rtspsrc: allow setting tls certificate validation flags

Added a new property "tls-validation-flags". If the url transport is
TLS, the validation flags will be set to the rtsp connection.

https://bugzilla.gnome.org/show_bug.cgi?id=711230

diff --git a/gst/rtsp/gstrtspsrc.c b/gst/rtsp/gstrtspsrc.c
index d904f9d..685395a 100644 (file)
--- a/gst/rtsp/gstrtspsrc.c
+++ b/gst/rtsp/gstrtspsrc.c
@@ -188,6 +188,7 @@ gst_rtsp_src_buffer_mode_get_type (void)
 #define DEFAULT_MULTICAST_IFACE  NULL
 #define DEFAULT_NTP_SYNC         FALSE
 #define DEFAULT_USE_PIPELINE_CLOCK      FALSE
+#define DEFAULT_TLS_VALIDATION_FLAGS G_TLS_CERTIFICATE_VALIDATE_ALL
 
 enum
 {
@@ -220,6 +221,7 @@ enum
   PROP_NTP_SYNC,
   PROP_USE_PIPELINE_CLOCK,
   PROP_SDES,
+  PROP_TLS_VALIDATION_FLAGS,
   PROP_LAST
 };
 
@@ -585,6 +587,20 @@ gst_rtspsrc_class_init (GstRTSPSrcClass * klass)
           GST_TYPE_STRUCTURE, G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
 
   /**
+   * GstRTSPSrc::tls-validation-flags:
+   *
+   * TLS certificate validation flags used to validate server
+   * certificate.
+   *
+   * Since: 1.2.1
+   */
+  g_object_class_install_property (gobject_class, PROP_TLS_VALIDATION_FLAGS,
+      g_param_spec_flags ("tls-validation-flags", "TLS validation flags",
+          "TLS certificate validation flags used to validate the server certificate",
+          G_TYPE_TLS_CERTIFICATE_FLAGS, DEFAULT_TLS_VALIDATION_FLAGS,
+          G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));
+
+  /**
    * GstRTSPSrc::handle-request:
    * @rtspsrc: a #GstRTSPSrc
    * @request: a #GstRTSPMessage
@@ -696,6 +712,7 @@ gst_rtspsrc_init (GstRTSPSrc * src)
   src->ntp_sync = DEFAULT_NTP_SYNC;
   src->use_pipeline_clock = DEFAULT_USE_PIPELINE_CLOCK;
   src->sdes = NULL;
+  src->tls_validation_flags = DEFAULT_TLS_VALIDATION_FLAGS;
 
   /* get a list of all extensions */
   src->extensions = gst_rtsp_ext_list_get ();
@@ -950,6 +967,9 @@ gst_rtspsrc_set_property (GObject * object, guint prop_id, const GValue * value,
     case PROP_SDES:
       rtspsrc->sdes = g_value_dup_boxed (value);
       break;
+    case PROP_TLS_VALIDATION_FLAGS:
+      rtspsrc->tls_validation_flags = g_value_get_flags (value);
+      break;
     default:
       G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
       break;
@@ -1075,6 +1095,9 @@ gst_rtspsrc_get_property (GObject * object, guint prop_id, GValue * value,
     case PROP_SDES:
       g_value_set_boxed (value, rtspsrc->sdes);
       break;
+    case PROP_TLS_VALIDATION_FLAGS:
+      g_value_set_flags (value, rtspsrc->tls_validation_flags);
+      break;
     default:
       G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
       break;
@@ -3634,6 +3657,12 @@ gst_rtsp_conninfo_connect (GstRTSPSrc * src, GstRTSPConnInfo * info,
 
     GST_DEBUG_OBJECT (src, "sanitized uri %s", info->url_str);
 
+    if (info->url->transports & GST_RTSP_LOWER_TRANS_TLS) {
+      if (!gst_rtsp_connection_set_tls_validation_flags (info->connection,
+              src->tls_validation_flags))
+        GST_WARNING_OBJECT (src, "Unable to set TLS validation flags");
+    }
+
     if (info->url->transports & GST_RTSP_LOWER_TRANS_HTTP)
       gst_rtsp_connection_set_tunneled (info->connection, TRUE);
 

diff --git a/gst/rtsp/gstrtspsrc.h b/gst/rtsp/gstrtspsrc.h
index e042a3d..bc5b1d2 100644 (file)
--- a/gst/rtsp/gstrtspsrc.h
+++ b/gst/rtsp/gstrtspsrc.h
@@ -226,6 +226,7 @@ struct _GstRTSPSrc {
   gboolean          ntp_sync;
   gboolean          use_pipeline_clock;
   GstStructure     *sdes;
+  GTlsCertificateFlags tls_validation_flags;
 
   /* state */
   GstRTSPState       state;