Bug 711230 – rtspsrc: allow setting certificate validation flags

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 711230 - rtspsrc: allow setting certificate validation flags


Summary:	rtspsrc: allow setting certificate validation flags


Status:	RESOLVED FIXED

Product:	GStreamer
Classification:	Platform
Component:	gst-plugins-good
Version:	1.2.0
Hardware:	Other Linux

Importance:	Normal enhancement
Target Milestone:	1.2.1
Assigned To:	GStreamer Maintainers
QA Contact:	GStreamer Maintainers

URL:
Whiteboard:

Depends on:	711231
Blocks:

Reported:	2013-10-31 21:02 UTC by Aleix Conchillo Flaqué
Modified:	2013-11-01 15:48 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
tls-validation-flags property (3.87 KB, patch) 2013-10-31 21:08 UTC, Aleix Conchillo Flaqué	committed	Details \| Review

Description Aleix Conchillo Flaqué 2013-10-31 21:02:51 UTC

Currently, rtspsrc can only connect to an rtsps server if the server provides a certificate that validates correctly all GTlsCertificateFlags.

It would be nice if it was possible to provide the validation flags with a property.

Comment 1 Aleix Conchillo Flaqué 2013-10-31 21:08:57 UTC

Created attachment 258690 [details] [review]
tls-validation-flags property

Comment 2 Sebastian Dröge (slomo) 2013-11-01 13:54:47 UTC

Review of attachment 258690 [details] [review]:

Generally looks good

::: gst/rtsp/gstrtspsrc.c
@@ +187,3 @@
 #define DEFAULT_NTP_SYNC         FALSE
 #define DEFAULT_USE_PIPELINE_CLOCK      FALSE
+#define DEFAULT_TLS_VALIDATION_FLAGS G_TLS_CERTIFICATE_VALIDATE_ALL

Isn't the default to validate nothing currently? Changing the default could break things

@@ +591,3 @@
+   * certificate.
+   *
+   * Since: 1.2.1

Since: 1.4.0 probably

Comment 3 Aleix Conchillo Flaqué 2013-11-01 14:33:35 UTC

(In reply to comment #2)
> Review of attachment 258690 [details] [review]:
> 
> Generally looks good
> 
> ::: gst/rtsp/gstrtspsrc.c
> @@ +187,3 @@
>  #define DEFAULT_NTP_SYNC         FALSE
>  #define DEFAULT_USE_PIPELINE_CLOCK      FALSE
> +#define DEFAULT_TLS_VALIDATION_FLAGS G_TLS_CERTIFICATE_VALIDATE_ALL
> 
> Isn't the default to validate nothing currently? Changing the default could
> break things
> 

The default in g_socket_client is G_TLS_CERTIFICATE_VALIDATE_ALL. Actually, this is why I had to add this.

https://developer.gnome.org/gio/2.32/GSocketClient.html#GSocketClient--tls-validation-flags

I'm using 2.38, but it's the same.

> @@ +591,3 @@
> +   * certificate.
> +   *
> +   * Since: 1.2.1
> 
> Since: 1.4.0 probably

I can send a new patch for this, if you want.

Oh, and thanks for the two reviews!

Comment 4 Sebastian Dröge (slomo) 2013-11-01 14:55:57 UTC

Yes, make it Since: 1.2.1 please :)

Comment 5 Aleix Conchillo Flaqué 2013-11-01 15:31:08 UTC

(In reply to comment #4)
> Yes, make it Since: 1.2.1 please :)

Great, then I think this one is already fine.

Comment 6 Sebastian Dröge (slomo) 2013-11-01 15:48:18 UTC

commit 82b8374af8f642ea7a336ba3ce05b2900dc922e9
Author: Aleix Conchillo Flaque <aleix@oblong.com>
Date:   Thu Oct 31 14:05:43 2013 -0700

    rtspsrc: allow setting tls certificate validation flags
    
    Added a new property "tls-validation-flags". If the url transport is
    TLS, the validation flags will be set to the rtsp connection.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=711230