souphttpsrc: forward accept-certificate signal from libsoup-3

With libsoup 2.x, it was possible to know when there was a TLS failure, as
libsoup provided the "special http status code" SOUP_STATUS_SSL_FAILED.

However these special codes were dropped with libsoup 3.x: now libsoup emits
the accept-certificate signal when there's a TLS failure.

This commit adds a signal "accept-certificate" to SoupHttpSrc, which is in fact
just about forwarding the signal from SoupMessage (which is, itself, forwarded
from GTlsConnection). Note that, in case of libsoup 2.x, the signal is never
emitted.

Fixes: #2379
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4925>

subprojects/gst-plugins-good/docs/gst_plugins_cache.json

@@ -23655,7 +23655,23 @@
                         "writable": true
                     }
                 },
-                "rank": "primary"
+                "rank": "primary",
+                "signals": {
+                    "accept-certificate": {
+                        "args": [
+                            {
+                                "name": "arg0",
+                                "type": "GTlsCertificate"
+                            },
+                            {
+                                "name": "arg1",
+                                "type": "GTlsCertificateFlags"
+                            }
+                        ],
+                        "return-type": "gboolean",
+                        "when": "last"
+                    }
+                }
             }
         },
         "filename": "gstsoup",

subprojects/gst-plugins-good/ext/soup/gstsouphttpsrc.c

@@ -198,6 +198,14 @@ enum
   PROP_TLS_INTERACTION,
 };
 
+enum
+{
+  SIGNAL_ACCEPT_CERTIFICATE,
+  LAST_SIGNAL,
+};
+
+static guint gst_soup_http_src_signals[LAST_SIGNAL] = { 0 };
+
 #define DEFAULT_USER_AGENT           "GStreamer souphttpsrc " PACKAGE_VERSION " "
 #define DEFAULT_IRADIO_MODE          TRUE
 #define DEFAULT_SOUP_LOG_LEVEL       SOUP_LOGGER_LOG_HEADERS
@@ -497,6 +505,27 @@ gst_soup_http_src_class_init (GstSoupHTTPSrcClass * klass)
           "The HTTP method to use (GET, HEAD, OPTIONS, etc)",
           DEFAULT_SOUP_METHOD, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
 
+  /**
+   * GstSoupHTTPSrc::accept-certificate:
+   * @souphttpsrc: a #GstSoupHTTPSrc
+   * @peer_cert: the peer's #GTlsCertificate
+   * @errors: the problems with @peer_cert
+   *
+   * This will directly map to #SoupMessage 's "accept-certificate" after
+   * an unacceptable TLS certificate has been received, and only for libsoup 3.x
+   * or above. If "ssl-strict" was set to %FALSE, this signal will not be
+   * emitted.
+   *
+   * Returns: %TRUE to accept the TLS certificate and stop other handlers from
+   * being invoked, or %FALSE to propagate the event further.
+   *
+   * Since: 1.24
+   */
+  gst_soup_http_src_signals[SIGNAL_ACCEPT_CERTIFICATE] =
+      g_signal_new ("accept-certificate", G_TYPE_FROM_CLASS (klass),
+      G_SIGNAL_RUN_LAST, 0, g_signal_accumulator_true_handled, NULL, NULL,
+      G_TYPE_BOOLEAN, 2, G_TYPE_TLS_CERTIFICATE, G_TYPE_TLS_CERTIFICATE_FLAGS);
+
   gst_element_class_add_static_pad_template (gstelement_class, &srctemplate);
 
   gst_element_class_set_static_metadata (gstelement_class, "HTTP client source",
@@ -1312,6 +1341,7 @@ gst_soup_http_src_accept_certificate_cb (SoupMessage * msg,
     gpointer user_data)
 {
   GstSoupHTTPSrc *src = user_data;
+  gboolean accept = FALSE;
 
   /* Might be from another user of the shared session */
   if (!GST_IS_SOUP_HTTP_SRC (src) || msg != src->msg)
@@ -1321,7 +1351,10 @@ gst_soup_http_src_accept_certificate_cb (SoupMessage * msg,
   if (!src->ssl_strict)
     return TRUE;
 
-  return FALSE;
+  g_signal_emit (src, gst_soup_http_src_signals[SIGNAL_ACCEPT_CERTIFICATE], 0,
+      tls_certificate, tls_errors, &accept);
+
+  return accept;
 }
 
 static void