FFmpeg
tls_mbedtls.c
Go to the documentation of this file.
1 /*
2  * TLS/SSL Protocol
3  * Copyright (c) 2018 Thomas Volkert
4  *
5  * This file is part of FFmpeg.
6  *
7  * FFmpeg is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU Lesser General Public
9  * License as published by the Free Software Foundation; either
10  * version 2.1 of the License, or (at your option) any later version.
11  *
12  * FFmpeg is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with FFmpeg; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20  */
21 
22 #include <mbedtls/version.h>
23 #include <mbedtls/ctr_drbg.h>
24 #include <mbedtls/entropy.h>
25 #include <mbedtls/net_sockets.h>
26 #include <mbedtls/platform.h>
27 #include <mbedtls/ssl.h>
28 #include <mbedtls/x509_crt.h>
29 #include <mbedtls/debug.h>
30 #ifdef MBEDTLS_PSA_CRYPTO_C
31 #include <psa/crypto.h>
32 #endif
33 
34 #include "avformat.h"
35 #include "internal.h"
36 #include "url.h"
37 #include "tls.h"
38 #include "libavutil/mem.h"
39 #include "libavutil/parseutils.h"
40 #include "libavutil/avstring.h"
41 
42 typedef struct TLSContext {
43  const AVClass *class;
45  mbedtls_ssl_context ssl_context;
46  mbedtls_ssl_config ssl_config;
47  mbedtls_entropy_context entropy_context;
48  mbedtls_ctr_drbg_context ctr_drbg_context;
49  mbedtls_x509_crt ca_cert;
50  mbedtls_x509_crt own_cert;
51  mbedtls_pk_context priv_key;
52  char *priv_key_pw;
53 } TLSContext;
54 
55 #define OFFSET(x) offsetof(TLSContext, x)
56 
57 static int tls_close(URLContext *h)
58 {
59  TLSContext *tls_ctx = h->priv_data;
60 
61  mbedtls_ssl_close_notify(&tls_ctx->ssl_context);
62  mbedtls_pk_free(&tls_ctx->priv_key);
63  mbedtls_x509_crt_free(&tls_ctx->ca_cert);
64  mbedtls_x509_crt_free(&tls_ctx->own_cert);
65  mbedtls_ssl_free(&tls_ctx->ssl_context);
66  mbedtls_ssl_config_free(&tls_ctx->ssl_config);
67  mbedtls_ctr_drbg_free(&tls_ctx->ctr_drbg_context);
68  mbedtls_entropy_free(&tls_ctx->entropy_context);
69 
70  ffurl_closep(&tls_ctx->tls_shared.tcp);
71  return 0;
72 }
73 
74 static int handle_transport_error(URLContext *h, const char* func_name, int react_on_eagain, int ret)
75 {
76  switch (ret) {
77  case AVERROR(EAGAIN):
78  return react_on_eagain;
79  case AVERROR_EXIT:
80  return 0;
81  case AVERROR(EPIPE):
82  case AVERROR(ECONNRESET):
83  return MBEDTLS_ERR_NET_CONN_RESET;
84  default:
85  av_log(h, AV_LOG_ERROR, "%s returned 0x%x\n", func_name, ret);
86  errno = EIO;
87  return MBEDTLS_ERR_NET_SEND_FAILED;
88  }
89 }
90 
91 static int mbedtls_send(void *ctx, const unsigned char *buf, size_t len)
92 {
93  URLContext *h = (URLContext*) ctx;
94  int ret = ffurl_write(h, buf, len);
95  if (ret >= 0)
96  return ret;
97 
98  if (h->max_packet_size && len > h->max_packet_size)
99  return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
100 
101  return handle_transport_error(h, "ffurl_write", MBEDTLS_ERR_SSL_WANT_WRITE, ret);
102 }
103 
104 static int mbedtls_recv(void *ctx, unsigned char *buf, size_t len)
105 {
106  URLContext *h = (URLContext*) ctx;
107  int ret = ffurl_read(h, buf, len);
108  if (ret >= 0)
109  return ret;
110 
111  if (h->max_packet_size && len > h->max_packet_size)
112  return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
113 
114  return handle_transport_error(h, "ffurl_read", MBEDTLS_ERR_SSL_WANT_READ, ret);
115 }
116 
117 static void mbedtls_debug(void *ctx, int lvl, const char *file, int line, const char *msg)
118 {
119  URLContext *h = (URLContext*) ctx;
120  int av_lvl = lvl >= 4 ? AV_LOG_TRACE : AV_LOG_DEBUG;
