virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-04 22:03:09 +02:00
Code Issues Releases Activity

avformat/tls_openssl: automatically generate self-signed certificate when none is provided in listen mode

Browse Source
This commit is contained in:
Timo Rothenpieler
2025-07-13 21:08:16 +02:00
parent 454f161b4b
commit 483e509169
1 changed files with 30 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
libavformat/tls_openssl.c
View File

@ -485,7 +485,6 @@ typedef struct TLSContext {
TLSShared tls_shared; TLSShared tls_shared;
SSL_CTX *ctx; SSL_CTX *ctx;
SSL *ssl; SSL *ssl;
EVP_PKEY *pkey;
BIO_METHOD* url_bio_method; BIO_METHOD* url_bio_method;
int io_err; int io_err;
char error_message[256]; char error_message[256];
@ -756,7 +755,7 @@ static av_cold int openssl_init_ca_key_cert(URLContext *h)
if (SSL_CTX_use_certificate(p->ctx, cert) != 1) { if (SSL_CTX_use_certificate(p->ctx, cert) != 1) {
av_log(p, AV_LOG_ERROR, "SSL: Init SSL_CTX_use_certificate failed, %s\n", openssl_get_error(p)); av_log(p, AV_LOG_ERROR, "SSL: Init SSL_CTX_use_certificate failed, %s\n", openssl_get_error(p));
ret = AVERROR(EINVAL); ret = AVERROR(EINVAL);
return ret; goto fail;
} }
} }
@ -769,15 +768,42 @@ static av_cold int openssl_init_ca_key_cert(URLContext *h)
goto fail; goto fail;
} }
} else if (c->key_buf) { } else if (c->key_buf) {
p->pkey = pkey = pkey_from_pem_string(c->key_buf, 1); pkey = pkey_from_pem_string(c->key_buf, 1);
if (SSL_CTX_use_PrivateKey(p->ctx, pkey) != 1) { if (SSL_CTX_use_PrivateKey(p->ctx, pkey) != 1) {
av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_use_PrivateKey failed, %s\n", openssl_get_error(p)); av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_use_PrivateKey failed, %s\n", openssl_get_error(p));
ret = AVERROR(EINVAL); ret = AVERROR(EINVAL);
return ret; goto fail;
} }
} }
if (c->listen && !c->cert_file && !c->cert_buf && !c->key_file && !c->key_buf) {
av_log(h, AV_LOG_VERBOSE, "No server certificate provided, using self-signed\n");
ret = openssl_gen_private_key(&pkey);
if (ret < 0)
goto fail;
ret = openssl_gen_certificate(pkey, &cert, NULL);
if (ret < 0)
goto fail;
if (SSL_CTX_use_certificate(p->ctx, cert) != 1) {
av_log(p, AV_LOG_ERROR, "SSL_CTX_use_certificate failed for self-signed cert, %s\n", openssl_get_error(p));
ret = AVERROR(EINVAL);
goto fail;
}
if (SSL_CTX_use_PrivateKey(p->ctx, pkey) != 1) {
av_log(p, AV_LOG_ERROR, "SSL_CTX_use_PrivateKey failed for self-signed cert, %s\n", openssl_get_error(p));
ret = AVERROR(EINVAL);
goto fail;
}
}
ret = 0; ret = 0;
fail: fail:
X509_free(cert);
EVP_PKEY_free(pkey);
return ret; return ret;
} }
@ -894,7 +920,6 @@ static av_cold int dtls_close(URLContext *h)
SSL_CTX_free(ctx->ctx); SSL_CTX_free(ctx->ctx);
av_freep(&ctx->tls_shared.cert_buf); av_freep(&ctx->tls_shared.cert_buf);
av_freep(&ctx->tls_shared.key_buf); av_freep(&ctx->tls_shared.key_buf);
EVP_PKEY_free(ctx->pkey);
return 0; return 0;
} }