From patchwork Sat Oct 1 20:20:39 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jay X-Patchwork-Id: 817 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.103.140.66 with SMTP id o63csp872424vsd; Sat, 1 Oct 2016 13:20:51 -0700 (PDT) X-Received: by 10.28.140.213 with SMTP id o204mr3074159wmd.111.1475353251164; Sat, 01 Oct 2016 13:20:51 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id d204si2852036wmc.64.2016.10.01.13.20.50; Sat, 01 Oct 2016 13:20:51 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3255468A09F; Sat, 1 Oct 2016 23:20:35 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-yb0-f196.google.com (mail-yb0-f196.google.com [209.85.213.196]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 092ED689E4C for ; Sat, 1 Oct 2016 23:20:27 +0300 (EEST) Received: by mail-yb0-f196.google.com with SMTP id e2so2959665ybi.0 for ; Sat, 01 Oct 2016 13:20:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id; bh=Z6WMnB6ozlzbYLyzwpjBVrlfN3sueRpPAeeVBR3ngMg=; b=vQuwayUYPD2xfy/+M1UP+KFffkn0GDkh0UAUM1ckuB1S4fVhkhp8p2Mqplwqd11B03 wuSESkZmmG9uS9S7jgu/4rM2FI31EpGuvAWMlrOTKtM0RxqVldTD4hiedFFAb24tzRNg xw2WLzw7OjYpTfl1LioAieL96OCHYGNZxgCS3SApjCBKxwbazbp2S9xz90eK2vLF3bqT H2v+cgHp3/30uxIp2IqaRQ+r1kxMINGcqT53bFWOr7cER2zA0dMQLdNy4ukjZt0Y/qrM v4R2r/RYZosRrn1Ivo8vMFkwoh+H7yMJmgcNnZIQKbVTrwleUbwcFz69zY1h7GqJA2q3 fjfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=Z6WMnB6ozlzbYLyzwpjBVrlfN3sueRpPAeeVBR3ngMg=; b=TrFmt5wXzmiVbsJ5jNc941684E3VbDlD5MakLTRyHRabTfE0/piDhFNjac3c3895Fh J6VNKEPfDScUfjAvCVSNw+aXSvUcvyuiMtCPIuk3SEejOk4g54nJz2WLOPwfMWi4HwtR ot8jFrMkiV4dMDP8zKl9t1HXLLGXkTdL1kW+7kQ2WxYGJVICI+qL1AuT10cMYgbEVlxg rmRk2Fd46MuRo2zGVB23Rtaxt8UH/5pPTg/SppZqjM1X8hHilZerulagtcgGCDJ6sfRz IhYRZRyJC2NpqfsKpWZwh6NlB8IofBSBrhyqDqM8WhVvnW2hFR97ruP+pflap5/Lqrur gb+A== X-Gm-Message-State: AA6/9RneTvxwKaxrxBA0cmdeXaPMGZS1BPSMZQlohq6ru1T3+fZ4NF8ruTd0BJfYO5Gung== X-Received: by 10.37.252.7 with SMTP id v7mr9285888ybd.17.1475353240339; Sat, 01 Oct 2016 13:20:40 -0700 (PDT) Received: from localhost.localdomain (pool-96-255-15-101.washdc.fios.verizon.net. [96.255.15.101]) by smtp.gmail.com with ESMTPSA id j184sm11914122ywd.24.2016.10.01.13.20.39 (version=TLS1 cipher=AES128-SHA bits=128/128); Sat, 01 Oct 2016 13:20:39 -0700 (PDT) From: jayridge@gmail.com To: ffmpeg-devel@ffmpeg.org Date: Sat, 1 Oct 2016 16:20:39 -0400 Message-Id: <1475353239-31384-1-git-send-email-jayridge@gmail.com> X-Mailer: git-send-email 2.6.3 Subject: [FFmpeg-devel] [PATCH] RTSP: pass TLS args for RTSPS X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Jay Ridgeway MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" From: Jay Ridgeway This patch enables TLS args for RTSPS. This is necessary for client certificates and cert validation. Squash changes from feedback into one patch. --- libavformat/rtsp.c | 19 ++++++++++++++++--- libavformat/rtsp.h | 8 ++++++++ libavformat/tls_gnutls.c | 7 +++++++ libavformat/tls_openssl.c | 7 +++++++ libavformat/tls_schannel.c | 7 +++++++ libavformat/tls_securetransport.c | 7 +++++++ 6 files changed, 52 insertions(+), 3 deletions(-) diff --git a/libavformat/rtsp.c b/libavformat/rtsp.c index c6292c5..53ecb6c 100644 --- a/libavformat/rtsp.c +++ b/libavformat/rtsp.c @@ -78,6 +78,7 @@ { "reorder_queue_size", "set number of packets to buffer for handling of reordered packets", OFFSET(reordering_queue_size), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, INT_MAX, DEC }, \ { "buffer_size", "Underlying protocol send/receive buffer size", OFFSET(buffer_size), AV_OPT_TYPE_INT, { .i64 = -1 }, -1, INT_MAX, DEC|ENC } \ +#define NONNULLSTR(s) (s ? s : "") const AVOption ff_rtsp_options[] = { { "initial_pause", "do not start playing the stream immediately", OFFSET(initial_pause), AV_OPT_TYPE_BOOL, {.i64 = 0}, 0, 1, DEC }, @@ -97,6 +98,10 @@ const AVOption ff_rtsp_options[] = { { "stimeout", "set timeout (in microseconds) of socket TCP I/O operations", OFFSET(stimeout), AV_OPT_TYPE_INT, {.i64 = 0}, INT_MIN, INT_MAX, DEC }, COMMON_OPTS(), { "user-agent", "override User-Agent header", OFFSET(user_agent), AV_OPT_TYPE_STRING, {.str = LIBAVFORMAT_IDENT}, 0, 0, DEC }, + { "ca_file", "Certificate Authority database file", OFFSET(ca_file), AV_OPT_TYPE_STRING, {.str = NULL}, 0, 0, DEC|ENC }, + { "tls_verify", "verify the peer certificate", OFFSET(verify), AV_OPT_TYPE_BOOL, {.i64 = 0}, 0, 1, DEC|ENC}, + { "cert_file", "certificate file", OFFSET(cert_file), AV_OPT_TYPE_STRING, {.str = NULL}, 0, 0, DEC|ENC }, + { "key_file", "private key file", OFFSET(key_file), AV_OPT_TYPE_STRING, {.str = NULL}, 0, 0, DEC|ENC }, { NULL }, }; @@ -1812,9 +1817,17 @@ redirect: } else { int ret; /* open the tcp connection */ - ff_url_join(tcpname, sizeof(tcpname), lower_rtsp_proto, NULL, - host, port, - "?timeout=%d", rt->stimeout); + if (strcmp("tls", lower_rtsp_proto) == 0) { + ff_url_join(tcpname, sizeof(tcpname), lower_rtsp_proto, NULL, + host, port, + "?timeout=%d&verify=%d&cafile=%s&cert_file=%s&key_file=%s", + rt->stimeout, rt->verify, NONNULLSTR(rt->ca_file), + NONNULLSTR(rt->cert_file), NONNULLSTR(rt->key_file)); + } else { + ff_url_join(tcpname, sizeof(tcpname), lower_rtsp_proto, NULL, + host, port, + "?timeout=%d", rt->stimeout); + } if ((ret = ffurl_open_whitelist(&rt->rtsp_hd, tcpname, AVIO_FLAG_READ_WRITE, &s->interrupt_callback, NULL, s->protocol_whitelist, s->protocol_blacklist, NULL)) < 0) { err = ret; diff --git a/libavformat/rtsp.h b/libavformat/rtsp.h index 852fd67..fa872a8 100644 --- a/libavformat/rtsp.h +++ b/libavformat/rtsp.h @@ -408,6 +408,14 @@ typedef struct RTSPState { char default_lang[4]; int buffer_size; + + /** The following are used for RTSPS streams */ + //@{ + char *ca_file; + int verify; + char *cert_file; + char *key_file; + //@} } RTSPState; #define RTSP_FLAG_FILTER_SRC 0x1 /**< Filter incoming UDP packets - diff --git a/libavformat/tls_gnutls.c b/libavformat/tls_gnutls.c index 991b36b..ecc80bf 100644 --- a/libavformat/tls_gnutls.c +++ b/libavformat/tls_gnutls.c @@ -235,6 +235,12 @@ static int tls_write(URLContext *h, const uint8_t *buf, int size) return print_tls_error(h, ret); } +static int tls_get_file_handle(URLContext *h) +{ + TLSContext *c = h->priv_data; + return ffurl_get_file_handle(c->tls_shared.tcp); +} + static const AVOption options[] = { TLS_COMMON_OPTIONS(TLSContext, tls_shared), { NULL } @@ -253,6 +259,7 @@ const URLProtocol ff_tls_gnutls_protocol = { .url_read = tls_read, .url_write = tls_write, .url_close = tls_close, + .url_get_file_handle = tls_get_file_handle, .priv_data_size = sizeof(TLSContext), .flags = URL_PROTOCOL_FLAG_NETWORK, .priv_data_class = &tls_class, diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c index 46eb3e6..1455392 100644 --- a/libavformat/tls_openssl.c +++ b/libavformat/tls_openssl.c @@ -283,6 +283,12 @@ static int tls_write(URLContext *h, const uint8_t *buf, int size) return print_tls_error(h, ret); } +static int tls_get_file_handle(URLContext *h) +{ + TLSContext *c = h->priv_data; + return ffurl_get_file_handle(c->tls_shared.tcp); +} + static const AVOption options[] = { TLS_COMMON_OPTIONS(TLSContext, tls_shared), { NULL } @@ -301,6 +307,7 @@ const URLProtocol ff_tls_openssl_protocol = { .url_read = tls_read, .url_write = tls_write, .url_close = tls_close, + .url_get_file_handle = tls_get_file_handle, .priv_data_size = sizeof(TLSContext), .flags = URL_PROTOCOL_FLAG_NETWORK, .priv_data_class = &tls_class, diff --git a/libavformat/tls_schannel.c b/libavformat/tls_schannel.c index c11b7d4..065dccb 100644 --- a/libavformat/tls_schannel.c +++ b/libavformat/tls_schannel.c @@ -577,6 +577,12 @@ done: return ret < 0 ? ret : outbuf[1].cbBuffer; } +static int tls_get_file_handle(URLContext *h) +{ + TLSContext *c = h->priv_data; + return ffurl_get_file_handle(c->tls_shared.tcp); +} + static const AVOption options[] = { TLS_COMMON_OPTIONS(TLSContext, tls_shared), { NULL } @@ -595,6 +601,7 @@ const URLProtocol ff_tls_schannel_protocol = { .url_read = tls_read, .url_write = tls_write, .url_close = tls_close, + .url_get_file_handle = tls_get_file_handle, .priv_data_size = sizeof(TLSContext), .flags = URL_PROTOCOL_FLAG_NETWORK, .priv_data_class = &tls_class, diff --git a/libavformat/tls_securetransport.c b/libavformat/tls_securetransport.c index 253c89c..bc8a320 100644 --- a/libavformat/tls_securetransport.c +++ b/libavformat/tls_securetransport.c @@ -375,6 +375,12 @@ static int tls_write(URLContext *h, const uint8_t *buf, int size) return print_tls_error(h, ret); } +static int tls_get_file_handle(URLContext *h) +{ + TLSContext *c = h->priv_data; + return ffurl_get_file_handle(c->tls_shared.tcp); +} + static const AVOption options[] = { TLS_COMMON_OPTIONS(TLSContext, tls_shared), { NULL } @@ -393,6 +399,7 @@ const URLProtocol ff_tls_securetransport_protocol = { .url_read = tls_read, .url_write = tls_write, .url_close = tls_close, + .url_get_file_handle = tls_get_file_handle, .priv_data_size = sizeof(TLSContext), .flags = URL_PROTOCOL_FLAG_NETWORK, .priv_data_class = &tls_class,