121  av_log(h, av_lvl, "%s:%d: %s", av_basename(file), line, msg);
122 }
123 
125 {
126  switch (ret) {
127  case MBEDTLS_ERR_PK_FILE_IO_ERROR:
128  av_log(h, AV_LOG_ERROR, "Read of key file failed. Is it actually there, are the access permissions correct?\n");
129  break;
130  case MBEDTLS_ERR_PK_PASSWORD_REQUIRED:
131  av_log(h, AV_LOG_ERROR, "A password for the private key is missing.\n");
132  break;
133  case MBEDTLS_ERR_PK_PASSWORD_MISMATCH:
134  av_log(h, AV_LOG_ERROR, "The given password for the private key is wrong.\n");
135  break;
136  default:
137  av_log(h, AV_LOG_ERROR, "mbedtls_pk_parse_key returned -0x%x\n", -ret);
138  break;
139  }
140 }
141 
143 {
144  switch (ret) {
145 #if MBEDTLS_VERSION_MAJOR < 3
146  case MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE:
147  av_log(h, AV_LOG_ERROR, "None of the common ciphersuites is usable. Was the local certificate correctly set?\n");
148  break;
149 #else
150  case MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:
151  av_log(h, AV_LOG_ERROR, "TLS handshake failed.\n");
152  break;
153  case MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION:
154  av_log(h, AV_LOG_ERROR, "TLS protocol version mismatch.\n");
155  break;
156 #endif
157  case MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE:
158  av_log(h, AV_LOG_ERROR, "A fatal alert message was received from the peer, has the peer a correct certificate?\n");
159  break;
160  case MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED:
161  av_log(h, AV_LOG_ERROR, "No CA chain is set, but required to operate. Was the CA correctly set?\n");
162  break;
163  case MBEDTLS_ERR_SSL_INTERNAL_ERROR:
164  av_log(h, AV_LOG_ERROR, "Internal error encountered.\n");
165  break;
166  case MBEDTLS_ERR_NET_CONN_RESET:
167  av_log(h, AV_LOG_ERROR, "TLS handshake was aborted by peer.\n");
168  break;
169  case MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:
170  av_log(h, AV_LOG_ERROR, "Certificate verification failed.\n");
171  break;
172  default:
173  av_log(h, AV_LOG_ERROR, "mbedtls_ssl_handshake returned -0x%x\n", -ret);
174  break;
175  }
176 }
177 
178 static void parse_options(TLSContext *tls_ctxc, const char *uri)
179 {
180  char buf[1024];
181  const char *p = strchr(uri, '?');
182  if (!p)
183  return;
184 
185  if (!tls_ctxc->priv_key_pw && av_find_info_tag(buf, sizeof(buf), "key_password", p))
186  tls_ctxc->priv_key_pw = av_strdup(buf);
187 }
188 
189 static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options)
190 {
191  TLSContext *tls_ctx = h->priv_data;
192  TLSShared *shr = &tls_ctx->tls_shared;
193  uint32_t verify_res_flags;
194  int ret;
195 
196  // parse additional options
197  parse_options(tls_ctx, uri);
198 
199  if ((ret = ff_tls_open_underlying(shr, h, uri, options)) < 0)
200  goto fail;
201 
202 #ifdef MBEDTLS_PSA_CRYPTO_C
203  if ((ret = psa_crypto_init()) != PSA_SUCCESS) {
204  av_log(h, AV_LOG_ERROR, "psa_crypto_init returned %d\n", ret);
205  goto fail;
206  }
207 #endif
208 
209  mbedtls_ssl_init(&tls_ctx->ssl_context);
210  mbedtls_ssl_config_init(&tls_ctx->ssl_config);
211  mbedtls_entropy_init(&tls_ctx->entropy_context);
212  mbedtls_ctr_drbg_init(&tls_ctx->ctr_drbg_context);
213  mbedtls_x509_crt_init(&tls_ctx->ca_cert);
214  mbedtls_pk_init(&tls_ctx->priv_key);
215 
216  if (av_log_get_level() >= AV_LOG_DEBUG) {
217  mbedtls_ssl_conf_dbg(&tls_ctx->ssl_config, mbedtls_debug, shr->tcp);
218  /*
219  * Note: we can't call mbedtls_debug_set_threshold() here because
220  * it's global state. The user is thus expected to manage this.
221  */
222  }
223 
224  // load trusted CA
225  if (shr->ca_file) {
226  if ((ret = mbedtls_x509_crt_parse_file(&tls_ctx->ca_cert, shr->ca_file)) != 0) {
227  av_log(h, AV_LOG_ERROR, "mbedtls_x509_crt_parse_file for CA cert returned %d\n", ret);
228  goto fail;
229  }
230  }
231 
232  // load own certificate
233  if (shr->cert_file) {
234  if ((ret = mbedtls_x509_crt_parse_file(&tls_ctx->own_cert, shr->cert_file)) != 0) {
235  av_log(h, AV_LOG_ERROR, "mbedtls_x509_crt_parse_file for own cert returned %d\n", ret);
236  goto fail;
237  }
238  }
239 
240  // seed the random number generator
241  if ((ret = mbedtls_ctr_drbg_seed(&tls_ctx->ctr_drbg_context,
242  mbedtls_entropy_func,
243  &tls_ctx->entropy_context,
244  NULL, 0)) != 0) {
245  av_log(h, AV_LOG_ERROR, "mbedtls_ctr_drbg_seed returned %d\n", ret);
246  goto fail;
247  }
248 
249  // load key file
250  if (shr->key_file) {
251  if ((ret = mbedtls_pk_parse_keyfile(&tls_ctx->priv_key,
252  shr->key_file,
253  tls_ctx->priv_key_pw
254 #if MBEDTLS_VERSION_MAJOR >= 3
255  , mbedtls_ctr_drbg_random,
256  &tls_ctx->ctr_drbg_context
257 #endif
258  )) != 0) {
260  goto fail;
261  }
262  }
263 
264  if ((ret = mbedtls_ssl_config_defaults(&tls_ctx->ssl_config,
265  shr->listen ? MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT,
266  MBEDTLS_SSL_TRANSPORT_STREAM,
267  MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
268  av_log(h, AV_LOG_ERROR, "mbedtls_ssl_config_defaults returned %d\n", ret);
269  goto fail;
270  }
271 
272 #ifdef MBEDTLS_SSL_PROTO_TLS1_3
273  // mbedTLS does not allow disabling certificate verification with TLSv1.3 (yes, really).
274  if (!shr->verify) {
275  av_log(h, AV_LOG_INFO, "Forcing TLSv1.2 because certificate verification is disabled\n");
276  mbedtls_ssl_conf_max_tls_version(&tls_ctx->ssl_config, MBEDTLS_SSL_VERSION_TLS1_2);
277  }
278 #endif
279 
280  // not VERIFY_REQUIRED because we manually check after handshake
281  mbedtls_ssl_conf_authmode(&tls_ctx->ssl_config,
282  shr->verify ? MBEDTLS_SSL_VERIFY_OPTIONAL : MBEDTLS_SSL_VERIFY_NONE);
283  mbedtls_ssl_conf_rng(&tls_ctx->ssl_config, mbedtls_ctr_drbg_random, &tls_ctx->ctr_drbg_context);
284  mbedtls_ssl_conf_ca_chain(&tls_ctx->ssl_config, &tls_ctx->ca_cert, NULL);
285 
286  // set own certificate and private key
287  if ((ret = mbedtls_ssl_conf_own_cert(&tls_ctx->ssl_config, &tls_ctx->own_cert, &tls_ctx->priv_key)) != 0) {
288  av_log(h, AV_LOG_ERROR, "mbedtls_ssl_conf_own_cert returned %d\n", ret);
289  goto fail;
290  }
291 
292  if ((ret = mbedtls_ssl_setup(&tls_ctx->ssl_context, &tls_ctx->ssl_config)) != 0) {
293  av_log(h, AV_LOG_ERROR, "mbedtls_ssl_setup returned %d\n", ret);
294  goto fail;
295  }
296 
297  if (!shr->listen && !shr->numerichost) {
298  if ((ret = mbedtls_ssl_set_hostname(&tls_ctx->ssl_context, shr->host)) != 0) {
299  av_log(h, AV_LOG_ERROR, "mbedtls_ssl_set_hostname returned %d\n", ret);
300  goto fail;
301  }
302  }
303 
304  // set I/O functions to use FFmpeg internal code for transport layer
305  mbedtls_ssl_set_bio(&tls_ctx->ssl_context, shr->tcp, mbedtls_send, mbedtls_recv, NULL);
306 
307  // ssl handshake
308  while ((ret = mbedtls_ssl_handshake(&tls_ctx->ssl_context)) != 0) {
309  if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
311  goto fail;
312  }
313  }
314 
315  if (shr->verify) {
