22 #include <mbedtls/certs.h>
23 #include <mbedtls/config.h>
24 #include <mbedtls/ctr_drbg.h>
25 #include <mbedtls/entropy.h>
26 #include <mbedtls/net_sockets.h>
27 #include <mbedtls/platform.h>
28 #include <mbedtls/ssl.h>
29 #include <mbedtls/x509_crt.h>
50 #define OFFSET(x) offsetof(TLSContext, x)
58 mbedtls_x509_crt_free(&tls_ctx->
ca_cert);
59 mbedtls_x509_crt_free(&tls_ctx->
own_cert);
73 return react_on_eagain;
78 return MBEDTLS_ERR_NET_CONN_RESET;
82 return MBEDTLS_ERR_NET_SEND_FAILED;
93 if (
h->max_packet_size &&
len >
h->max_packet_size)
94 return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
106 if (
h->max_packet_size &&
len >
h->max_packet_size)
107 return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
115 case MBEDTLS_ERR_PK_FILE_IO_ERROR:
116 av_log(
h,
AV_LOG_ERROR,
"Read of key file failed. Is it actually there, are the access permissions correct?\n");
118 case MBEDTLS_ERR_PK_PASSWORD_REQUIRED:
121 case MBEDTLS_ERR_PK_PASSWORD_MISMATCH:
133 case MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE:
134 av_log(
h,
AV_LOG_ERROR,
"None of the common ciphersuites is usable. Was the local certificate correctly set?\n");
136 case MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE:
137 av_log(
h,
AV_LOG_ERROR,
"A fatal alert message was received from the peer, has the peer a correct certificate?\n");
139 case MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED:
140 av_log(
h,
AV_LOG_ERROR,
"No CA chain is set, but required to operate. Was the CA correctly set?\n");
142 case MBEDTLS_ERR_NET_CONN_RESET:
154 const char *p = strchr(uri,
'?');
166 uint32_t verify_res_flags;
176 mbedtls_ssl_config_init(&tls_ctx->
ssl_config);
179 mbedtls_x509_crt_init(&tls_ctx->
ca_cert);
180 mbedtls_pk_init(&tls_ctx->
priv_key);
184 if ((ret = mbedtls_x509_crt_parse_file(&tls_ctx->
ca_cert, shr->
ca_file)) != 0) {
192 if ((ret = mbedtls_x509_crt_parse_file(&tls_ctx->
own_cert, shr->
cert_file)) != 0) {
200 if ((ret = mbedtls_pk_parse_keyfile(&tls_ctx->
priv_key,
210 mbedtls_entropy_func,
217 if ((ret = mbedtls_ssl_config_defaults(&tls_ctx->
ssl_config,
218 shr->
listen ? MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT,
219 MBEDTLS_SSL_TRANSPORT_STREAM,
220 MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
225 mbedtls_ssl_conf_authmode(&tls_ctx->
ssl_config,
226 shr->
ca_file ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE);
242 if ((ret = mbedtls_ssl_set_hostname(&tls_ctx->
ssl_context, shr->
host)) != 0) {
252 while ((ret = mbedtls_ssl_handshake(&tls_ctx->
ssl_context)) != 0) {
253 if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
261 if ((verify_res_flags = mbedtls_ssl_get_verify_result(&tls_ctx->
ssl_context)) != 0) {
263 "with the certificate verification, returned flags: %u\n",
265 if (verify_res_flags & MBEDTLS_X509_BADCERT_NOT_TRUSTED)
281 case MBEDTLS_ERR_SSL_WANT_READ:
282 case MBEDTLS_ERR_SSL_WANT_WRITE:
284 case MBEDTLS_ERR_NET_SEND_FAILED:
285 case MBEDTLS_ERR_NET_RECV_FAILED:
287 case MBEDTLS_ERR_NET_CONN_RESET:
288 case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
int ffurl_read(URLContext *h, unsigned char *buf, int size)
Read up to size bytes from the resource accessed by h, and store the read bytes in buf.
int ffurl_get_short_seek(URLContext *h)
Return the current short seek threshold value for this URL.
int ffurl_closep(URLContext **hh)
Close the resource accessed by the URLContext h, and free the memory used by it.
int ffurl_write(URLContext *h, const unsigned char *buf, int size)
Write size bytes from buf to the resource accessed by h.
int ffurl_get_file_handle(URLContext *h)
Return the file descriptor associated with this URL.
#define flags(name, subs,...)
#define AVERROR_EXIT
Immediate exit was requested; the called function should not be restarted.
#define AVERROR_EOF
End of file.
#define AV_LOG_WARNING
Something somehow does not look correct.
#define AV_LOG_ERROR
Something went wrong and cannot losslessly be recovered.
const char * av_default_item_name(void *ptr)
Return the context name.
char * av_strdup(const char *s)
Duplicate a string.
#define LIBAVUTIL_VERSION_INT
common internal API header
int av_find_info_tag(char *arg, int arg_size, const char *tag1, const char *info)
Attempt to find a specific tag in a URL.
Describe the class of an AVClass context structure.
const char * class_name
The name of the class; usually it is the same name as the context structure type to which the AVClass...
mbedtls_ctr_drbg_context ctr_drbg_context
mbedtls_ssl_context ssl_context
mbedtls_ssl_config ssl_config
mbedtls_pk_context priv_key
mbedtls_x509_crt own_cert
mbedtls_entropy_context entropy_context
int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AVDictionary **options)
#define TLS_COMMON_OPTIONS(pstruct, options_field)
static int tls_close(URLContext *h)
static const AVClass tls_class
static void handle_pk_parse_error(URLContext *h, int ret)
const URLProtocol ff_tls_protocol
static const AVOption options[]
static void handle_handshake_error(URLContext *h, int ret)
static int tls_read(URLContext *h, uint8_t *buf, int size)
static int handle_tls_error(URLContext *h, const char *func_name, int ret)
static int handle_transport_error(URLContext *h, const char *func_name, int react_on_eagain, int ret)
static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options)
static int tls_get_short_seek(URLContext *h)
static int tls_write(URLContext *h, const uint8_t *buf, int size)
static int mbedtls_send(void *ctx, const unsigned char *buf, size_t len)
static int mbedtls_recv(void *ctx, unsigned char *buf, size_t len)
static void parse_options(TLSContext *tls_ctxc, const char *uri)
static int tls_get_file_handle(URLContext *h)
unbuffered private I/O API
#define URL_PROTOCOL_FLAG_NETWORK