You've already forked FFmpeg
mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2025-11-23 21:54:53 +02:00
167e343bbe
0. WHIP Version 3.
1. The WHIP muxer has been renamed and refined,
with improved logging context and error messages for SSL, DTLS, and RTC.
2. Magic numbers have been replaced with macros and extracted to functions,
and log levels have been altered for better clarity.
3. DTLS curve list has been updated,
and SRTP profile names have been refined for FFmpeg and OpenSSL.
4. ICE STUN magic number has been refined,
and RTP payload types have been updated based on Chrome's definition.
5. Fixed frame size has been refined to rtc->audio_par->frame_size,
and h264_mp4toannexb is now used to convert MP4/ISOM to annexb.
6. OPUS timestamp issue has been addressed,
and marker setting has been corrected after utilizing BSF.
7. DTLS handshake and ICE handling have been optimized for improved performance,
with a single handshake timeout and server role to prevent ARQ.
8. Consolidated ICE request/response handling and DTLS handshake into a single function,
and fixed OpenSSL build errors to work with Pion.
9. Merge TLS & DTLS implementation, shared BIO callbacks, read, write,
print_ssl_error, openssl_init_ca_key_cert,
init_bio_method function and shared same data structure
10. Modify configure that whip is enabled only dtls is
enabled(just support openssl for now) to fix build error
Co-authored-by: winlin <winlinvip@gmail.com>
Co-authored-by: yangrtc <yangrtc@aliyun.com>
Co-authored-by: cloudwebrtc <duanweiwei1982@gmail.com>
Co-authored-by: Haibo Chen <495810242@qq.com>
Co-authored-by: Steven Liu <lq@chinaffmpeg.org>
Co-authored-by: Jun Zhao <barryjzhao@tencent.com>
Signed-off-by: Jack Lau <jacklau1222@qq.com>
Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
191 lines
5.9 KiB
C
191 lines
5.9 KiB
C
/*
|
|
* TLS/DTLS/SSL Protocol
|
|
* Copyright (c) 2011 Martin Storsjo
|
|
* Copyright (c) 2025 Jack Lau
|
|
*
|
|
* This file is part of FFmpeg.
|
|
*
|
|
* FFmpeg is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* FFmpeg is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with FFmpeg; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
*/
|
|
|
|
#include "avformat.h"
|
|
#include "internal.h"
|
|
#include "network.h"
|
|
#include "os_support.h"
|
|
#include "url.h"
|
|
#include "tls.h"
|
|
#include "libavutil/avstring.h"
|
|
#include "libavutil/getenv_utf8.h"
|
|
#include "libavutil/mem.h"
|
|
#include "libavutil/parseutils.h"
|
|
|
|
static int set_options(TLSShared *c, const char *uri)
|
|
{
|
|
char buf[1024];
|
|
const char *p = strchr(uri, '?');
|
|
if (!p)
|
|
return 0;
|
|
|
|
if (!c->ca_file && av_find_info_tag(buf, sizeof(buf), "cafile", p)) {
|
|
c->ca_file = av_strdup(buf);
|
|
if (!c->ca_file)
|
|
return AVERROR(ENOMEM);
|
|
}
|
|
|
|
if (!c->verify && av_find_info_tag(buf, sizeof(buf), "verify", p)) {
|
|
char *endptr = NULL;
|
|
c->verify = strtol(buf, &endptr, 10);
|
|
if (buf == endptr)
|
|
c->verify = 1;
|
|
}
|
|
|
|
if (!c->cert_file && av_find_info_tag(buf, sizeof(buf), "cert", p)) {
|
|
c->cert_file = av_strdup(buf);
|
|
if (!c->cert_file)
|
|
return AVERROR(ENOMEM);
|
|
}
|
|
|
|
if (!c->key_file && av_find_info_tag(buf, sizeof(buf), "key", p)) {
|
|
c->key_file = av_strdup(buf);
|
|
if (!c->key_file)
|
|
return AVERROR(ENOMEM);
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AVDictionary **options)
|
|
{
|
|
int port;
|
|
const char *p;
|
|
char buf[200], opts[50] = "";
|
|
struct addrinfo hints = { 0 }, *ai = NULL;
|
|
const char *proxy_path;
