static int rtsp_write_packet(AVFormatContext *s, AVPacket *pkt)
{
RTSPState *rt = s->priv_data;
RTSPStream *rtsp_st;
int n;
struct pollfd p = {ffurl_get_file_handle(rt->rtsp_hd), POLLIN, 0};
AVFormatContext *rtpctx;
int ret;
while (1) {
n = poll(&p, 1, 0);
if (n <= 0)
break;
if (p.revents & POLLIN) {
RTSPMessageHeader reply;
/* Don't let ff_rtsp_read_reply handle interleaved packets,
* since it would block and wait for an RTSP reply on the socket
* (which may not be coming any time soon) if it handles
* interleaved packets internally. */
ret = ff_rtsp_read_reply(s, &reply, NULL, 1, NULL);
if (ret < 0)
return AVERROR(EPIPE);
if (ret == 1)
ff_rtsp_skip_packet(s);
/* XXX: parse message */
if (rt->state != RTSP_STATE_STREAMING)
return AVERROR(EPIPE);
}
}
if (pkt->stream_index < 0 || pkt->stream_index >= rt->nb_rtsp_streams)
return AVERROR_INVALIDDATA;
rtsp_st = rt->rtsp_streams[pkt->stream_index];
rtpctx = rtsp_st->transport_priv;
ret = ff_write_chained(rtpctx, 0, pkt, s);
/* ff_write_chained does all the RTP packetization. If using TCP as
* transport, rtpctx->pb is only a dyn_packet_buf that queues up the
* packets, so we need to send them out on the TCP connection separately.
*/
if (!ret && rt->lower_transport == RTSP_LOWER_TRANSPORT_TCP)
ret = tcp_write_packet(s, rtsp_st);
return ret;
}
static int sap_fetch_packet(AVFormatContext *s, AVPacket *pkt)
{
struct SAPState *sap = s->priv_data;
int fd = ffurl_get_file_handle(sap->ann_fd);
int n, ret;
struct pollfd p = {fd, POLLIN, 0};
uint8_t recvbuf[RTP_MAX_PACKET_LENGTH];
if (sap->eof)
return AVERROR_EOF;
while (1) {
n = poll(&p, 1, 0);
if (n <= 0 || !(p.revents & POLLIN))
break;
ret = ffurl_read(sap->ann_fd, recvbuf, sizeof(recvbuf));
if (ret >= 8) {
uint16_t hash = AV_RB16(&recvbuf[2]);
/* Should ideally check the source IP address, too */
if (recvbuf[0] & 0x04 && hash == sap->hash) {
/* Stream deletion */
sap->eof = 1;
return AVERROR_EOF;
}
}
}
ret = av_read_frame(sap->sdp_ctx, pkt);
if (ret < 0)
return ret;
if (s->ctx_flags & AVFMTCTX_NOHEADER) {
while (sap->sdp_ctx->nb_streams > s->nb_streams) {
int i = s->nb_streams;
AVStream *st = avformat_new_stream(s, NULL);
if (!st) {
av_free_packet(pkt);
return AVERROR(ENOMEM);
}
st->id = i;
avcodec_copy_context(st->codec, sap->sdp_ctx->streams[i]->codec);
st->time_base = sap->sdp_ctx->streams[i]->time_base;
}
}
return ret;
}
static int rtp_open(URLContext *h, const char *uri, int flags)
{
RTPContext *s = h->priv_data;
int rtp_port, rtcp_port,
ttl, connect,
local_rtp_port, local_rtcp_port, max_packet_size;
char hostname[256];
char buf[1024];
char path[1024];
const char *p;
av_url_split(NULL, 0, NULL, 0, hostname, sizeof(hostname), &rtp_port,
path, sizeof(path), uri);
/* extract parameters */
ttl = -1;
rtcp_port = rtp_port+1;
local_rtp_port = -1;
local_rtcp_port = -1;
max_packet_size = -1;
connect = 0;
p = strchr(uri, '?');
if (p) {
if (av_find_info_tag(buf, sizeof(buf), "ttl", p)) {
ttl = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "rtcpport", p)) {
rtcp_port = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "localport", p)) {
local_rtp_port = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "localrtpport", p)) {
local_rtp_port = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "localrtcpport", p)) {
local_rtcp_port = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "pkt_size", p)) {
