gstreamer/ext/curl/gstcurltlssink.c

333 lines
9.9 KiB
C

/* GStreamer
* Copyright (C) 2011 Axis Communications <dev-gstreamer@axis.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public
* License along with this library; if not, write to the
* Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
/**
* SECTION:element-curltlssink
* @short_description: sink that uploads data to a server using libcurl
* @see_also:
*
* This is a network sink that uses libcurl.
*
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <curl/curl.h>
#include <string.h>
#include <stdio.h>
#if HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#include <sys/types.h>
#if HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#include <unistd.h>
#if HAVE_NETINET_IP_H
#include <netinet/ip.h>
#endif
#if HAVE_NETINET_TCP_H
#include <netinet/tcp.h>
#endif
#include <sys/stat.h>
#include <fcntl.h>
#include "gstcurlbasesink.h"
#include "gstcurltlssink.h"
/* Default values */
#define GST_CAT_DEFAULT gst_curl_tls_sink_debug
#define DEFAULT_INSECURE TRUE
/* Plugin specific settings */
GST_DEBUG_CATEGORY_STATIC (gst_curl_tls_sink_debug);
enum
{
PROP_0,
PROP_CA_CERT,
PROP_CA_PATH,
PROP_CRYPTO_ENGINE,
PROP_INSECURE
};
/* Object class function declarations */
static void gst_curl_tls_sink_set_property (GObject * object, guint prop_id,
const GValue * value, GParamSpec * pspec);
static void gst_curl_tls_sink_get_property (GObject * object, guint prop_id,
GValue * value, GParamSpec * pspec);
static void gst_curl_tls_sink_finalize (GObject * gobject);
static gboolean gst_curl_tls_sink_set_options_unlocked
(GstCurlBaseSink * bcsink);
#define gst_curl_tls_sink_parent_class parent_class
G_DEFINE_TYPE (GstCurlTlsSink, gst_curl_tls_sink, GST_TYPE_CURL_BASE_SINK);
/* private functions */
static void
gst_curl_tls_sink_class_init (GstCurlTlsSinkClass * klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
GstElementClass *element_class = GST_ELEMENT_CLASS (klass);
GST_DEBUG_CATEGORY_INIT (gst_curl_tls_sink_debug, "curltlssink", 0,
"curl tls sink element");
GST_DEBUG_OBJECT (klass, "class_init");
gst_element_class_set_static_metadata (element_class,
"Curl tls sink",
"Sink/Network",
"Upload data over TLS protocol using libcurl",
"Patricia Muscalu <patricia@axis.com>");
gobject_class->finalize = GST_DEBUG_FUNCPTR (gst_curl_tls_sink_finalize);
gobject_class->set_property = gst_curl_tls_sink_set_property;
gobject_class->get_property = gst_curl_tls_sink_get_property;
klass->set_options_unlocked = gst_curl_tls_sink_set_options_unlocked;
g_object_class_install_property (gobject_class, PROP_CA_CERT,
g_param_spec_string ("ca-cert",
"CA certificate",
"CA certificate to use in order to verify the peer",
NULL, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
g_object_class_install_property (gobject_class, PROP_CA_PATH,
g_param_spec_string ("ca-path",
"CA path",
"CA directory path to use in order to verify the peer",
NULL, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
g_object_class_install_property (gobject_class, PROP_CRYPTO_ENGINE,
g_param_spec_string ("crypto-engine",
"OpenSSL crypto engine",
"OpenSSL crypto engine to use for cipher operations",
NULL, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
g_object_class_install_property (gobject_class, PROP_INSECURE,
g_param_spec_boolean ("insecure",
"Perform insecure SSL connections",
"Allow curl to perform insecure SSL connections",
DEFAULT_INSECURE, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
}
static void
gst_curl_tls_sink_init (GstCurlTlsSink * sink)
{
sink->ca_cert = NULL;
sink->ca_path = NULL;
sink->crypto_engine = NULL;
sink->insecure = DEFAULT_INSECURE;
}
static void
gst_curl_tls_sink_finalize (GObject * gobject)
{
GstCurlTlsSink *this = GST_CURL_TLS_SINK (gobject);
GST_DEBUG ("finalizing curltlssink");
g_free (this->ca_cert);
g_free (this->ca_path);
g_free (this->crypto_engine);
G_OBJECT_CLASS (parent_class)->finalize (gobject);
}
static void
gst_curl_tls_sink_set_property (GObject * object, guint prop_id,
const GValue * value, GParamSpec * pspec)
{
GstCurlTlsSink *sink;
GstState cur_state;
g_return_if_fail (GST_IS_CURL_TLS_SINK (object));
sink = GST_CURL_TLS_SINK (object);
gst_element_get_state (GST_ELEMENT (sink), &cur_state, NULL, 0);
