36 #include <Security/Security.h>
37 #include <Security/SecureTransport.h>
38 #include <CoreFoundation/CoreFoundation.h>
41 SecIdentityRef
SecIdentityCreate(CFAllocatorRef allocator, SecCertificateRef certificate, SecKeyRef privateKey);
56 case errSSLWouldBlock:
58 case errSSLXCertChainInvalid:
76 SecExternalFormat
format = kSecFormatPEMSequence;
77 SecExternalFormat
type = kSecItemTypeAggregate;
78 CFStringRef pathStr = CFStringCreateWithCString(
NULL, path, 0x08000100);
105 data = CFDataCreate(kCFAllocatorDefault, buf, ret);
107 if (SecItemImport(data, pathStr, &format, &type,
108 0,
NULL,
NULL, array) != noErr || !array) {
113 if (CFArrayGetCount(*array) == 0) {
138 if (!(c->
ca_array = CFRetain(array))) {
153 CFArrayRef certArray =
NULL;
154 CFArrayRef keyArray =
NULL;
155 SecIdentityRef
id =
NULL;
156 CFMutableArrayRef outArray =
NULL;
165 (SecCertificateRef)CFArrayGetValueAtIndex(certArray, 0),
166 (SecKeyRef)CFArrayGetValueAtIndex(keyArray, 0)))) {
171 if (!(outArray = CFArrayCreateMutableCopy(kCFAllocatorDefault, 0, certArray))) {
176 CFArraySetValueAtIndex(outArray, 0,
id);
182 CFRelease(certArray);
192 static OSStatus
tls_read_cb(SSLConnectionRef connection,
void *
data,
size_t *dataLength)
202 return errSSLClosedGraceful;
204 return errSSLClosedAbort;
206 return errSSLWouldBlock;
217 static OSStatus
tls_write_cb(SSLConnectionRef connection,
const void *
data,
size_t *dataLength)
226 return errSSLWouldBlock;
232 *dataLength = written;
251 #define CHECK_ERROR(func, ...) do { \
252 OSStatus status = func(__VA_ARGS__); \
253 if (status != noErr) { \
254 ret = AVERROR_UNKNOWN; \
255 av_log(h, AV_LOG_ERROR, #func ": Error %i\n", (int)status); \
269 c->
ssl_context = SSLCreateContext(
NULL, s->
listen ? kSSLServerSide : kSSLClientSide, kSSLStreamType);
289 if (status == errSSLServerAuthCompleted) {
290 SecTrustRef peerTrust;
291 SecTrustResultType trustResult;
295 if (SSLCopyPeerTrust(c->
ssl_context, &peerTrust) != noErr) {
300 if (SecTrustSetAnchorCertificates(peerTrust, c->
ca_array) != noErr) {
305 if (SecTrustEvaluate(peerTrust, &trustResult) != noErr) {
310 if (trustResult == kSecTrustResultProceed ||
311 trustResult == kSecTrustResultUnspecified) {
313 status = errSSLWouldBlock;
314 }
else if (trustResult == kSecTrustResultRecoverableTrustFailure) {
316 status = errSSLXCertChainInvalid;
319 status = errSSLBadCert;
323 CFRelease(peerTrust);
344 case errSSLClosedGraceful:
345 case errSSLClosedNoNotify:
355 size_t processed = 0;
356 int ret = SSLRead(c->
ssl_context, buf, size, &processed);
368 size_t processed = 0;
369 int ret = SSLWrite(c->
ssl_context, buf, size, &processed);
398 .priv_data_class = &tls_class,
static const AVClass tls_class
#define AVERROR_INVALIDDATA
Invalid data found when processing input.
int64_t avio_size(AVIOContext *s)
Get the filesize.
#define URL_PROTOCOL_FLAG_NETWORK
#define CHECK_ERROR(func,...)
ptrdiff_t const GLvoid * data
#define LIBAVUTIL_VERSION_INT
int ffurl_write(URLContext *h, const unsigned char *buf, int size)
Write size bytes from buf to the resource accessed by h.
AVIOInterruptCB interrupt_callback
#define AVIO_FLAG_READ
read-only
static int tls_close(URLContext *h)
static int print_tls_error(URLContext *h, int ret)
static OSStatus tls_write_cb(SSLConnectionRef connection, const void *data, size_t *dataLength)
static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options)
const char * class_name
The name of the class; usually it is the same name as the context structure type to which the AVClass...
miscellaneous OS support macros and functions.
static av_cold int end(AVCodecContext *avctx)
#define AVERROR_EOF
End of file.
static int load_ca(URLContext *h)
int avio_read(AVIOContext *s, unsigned char *buf, int size)
Read size bytes from AVIOContext into buf.
#define AV_LOG_ERROR
Something went wrong and cannot losslessly be recovered.
const char * protocol_whitelist
int avio_close(AVIOContext *s)
Close the resource accessed by the AVIOContext s and free it.
static int tls_read(URLContext *h, uint8_t *buf, int size)
static int import_pem(URLContext *h, char *path, CFArrayRef *array)
#define TLS_COMMON_OPTIONS(pstruct, options_field)
static int map_ssl_error(OSStatus status, size_t processed)
const char * protocol_blacklist
const URLProtocol ff_tls_securetransport_protocol
static const char * format
Describe the class of an AVClass context structure.
SSLContextRef ssl_context
int ffio_open_whitelist(AVIOContext **s, const char *url, int flags, const AVIOInterruptCB *int_cb, AVDictionary **options, const char *whitelist, const char *blacklist)
static const AVOption options[]
int ffurl_close(URLContext *h)
common internal api header.
int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AVDictionary **options)
int ffurl_read_complete(URLContext *h, unsigned char *buf, int size)
Read as many bytes as possible (up to size), calling the read function multiple times if necessary...
static int tls_write(URLContext *h, const uint8_t *buf, int size)
#define AVERROR_UNKNOWN
Unknown error, typically from an external library.
static OSStatus tls_read_cb(SSLConnectionRef connection, void *data, size_t *dataLength)
SecIdentityRef SecIdentityCreate(CFAllocatorRef allocator, SecCertificateRef certificate, SecKeyRef privateKey)
unbuffered private I/O API
static int array[MAX_W *MAX_W]
static int load_cert(URLContext *h)