max_packet_size = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "connect", p)) {
connect = strtol(buf, NULL, 10);
}
}
build_udp_url(buf, sizeof(buf),
hostname, rtp_port, local_rtp_port, ttl, max_packet_size,
connect);
if (ffurl_open(&s->rtp_hd, buf, flags, &h->interrupt_callback, NULL) < 0)
goto fail;
if (local_rtp_port>=0 && local_rtcp_port<0)
local_rtcp_port = ff_udp_get_local_port(s->rtp_hd) + 1;
build_udp_url(buf, sizeof(buf),
hostname, rtcp_port, local_rtcp_port, ttl, max_packet_size,
connect);
if (ffurl_open(&s->rtcp_hd, buf, flags, &h->interrupt_callback, NULL) < 0)
goto fail;
/* just to ease handle access. XXX: need to suppress direct handle
access */
s->rtp_fd = ffurl_get_file_handle(s->rtp_hd);
s->rtcp_fd = ffurl_get_file_handle(s->rtcp_hd);
h->max_packet_size = s->rtp_hd->max_packet_size;
h->is_streamed = 1;
return 0;
fail:
if (s->rtp_hd)
ffurl_close(s->rtp_hd);
if (s->rtcp_hd)
ffurl_close(s->rtcp_hd);
return AVERROR(EIO);
}
int url_get_file_handle(URLContext *h)
{
return ffurl_get_file_handle(h);
}
static int rtp_open(URLContext *h, const char *uri, int flags)
{
RTPContext *s = h->priv_data;
int rtp_port, rtcp_port,
ttl, connect,
local_rtp_port, local_rtcp_port, max_packet_size;
char hostname[256], include_sources[1024] = "", exclude_sources[1024] = "";
char buf[1024];
char path[1024];
const char *p;
int i, max_retry_count = 3;
av_url_split(NULL, 0, NULL, 0, hostname, sizeof(hostname), &rtp_port,
path, sizeof(path), uri);
/* extract parameters */
ttl = -1;
rtcp_port = rtp_port+1;
local_rtp_port = -1;
local_rtcp_port = -1;
max_packet_size = -1;
connect = 0;
p = strchr(uri, '?');
if (p) {
if (av_find_info_tag(buf, sizeof(buf), "ttl", p)) {
ttl = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "rtcpport", p)) {
rtcp_port = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "localport", p)) {
local_rtp_port = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "localrtpport", p)) {
local_rtp_port = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "localrtcpport", p)) {
local_rtcp_port = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "pkt_size", p)) {
max_packet_size = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "connect", p)) {
connect = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "write_to_source", p)) {
s->write_to_source = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "sources", p)) {
av_strlcpy(include_sources, buf, sizeof(include_sources));
rtp_parse_addr_list(h, buf, &s->ssm_include_addrs, &s->nb_ssm_include_addrs);
}
if (av_find_info_tag(buf, sizeof(buf), "block", p)) {
av_strlcpy(exclude_sources, buf, sizeof(exclude_sources));
rtp_parse_addr_list(h, buf, &s->ssm_exclude_addrs, &s->nb_ssm_exclude_addrs);
}
}
for (i = 0;i < max_retry_count;i++) {
build_udp_url(buf, sizeof(buf),
hostname, rtp_port, local_rtp_port, ttl, max_packet_size,
connect, include_sources, exclude_sources);
if (ffurl_open(&s->rtp_hd, buf, flags, &h->interrupt_callback, NULL) < 0)
goto fail;
local_rtp_port = ff_udp_get_local_port(s->rtp_hd);
if(local_rtp_port == 65535) {
local_rtp_port = -1;
continue;
}
if (local_rtcp_port<0) {
local_rtcp_port = local_rtp_port + 1;
build_udp_url(buf, sizeof(buf),
hostname, rtcp_port, local_rtcp_port, ttl, max_packet_size,
connect, include_sources, exclude_sources);
if (ffurl_open(&s->rtcp_hd, buf, flags, &h->interrupt_callback, NULL) < 0) {
