36 #include <Security/Security.h> 37 #include <Security/SecureTransport.h> 38 #include <CoreFoundation/CoreFoundation.h> 41 SecIdentityRef
SecIdentityCreate(CFAllocatorRef allocator, SecCertificateRef certificate, SecKeyRef privateKey);
56 case errSSLWouldBlock:
58 case errSSLXCertChainInvalid:
72 #if !HAVE_SECITEMIMPORT 79 SecExternalFormat
format = kSecFormatPEMSequence;
80 SecExternalFormat
type = kSecItemTypeAggregate;
81 CFStringRef pathStr = CFStringCreateWithCString(
NULL, path, 0x08000100);
108 data = CFDataCreate(kCFAllocatorDefault, buf, ret);
110 if (SecItemImport(data, pathStr, &format, &type,
111 0,
NULL,
NULL, array) != noErr || !array) {
116 if (CFArrayGetCount(*array) == 0) {
142 if (!(c->
ca_array = CFRetain(array))) {
157 CFArrayRef certArray =
NULL;
158 CFArrayRef keyArray =
NULL;
159 SecIdentityRef
id =
NULL;
160 CFMutableArrayRef outArray =
NULL;
169 (SecCertificateRef)CFArrayGetValueAtIndex(certArray, 0),
170 (SecKeyRef)CFArrayGetValueAtIndex(keyArray, 0)))) {
175 if (!(outArray = CFArrayCreateMutableCopy(kCFAllocatorDefault, 0, certArray))) {
180 CFArraySetValueAtIndex(outArray, 0,
id);
186 CFRelease(certArray);
196 static OSStatus
tls_read_cb(SSLConnectionRef connection,
void *
data,
size_t *dataLength)
200 size_t requested = *dataLength;
207 return errSSLClosedGraceful;
209 return errSSLClosedAbort;
211 return errSSLWouldBlock;
218 if (read < requested)
219 return errSSLWouldBlock;
225 static OSStatus
tls_write_cb(SSLConnectionRef connection,
const void *
data,
size_t *dataLength)
234 return errSSLWouldBlock;
240 *dataLength = written;
258 #define CHECK_ERROR(func, ...) do { \ 259 OSStatus status = func(__VA_ARGS__); \ 260 if (status != noErr) { \ 261 ret = AVERROR_UNKNOWN; \ 262 av_log(h, AV_LOG_ERROR, #func ": Error %i\n", (int)status); \ 276 c->
ssl_context = SSLCreateContext(
NULL, s->
listen ? kSSLServerSide : kSSLClientSide, kSSLStreamType);
296 if (status == errSSLServerAuthCompleted) {
297 SecTrustRef peerTrust;
298 SecTrustResultType trustResult;
302 if (SSLCopyPeerTrust(c->
ssl_context, &peerTrust) != noErr) {
307 if (SecTrustSetAnchorCertificates(peerTrust, c->
ca_array) != noErr) {
312 if (SecTrustEvaluate(peerTrust, &trustResult) != noErr) {
317 if (trustResult == kSecTrustResultProceed ||
318 trustResult == kSecTrustResultUnspecified) {
320 status = errSSLWouldBlock;
321 }
else if (trustResult == kSecTrustResultRecoverableTrustFailure) {
323 status = errSSLXCertChainInvalid;
326 status = errSSLBadCert;
330 CFRelease(peerTrust);
332 if (status == noErr) {
334 }
else if (status != errSSLWouldBlock) {
352 case errSSLClosedGraceful:
353 case errSSLClosedNoNotify:
355 case errSSLWouldBlock:
368 SSLGetBufferedReadSize(c->
ssl_context, &available);
370 size =
FFMIN(available, size);
427 .priv_data_class = &tls_class,
static const AVClass tls_class
#define AVERROR_INVALIDDATA
Invalid data found when processing input.
static int tls_get_file_handle(URLContext *h)
int64_t avio_size(AVIOContext *s)
Get the filesize.
#define URL_PROTOCOL_FLAG_NETWORK
static int tls_get_short_seek(URLContext *h)
#define CHECK_ERROR(func,...)
ptrdiff_t const GLvoid * data
#define LIBAVUTIL_VERSION_INT
int ffurl_write(URLContext *h, const unsigned char *buf, int size)
Write size bytes from buf to the resource accessed by h.
status_in is a status change that must be taken into account after all frames in fifo have been processed
AVIOInterruptCB interrupt_callback
const char * av_default_item_name(void *ptr)
Return the context name.