|
|
char *env_http_proxy, *env_no_proxy;
|
|
int use_proxy;
|
|
int ret;
|
|
|
|
ret = set_options(c, uri);
|
|
if (ret < 0)
|
|
return ret;
|
|
|
|
if (c->listen)
|
|
snprintf(opts, sizeof(opts), "?listen=1");
|
|
|
|
av_url_split(NULL, 0, NULL, 0, c->underlying_host, sizeof(c->underlying_host), &port, NULL, 0, uri);
|
|
|
|
p = strchr(uri, '?');
|
|
|
|
if (!p) {
|
|
p = opts;
|
|
} else {
|
|
if (av_find_info_tag(opts, sizeof(opts), "listen", p))
|
|
c->listen = 1;
|
|
}
|
|
|
|
ff_url_join(buf, sizeof(buf), c->is_dtls ? "udp" : "tcp", NULL, c->underlying_host, port, "%s", p);
|
|
|
|
hints.ai_flags = AI_NUMERICHOST;
|
|
if (!getaddrinfo(c->underlying_host, NULL, &hints, &ai)) {
|
|
c->numerichost = 1;
|
|
freeaddrinfo(ai);
|
|
}
|
|
|
|
if (!c->host && !(c->host = av_strdup(c->underlying_host)))
|
|
return AVERROR(ENOMEM);
|
|
|
|
env_http_proxy = getenv_utf8("http_proxy");
|
|
proxy_path = c->http_proxy ? c->http_proxy : env_http_proxy;
|
|
|
|
env_no_proxy = getenv_utf8("no_proxy");
|
|
use_proxy = !ff_http_match_no_proxy(env_no_proxy, c->underlying_host) &&
|
|
proxy_path && av_strstart(proxy_path, "http://", NULL);
|
|
freeenv_utf8(env_no_proxy);
|
|
|
|
if (use_proxy) {
|
|
char proxy_host[200], proxy_auth[200], dest[200];
|
|
int proxy_port;
|
|
av_url_split(NULL, 0, proxy_auth, sizeof(proxy_auth),
|
|
proxy_host, sizeof(proxy_host), &proxy_port, NULL, 0,
|
|
proxy_path);
|
|
ff_url_join(dest, sizeof(dest), NULL, NULL, c->underlying_host, port, NULL);
|
|
ff_url_join(buf, sizeof(buf), "httpproxy", proxy_auth, proxy_host,
|
|
proxy_port, "/%s", dest);
|
|
}
|
|
|
|
freeenv_utf8(env_http_proxy);
|
|
if (c->is_dtls) {
|
|
av_dict_set_int(options, "connect", 1, 0);
|
|
av_dict_set_int(options, "fifo_size", 0, 0);
|
|
/* Set the max packet size to the buffer size. */
|
|
av_dict_set_int(options, "pkt_size", c->mtu, 0);
|
|
}
|
|
ret = ffurl_open_whitelist(c->is_dtls ? &c->udp : &c->tcp, buf, AVIO_FLAG_READ_WRITE,
|
|
&parent->interrupt_callback, options,
|
|
parent->protocol_whitelist, parent->protocol_blacklist, parent);
|
|
if (c->is_dtls) {
|
|
if (ret < 0) {
|
|
av_log(c, AV_LOG_ERROR, "WHIP: Failed to connect udp://%s:%d\n", c->underlying_host, port);
|
|
return ret;
|
|
}
|
|
/* Make the socket non-blocking, set to READ and WRITE mode after connected */
|
|
ff_socket_nonblock(ffurl_get_file_handle(c->udp), 1);
|
|
c->udp->flags |= AVIO_FLAG_READ | AVIO_FLAG_NONBLOCK;
|
|
}
|
|
return ret;
|
|
}
|
|
|
|
/**
|
|
* Read all data from the given URL url and store it in the given buffer bp.
|
|
*/
|
|
int ff_url_read_all(const char *url, AVBPrint *bp)
|
|
{
|
|
int ret = 0;
|
|
AVDictionary *opts = NULL;
|
|
URLContext *uc = NULL;
|
|
char buf[MAX_URL_SIZE];
|
|
|
|
ret = ffurl_open_whitelist(&uc, url, AVIO_FLAG_READ, NULL, &opts, NULL, NULL, NULL);
|
|
if (ret < 0) {
|
|
av_log(NULL, AV_LOG_ERROR, "TLS: Failed to open url %s\n", url);
|
|
goto end;
|
|
}
|
|
|
|
while (1) {
|
|
ret = ffurl_read(uc, buf, sizeof(buf));
|
|
if (ret == AVERROR_EOF) {
|
|
/* Reset the error because we read all response as answer util EOF. */
|
|
ret = 0;
|
|
break;
|
|
}
|
|
if (ret <= 0) {
|
|
av_log(NULL, AV_LOG_ERROR, "TLS: Failed to read from url=%s, key is %s\n", url, bp->str);
|
|
goto end;
|
|
}
|
|
|
|
av_bprintf(bp, "%.*s", ret, buf);
|
|
if (!av_bprint_is_complete(bp)) {
|
|
av_log(NULL, AV_LOG_ERROR, "TLS: Exceed max size %.*s, %s\n", ret, buf, bp->str);
|
|
ret = AVERROR(EIO);
|
|
goto end;
|
|
}
|
|
}
|
|
|
|
end:
|
|
ffurl_closep(&uc);
|
|
av_dict_free(&opts);
|
|
return ret;
|
|
}
|