local_rtp_port = local_rtcp_port = -1;
continue;
}
break;
}
build_udp_url(buf, sizeof(buf),
hostname, rtcp_port, local_rtcp_port, ttl, max_packet_size,
connect, include_sources, exclude_sources);
if (ffurl_open(&s->rtcp_hd, buf, flags, &h->interrupt_callback, NULL) < 0)
goto fail;
break;
}
/* just to ease handle access. XXX: need to suppress direct handle
access */
s->rtp_fd = ffurl_get_file_handle(s->rtp_hd);
s->rtcp_fd = ffurl_get_file_handle(s->rtcp_hd);
h->max_packet_size = s->rtp_hd->max_packet_size;
h->is_streamed = 1;
return 0;
fail:
if (s->rtp_hd)
ffurl_close(s->rtp_hd);
if (s->rtcp_hd)
ffurl_close(s->rtcp_hd);
return AVERROR(EIO);
}
static int sap_write_header(AVFormatContext *s)
{
struct SAPState *sap = s->priv_data;
char host[1024], path[1024], url[1024], announce_addr[50] = "";
char *option_list;
int port = 9875, base_port = 5004, i, pos = 0, same_port = 0, ttl = 255;
AVFormatContext **contexts = NULL;
int ret = 0;
struct sockaddr_storage localaddr;
socklen_t addrlen = sizeof(localaddr);
int udp_fd;
if (!ff_network_init())
return AVERROR(EIO);
/* extract hostname and port */
av_url_split(NULL, 0, NULL, 0, host, sizeof(host), &base_port,
path, sizeof(path), s->filename);
if (base_port < 0)
base_port = 5004;
/* search for options */
option_list = strrchr(path, '?');
if (option_list) {
char buf[50];
if (av_find_info_tag(buf, sizeof(buf), "announce_port", option_list)) {
port = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "same_port", option_list)) {
same_port = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "ttl", option_list)) {
ttl = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "announce_addr", option_list)) {
av_strlcpy(announce_addr, buf, sizeof(announce_addr));
}
}
if (!announce_addr[0]) {
struct addrinfo hints = { 0 }, *ai = NULL;
hints.ai_family = AF_UNSPEC;
if (getaddrinfo(host, NULL, &hints, &ai)) {
av_log(s, AV_LOG_ERROR, "Unable to resolve %s\n", host);
ret = AVERROR(EIO);
goto fail;
}
if (ai->ai_family == AF_INET) {
/* Also known as sap.mcast.net */
av_strlcpy(announce_addr, "224.2.127.254", sizeof(announce_addr));
#if HAVE_STRUCT_SOCKADDR_IN6
} else if (ai->ai_family == AF_INET6) {
/* With IPv6, you can use the same destination in many different
* multicast subnets, to choose how far you want it routed.
* This one is intended to be routed globally. */
av_strlcpy(announce_addr, "ff0e::2:7ffe", sizeof(announce_addr));
#endif
} else {
freeaddrinfo(ai);
av_log(s, AV_LOG_ERROR, "Host %s resolved to unsupported "
"address family\n", host);
ret = AVERROR(EIO);
goto fail;
}
freeaddrinfo(ai);
}
contexts = av_mallocz(sizeof(AVFormatContext*) * s->nb_streams);
if (!contexts) {
ret = AVERROR(ENOMEM);
goto fail;
}
s->start_time_realtime = av_gettime();
for (i = 0; i < s->nb_streams; i++) {
URLContext *fd;
ff_url_join(url, sizeof(url), "rtp", NULL, host, base_port,
"?ttl=%d", ttl);
if (!same_port)
base_port += 2;
ret = ffurl_open(&fd, url, AVIO_FLAG_WRITE, &s->interrupt_callback, NULL);
if (ret) {
ret = AVERROR(EIO);
goto fail;
}
s->streams[i]->priv_data = contexts[i] =
ff_rtp_chain_mux_open(s, s->streams[i], fd, 0);
av_strlcpy(contexts[i]->filename, url, sizeof(contexts[i]->filename));
}
ff_url_join(url, sizeof(url), "udp", NULL, announce_addr, port,
"?ttl=%d&connect=1", ttl);
ret = ffurl_open(&sap->ann_fd, url, AVIO_FLAG_WRITE,
&s->interrupt_callback, NULL);
