mirror of
https://gitlab.freedesktop.org/gstreamer/gstreamer.git
synced 2025-01-11 09:55:36 +00:00
rtspconnection: Allow setting a custom accept-certificate function for manually checking a TLS certificate for validity
https://bugzilla.gnome.org/show_bug.cgi?id=785024
This commit is contained in:
Sebastian Dröge
parent
f1c44332d5
commit
9c2d5e863e
3 changed files with 55 additions and 0 deletions
|
|
@ -161,6 +161,10 @@ struct _GstRTSPConnection
|
||||||
GTlsDatabase *tls_database;
|
GTlsDatabase *tls_database;
|
||||||
GTlsInteraction *tls_interaction;
|
GTlsInteraction *tls_interaction;
|
||||||
|
|
||||||
|
GstRTSPConnectionAcceptCertificateFunc accept_certificate_func;
|
||||||
|
GDestroyNotify accept_certificate_destroy_notify;
|
||||||
|
gpointer accept_certificate_user_data;
|
||||||
|
|
||||||
DecodeCtx ctx;
|
DecodeCtx ctx;
|
||||||
DecodeCtx *ctxp;
|
DecodeCtx *ctxp;
|
||||||
|
|
||||||
|
|
@ -244,6 +248,14 @@ tls_accept_certificate (GTlsConnection * conn, GTlsCertificate * peer_cert,
|
||||||
GST_DEBUG ("Peer certificate not accepted (errors: 0x%08X)", errors);
|
GST_DEBUG ("Peer certificate not accepted (errors: 0x%08X)", errors);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!accept && rtspconn->accept_certificate_func) {
|
||||||
|
accept =
|
||||||
|
rtspconn->accept_certificate_func (conn, peer_cert, errors,
|
||||||
|
rtspconn->accept_certificate_user_data);
|
||||||
|
GST_DEBUG ("Peer certificate %saccepted by accept-certificate function",
|
||||||
|
accept ? "" : "not ");
|
||||||
|
}
|
||||||
|
|
||||||
return accept;
|
return accept;
|
||||||
|
|
||||||
/* ERRORS */
|
/* ERRORS */
|
||||||
|
|
@ -687,6 +699,35 @@ gst_rtsp_connection_get_tls_interaction (GstRTSPConnection * conn)
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* gst_rtsp_connection_set_accept_certificate_func:
|
||||||
|
* @conn: a #GstRTSPConnection
|
||||||
|
* @func: a #GstRTSPConnectionAcceptCertificateFunc to check certificates
|
||||||
|
* @destroy_notify: #GDestroyNotify for @user_data
|
||||||
|
* @user_data: User data passed to @func
|
||||||
|
*
|
||||||
|
* Sets a custom accept-certificate function for checking certificates for
|
||||||
|
* validity. This will directly map to #GTlsConnection 's "accept-certificate"
|
||||||
|
* signal and be performed after the default checks of #GstRTSPConnection
|
||||||
|
* (checking against the #GTlsDatabase with the given #GTlsCertificateFlags)
|
||||||
|
* have failed. If no #GTlsDatabase is set on this connection, only @func will
|
||||||
|
* be called.
|
||||||
|
*
|
||||||
|
* Since: 1.14
|
||||||
|
*/
|
||||||
|
void
|
||||||
|
gst_rtsp_connection_set_accept_certificate_func (GstRTSPConnection * conn,
|
||||||
|
GstRTSPConnectionAcceptCertificateFunc func,
|
||||||
|
gpointer user_data, GDestroyNotify destroy_notify)
|
||||||
|
{
|
||||||
|
if (conn->accept_certificate_destroy_notify)
|
||||||
|
conn->
|
||||||
|
accept_certificate_destroy_notify (conn->accept_certificate_user_data);
|
||||||
|
conn->accept_certificate_func = func;
|
||||||
|
conn->accept_certificate_user_data = user_data;
|
||||||
|
conn->accept_certificate_destroy_notify = destroy_notify;
|
||||||
|
}
|
||||||
|
|
||||||
static GstRTSPResult
|
static GstRTSPResult
|
||||||
setup_tunneling (GstRTSPConnection * conn, GTimeVal * timeout, gchar * uri,
|
setup_tunneling (GstRTSPConnection * conn, GTimeVal * timeout, gchar * uri,
|
||||||
GstRTSPMessage * response)
|
GstRTSPMessage * response)
|
||||||
|
|
@ -2380,6 +2421,9 @@ gst_rtsp_connection_free (GstRTSPConnection * conn)
|
||||||
g_object_unref (conn->tls_database);
|
g_object_unref (conn->tls_database);
|
||||||
if (conn->tls_interaction)
|
if (conn->tls_interaction)
|
||||||
g_object_unref (conn->tls_interaction);
|
g_object_unref (conn->tls_interaction);
|
||||||
|
if (conn->accept_certificate_destroy_notify)
|
||||||
|
conn->
|
||||||
|
accept_certificate_destroy_notify (conn->accept_certificate_user_data);
|
||||||
|
|
||||||
g_timer_destroy (conn->timer);
|
g_timer_destroy (conn->timer);
|
||||||
gst_rtsp_url_free (conn->url);
|
gst_rtsp_url_free (conn->url);
|
||||||
|
|
|
||||||
|
|
@ -110,6 +110,16 @@ void gst_rtsp_connection_set_tls_interaction (GstRTSPConnection
|
||||||
GST_EXPORT
|
GST_EXPORT
|
||||||
GTlsInteraction * gst_rtsp_connection_get_tls_interaction (GstRTSPConnection * conn);
|
GTlsInteraction * gst_rtsp_connection_get_tls_interaction (GstRTSPConnection * conn);
|
||||||
|
|
||||||
|
typedef gboolean (*GstRTSPConnectionAcceptCertificateFunc) (GTlsConnection *conn,
|
||||||
|
GTlsCertificate *peer_cert,
|
||||||
|
GTlsCertificateFlags errors,
|
||||||
|
gpointer user_data);
|
||||||
|
GST_EXPORT
|
||||||
|
void gst_rtsp_connection_set_accept_certificate_func (GstRTSPConnection * conn,
|
||||||
|
GstRTSPConnectionAcceptCertificateFunc func,
|
||||||
|
gpointer user_data,
|
||||||
|
GDestroyNotify destroy_notify);
|
||||||
|
|
||||||
/* sending/receiving raw bytes */
|
/* sending/receiving raw bytes */
|
||||||
|
|
||||||
GST_EXPORT
|
GST_EXPORT
|
||||||
|
|
|
||||||
|
|
@ -32,6 +32,7 @@ EXPORTS
|
||||||
gst_rtsp_connection_receive
|
gst_rtsp_connection_receive
|
||||||
gst_rtsp_connection_reset_timeout
|
gst_rtsp_connection_reset_timeout
|
||||||
gst_rtsp_connection_send
|
gst_rtsp_connection_send
|
||||||
|
gst_rtsp_connection_set_accept_certificate_func
|
||||||
gst_rtsp_connection_set_auth
|
gst_rtsp_connection_set_auth
|
||||||
gst_rtsp_connection_set_auth_param
|
gst_rtsp_connection_set_auth_param
|
||||||
gst_rtsp_connection_set_http_mode
|
gst_rtsp_connection_set_http_mode
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue