Go to the documentation of this file.
22 #include <mbedtls/version.h>
23 #include <mbedtls/ctr_drbg.h>
24 #include <mbedtls/entropy.h>
25 #include <mbedtls/net_sockets.h>
26 #include <mbedtls/platform.h>
27 #include <mbedtls/ssl.h>
28 #include <mbedtls/x509_crt.h>
29 #include <mbedtls/debug.h>
30 #ifdef MBEDTLS_PSA_CRYPTO_C
31 #include <psa/crypto.h>
55 #define OFFSET(x) offsetof(TLSContext, x)
63 mbedtls_x509_crt_free(&tls_ctx->
ca_cert);
64 mbedtls_x509_crt_free(&tls_ctx->
own_cert);
78 return react_on_eagain;
83 return MBEDTLS_ERR_NET_CONN_RESET;
87 return MBEDTLS_ERR_NET_SEND_FAILED;
98 if (
h->max_packet_size &&
len >
h->max_packet_size)
99 return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
111 if (
h->max_packet_size &&
len >
h->max_packet_size)
112 return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
127 case MBEDTLS_ERR_PK_FILE_IO_ERROR:
128 av_log(
h,
AV_LOG_ERROR,
"Read of key file failed. Is it actually there, are the access permissions correct?\n");
130 case MBEDTLS_ERR_PK_PASSWORD_REQUIRED:
133 case MBEDTLS_ERR_PK_PASSWORD_MISMATCH:
145 #if MBEDTLS_VERSION_MAJOR < 3
146 case MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE:
147 av_log(
h,
AV_LOG_ERROR,
"None of the common ciphersuites is usable. Was the local certificate correctly set?\n");
150 case MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:
153 case MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION:
157 case MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE:
158 av_log(
h,
AV_LOG_ERROR,
"A fatal alert message was received from the peer, has the peer a correct certificate?\n");
160 case MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED:
161 av_log(
h,
AV_LOG_ERROR,
"No CA chain is set, but required to operate. Was the CA correctly set?\n");
163 case MBEDTLS_ERR_SSL_INTERNAL_ERROR:
166 case MBEDTLS_ERR_NET_CONN_RESET:
169 case MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:
181 const char *p = strchr(uri,
'?');
193 uint32_t verify_res_flags;
202 #ifdef MBEDTLS_PSA_CRYPTO_C
203 if ((
ret = psa_crypto_init()) != PSA_SUCCESS) {
210 mbedtls_ssl_config_init(&tls_ctx->
ssl_config);
213 mbedtls_x509_crt_init(&tls_ctx->
ca_cert);
214 mbedtls_pk_init(&tls_ctx->
priv_key);
242 mbedtls_entropy_func,
251 if ((
ret = mbedtls_pk_parse_keyfile(&tls_ctx->
priv_key,
254 #
if MBEDTLS_VERSION_MAJOR >= 3
255 , mbedtls_ctr_drbg_random,
265 shr->
listen ? MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT,
266 MBEDTLS_SSL_TRANSPORT_STREAM,
267 MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
272 #ifdef MBEDTLS_SSL_PROTO_TLS1_3
275 av_log(
h,
AV_LOG_INFO,
"Forcing TLSv1.2 because certificate verification is disabled\n");
276 mbedtls_ssl_conf_max_tls_version(&tls_ctx->
ssl_config, MBEDTLS_SSL_VERSION_TLS1_2);
281 mbedtls_ssl_conf_authmode(&tls_ctx->
ssl_config,
282 shr->
verify ? MBEDTLS_SSL_VERIFY_OPTIONAL : MBEDTLS_SSL_VERIFY_NONE);
308 while ((
ret = mbedtls_ssl_handshake(&tls_ctx->
ssl_context)) != 0) {
309 if (
ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
317 if ((verify_res_flags = mbedtls_ssl_get_verify_result(&tls_ctx->
ssl_context)) != 0) {
319 "with the certificate verification, returned flags: %u\n",
321 if (verify_res_flags & MBEDTLS_X509_BADCERT_NOT_TRUSTED)
337 case MBEDTLS_ERR_SSL_WANT_READ:
338 case MBEDTLS_ERR_SSL_WANT_WRITE:
339 #ifdef MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET
340 case MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET:
343 case MBEDTLS_ERR_NET_SEND_FAILED:
344 case MBEDTLS_ERR_NET_RECV_FAILED:
346 case MBEDTLS_ERR_NET_CONN_RESET:
347 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
#define AV_LOG_WARNING
Something somehow does not look correct.
Filter the word “frame” indicates either a video frame or a group of audio as stored in an AVFrame structure Format for each input and each output the list of supported formats For video that means pixel format For audio that means channel sample they are references to shared objects When the negotiation mechanism computes the intersection of the formats supported at each end of a all references to both lists are replaced with a reference to the intersection And when a single format is eventually chosen for a link amongst the remaining all references to the list are updated That means that if a filter requires that its input and output have the same format amongst a supported all it has to do is use a reference to the same list of formats query_formats can leave some formats unset and return AVERROR(EAGAIN) to cause the negotiation mechanism toagain later. That can be used by filters with complex requirements to use the format negotiated on one link to set the formats supported on another. Frame references ownership and permissions
int av_find_info_tag(char *arg, int arg_size, const char *tag1, const char *info)
Attempt to find a specific tag in a URL.
#define URL_PROTOCOL_FLAG_NETWORK
mbedtls_entropy_context entropy_context
#define AVERROR_EOF
End of file.
static void handle_pk_parse_error(URLContext *h, int ret)
static int ffurl_write(URLContext *h, const uint8_t *buf, int size)
Write size bytes from buf to the resource accessed by h.
const char * av_basename(const char *path)
Thread safe basename.
mbedtls_ctr_drbg_context ctr_drbg_context
#define TLS_COMMON_OPTIONS(pstruct, options_field)
int ffurl_get_short_seek(void *urlcontext)
Return the current short seek threshold value for this URL.
static int tls_close(URLContext *h)
#define AV_LOG_TRACE
Extremely verbose debugging, useful for libav* development.
#define AV_LOG_ERROR
Something went wrong and cannot losslessly be recovered.
static int mbedtls_recv(void *ctx, unsigned char *buf, size_t len)
mbedtls_pk_context priv_key
#define AV_LOG_DEBUG
Stuff which is only useful for libav* developers.
mbedtls_ssl_context ssl_context
int av_log_get_level(void)
Get the current log level.
#define LIBAVUTIL_VERSION_INT
static void parse_options(TLSContext *tls_ctxc, const char *uri)
Describe the class of an AVClass context structure.
const char * av_default_item_name(void *ptr)
Return the context name.
Undefined Behavior In the C some operations are like signed integer dereferencing freed accessing outside allocated Undefined Behavior must not occur in a C it is not safe even if the output of undefined operations is unused The unsafety may seem nit picking but Optimizing compilers have in fact optimized code on the assumption that no undefined Behavior occurs Optimizing code based on wrong assumptions can and has in some cases lead to effects beyond the output of computations The signed integer overflow problem in speed critical code Code which is highly optimized and works with signed integers sometimes has the problem that often the output of the computation does not c
const URLProtocol ff_tls_protocol
mbedtls_ssl_config ssl_config
static int mbedtls_send(void *ctx, const unsigned char *buf, size_t len)
static void handle_handshake_error(URLContext *h, int ret)
static int tls_read(URLContext *h, uint8_t *buf, int size)
static int handle_transport_error(URLContext *h, const char *func_name, int react_on_eagain, int ret)
#define AV_LOG_INFO
Standard information.
static const AVOption options[]
int ffurl_closep(URLContext **hh)
Close the resource accessed by the URLContext h, and free the memory used by it.
int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AVDictionary **options)
const char * class_name
The name of the class; usually it is the same name as the context structure type to which the AVClass...
static const AVClass tls_class
mbedtls_x509_crt own_cert
static int tls_get_short_seek(URLContext *h)
static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options)
static void mbedtls_debug(void *ctx, int lvl, const char *file, int line, const char *msg)
char * av_strdup(const char *s)
Duplicate a string.
static int tls_write(URLContext *h, const uint8_t *buf, int size)
#define AVIO_FLAG_NONBLOCK
Use non-blocking mode.
static int handle_tls_error(URLContext *h, const char *func_name, int ret)
#define flags(name, subs,...)
static int tls_get_file_handle(URLContext *h)
#define AVERROR_EXIT
Immediate exit was requested; the called function should not be restarted.
@ AV_OPT_TYPE_STRING
Underlying C type is a uint8_t* that is either NULL or points to a C string allocated with the av_mal...
int ffurl_get_file_handle(URLContext *h)
Return the file descriptor associated with this URL.
static int ffurl_read(URLContext *h, uint8_t *buf, int size)
Read up to size bytes from the resource accessed by h, and store the read bytes in buf.