mirror of
https://gitlab.freedesktop.org/gstreamer/gstreamer.git
synced 2024-11-27 12:11:13 +00:00
rtspsrc: add tls-database property
Add support for a new property: tls-database. If the property is set, the certificate database will be given to the rtsp connection if TLS protocol is being used. If the server certificate can't be verified with the default database, this additional database will be used. https://bugzilla.gnome.org/show_bug.cgi?id=724396
This commit is contained in:
parent
0de0a1f1db
commit
62f5a27416
2 changed files with 33 additions and 2 deletions
|
@ -190,6 +190,7 @@ gst_rtsp_src_buffer_mode_get_type (void)
|
||||||
#define DEFAULT_NTP_SYNC FALSE
|
#define DEFAULT_NTP_SYNC FALSE
|
||||||
#define DEFAULT_USE_PIPELINE_CLOCK FALSE
|
#define DEFAULT_USE_PIPELINE_CLOCK FALSE
|
||||||
#define DEFAULT_TLS_VALIDATION_FLAGS G_TLS_CERTIFICATE_VALIDATE_ALL
|
#define DEFAULT_TLS_VALIDATION_FLAGS G_TLS_CERTIFICATE_VALIDATE_ALL
|
||||||
|
#define DEFAULT_TLS_DATABASE NULL
|
||||||
|
|
||||||
enum
|
enum
|
||||||
{
|
{
|
||||||
|
@ -223,6 +224,7 @@ enum
|
||||||
PROP_USE_PIPELINE_CLOCK,
|
PROP_USE_PIPELINE_CLOCK,
|
||||||
PROP_SDES,
|
PROP_SDES,
|
||||||
PROP_TLS_VALIDATION_FLAGS,
|
PROP_TLS_VALIDATION_FLAGS,
|
||||||
|
PROP_TLS_DATABASE,
|
||||||
PROP_LAST
|
PROP_LAST
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -585,6 +587,19 @@ gst_rtspsrc_class_init (GstRTSPSrcClass * klass)
|
||||||
G_TYPE_TLS_CERTIFICATE_FLAGS, DEFAULT_TLS_VALIDATION_FLAGS,
|
G_TYPE_TLS_CERTIFICATE_FLAGS, DEFAULT_TLS_VALIDATION_FLAGS,
|
||||||
G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
|
G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
|
||||||
|
|
||||||
|
/**
|
||||||
|
* GstRTSPSrc::tls-database:
|
||||||
|
*
|
||||||
|
* TLS database with anchor certificate authorities used to validate
|
||||||
|
* the server certificate.
|
||||||
|
*
|
||||||
|
* Since: 1.4
|
||||||
|
*/
|
||||||
|
g_object_class_install_property (gobject_class, PROP_TLS_DATABASE,
|
||||||
|
g_param_spec_object ("tls-database", "TLS database",
|
||||||
|
"TLS database with anchor certificate authorities used to validate the server certificate",
|
||||||
|
G_TYPE_TLS_DATABASE, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* GstRTSPSrc::handle-request:
|
* GstRTSPSrc::handle-request:
|
||||||
* @rtspsrc: a #GstRTSPSrc
|
* @rtspsrc: a #GstRTSPSrc
|
||||||
|
@ -712,6 +727,7 @@ gst_rtspsrc_init (GstRTSPSrc * src)
|
||||||
src->use_pipeline_clock = DEFAULT_USE_PIPELINE_CLOCK;
|
src->use_pipeline_clock = DEFAULT_USE_PIPELINE_CLOCK;
|
||||||
src->sdes = NULL;
|
src->sdes = NULL;
|
||||||
src->tls_validation_flags = DEFAULT_TLS_VALIDATION_FLAGS;
|
src->tls_validation_flags = DEFAULT_TLS_VALIDATION_FLAGS;
|
||||||
|
src->tls_database = DEFAULT_TLS_DATABASE;
|
||||||
|
|
||||||
/* get a list of all extensions */
|
/* get a list of all extensions */
|
||||||
src->extensions = gst_rtsp_ext_list_get ();
|
src->extensions = gst_rtsp_ext_list_get ();
|