if (cur_state != GST_STATE_PLAYING && cur_state != GST_STATE_PAUSED) {
GST_OBJECT_LOCK (sink);
switch (prop_id) {
case PROP_CA_CERT:
g_free (sink->ca_cert);
sink->ca_cert = g_value_dup_string (value);
sink->insecure = FALSE;
GST_DEBUG_OBJECT (sink, "ca_cert set to %s", sink->ca_cert);
break;
case PROP_CA_PATH:
g_free (sink->ca_path);
sink->ca_path = g_value_dup_string (value);
sink->insecure = FALSE;
GST_DEBUG_OBJECT (sink, "ca_path set to %s", sink->ca_path);
break;
case PROP_CRYPTO_ENGINE:
g_free (sink->crypto_engine);
sink->crypto_engine = g_value_dup_string (value);
GST_DEBUG_OBJECT (sink, "crypto_engine set to %s", sink->crypto_engine);
break;
case PROP_INSECURE:
sink->insecure = g_value_get_boolean (value);
GST_DEBUG_OBJECT (sink, "insecure set to %d", sink->insecure);
break;
}
GST_OBJECT_UNLOCK (sink);
return;
}
GST_OBJECT_UNLOCK (sink);
}
static void
gst_curl_tls_sink_get_property (GObject * object, guint prop_id,
GValue * value, GParamSpec * pspec)
{
GstCurlTlsSink *sink;
g_return_if_fail (GST_IS_CURL_TLS_SINK (object));
sink = GST_CURL_TLS_SINK (object);
switch (prop_id) {
case PROP_CA_CERT:
g_value_set_string (value, sink->ca_cert);
break;
case PROP_CA_PATH:
g_value_set_string (value, sink->ca_path);
break;
case PROP_CRYPTO_ENGINE:
g_value_set_string (value, sink->crypto_engine);
break;
case PROP_INSECURE:
g_value_set_boolean (value, sink->insecure);
break;
default:
GST_DEBUG_OBJECT (sink, "invalid property id");
break;
}
}
static gboolean
gst_curl_tls_sink_set_options_unlocked (GstCurlBaseSink * bcsink)
{
GstCurlTlsSink *sink = GST_CURL_TLS_SINK (bcsink);
CURLcode res;
if (!g_str_has_prefix (bcsink->url, "http")) {
res = curl_easy_setopt (bcsink->curl, CURLOPT_USE_SSL, CURLUSESSL_ALL);
if (res != CURLE_OK) {
bcsink->error = g_strdup_printf ("failed to set SSL level: %s",
curl_easy_strerror (res));
return FALSE;
}
}
/* crypto engine */
if ((g_strcmp0 (sink->crypto_engine, "auto") == 0) ||
(sink->crypto_engine == NULL)) {
res = curl_easy_setopt (bcsink->curl, CURLOPT_SSLENGINE_DEFAULT, 1L);
if (res != CURLE_OK) {
bcsink->error =
g_strdup_printf ("failed to set default crypto engine: %s",
curl_easy_strerror (res));
return FALSE;
}
} else {
res = curl_easy_setopt (bcsink->curl, CURLOPT_SSLENGINE,
sink->crypto_engine);
if (res != CURLE_OK) {
bcsink->error = g_strdup_printf ("failed to set crypto engine: %s",
curl_easy_strerror (res));
return FALSE;
}
}
/* note that, using ca-path can allow libcurl to make SSL-connections much
* more efficiently than using ca-cert if the ca-cert file contains many CA
* certificates. */
if (sink->ca_cert != NULL && strlen (sink->ca_cert)) {
GST_DEBUG ("setting ca cert");
res = curl_easy_setopt (bcsink->curl, CURLOPT_CAINFO, sink->ca_cert);
if (res != CURLE_OK) {
bcsink->error = g_strdup_printf ("failed to set certificate: %s",
curl_easy_strerror (res));
return FALSE;
}
}
if (sink->ca_path != NULL && strlen (sink->ca_path)) {
GST_DEBUG ("setting ca path");
res = curl_easy_setopt (bcsink->curl, CURLOPT_CAPATH, sink->ca_path);
if (res != CURLE_OK) {
bcsink->error = g_strdup_printf ("failed to set certificate path: %s",
curl_easy_strerror (res));
return FALSE;
}
}
if (!sink->insecure) {
/* identify authenticity of the peer's certificate */
res = curl_easy_setopt (bcsink->curl, CURLOPT_SSL_VERIFYPEER, 1L);
if (res != CURLE_OK) {
bcsink->error = g_strdup_printf ("failed to set verification of peer: %s",
curl_easy_strerror (res));
return FALSE;
}
/* when CURLOPT_SSL_VERIFYHOST is 2, the commonName or subjectAltName
* fields are verified */
res = curl_easy_setopt (bcsink->curl, CURLOPT_SSL_VERIFYHOST, 2L);
if (res != CURLE_OK) {
bcsink->error =
g_strdup_printf
("failed to set verification of server certificate: %s",
curl_easy_strerror (res));
return FALSE;
}
} else {
/* allow "insecure" SSL connections and transfers */
if (sink->insecure) {
res = curl_easy_setopt (bcsink->curl, CURLOPT_SSL_VERIFYPEER, 0L);
if (res != CURLE_OK) {
bcsink->error =
g_strdup_printf ("failed to set verification of peer: %s",
curl_easy_strerror (res));
return FALSE;
}
res = curl_easy_setopt (bcsink->curl, CURLOPT_SSL_VERIFYHOST, 0L);
if (res != CURLE_OK) {
bcsink->error =
g_strdup_printf
("failed to set verification of server certificate: %s",
curl_easy_strerror (res));
return FALSE;
}
}
}
return TRUE;
}