Chiebot-Mirror
/
FFmpeg
mirror of https://github.com/FFmpeg/FFmpeg.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

avformat: Add the tls protocol, using OpenSSL or gnutls

Browse Source 
Note, this protocol doesn't yet check verify the server
certificate against a local database of trusted CA root
certificates.

Signed-off-by: Martin Storsjö <martin@martin.st>
pull/2/head
Martin Storsjö 14 years ago
parent 1606e551ff
commit 558d192d23
5 changed files with 239 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      configure
  2. 1
      libavformat/Makefile
  3. 1
      libavformat/allformats.c
  4. 234
      libavformat/tls.c
  5. 2
      libavformat/version.h

2
configure vendored
Unescape View File

@ -1483,6 +1483,8 @@ mmst_protocol_deps="network"
rtmp_protocol_select="tcp_protocol"
rtp_protocol_select="udp_protocol"
tcp_protocol_deps="network"
tls_protocol_deps_any="openssl gnutls"
tls_protocol_select="tcp_protocol"
udp_protocol_deps="network"
# filters

1
libavformat/Makefile
Unescape View File

@ -334,6 +334,7 @@ OBJS-$(CONFIG_RTMP_PROTOCOL) += $(RTMP-OBJS-yes)
OBJS-$(CONFIG_RTP_PROTOCOL) += rtpproto.o
OBJS-$(CONFIG_TCP_PROTOCOL) += tcp.o
OBJS-$(CONFIG_TLS_PROTOCOL) += tls.o
OBJS-$(CONFIG_UDP_PROTOCOL) += udp.o
EXAMPLES = metadata output

1
libavformat/allformats.c
Unescape View File

@ -254,5 +254,6 @@ void av_register_all(void)
#endif
REGISTER_PROTOCOL (RTP, rtp);
REGISTER_PROTOCOL (TCP, tcp);
REGISTER_PROTOCOL (TLS, tls);
REGISTER_PROTOCOL (UDP, udp);
}