if (ret) {
ret = AVERROR(EIO);
goto fail;
}
udp_fd = ffurl_get_file_handle(sap->ann_fd);
if (getsockname(udp_fd, (struct sockaddr*) &localaddr, &addrlen)) {
ret = AVERROR(EIO);
goto fail;
}
if (localaddr.ss_family != AF_INET
#if HAVE_STRUCT_SOCKADDR_IN6
&& localaddr.ss_family != AF_INET6
#endif
) {
av_log(s, AV_LOG_ERROR, "Unsupported protocol family\n");
ret = AVERROR(EIO);
goto fail;
}
sap->ann_size = 8192;
sap->ann = av_mallocz(sap->ann_size);
if (!sap->ann) {
ret = AVERROR(EIO);
goto fail;
}
sap->ann[pos] = (1 << 5);
#if HAVE_STRUCT_SOCKADDR_IN6
if (localaddr.ss_family == AF_INET6)
sap->ann[pos] |= 0x10;
#endif
pos++;
sap->ann[pos++] = 0; /* Authentication length */
AV_WB16(&sap->ann[pos], av_get_random_seed());
pos += 2;
if (localaddr.ss_family == AF_INET) {
memcpy(&sap->ann[pos], &((struct sockaddr_in*)&localaddr)->sin_addr,
sizeof(struct in_addr));
pos += sizeof(struct in_addr);
#if HAVE_STRUCT_SOCKADDR_IN6
} else {
memcpy(&sap->ann[pos], &((struct sockaddr_in6*)&localaddr)->sin6_addr,
sizeof(struct in6_addr));
pos += sizeof(struct in6_addr);
#endif
}
av_strlcpy(&sap->ann[pos], "application/sdp", sap->ann_size - pos);
pos += strlen(&sap->ann[pos]) + 1;
if (av_sdp_create(contexts, s->nb_streams, &sap->ann[pos],
sap->ann_size - pos)) {
ret = AVERROR_INVALIDDATA;
goto fail;
}
av_freep(&contexts);
av_log(s, AV_LOG_VERBOSE, "SDP:\n%s\n", &sap->ann[pos]);
pos += strlen(&sap->ann[pos]);
sap->ann_size = pos;
if (sap->ann_size > sap->ann_fd->max_packet_size) {
av_log(s, AV_LOG_ERROR, "Announcement too large to send in one "
"packet\n");
goto fail;
}
return 0;
fail:
av_free(contexts);
sap_write_close(s);
return ret;
}
static int tls_get_file_handle(URLContext *h)
{
TLSContext *c = h->priv_data;
return ffurl_get_file_handle(c->tls_shared.tcp);
}
static int srtp_get_file_handle(URLContext *h)
{
SRTPProtoContext *s = h->priv_data;
return ffurl_get_file_handle(s->rtp_hd);
}
static int rtp_open(URLContext *h, const char *uri, int flags)
{
RTPContext *s = h->priv_data;
int rtp_port;
char hostname[256], include_sources[1024] = "", exclude_sources[1024] = "";
char *sources = include_sources, *block = exclude_sources;
char buf[1024];
char path[1024];
const char *p;
av_url_split(NULL, 0, NULL, 0, hostname, sizeof(hostname), &rtp_port,
path, sizeof(path), uri);
/* extract parameters */
if (s->rtcp_port < 0)
s->rtcp_port = rtp_port + 1;
p = strchr(uri, '?');
if (p) {
if (av_find_info_tag(buf, sizeof(buf), "ttl", p)) {
s->ttl = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "rtcpport", p)) {
s->rtcp_port = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "localport", p)) {
s->local_rtpport = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "localrtpport", p)) {
s->local_rtpport = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "localrtcpport", p)) {
s->local_rtcpport = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "pkt_size", p)) {
s->pkt_size = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "connect", p)) {
s->connect = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "write_to_source", p)) {
s->write_to_source = strtol(buf, NULL, 10);
}
if (av_find_info_tag(buf, sizeof(buf), "sources", p)) {
av_strlcpy(include_sources, buf, sizeof(include_sources));
rtp_parse_addr_list(h, buf, &s->ssm_include_addrs, &s->nb_ssm_include_addrs);
} else {