316  // check the result of the certificate verification
317  if ((verify_res_flags = mbedtls_ssl_get_verify_result(&tls_ctx->ssl_context)) != 0) {
318  av_log(h, AV_LOG_ERROR, "mbedtls_ssl_get_verify_result reported problems "\
319  "with the certificate verification, returned flags: %u\n",
320  verify_res_flags);
321  if (verify_res_flags & MBEDTLS_X509_BADCERT_NOT_TRUSTED)
322  av_log(h, AV_LOG_ERROR, "The certificate is not correctly signed by the trusted CA.\n");
323  goto fail;
324  }
325  }
326 
327  return 0;
328 
329 fail:
330  tls_close(h);
331  return AVERROR(EIO);
332 }
333 
334 static int handle_tls_error(URLContext *h, const char* func_name, int ret)
335 {
336  switch (ret) {
337  case MBEDTLS_ERR_SSL_WANT_READ:
338  case MBEDTLS_ERR_SSL_WANT_WRITE:
339 #ifdef MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET
340  case MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET:
341 #endif
342  return AVERROR(EAGAIN);
343  case MBEDTLS_ERR_NET_SEND_FAILED:
344  case MBEDTLS_ERR_NET_RECV_FAILED:
345  return AVERROR(EIO);
346  case MBEDTLS_ERR_NET_CONN_RESET:
347  case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
348  av_log(h, AV_LOG_WARNING, "%s reported connection reset by peer\n", func_name);
349  return AVERROR_EOF;
350  default:
351  av_log(h, AV_LOG_ERROR, "%s returned -0x%x\n", func_name, -ret);
352  return AVERROR(EIO);
353  }
354 }
355 
356 static int tls_read(URLContext *h, uint8_t *buf, int size)
357 {
358  TLSContext *tls_ctx = h->priv_data;
359  int ret;
360 
361  tls_ctx->tls_shared.tcp->flags &= ~AVIO_FLAG_NONBLOCK;
362  tls_ctx->tls_shared.tcp->flags |= h->flags & AVIO_FLAG_NONBLOCK;
363  if ((ret = mbedtls_ssl_read(&tls_ctx->ssl_context, buf, size)) > 0) {
364  // return read length
365  return ret;
366  }
367 
368  return handle_tls_error(h, "mbedtls_ssl_read", ret);
369 }
370 
371 static int tls_write(URLContext *h, const uint8_t *buf, int size)
372 {
373  TLSContext *tls_ctx = h->priv_data;
374  int ret;
375 
376  tls_ctx->tls_shared.tcp->flags &= ~AVIO_FLAG_NONBLOCK;
377  tls_ctx->tls_shared.tcp->flags |= h->flags & AVIO_FLAG_NONBLOCK;
378  if ((ret = mbedtls_ssl_write(&tls_ctx->ssl_context, buf, size)) > 0) {
379  // return written length
380  return ret;
381  }
382 
383  return handle_tls_error(h, "mbedtls_ssl_write", ret);
384 }
385 
387 {
388  TLSContext *c = h->priv_data;
389  return ffurl_get_file_handle(c->tls_shared.tcp);
390 }
391 
393 {
394  TLSContext *s = h->priv_data;
395  return ffurl_get_short_seek(s->tls_shared.tcp);
396 }
397 
398 static const AVOption options[] = {
399  TLS_COMMON_OPTIONS(TLSContext, tls_shared), \
400  {"key_password", "Password for the private key file", OFFSET(priv_key_pw), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
401  { NULL }
402 };
403 
404 static const AVClass tls_class = {
405  .class_name = "tls",
406  .item_name = av_default_item_name,
407  .option = options,
408  .version = LIBAVUTIL_VERSION_INT,
409 };
410 
412  .name = "tls",
413  .url_open2 = tls_open,
414  .url_read = tls_read,
415  .url_write = tls_write,
416  .url_close = tls_close,
417  .url_get_file_handle = tls_get_file_handle,
418  .url_get_short_seek = tls_get_short_seek,
419  .priv_data_size = sizeof(TLSContext),
421  .priv_data_class = &tls_class,
422 };
AV_LOG_WARNING
#define AV_LOG_WARNING
Something somehow does not look correct.
