mirror of
https://gitlab.freedesktop.org/gstreamer/gstreamer.git
synced 2024-12-23 16:50:47 +00:00
335 lines
10 KiB
C
335 lines
10 KiB
C
/* GStreamer
|
|
* Copyright (C) 2011 Axis Communications <dev-gstreamer@axis.com>
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Library General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Library General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Library General Public
|
|
* License along with this library; if not, write to the
|
|
* Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
|
|
* Boston, MA 02110-1301, USA.
|
|
*/
|
|
|
|
/**
|
|
* SECTION:element-curltlssink
|
|
* @title: curltlssink
|
|
* @short_description: sink that uploads data to a server using libcurl
|
|
*
|
|
* This is a network sink that uses libcurl.
|
|
*
|
|
*/
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
#include "config.h"
|
|
#endif
|
|
|
|
#include <curl/curl.h>
|
|
#include <string.h>
|
|
#include <stdio.h>
|
|
|
|
#if HAVE_SYS_SOCKET_H
|
|
#include <sys/socket.h>
|
|
#endif
|
|
#include <sys/types.h>
|
|
#if HAVE_NETINET_IN_H
|
|
#include <netinet/in.h>
|
|
#endif
|
|
#include <unistd.h>
|
|
#if HAVE_NETINET_IP_H
|
|
#include <netinet/ip.h>
|
|
#endif
|
|
#if HAVE_NETINET_TCP_H
|
|
#include <netinet/tcp.h>
|
|
#endif
|
|
#include <sys/stat.h>
|
|
#include <fcntl.h>
|
|
|
|
#include "gstcurlbasesink.h"
|
|
#include "gstcurltlssink.h"
|
|
|
|
/* Default values */
|
|
#define GST_CAT_DEFAULT gst_curl_tls_sink_debug
|
|
#define DEFAULT_INSECURE TRUE
|
|
|
|
|
|
/* Plugin specific settings */
|
|
|
|
GST_DEBUG_CATEGORY_STATIC (gst_curl_tls_sink_debug);
|
|
|
|
enum
|
|
{
|
|
PROP_0,
|
|
PROP_CA_CERT,
|
|
PROP_CA_PATH,
|
|
PROP_CRYPTO_ENGINE,
|
|
PROP_INSECURE
|
|
};
|
|
|
|
|
|
/* Object class function declarations */
|
|
|
|
static void gst_curl_tls_sink_set_property (GObject * object, guint prop_id,
|
|
const GValue * value, GParamSpec * pspec);
|
|
static void gst_curl_tls_sink_get_property (GObject * object, guint prop_id,
|
|
GValue * value, GParamSpec * pspec);
|
|
static void gst_curl_tls_sink_finalize (GObject * gobject);
|
|
static gboolean gst_curl_tls_sink_set_options_unlocked
|
|
(GstCurlBaseSink * bcsink);
|
|
|
|
#define gst_curl_tls_sink_parent_class parent_class
|
|
G_DEFINE_TYPE (GstCurlTlsSink, gst_curl_tls_sink, GST_TYPE_CURL_BASE_SINK);
|
|
|
|
/* private functions */
|
|
|
|
static void
|
|
gst_curl_tls_sink_class_init (GstCurlTlsSinkClass * klass)
|
|
{
|
|
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
|
|
GstElementClass *element_class = GST_ELEMENT_CLASS (klass);
|
|
|
|
GST_DEBUG_CATEGORY_INIT (gst_curl_tls_sink_debug, "curltlssink", 0,
|
|
"curl tls sink element");
|
|
GST_DEBUG_OBJECT (klass, "class_init");
|
|
|
|
gst_element_class_set_static_metadata (element_class,
|
|
"Curl tls sink",
|
|
"Sink/Network",
|
|
"Upload data over TLS protocol using libcurl",
|
|
"Patricia Muscalu <patricia@axis.com>");
|
|
|
|
gobject_class->finalize = GST_DEBUG_FUNCPTR (gst_curl_tls_sink_finalize);
|
|
|
|
gobject_class->set_property = gst_curl_tls_sink_set_property;
|
|
gobject_class->get_property = gst_curl_tls_sink_get_property;
|
|
|
|
klass->set_options_unlocked = gst_curl_tls_sink_set_options_unlocked;
|
|
|
|
g_object_class_install_property (gobject_class, PROP_CA_CERT,
|
|
g_param_spec_string ("ca-cert",
|
|
"CA certificate",
|
|
"CA certificate to use in order to verify the peer",