rtp_parse_addr_list(h, s->sources, &s->ssm_include_addrs, &s->nb_ssm_include_addrs);
sources = s->sources;
}
if (av_find_info_tag(buf, sizeof(buf), "block", p)) {
av_strlcpy(exclude_sources, buf, sizeof(exclude_sources));
rtp_parse_addr_list(h, buf, &s->ssm_exclude_addrs, &s->nb_ssm_exclude_addrs);
} else {
rtp_parse_addr_list(h, s->block, &s->ssm_exclude_addrs, &s->nb_ssm_exclude_addrs);
block = s->block;
}
}
build_udp_url(s, buf, sizeof(buf),
hostname, rtp_port, s->local_rtpport, sources, block);
if (ffurl_open(&s->rtp_hd, buf, flags, &h->interrupt_callback, NULL,
h->protocols, h) < 0)
goto fail;
if (s->local_rtpport >= 0 && s->local_rtcpport < 0)
s->local_rtcpport = ff_udp_get_local_port(s->rtp_hd) + 1;
build_udp_url(s, buf, sizeof(buf),
hostname, s->rtcp_port, s->local_rtcpport, sources, block);
if (ffurl_open(&s->rtcp_hd, buf, flags, &h->interrupt_callback, NULL,
h->protocols, h) < 0)
goto fail;
/* just to ease handle access. XXX: need to suppress direct handle
access */
s->rtp_fd = ffurl_get_file_handle(s->rtp_hd);
s->rtcp_fd = ffurl_get_file_handle(s->rtcp_hd);
h->max_packet_size = s->rtp_hd->max_packet_size;
h->is_streamed = 1;
return 0;
fail:
if (s->rtp_hd)
ffurl_close(s->rtp_hd);
if (s->rtcp_hd)
ffurl_close(s->rtcp_hd);
return AVERROR(EIO);
}
static int http_get_file_handle(URLContext *h)
{
HTTPContext *s = h->priv_data;
return ffurl_get_file_handle(s->hd);
}
static int tls_open(URLContext *h, const char *uri, int flags)
{
TLSContext *c = h->priv_data;
int ret;
int port;
const char *p;
char buf[200], host[200], opts[50] = "";
int numerichost = 0;
struct addrinfo hints = { 0 }, *ai = NULL;
const char *proxy_path;
int use_proxy;
if ((ret = ff_tls_init()) < 0)
return ret;
if (c->listen)
snprintf(opts, sizeof(opts), "?listen=1");
av_url_split(NULL, 0, NULL, 0, host, sizeof(host), &port, NULL, 0, uri);
p = strchr(uri, '?');
if (!p) {
p = opts;
} else {
if (av_find_info_tag(opts, sizeof(opts), "listen", p))
c->listen = 1;
}
ff_url_join(buf, sizeof(buf), "tcp", NULL, host, port, "%s", p);
hints.ai_flags = AI_NUMERICHOST;
if (!getaddrinfo(host, NULL, &hints, &ai)) {
numerichost = 1;
freeaddrinfo(ai);
}
proxy_path = getenv("http_proxy");
use_proxy = !ff_http_match_no_proxy(getenv("no_proxy"), host) &&
proxy_path && av_strstart(proxy_path, "http://", NULL);
if (use_proxy) {
char proxy_host[200], proxy_auth[200], dest[200];
int proxy_port;
av_url_split(NULL, 0, proxy_auth, sizeof(proxy_auth),
proxy_host, sizeof(proxy_host), &proxy_port, NULL, 0,
proxy_path);
ff_url_join(dest, sizeof(dest), NULL, NULL, host, port, NULL);
ff_url_join(buf, sizeof(buf), "httpproxy", proxy_auth, proxy_host,
proxy_port, "/%s", dest);
}
ret = ffurl_open(&c->tcp, buf, AVIO_FLAG_READ_WRITE,
&h->interrupt_callback, NULL);
if (ret)
goto fail;
c->fd = ffurl_get_file_handle(c->tcp);
#if CONFIG_GNUTLS
gnutls_init(&c->session, c->listen ? GNUTLS_SERVER : GNUTLS_CLIENT);
if (!c->listen && !numerichost)
gnutls_server_name_set(c->session, GNUTLS_NAME_DNS, host, strlen(host));
gnutls_certificate_allocate_credentials(&c->cred);
set_options(h, uri);
if (c->ca_file) {
ret = gnutls_certificate_set_x509_trust_file(c->cred, c->ca_file, GNUTLS_X509_FMT_PEM);
if (ret < 0)
av_log(h, AV_LOG_ERROR, "%s\n", gnutls_strerror(ret));
}
#if GNUTLS_VERSION_MAJOR >= 3
else
gnutls_certificate_set_x509_system_trust(c->cred);
#endif
gnutls_certificate_set_verify_flags(c->cred, c->verify ?
