From 62f5a274168889142b35472b14173b6c1f4bce6f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aleix=20Conchillo=20Flaqu=C3=A9?= Date: Fri, 14 Feb 2014 17:14:42 -0800 Subject: [PATCH] rtspsrc: add tls-database property Add support for a new property: tls-database. If the property is set, the certificate database will be given to the rtsp connection if TLS protocol is being used. If the server certificate can't be verified with the default database, this additional database will be used. https://bugzilla.gnome.org/show_bug.cgi?id=724396 --- gst/rtsp/gstrtspsrc.c | 34 ++++++++++++++++++++++++++++++++-- gst/rtsp/gstrtspsrc.h | 1 + 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/gst/rtsp/gstrtspsrc.c b/gst/rtsp/gstrtspsrc.c index ea225b583f..6067063b21 100644 --- a/gst/rtsp/gstrtspsrc.c +++ b/gst/rtsp/gstrtspsrc.c @@ -188,8 +188,9 @@ gst_rtsp_src_buffer_mode_get_type (void) #define DEFAULT_UDP_RECONNECT TRUE #define DEFAULT_MULTICAST_IFACE NULL #define DEFAULT_NTP_SYNC FALSE -#define DEFAULT_USE_PIPELINE_CLOCK FALSE -#define DEFAULT_TLS_VALIDATION_FLAGS G_TLS_CERTIFICATE_VALIDATE_ALL +#define DEFAULT_USE_PIPELINE_CLOCK FALSE +#define DEFAULT_TLS_VALIDATION_FLAGS G_TLS_CERTIFICATE_VALIDATE_ALL +#define DEFAULT_TLS_DATABASE NULL enum { @@ -223,6 +224,7 @@ enum PROP_USE_PIPELINE_CLOCK, PROP_SDES, PROP_TLS_VALIDATION_FLAGS, + PROP_TLS_DATABASE, PROP_LAST }; @@ -585,6 +587,19 @@ gst_rtspsrc_class_init (GstRTSPSrcClass * klass) G_TYPE_TLS_CERTIFICATE_FLAGS, DEFAULT_TLS_VALIDATION_FLAGS, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS)); + /** + * GstRTSPSrc::tls-database: + * + * TLS database with anchor certificate authorities used to validate + * the server certificate. + * + * Since: 1.4 + */ + g_object_class_install_property (gobject_class, PROP_TLS_DATABASE, + g_param_spec_object ("tls-database", "TLS database", + "TLS database with anchor certificate authorities used to validate the server certificate", + G_TYPE_TLS_DATABASE, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS)); + /** * GstRTSPSrc::handle-request: * @rtspsrc: a #GstRTSPSrc @@ -712,6 +727,7 @@ gst_rtspsrc_init (GstRTSPSrc * src) src->use_pipeline_clock = DEFAULT_USE_PIPELINE_CLOCK; src->sdes = NULL; src->tls_validation_flags = DEFAULT_TLS_VALIDATION_FLAGS; + src->tls_database = DEFAULT_TLS_DATABASE; /* get a list of all extensions */ src->extensions = gst_rtsp_ext_list_get (); @@ -757,6 +773,9 @@ gst_rtspsrc_finalize (GObject * object) if (rtspsrc->sdes) gst_structure_free (rtspsrc->sdes); + if (rtspsrc->tls_database) + g_object_unref (rtspsrc->tls_database); + /* free locks */ g_rec_mutex_clear (&rtspsrc->stream_rec_lock); g_rec_mutex_clear (&rtspsrc->state_rec_lock); @@ -969,6 +988,10 @@ gst_rtspsrc_set_property (GObject * object, guint prop_id, const GValue * value, case PROP_TLS_VALIDATION_FLAGS: rtspsrc->tls_validation_flags = g_value_get_flags (value); break; + case PROP_TLS_DATABASE: + g_clear_object (&rtspsrc->tls_database); + rtspsrc->tls_database = g_value_dup_object (value); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -1097,6 +1120,9 @@ gst_rtspsrc_get_property (GObject * object, guint prop_id, GValue * value, case PROP_TLS_VALIDATION_FLAGS: g_value_set_flags (value, rtspsrc->tls_validation_flags); break; + case PROP_TLS_DATABASE: + g_value_set_object (value, rtspsrc->tls_database); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -3713,6 +3739,10 @@ gst_rtsp_conninfo_connect (GstRTSPSrc * src, GstRTSPConnInfo * info, if (!gst_rtsp_connection_set_tls_validation_flags (info->connection, src->tls_validation_flags)) GST_WARNING_OBJECT (src, "Unable to set TLS validation flags"); + + if (src->tls_database) + gst_rtsp_connection_set_tls_database (info->connection, + src->tls_database); } if (info->url->transports & GST_RTSP_LOWER_TRANS_HTTP) diff --git a/gst/rtsp/gstrtspsrc.h b/gst/rtsp/gstrtspsrc.h index 21b561b35d..004d4c2296 100644 --- a/gst/rtsp/gstrtspsrc.h +++ b/gst/rtsp/gstrtspsrc.h @@ -228,6 +228,7 @@ struct _GstRTSPSrc { gboolean use_pipeline_clock; GstStructure *sdes; GTlsCertificateFlags tls_validation_flags; + GTlsDatabase *tls_database; /* state */ GstRTSPState state;