|
|
NULL, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
|
|
|
|
g_object_class_install_property (gobject_class, PROP_CA_PATH,
|
|
g_param_spec_string ("ca-path",
|
|
"CA path",
|
|
"CA directory path to use in order to verify the peer",
|
|
NULL, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
|
|
g_object_class_install_property (gobject_class, PROP_CRYPTO_ENGINE,
|
|
g_param_spec_string ("crypto-engine",
|
|
"OpenSSL crypto engine",
|
|
"OpenSSL crypto engine to use for cipher operations",
|
|
NULL, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
|
|
g_object_class_install_property (gobject_class, PROP_INSECURE,
|
|
g_param_spec_boolean ("insecure",
|
|
"Perform insecure SSL connections",
|
|
"Allow curl to perform insecure SSL connections",
|
|
DEFAULT_INSECURE, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
|
|
|
|
gst_type_mark_as_plugin_api (GST_TYPE_CURL_TLS_SINK, 0);
|
|
}
|
|
|
|
static void
|
|
gst_curl_tls_sink_init (GstCurlTlsSink * sink)
|
|
{
|
|
sink->ca_cert = NULL;
|
|
sink->ca_path = NULL;
|
|
sink->crypto_engine = NULL;
|
|
sink->insecure = DEFAULT_INSECURE;
|
|
}
|
|
|
|
static void
|
|
gst_curl_tls_sink_finalize (GObject * gobject)
|
|
{
|
|
GstCurlTlsSink *this = GST_CURL_TLS_SINK (gobject);
|
|
|
|
GST_DEBUG ("finalizing curltlssink");
|
|
|
|
g_free (this->ca_cert);
|
|
g_free (this->ca_path);
|
|
g_free (this->crypto_engine);
|
|
|
|
G_OBJECT_CLASS (parent_class)->finalize (gobject);
|
|
}
|
|
|
|
static void
|
|
gst_curl_tls_sink_set_property (GObject * object, guint prop_id,
|
|
const GValue * value, GParamSpec * pspec)
|
|
{
|
|
GstCurlTlsSink *sink;
|
|
GstState cur_state;
|
|
|
|
g_return_if_fail (GST_IS_CURL_TLS_SINK (object));
|
|
sink = GST_CURL_TLS_SINK (object);
|
|
|
|
gst_element_get_state (GST_ELEMENT (sink), &cur_state, NULL, 0);
|
|
if (cur_state != GST_STATE_PLAYING && cur_state != GST_STATE_PAUSED) {
|
|
GST_OBJECT_LOCK (sink);
|
|
|
|
switch (prop_id) {
|
|
case PROP_CA_CERT:
|
|
g_free (sink->ca_cert);
|
|
sink->ca_cert = g_value_dup_string (value);
|
|
sink->insecure = FALSE;
|
|
GST_DEBUG_OBJECT (sink, "ca_cert set to %s", sink->ca_cert);
|
|
break;
|
|
case PROP_CA_PATH:
|
|
g_free (sink->ca_path);
|
|
sink->ca_path = g_value_dup_string (value);
|
|
sink->insecure = FALSE;
|
|
GST_DEBUG_OBJECT (sink, "ca_path set to %s", sink->ca_path);
|
|
break;
|
|
case PROP_CRYPTO_ENGINE:
|
|
g_free (sink->crypto_engine);
|
|
sink->crypto_engine = g_value_dup_string (value);
|
|
GST_DEBUG_OBJECT (sink, "crypto_engine set to %s", sink->crypto_engine);
|
|
break;
|
|
case PROP_INSECURE:
|
|
sink->insecure = g_value_get_boolean (value);
|
|
GST_DEBUG_OBJECT (sink, "insecure set to %d", sink->insecure);
|
|
break;
|
|
}
|
|
|
|
GST_OBJECT_UNLOCK (sink);
|
|
|
|
return;
|
|
}
|
|
|
|
GST_OBJECT_UNLOCK (sink);
|
|
}
|
|
|
|
static void
|
|
gst_curl_tls_sink_get_property (GObject * object, guint prop_id,
|
|
GValue * value, GParamSpec * pspec)
|
|
{
|
|
GstCurlTlsSink *sink;
|
|
|
|
g_return_if_fail (GST_IS_CURL_TLS_SINK (object));
|
|
sink = GST_CURL_TLS_SINK (object);
|
|
|
|
switch (prop_id) {
|
|
case PROP_CA_CERT:
|
|
g_value_set_string (value, sink->ca_cert);
|
|
break;
|
|
case PROP_CA_PATH:
|
|
g_value_set_string (value, sink->ca_path);
|
|
break;
|
|
case PROP_CRYPTO_ENGINE:
|
|
g_value_set_string (value, sink->crypto_engine);
|
|
break;
|
|
case PROP_INSECURE:
|
|
g_value_set_boolean (value, sink->insecure);
