rtspsrc: allow setting tls certificate validation flags

Added a new property "tls-validation-flags". If the url transport is
TLS, the validation flags will be set to the rtsp connection.

https://bugzilla.gnome.org/show_bug.cgi?id=711230

diff --git a/gst/rtsp/gstrtspsrc.c b/gst/rtsp/gstrtspsrc.c
index d904f9dfcf3cd33769c89402b7fcf31f43e94d65..685395ab2d9047f47e1d77df67a99f0d446e89c2 100644 (file)
--- a/gst/rtsp/gstrtspsrc.c
+++ b/gst/rtsp/gstrtspsrc.c
@@ -188,6 +188,7 @@ gst_rtsp_src_buffer_mode_get_type (void)
 #define DEFAULT_MULTICAST_IFACE  NULL
 #define DEFAULT_NTP_SYNC         FALSE
 #define DEFAULT_USE_PIPELINE_CLOCK      FALSE
+#define DEFAULT_TLS_VALIDATION_FLAGS G_TLS_CERTIFICATE_VALIDATE_ALL
 
 enum
 {
@@ -220,6 +221,7 @@ enum
   PROP_NTP_SYNC,
   PROP_USE_PIPELINE_CLOCK,
   PROP_SDES,
+  PROP_TLS_VALIDATION_FLAGS,
   PROP_LAST
 };
 
@@ -584,6 +586,20 @@ gst_rtspsrc_class_init (GstRTSPSrcClass * klass)
           "The SDES items of this session",
           GST_TYPE_STRUCTURE, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
 
+  /**
+   * GstRTSPSrc::tls-validation-flags:
+   *
+   * TLS certificate validation flags used to validate server
+   * certificate.
+   *
+   * Since: 1.2.1
+   */
+  g_object_class_install_property (gobject_class, PROP_TLS_VALIDATION_FLAGS,
+      g_param_spec_flags ("tls-validation-flags", "TLS validation flags",
+          "TLS certificate validation flags used to validate the server certificate",
+          G_TYPE_TLS_CERTIFICATE_FLAGS, DEFAULT_TLS_VALIDATION_FLAGS,
+          G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
+
   /**
    * GstRTSPSrc::handle-request:
    * @rtspsrc: a #GstRTSPSrc
@@ -696,6 +712,7 @@ gst_rtspsrc_init (GstRTSPSrc * src)
   src->ntp_sync = DEFAULT_NTP_SYNC;
   src->use_pipeline_clock = DEFAULT_USE_PIPELINE_CLOCK;
   src->sdes = NULL;
+  src->tls_validation_flags = DEFAULT_TLS_VALIDATION_FLAGS;
 
   /* get a list of all extensions */
   src->extensions = gst_rtsp_ext_list_get ();
@@ -950,6 +967,9 @@ gst_rtspsrc_set_property (GObject * object, guint prop_id, const GValue * value,
     case PROP_SDES:
       rtspsrc->sdes = g_value_dup_boxed (value);
       break;
+    case PROP_TLS_VALIDATION_FLAGS:
+      rtspsrc->tls_validation_flags = g_value_get_flags (value);
+      break;
     default:
       G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
       break;
@@ -1075,6 +1095,9 @@ gst_rtspsrc_get_property (GObject * object, guint prop_id, GValue * value,
     case PROP_SDES:
       g_value_set_boxed (value, rtspsrc->sdes);
       break;
+    case PROP_TLS_VALIDATION_FLAGS:
+      g_value_set_flags (value, rtspsrc->tls_validation_flags);
+      break;
     default:
       G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
       break;
@@ -3634,6 +3657,12 @@ gst_rtsp_conninfo_connect (GstRTSPSrc * src, GstRTSPConnInfo * info,
 
     GST_DEBUG_OBJECT (src, "sanitized uri %s", info->url_str);
 
+    if (info->url->transports & GST_RTSP_LOWER_TRANS_TLS) {
+      if (!gst_rtsp_connection_set_tls_validation_flags (info->connection,
+              src->tls_validation_flags))
+        GST_WARNING_OBJECT (src, "Unable to set TLS validation flags");
+    }
+
     if (info->url->transports & GST_RTSP_LOWER_TRANS_HTTP)
       gst_rtsp_connection_set_tunneled (info->connection, TRUE);
 

diff --git a/gst/rtsp/gstrtspsrc.h b/gst/rtsp/gstrtspsrc.h
index e042a3dd3684ccbd6a026ffa7b044667675ca981..bc5b1d2228f33bd53e646871129805d3231c450b 100644 (file)
--- a/gst/rtsp/gstrtspsrc.h
+++ b/gst/rtsp/gstrtspsrc.h
@@ -226,6 +226,7 @@ struct _GstRTSPSrc {
   gboolean          ntp_sync;
   gboolean          use_pipeline_clock;
   GstStructure     *sdes;
+  GTlsCertificateFlags tls_validation_flags;
 
   /* state */
   GstRTSPState       state;