||||||
|
@ -757,6 +773,9 @@ gst_rtspsrc_finalize (GObject * object)
|
||||||
if (rtspsrc->sdes)
|
if (rtspsrc->sdes)
|
||||||
gst_structure_free (rtspsrc->sdes);
|
gst_structure_free (rtspsrc->sdes);
|
||||||
|
|
||||||
|
if (rtspsrc->tls_database)
|
||||||
|
g_object_unref (rtspsrc->tls_database);
|
||||||
|
|
||||||
/* free locks */
|
/* free locks */
|
||||||
g_rec_mutex_clear (&rtspsrc->stream_rec_lock);
|
g_rec_mutex_clear (&rtspsrc->stream_rec_lock);
|
||||||
g_rec_mutex_clear (&rtspsrc->state_rec_lock);
|
g_rec_mutex_clear (&rtspsrc->state_rec_lock);
|
||||||
|
@ -969,6 +988,10 @@ gst_rtspsrc_set_property (GObject * object, guint prop_id, const GValue * value,
|
||||||
case PROP_TLS_VALIDATION_FLAGS:
|
case PROP_TLS_VALIDATION_FLAGS:
|
||||||
rtspsrc->tls_validation_flags = g_value_get_flags (value);
|
rtspsrc->tls_validation_flags = g_value_get_flags (value);
|
||||||
break;
|
break;
|
||||||
|
case PROP_TLS_DATABASE:
|
||||||
|
g_clear_object (&rtspsrc->tls_database);
|
||||||
|
rtspsrc->tls_database = g_value_dup_object (value);
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
|
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
|
||||||
break;
|
break;
|
||||||
|
@ -1097,6 +1120,9 @@ gst_rtspsrc_get_property (GObject * object, guint prop_id, GValue * value,
|
||||||
case PROP_TLS_VALIDATION_FLAGS:
|
case PROP_TLS_VALIDATION_FLAGS:
|
||||||
g_value_set_flags (value, rtspsrc->tls_validation_flags);
|
g_value_set_flags (value, rtspsrc->tls_validation_flags);
|
||||||
break;
|
break;
|
||||||
|
case PROP_TLS_DATABASE:
|
||||||
|
g_value_set_object (value, rtspsrc->tls_database);
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
|
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
|
||||||
break;
|
break;
|
||||||
|
@ -3713,6 +3739,10 @@ gst_rtsp_conninfo_connect (GstRTSPSrc * src, GstRTSPConnInfo * info,
|
||||||
if (!gst_rtsp_connection_set_tls_validation_flags (info->connection,
|
if (!gst_rtsp_connection_set_tls_validation_flags (info->connection,
|
||||||
src->tls_validation_flags))
|
src->tls_validation_flags))
|
||||||
GST_WARNING_OBJECT (src, "Unable to set TLS validation flags");
|
GST_WARNING_OBJECT (src, "Unable to set TLS validation flags");
|
||||||
|
|
||||||
|
if (src->tls_database)
|
||||||
|
gst_rtsp_connection_set_tls_database (info->connection,
|
||||||
|
src->tls_database);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (info->url->transports & GST_RTSP_LOWER_TRANS_HTTP)
|
if (info->url->transports & GST_RTSP_LOWER_TRANS_HTTP)
|
||||||
|
|
|
@ -228,6 +228,7 @@ struct _GstRTSPSrc {
|
||||||
gboolean use_pipeline_clock;
|
gboolean use_pipeline_clock;
|
||||||
GstStructure *sdes;
|
GstStructure *sdes;
|
||||||
GTlsCertificateFlags tls_validation_flags;
|
GTlsCertificateFlags tls_validation_flags;
|
||||||
|
GTlsDatabase *tls_database;
|
||||||
|
|
||||||
/* state */
|
/* state */
|
||||||
GstRTSPState state;
|
GstRTSPState state;
|
||||||
|
|
Loading…
Reference in a new issue