#define AVIO_FLAG_READ
read-only
Filter the word “frame” indicates either a video frame or a group of audio as stored in an AVFrame structure Format for each input and each output the list of supported formats For video that means pixel format For audio that means channel sample format(the sample packing is implied by the sample format) and sample rate.The lists are not just lists
static int tls_close(URLContext *h)
static int print_tls_error(URLContext *h, int ret)
static OSStatus tls_write_cb(SSLConnectionRef connection, const void *data, size_t *dataLength)
static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options)
const char * class_name
The name of the class; usually it is the same name as the context structure type to which the AVClass...
const URLProtocol ff_tls_protocol
miscellaneous OS support macros and functions.
static av_cold int end(AVCodecContext *avctx)
Undefined Behavior In the C some operations are like signed integer dereferencing freed accessing outside allocated Undefined Behavior must not occur in a C it is not safe even if the output of undefined operations is unused The unsafety may seem nit picking but Optimizing compilers have in fact optimized code on the assumption that no undefined Behavior occurs Optimizing code based on wrong assumptions can and has in some cases lead to effects beyond the output of computations The signed integer overflow problem in speed critical code Code which is highly optimized and works with signed integers sometimes has the problem that often the output of the computation does not c
#define AVERROR_EOF
End of file.
static int load_ca(URLContext *h)
int avio_read(AVIOContext *s, unsigned char *buf, int size)
Read size bytes from AVIOContext into buf.
#define AV_LOG_ERROR
Something went wrong and cannot losslessly be recovered.
const char * protocol_whitelist
int avio_close(AVIOContext *s)
Close the resource accessed by the AVIOContext s and free it.
static int tls_read(URLContext *h, uint8_t *buf, int size)
static int import_pem(URLContext *h, char *path, CFArrayRef *array)
mbedtls_ssl_context ssl_context
int ffurl_get_short_seek(URLContext *h)
Return the current short seek threshold value for this URL.
#define TLS_COMMON_OPTIONS(pstruct, options_field)
int ffurl_get_file_handle(URLContext *h)
Return the file descriptor associated with this URL.
static int map_ssl_error(OSStatus status, size_t processed)
int ffurl_closep(URLContext **hh)
Close the resource accessed by the URLContext h, and free the memory used by it.
#define AVERROR_PATCHWELCOME
Not yet implemented in FFmpeg, patches welcome.
const char * protocol_blacklist
Describe the class of an AVClass context structure.
they must not be accessed directly The fifo field contains the frames that are queued in the input for processing by the filter The status_in and status_out fields contains the queued status(EOF or error) of the link
SSLContextRef ssl_context
int ffio_open_whitelist(AVIOContext **s, const char *url, int flags, const AVIOInterruptCB *int_cb, AVDictionary **options, const char *whitelist, const char *blacklist)
#define flags(name, subs,...)
static const AVOption options[]
common internal api header.
int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AVDictionary **options)
static int tls_write(URLContext *h, const uint8_t *buf, int size)
#define AVERROR_UNKNOWN
Unknown error, typically from an external library.
static OSStatus tls_read_cb(SSLConnectionRef connection, void *data, size_t *dataLength)
SecIdentityRef SecIdentityCreate(CFAllocatorRef allocator, SecCertificateRef certificate, SecKeyRef privateKey)
unbuffered private I/O API
static int array[MAX_W *MAX_W]
Filter the word “frame” indicates either a video frame or a group of audio as stored in an AVFrame structure Format for each input and each output the list of supported formats For video that means pixel format For audio that means channel sample they are references to shared objects When the negotiation mechanism computes the intersection of the formats supported at each end of a all references to both lists are replaced with a reference to the intersection And when a single format is eventually chosen for a link amongst the remaining all references to the list are updated That means that if a filter requires that its input and output have the same format amongst a supported all it has to do is use a reference to the same list of formats query_formats can leave some formats unset and return AVERROR(EAGAIN) to cause the negotiation mechanism toagain later.That can be used by filters with complex requirements to use the format negotiated on one link to set the formats supported on another.Frame references ownership and permissions
static int load_cert(URLContext *h)
int ffurl_read(URLContext *h, unsigned char *buf, int size)
Read up to size bytes from the resource accessed by h, and store the read bytes in buf...