virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-08 13:22:53 +02:00
Code Issues Releases Activity

tls: verify option

Browse Source 
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Peter Ross 2012-07-22 14:24:53 +10:00 committed by Michael Niedermayer
parent 973a758f52
commit b2460858f6
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
libavformat/tls.c
View File

@ -108,7 +108,7 @@ static void set_options(URLContext *h, const char *uri)
{ {
TLSContext *c = h->priv_data; TLSContext *c = h->priv_data;
char buf[1024], key[1024]; char buf[1024], key[1024];
int has_cert, has_key; int has_cert, has_key, verify = 0;
#if CONFIG_GNUTLS #if CONFIG_GNUTLS
int ret; int ret;
#endif #endif
@ -127,6 +127,13 @@ static void set_options(URLContext *h, const char *uri)
#endif #endif
} }
if (av_find_info_tag(buf, sizeof(buf), "verify", p)) {
char *endptr = NULL;
verify = strtol(buf, &endptr, 10);
if (buf == endptr)
verify = 1;
}
has_cert = av_find_info_tag(buf, sizeof(buf), "cert", p); has_cert = av_find_info_tag(buf, sizeof(buf), "cert", p);
has_key = av_find_info_tag(key, sizeof(key), "key", p); has_key = av_find_info_tag(key, sizeof(key), "key", p);
#if CONFIG_GNUTLS #if CONFIG_GNUTLS
@ -137,11 +144,14 @@ static void set_options(URLContext *h, const char *uri)
} else if (has_cert ^ has_key) { } else if (has_cert ^ has_key) {
av_log(h, AV_LOG_ERROR, "cert and key required\n"); av_log(h, AV_LOG_ERROR, "cert and key required\n");
} }
gnutls_certificate_set_verify_flags(c->cred, verify);
#elif CONFIG_OPENSSL #elif CONFIG_OPENSSL
if (has_cert && !SSL_CTX_use_certificate_chain_file(c->ctx, buf)) if (has_cert && !SSL_CTX_use_certificate_chain_file(c->ctx, buf))
av_log(h, AV_LOG_ERROR, "SSL_CTX_use_certificate_chain_file %s\n", ERR_error_string(ERR_get_error(), NULL)); av_log(h, AV_LOG_ERROR, "SSL_CTX_use_certificate_chain_file %s\n", ERR_error_string(ERR_get_error(), NULL));
if (has_key && !SSL_CTX_use_PrivateKey_file(c->ctx, key, SSL_FILETYPE_PEM)) if (has_key && !SSL_CTX_use_PrivateKey_file(c->ctx, key, SSL_FILETYPE_PEM))
av_log(h, AV_LOG_ERROR, "SSL_CTX_use_PrivateKey_file %s\n", ERR_error_string(ERR_get_error(), NULL)); av_log(h, AV_LOG_ERROR, "SSL_CTX_use_PrivateKey_file %s\n", ERR_error_string(ERR_get_error(), NULL));
if (verify)
SSL_CTX_set_verify(c->ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
#endif #endif
} }
@ -193,7 +203,6 @@ static int tls_open(URLContext *h, const char *uri, int flags)
if (!numerichost) if (!numerichost)
gnutls_server_name_set(c->session, GNUTLS_NAME_DNS, host, strlen(host)); gnutls_server_name_set(c->session, GNUTLS_NAME_DNS, host, strlen(host));
gnutls_certificate_allocate_credentials(&c->cred); gnutls_certificate_allocate_credentials(&c->cred);
gnutls_certificate_set_verify_flags(c->cred, 0);
set_options(h, uri); set_options(h, uri);
gnutls_credentials_set(c->session, GNUTLS_CRD_CERTIFICATE, c->cred); gnutls_credentials_set(c->session, GNUTLS_CRD_CERTIFICATE, c->cred);
gnutls_transport_set_ptr(c->session, (gnutls_transport_ptr_t) gnutls_transport_set_ptr(c->session, (gnutls_transport_ptr_t)