Definition: log.h:186
TLSContext
Definition: tls_gnutls.c:44
AVERROR
Filter the word “frame” indicates either a video frame or a group of audio as stored in an AVFrame structure Format for each input and each output the list of supported formats For video that means pixel format For audio that means channel sample they are references to shared objects When the negotiation mechanism computes the intersection of the formats supported at each end of a all references to both lists are replaced with a reference to the intersection And when a single format is eventually chosen for a link amongst the remaining all references to the list are updated That means that if a filter requires that its input and output have the same format amongst a supported all it has to do is use a reference to the same list of formats query_formats can leave some formats unset and return AVERROR(EAGAIN) to cause the negotiation mechanism toagain later. That can be used by filters with complex requirements to use the format negotiated on one link to set the formats supported on another. Frame references ownership and permissions
av_find_info_tag
int av_find_info_tag(char *arg, int arg_size, const char *tag1, const char *info)
Attempt to find a specific tag in a URL.
Definition: parseutils.c:753
URL_PROTOCOL_FLAG_NETWORK
#define URL_PROTOCOL_FLAG_NETWORK
Definition: url.h:33
TLSContext::entropy_context
mbedtls_entropy_context entropy_context
Definition: tls_mbedtls.c:47
AVERROR_EOF
#define AVERROR_EOF
End of file.
Definition: error.h:57
handle_pk_parse_error
static void handle_pk_parse_error(URLContext *h, int ret)
Definition: tls_mbedtls.c:124
ffurl_write
static int ffurl_write(URLContext *h, const uint8_t *buf, int size)
Write size bytes from buf to the resource accessed by h.
Definition: url.h:202
AVOption
AVOption.
Definition: opt.h:357
AVDictionary
Definition: dict.c:34
URLProtocol
Definition: url.h:51
av_basename
const char * av_basename(const char *path)
Thread safe basename.
Definition: avstring.c:252
TLSShared::verify
int verify
Definition: tls.h:31
TLSShared::listen
int listen
Definition: tls.h:34
TLSContext::ctr_drbg_context
mbedtls_ctr_drbg_context ctr_drbg_context
Definition: tls_mbedtls.c:48
TLS_COMMON_OPTIONS
#define TLS_COMMON_OPTIONS(pstruct, options_field)
Definition: tls.h:46
fail
#define fail()
Definition: checkasm.h:186
ffurl_get_short_seek
int ffurl_get_short_seek(void *urlcontext)
Return the current short seek threshold value for this URL.
Definition: avio.c:838
TLSContext::ca_cert
mbedtls_x509_crt ca_cert
Definition: tls_mbedtls.c:49
tls_close
static int tls_close(URLContext *h)
Definition: tls_mbedtls.c:57
AV_LOG_TRACE
#define AV_LOG_TRACE
Extremely verbose debugging, useful for libav* development.
Definition: log.h:206
AV_LOG_ERROR
#define AV_LOG_ERROR
Something went wrong and cannot losslessly be recovered.
Definition: log.h:180
mbedtls_recv
static int mbedtls_recv(void *ctx, unsigned char *buf, size_t len)
Definition: tls_mbedtls.c:104
s
#define s(width, name)
Definition: cbs_vp9.c:198
TLS_OPTFL
#define TLS_OPTFL
Definition: tls.h:45
URLContext::flags
int flags
Definition: url.h:40
TLSContext::priv_key
mbedtls_pk_context priv_key
Definition: tls_mbedtls.c:51
AV_LOG_DEBUG
#define AV_LOG_DEBUG
Stuff which is only useful for libav* developers.
Definition: log.h:201
ctx
AVFormatContext * ctx
Definition: movenc.c:49
TLSContext::ssl_context
mbedtls_ssl_context ssl_context
Definition: tls_mbedtls.c:45
av_log_get_level
int av_log_get_level(void)
Get the current log level.
Definition: log.c:442
internal.h
LIBAVUTIL_VERSION_INT
#define LIBAVUTIL_VERSION_INT
Definition: version.h:85
parse_options
static void parse_options(TLSContext *tls_ctxc, const char *uri)
Definition: tls_mbedtls.c:178
AVClass
Describe the class of an AVClass context structure.
Definition: log.h:66
NULL
#define NULL
Definition: coverity.c:32
av_default_item_name
const char * av_default_item_name(void *ptr)
Return the context name.