|
|
break;
|
|
default:
|
|
GST_DEBUG_OBJECT (sink, "invalid property id");
|
|
break;
|
|
}
|
|
}
|
|
|
|
static gboolean
|
|
gst_curl_tls_sink_set_options_unlocked (GstCurlBaseSink * bcsink)
|
|
{
|
|
GstCurlTlsSink *sink = GST_CURL_TLS_SINK (bcsink);
|
|
CURLcode res;
|
|
|
|
if (!g_str_has_prefix (bcsink->url, "http")) {
|
|
res = curl_easy_setopt (bcsink->curl, CURLOPT_USE_SSL, CURLUSESSL_ALL);
|
|
if (res != CURLE_OK) {
|
|
bcsink->error = g_strdup_printf ("failed to set SSL level: %s",
|
|
curl_easy_strerror (res));
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
/* crypto engine */
|
|
if ((sink->crypto_engine == NULL) ||
|
|
(strcmp (sink->crypto_engine, "auto") == 0)) {
|
|
res = curl_easy_setopt (bcsink->curl, CURLOPT_SSLENGINE_DEFAULT, 1L);
|
|
if (res != CURLE_OK) {
|
|
bcsink->error =
|
|
g_strdup_printf ("failed to set default crypto engine: %s",
|
|
curl_easy_strerror (res));
|
|
return FALSE;
|
|
}
|
|
} else {
|
|
res = curl_easy_setopt (bcsink->curl, CURLOPT_SSLENGINE,
|
|
sink->crypto_engine);
|
|
if (res != CURLE_OK) {
|
|
bcsink->error = g_strdup_printf ("failed to set crypto engine: %s",
|
|
curl_easy_strerror (res));
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
/* note that, using ca-path can allow libcurl to make SSL-connections much
|
|
* more efficiently than using ca-cert if the ca-cert file contains many CA
|
|
* certificates. */
|
|
if (sink->ca_cert != NULL && strlen (sink->ca_cert)) {
|
|
GST_DEBUG ("setting ca cert");
|
|
res = curl_easy_setopt (bcsink->curl, CURLOPT_CAINFO, sink->ca_cert);
|
|
if (res != CURLE_OK) {
|
|
bcsink->error = g_strdup_printf ("failed to set certificate: %s",
|
|
curl_easy_strerror (res));
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
if (sink->ca_path != NULL && strlen (sink->ca_path)) {
|
|
GST_DEBUG ("setting ca path");
|
|
res = curl_easy_setopt (bcsink->curl, CURLOPT_CAPATH, sink->ca_path);
|
|
if (res != CURLE_OK) {
|
|
bcsink->error = g_strdup_printf ("failed to set certificate path: %s",
|
|
curl_easy_strerror (res));
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
if (!sink->insecure) {
|
|
/* identify authenticity of the peer's certificate */
|
|
res = curl_easy_setopt (bcsink->curl, CURLOPT_SSL_VERIFYPEER, 1L);
|
|
if (res != CURLE_OK) {
|
|
bcsink->error = g_strdup_printf ("failed to set verification of peer: %s",
|
|
curl_easy_strerror (res));
|
|
return FALSE;
|
|
}
|
|
/* when CURLOPT_SSL_VERIFYHOST is 2, the commonName or subjectAltName
|
|
* fields are verified */
|
|
res = curl_easy_setopt (bcsink->curl, CURLOPT_SSL_VERIFYHOST, 2L);
|
|
if (res != CURLE_OK) {
|
|
bcsink->error =
|
|
g_strdup_printf
|
|
("failed to set verification of server certificate: %s",
|
|
curl_easy_strerror (res));
|
|
return FALSE;
|
|
}
|
|
} else {
|
|
/* allow "insecure" SSL connections and transfers */
|
|
if (sink->insecure) {
|
|
res = curl_easy_setopt (bcsink->curl, CURLOPT_SSL_VERIFYPEER, 0L);
|
|
if (res != CURLE_OK) {
|
|
bcsink->error =
|
|
g_strdup_printf ("failed to set verification of peer: %s",
|
|
curl_easy_strerror (res));
|
|
return FALSE;
|
|
}
|
|
|
|
res = curl_easy_setopt (bcsink->curl, CURLOPT_SSL_VERIFYHOST, 0L);
|
|
if (res != CURLE_OK) {
|
|
bcsink->error =
|
|
g_strdup_printf
|
|
("failed to set verification of server certificate: %s",
|
|
curl_easy_strerror (res));
|
|
return FALSE;
|
|
}
|
|
}
|
|
}
|
|
|
|
return TRUE;
|
|
}
|