLlhbt2JUsoJ1JIeuXBsTFLWpn570zsCx4xbLxuUzVm9uTxO+x7MsBiMY56WIrKJUuz6Pr
 ZUlDWTAMOWhghVZLZlqkCruuf4dEzMmyUJJgLPJ9kudyYQqSO8s4/CNsYczFW2AfNyS8h718sIG
 EYkfkFWnLXad52WM7Niu3isCw+9VHNNs+RiH7D
X-Google-Smtp-Source: AGHT+IHpLrYm7kWbG8cdNSVOhxNCrAng8jE8FW/1RK1/Gc7ZuJAmAKfb2vVjBMCdj//8gr8M2vArvg==
X-Received: by 2002:a17:907:8e89:b0:ae7:1c2b:b715 with SMTP id
 a640c23a62f3a-ae71c874fafmr106360466b.49.1752245784992; 
 Fri, 11 Jul 2025 07:56:24 -0700 (PDT)
Received: from [192.168.178.143]
 (p200301023701fa0039c61cc86b66e99e.dip0.t-ipconnect.de.
 [2003:102:3701:fa00:39c6:1cc8:6b66:e99e])
 by smtp.gmail.com with ESMTPSA id
 4fb4d7f45d1cf-611c94f3753sm2273608a12.16.2025.07.11.07.56.24
 for <ffmpeg-devel@ffmpeg.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 11 Jul 2025 07:56:24 -0700 (PDT)
From: Marvin Scholz <epirat07-at-gmail.com@ffmpeg.org>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Fri, 11 Jul 2025 16:56:23 +0200
X-Mailer: MailMate Free Mode (2.0r6222)
Message-ID: <856E6979-95D3-4801-9CB7-EF94BF705BDA@gmail.com>
In-Reply-To: <AS8P250MB0744278E6E921ED60CDB45008F4FA@AS8P250MB0744.EURP250.PROD.OUTLOOK.COM>
References: <20250624192345.44376-1-epirat07@gmail.com>
 <20250624192345.44376-2-epirat07@gmail.com>
 <AS8P250MB0744278E6E921ED60CDB45008F4FA@AS8P250MB0744.EURP250.PROD.OUTLOOK.COM>
MIME-Version: 1.0
Subject: Re: [FFmpeg-devel] [PATCH 2/2] avformat/rtsp: add TLS options
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/856E6979-95D3-4801-9CB7-EF94BF705BDA@gmail.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>



On 7 Jul 2025, at 13:15, Andreas Rheinhardt wrote:

> Marvin Scholz:
>> From: Daniel N Pettersson <danielnp@axis.com>
>>
>> Add TLS options to RTSP for when TLS is used for the lower protocol.
>>
>> Signed-off-by: Marvin Scholz <epirat07@gmail.com>
>> Co-authored-by: Marvin Scholz <epirat07@gmail.com>
>> ---
>>  libavformat/rtsp.c | 26 +++++++++++++++++++++++++-
>>  libavformat/rtsp.h | 11 +++++++++++
>>  2 files changed, 36 insertions(+), 1 deletion(-)
>>
>> diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c
>> index 3f2966414f..8d360b375f 100644
>> --- a/libavformat/rtsp.c
>> +++ b/libavformat/rtsp.c>
>> +/**
>> + * Add the TLS options of the given RTSPState to the dict
>> + */
>> +static void copy_tls_opts_dict(RTSPState *rt, AVDictionary **dict)
>> +{
>> +    av_dict_set_int(dict, "tls_verify", rt->tls_opts.verify, 0);
>> +    av_dict_set(dict, "ca_file", rt->tls_opts.ca_file, 0);
>> +    av_dict_set(dict, "cert_file", rt->tls_opts.cert_file, 0);
>> +    av_dict_set(dict, "key_file", rt->tls_opts.key_file, 0);
>> +    av_dict_set(dict, "verifyhost", rt->tls_opts.host, 0);
>> +}
>
> Should this not be checked?
>

Indeed, done in 7c91ae94198fd3dce7b9bed9d67096f0e5b5f260.

Thanks

>> +
>>  static void get_word_until_chars(char *buf, int buf_size,
>>                                   const char *sep, const char **pp)
>>  {
>> @@ -1821,6 +1837,8 @@ redirect:
>>          AVDictionary *options = NULL;
>>
>>          av_dict_set_int(&options, "timeout", rt->stimeout, 0);
>> +        if (https_tunnel)
>> +            copy_tls_opts_dict(rt, &options);
>>
>>          ff_url_join(httpname, sizeof(httpname), https_tunnel ? "https" : "http", auth, host, port, "%s", path);
>>          snprintf(sessioncookie, sizeof(sessioncookie), "%08x%08x",
>> @@ -1905,14 +1923,20 @@ redirect:
>>      } else {
>>          int ret;
>>          /* open the tcp connection */
>> +        AVDictionary *proto_opts = NULL;
>> +        if (strcmp("tls", lower_rtsp_proto) == 0)
>> +            copy_tls_opts_dict(rt, &proto_opts);
>> +
>>          ff_url_join(tcpname, sizeof(tcpname), lower_rtsp_proto, NULL,
>>                      host, port,
>>                      "?timeout=%"PRId64, rt->stimeout);
>>          if ((ret = ffurl_open_whitelist(&rt->rtsp_hd, tcpname, AVIO_FLAG_READ_WRITE,
>> -                       &s->interrupt_callback, NULL, s->protocol_whitelist, s->protocol_blacklist, NULL)) < 0) {
>> +                       &s->interrupt_callback, &proto_opts, s->protocol_whitelist, s->protocol_blacklist, NULL)) < 0) {
>> +            av_dict_free(&proto_opts);
>>              err = ret;
>>              goto fail;
>>          }
>> +        av_dict_free(&proto_opts);
>>          rt->rtsp_hd_out = rt->rtsp_hd;
>>      }
>>      rt->seq = 0;
>> diff --git a/libavformat/rtsp.h b/libavformat/rtsp.h
>> index 83b2e3f4fb..ca278acd43 100644
>> --- a/libavformat/rtsp.h
>> +++ b/libavformat/rtsp.h
>> @@ -419,6 +419,17 @@ typedef struct RTSPState {
>>      int buffer_size;
>>      int pkt_size;
>>      char *localaddr;
>> +
>> +    /**
>> +     * Options used for TLS based RTSP streams.
>> +     */
>> +    struct {
>> +        char *ca_file;
>> +        int verify;
>> +        char *cert_file;
>> +        char *key_file;
>> +        char *host;
>> +    } tls_opts;
>>  } RTSPState;
>>
>>  #define RTSP_FLAG_FILTER_SRC  0x1    /**< Filter incoming UDP packets -
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".