Definition: log.c:237
parseutils.h
c
Undefined Behavior In the C some operations are like signed integer dereferencing freed accessing outside allocated Undefined Behavior must not occur in a C it is not safe even if the output of undefined operations is unused The unsafety may seem nit picking but Optimizing compilers have in fact optimized code on the assumption that no undefined Behavior occurs Optimizing code based on wrong assumptions can and has in some cases lead to effects beyond the output of computations The signed integer overflow problem in speed critical code Code which is highly optimized and works with signed integers sometimes has the problem that often the output of the computation does not c
Definition: undefined.txt:32
TLSShared::host
char * host
Definition: tls.h:36
OFFSET
#define OFFSET(x)
Definition: tls_mbedtls.c:55
ff_tls_protocol
const URLProtocol ff_tls_protocol
Definition: tls_mbedtls.c:411
TLSContext::ssl_config
mbedtls_ssl_config ssl_config
Definition: tls_mbedtls.c:46
mbedtls_send
static int mbedtls_send(void *ctx, const unsigned char *buf, size_t len)
Definition: tls_mbedtls.c:91
size
int size
Definition: twinvq_data.h:10344
handle_handshake_error
static void handle_handshake_error(URLContext *h, int ret)
Definition: tls_mbedtls.c:142
TLSContext::tls_shared
TLSShared tls_shared
Definition: tls_gnutls.c:46
URLProtocol::name
const char * name
Definition: url.h:52
tls_read
static int tls_read(URLContext *h, uint8_t *buf, int size)
Definition: tls_mbedtls.c:356
line
Definition: graph2dot.c:48
handle_transport_error
static int handle_transport_error(URLContext *h, const char *func_name, int react_on_eagain, int ret)
Definition: tls_mbedtls.c:74
AV_LOG_INFO
#define AV_LOG_INFO
Standard information.
Definition: log.h:191
options
static const AVOption options[]
Definition: tls_mbedtls.c:398
URLContext
Definition: url.h:35
url.h
len
int len
Definition: vorbis_enc_data.h:426
TLSShared::cert_file
char * cert_file
Definition: tls.h:32
ffurl_closep
int ffurl_closep(URLContext **hh)
Close the resource accessed by the URLContext h, and free the memory used by it.
Definition: avio.c:588
ff_tls_open_underlying
int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AVDictionary **options)
Definition: tls.c:67
ret
ret
Definition: filter_design.txt:187
AVClass::class_name
const char * class_name
The name of the class; usually it is the same name as the context structure type to which the AVClass...
Definition: log.h:71
TLSShared::ca_file
char * ca_file
Definition: tls.h:30
avformat.h
tls_class
static const AVClass tls_class
Definition: tls_mbedtls.c:404
tls.h
TLSContext::own_cert
mbedtls_x509_crt own_cert
Definition: tls_mbedtls.c:50
TLSShared::key_file
char * key_file
Definition: tls.h:33
tls_get_short_seek
static int tls_get_short_seek(URLContext *h)
Definition: tls_mbedtls.c:392
tls_open
static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options)
Definition: tls_mbedtls.c:189
mbedtls_debug
static void mbedtls_debug(void *ctx, int lvl, const char *file, int line, const char *msg)
Definition: tls_mbedtls.c:117
av_strdup
char * av_strdup(const char *s)
Duplicate a string.
Definition: mem.c:272
mem.h
tls_write
static int tls_write(URLContext *h, const uint8_t *buf, int size)
Definition: tls_mbedtls.c:371
TLSShared
Definition: tls.h:29
AVIO_FLAG_NONBLOCK
#define AVIO_FLAG_NONBLOCK
Use non-blocking mode.
Definition: avio.h:636
handle_tls_error
static int handle_tls_error(URLContext *h, const char *func_name, int ret)
Definition: tls_mbedtls.c:334
flags
#define flags(name, subs,...)
Definition: cbs_av1.c:474
tls_get_file_handle
static int tls_get_file_handle(URLContext *h)
Definition: tls_mbedtls.c:386
TLSContext::priv_key_pw
char * priv_key_pw
Definition: tls_mbedtls.c:52
TLSShared::numerichost
int numerichost
Definition: tls.h:40
av_log
#define av_log(a,...)
Definition: tableprint_vlc.h:27
h
h
Definition: vp9dsp_template.c:2038
AVERROR_EXIT
#define AVERROR_EXIT
Immediate exit was requested; the called function should not be restarted.
Definition: error.h:58
avstring.h
AV_OPT_TYPE_STRING
@ AV_OPT_TYPE_STRING
Definition: opt.h:249
ffurl_get_file_handle
int ffurl_get_file_handle(URLContext *h)
Return the file descriptor associated with this URL.
Definition: avio.c:814
TLSShared::tcp
URLContext * tcp
Definition: tls.h:42
ffurl_read
static int ffurl_read(URLContext *h, uint8_t *buf, int size)
Read up to size bytes from the resource accessed by h, and store the read bytes in buf.
Definition: url.h:181