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT : 0);
if (c->cert_file && c->key_file) {
ret = gnutls_certificate_set_x509_key_file(c->cred,
c->cert_file, c->key_file,
GNUTLS_X509_FMT_PEM);
if (ret < 0) {
av_log(h, AV_LOG_ERROR,
"Unable to set cert/key files %s and %s: %s\n",
c->cert_file, c->key_file, gnutls_strerror(ret));
ret = AVERROR(EIO);
goto fail;
}
} else if (c->cert_file || c->key_file)
av_log(h, AV_LOG_ERROR, "cert and key required\n");
gnutls_credentials_set(c->session, GNUTLS_CRD_CERTIFICATE, c->cred);
gnutls_transport_set_ptr(c->session, (gnutls_transport_ptr_t)
(intptr_t) c->fd);
gnutls_priority_set_direct(c->session, "NORMAL", NULL);
while (1) {
ret = gnutls_handshake(c->session);
if (ret == 0)
break;
if ((ret = do_tls_poll(h, ret)) < 0)
goto fail;
}
if (c->verify) {
unsigned int status, cert_list_size;
gnutls_x509_crt_t cert;
const gnutls_datum_t *cert_list;
if ((ret = gnutls_certificate_verify_peers2(c->session, &status)) < 0) {
av_log(h, AV_LOG_ERROR, "Unable to verify peer certificate: %s\n",
gnutls_strerror(ret));
ret = AVERROR(EIO);
goto fail;
}
if (status & GNUTLS_CERT_INVALID) {
av_log(h, AV_LOG_ERROR, "Peer certificate failed verification\n");
ret = AVERROR(EIO);
goto fail;
}
if (gnutls_certificate_type_get(c->session) != GNUTLS_CRT_X509) {
av_log(h, AV_LOG_ERROR, "Unsupported certificate type\n");
ret = AVERROR(EIO);
goto fail;
}
gnutls_x509_crt_init(&cert);
cert_list = gnutls_certificate_get_peers(c->session, &cert_list_size);
gnutls_x509_crt_import(cert, cert_list, GNUTLS_X509_FMT_DER);
ret = gnutls_x509_crt_check_hostname(cert, host);
gnutls_x509_crt_deinit(cert);
if (!ret) {
av_log(h, AV_LOG_ERROR,
"The certificate's owner does not match hostname %s\n", host);
ret = AVERROR(EIO);
goto fail;
}
}
#elif CONFIG_OPENSSL
c->ctx = SSL_CTX_new(c->listen ? TLSv1_server_method() : TLSv1_client_method());
if (!c->ctx) {
av_log(h, AV_LOG_ERROR, "%s\n", ERR_error_string(ERR_get_error(), NULL));
ret = AVERROR(EIO);
goto fail;
}
set_options(h, uri);
if (c->ca_file) {
if (!SSL_CTX_load_verify_locations(c->ctx, c->ca_file, NULL))
av_log(h, AV_LOG_ERROR, "SSL_CTX_load_verify_locations %s\n", ERR_error_string(ERR_get_error(), NULL));
}
if (c->cert_file && !SSL_CTX_use_certificate_chain_file(c->ctx, c->cert_file)) {
av_log(h, AV_LOG_ERROR, "Unable to load cert file %s: %s\n",
c->cert_file, ERR_error_string(ERR_get_error(), NULL));
ret = AVERROR(EIO);
goto fail;
}
if (c->key_file && !SSL_CTX_use_PrivateKey_file(c->ctx, c->key_file, SSL_FILETYPE_PEM)) {
av_log(h, AV_LOG_ERROR, "Unable to load key file %s: %s\n",
c->key_file, ERR_error_string(ERR_get_error(), NULL));
ret = AVERROR(EIO);
goto fail;
}
// Note, this doesn't check that the peer certificate actually matches
// the requested hostname.
if (c->verify)
SSL_CTX_set_verify(c->ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
c->ssl = SSL_new(c->ctx);
if (!c->ssl) {
av_log(h, AV_LOG_ERROR, "%s\n", ERR_error_string(ERR_get_error(), NULL));
ret = AVERROR(EIO);
goto fail;
}
SSL_set_fd(c->ssl, c->fd);
if (!c->listen && !numerichost)
SSL_set_tlsext_host_name(c->ssl, host);
while (1) {
ret = c->listen ? SSL_accept(c->ssl) : SSL_connect(c->ssl);
if (ret > 0)
break;
if (ret == 0) {
av_log(h, AV_LOG_ERROR, "Unable to negotiate TLS/SSL session\n");
ret = AVERROR(EIO);
goto fail;
}
if ((ret = do_tls_poll(h, ret)) < 0)
goto fail;
}
#endif
return 0;
fail:
TLS_free(c);
if (c->tcp)
ffurl_close(c->tcp);
ff_tls_deinit();
return ret;
}