234
libavformat/tls.c
Unescape View File

@ -0,0 +1,234 @@
/*
* TLS/SSL Protocol
* Copyright (c) 2011 Martin Storsjo
*
* This file is part of Libav.
*
* Libav is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* Libav is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with Libav; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
#include "avformat.h"
#include "url.h"
#include "libavutil/avstring.h"
#if CONFIG_GNUTLS
#include <gnutls/gnutls.h>
#define TLS_read(c, buf, size) gnutls_record_recv(c->session, buf, size)
#define TLS_write(c, buf, size) gnutls_record_send(c->session, buf, size)
#define TLS_shutdown(c) gnutls_bye(c->session, GNUTLS_SHUT_RDWR)
#define TLS_free(c) do { \
if (c->session) \
gnutls_deinit(c->session); \
if (c->cred) \
gnutls_certificate_free_credentials(c->cred); \
} while (0)
#elif CONFIG_OPENSSL
#include <openssl/bio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#define TLS_read(c, buf, size) SSL_read(c->ssl, buf, size)
#define TLS_write(c, buf, size) SSL_write(c->ssl, buf, size)
#define TLS_shutdown(c) SSL_shutdown(c->ssl)
#define TLS_free(c) do { \
if (c->ssl) \
SSL_free(c->ssl); \
if (c->ctx) \
SSL_CTX_free(c->ctx); \
} while (0)
#endif
#include "network.h"
#include "os_support.h"
#include "internal.h"
#if HAVE_POLL_H
#include <poll.h>
#endif
typedef struct {
const AVClass *class;
URLContext *tcp;
#if CONFIG_GNUTLS
gnutls_session_t session;
gnutls_certificate_credentials_t cred;
#elif CONFIG_OPENSSL
SSL_CTX *ctx;
SSL *ssl;
#endif
int fd;
} TLSContext;
static int do_tls_poll(URLContext *h, int ret)
{
TLSContext *c = h->priv_data;
struct pollfd p = { c->fd, 0, 0 };
#if CONFIG_GNUTLS
if (ret != GNUTLS_E_AGAIN && ret != GNUTLS_E_INTERRUPTED) {
av_log(NULL, AV_LOG_ERROR, "%s\n", gnutls_strerror(ret));
return AVERROR(EIO);
}
if (gnutls_record_get_direction(c->session))
p.events = POLLOUT;
else
p.events = POLLIN;
#elif CONFIG_OPENSSL
ret = SSL_get_error(c->ssl, ret);
if (ret == SSL_ERROR_WANT_READ) {
p.events = POLLIN;
} else if (ret == SSL_ERROR_WANT_WRITE) {
p.events = POLLOUT;
} else {
av_log(NULL, AV_LOG_ERROR, "%s\n", ERR_error_string(ret, NULL));
return AVERROR(EIO);
}
#endif
if (h->flags & URL_FLAG_NONBLOCK)
return AVERROR(EAGAIN);
while (1) {
int n = poll(&p, 1, 100);
if (n > 0)
break;
if (url_interrupt_cb())
return AVERROR(EINTR);
}
return 0;
}
static int tls_open(URLContext *h, const char *uri, int flags)
{
TLSContext *c = h->priv_data;
int ret;
int port;
char buf[200], host[200];
int numerichost = 0;
struct addrinfo hints = { 0 }, *ai = NULL;
ff_tls_init();
av_url_split(NULL, 0, NULL, 0, host, sizeof(host), &port, NULL, 0, uri);
ff_url_join(buf, sizeof(buf), "tcp", NULL, host, port, NULL);
hints.ai_flags = AI_NUMERICHOST;
if (!getaddrinfo(host, NULL, &hints, &ai)) {
numerichost = 1;
freeaddrinfo(ai);
}
ret = ffurl_open(&c->tcp, buf, AVIO_FLAG_READ_WRITE);
if (ret)
goto fail;
c->fd = ffurl_get_file_handle(c->tcp);
#if CONFIG_GNUTLS
gnutls_init(&c->session, GNUTLS_CLIENT);
if (!numerichost)
gnutls_server_name_set(c->session, GNUTLS_NAME_DNS, host, strlen(host));
gnutls_certificate_allocate_credentials(&c->cred);
gnutls_certificate_set_verify_flags(c->cred, 0);
gnutls_credentials_set(c->session, GNUTLS_CRD_CERTIFICATE, c->cred);
gnutls_transport_set_ptr(c->session, (gnutls_transport_ptr_t)
(intptr_t) c->fd);
gnutls_priority_set_direct(c->session, "NORMAL", NULL);
while (1) {
ret = gnutls_handshake(c->session);
if (ret == 0)
break;
if ((ret = do_tls_poll(h, ret)) < 0)
goto fail;
}
#elif CONFIG_OPENSSL
c->ctx = SSL_CTX_new(SSLv3_client_method());
if (!c->ctx) {
av_log(NULL, AV_LOG_ERROR, "%s\n", ERR_error_string(ERR_get_error(), NULL));
ret = AVERROR(EIO);
goto fail;
}
c->ssl = SSL_new(c->ctx);
if (!c->ssl) {
av_log(NULL, AV_LOG_ERROR, "%s\n", ERR_error_string(ERR_get_error(), NULL));
ret = AVERROR(EIO);
goto fail;
}
SSL_set_fd(c->ssl, c->fd);
if (!numerichost)
SSL_set_tlsext_host_name(c->ssl, host);
while (1) {
ret = SSL_connect(c->ssl);
if (ret > 0)
break;
if (ret == 0) {
av_log(NULL, AV_LOG_ERROR, "Unable to negotiate TLS/SSL session\n");
ret = AVERROR(EIO);
goto fail;
}
if ((ret = do_tls_poll(h, ret)) < 0)
goto fail;
}
#endif
return 0;
fail:
TLS_free(c);
if (c->tcp)
ffurl_close(c->tcp);
ff_tls_deinit();
return ret;
}
static int tls_read(URLContext *h, uint8_t *buf, int size)
{
TLSContext *c = h->priv_data;
while (1) {
int ret = TLS_read(c, buf, size);
if (ret > 0)
return ret;
if (ret == 0)
return AVERROR(EIO);
if ((ret = do_tls_poll(h, ret)) < 0)
return ret;
}
return 0;
}
static int tls_write(URLContext *h, const uint8_t *buf, int size)
{
TLSContext *c = h->priv_data;
while (1) {
int ret = TLS_write(c, buf, size);
if (ret > 0)
return ret;
if (ret == 0)
return AVERROR(EIO);
if ((ret = do_tls_poll(h, ret)) < 0)
return ret;
}
return 0;
}
static int tls_close(URLContext *h)
{
TLSContext *c = h->priv_data;
TLS_shutdown(c);
TLS_free(c);
ffurl_close(c->tcp);
ff_tls_deinit();
return 0;
}
URLProtocol ff_tls_protocol = {
.name = "tls",
.url_open = tls_open,
.url_read = tls_read,
.url_write = tls_write,
.url_seek = NULL,
.url_close = tls_close,
.priv_data_size = sizeof(TLSContext),
};

2
libavformat/version.h
Unescape View File

@ -24,7 +24,7 @@
#include "libavutil/avutil.h"
#define LIBAVFORMAT_VERSION_MAJOR 53
#define LIBAVFORMAT_VERSION_MINOR 10
#define LIBAVFORMAT_VERSION_MINOR 11
#define LIBAVFORMAT_VERSION_MICRO 0
#define LIBAVFORMAT_VERSION_INT AV_VERSION_INT(LIBAVFORMAT_VERSION_MAJOR, \

Write Preview
Loading…
Cancel
Save