After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 724396 - rtspsrc: add tls-database property
rtspsrc: add tls-database property
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-good
git master
Other Linux
: Normal enhancement
: 1.3.1
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on: 724393
Blocks:
 
 
Reported: 2014-02-15 01:10 UTC by Aleix Conchillo Flaqué
Modified: 2014-02-21 18:59 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
add tls-database-file property (4.59 KB, patch)
2014-02-15 01:19 UTC, Aleix Conchillo Flaqué
needs-work Details | Review
add tls-database-file property fixup (4.67 KB, patch)
2014-02-17 01:57 UTC, Aleix Conchillo Flaqué
none Details | Review
add tls-database-file property 2nd fixup (5.43 KB, patch)
2014-02-17 23:19 UTC, Aleix Conchillo Flaqué
needs-work Details | Review
add tls-database property (4.47 KB, patch)
2014-02-19 23:49 UTC, Aleix Conchillo Flaqué
committed Details | Review

Description Aleix Conchillo Flaqué 2014-02-15 01:10:17 UTC
Allow setting an additional certificate database file. The file will be given to rtsp connection and used when a server certificate cannot be verified against the default certificate database.
Comment 1 Aleix Conchillo Flaqué 2014-02-15 01:19:02 UTC
Created attachment 269159 [details] [review]
add tls-database-file property
Comment 2 Sebastian Dröge (slomo) 2014-02-16 09:05:00 UTC
Review of attachment 269159 [details] [review]:

::: gst/rtsp/gstrtspsrc.c
@@ +592,3 @@
+   *
+   * TLS database file with anchor certificate authorities used to
+   * validate the server certificate.

Add a "Since: 1.4" marker here please

Also does this require a single file with all certificates or will a directory like /etc/ssl/certs work too?
Comment 3 Aleix Conchillo Flaqué 2014-02-17 01:52:39 UTC
(In reply to comment #2)
> Review of attachment 269159 [details] [review]:
> 
> ::: gst/rtsp/gstrtspsrc.c
> @@ +592,3 @@
> +   *
> +   * TLS database file with anchor certificate authorities used to
> +   * validate the server certificate.
> 
> Add a "Since: 1.4" marker here please
> 
> Also does this require a single file with all certificates or will a directory
> like /etc/ssl/certs work too?

It requires a single file with PEM encoded certificates. rtspconnection will use:

https://developer.gnome.org/gio/2.32/GTlsFileDatabase.html#g-tls-file-database-new
Comment 4 Aleix Conchillo Flaqué 2014-02-17 01:57:37 UTC
Created attachment 269351 [details] [review]
add tls-database-file property fixup

added Since note and note in documentation regarding certificates being in PEM format.
Comment 5 Aleix Conchillo Flaqué 2014-02-17 23:19:51 UTC
Created attachment 269481 [details] [review]
add tls-database-file property 2nd fixup

now uses gst_rtsp_connection_set_tls_database.
Comment 6 Sebastian Dröge (slomo) 2014-02-19 20:19:13 UTC
Comment on attachment 269481 [details] [review]
add tls-database-file property 2nd fixup

I think for consistency this should also directly use a GTlsDataBase instead of a string

Otherwise looks good
Comment 7 Aleix Conchillo Flaqué 2014-02-19 20:37:21 UTC
(In reply to comment #6)
> (From update of attachment 269481 [details] [review])
> I think for consistency this should also directly use a GTlsDataBase instead of
> a string
> 
> Otherwise looks good

But that means you can't use the option from the command line. I guess it's OK. Is that right?
Comment 8 Sebastian Dröge (slomo) 2014-02-19 20:52:21 UTC
Yes
Comment 9 Aleix Conchillo Flaqué 2014-02-19 23:49:17 UTC
Created attachment 269739 [details] [review]
add tls-database property

Property renamed to tls-database. Thanks for the feedback.
Comment 10 Sebastian Dröge (slomo) 2014-02-20 19:04:24 UTC
commit 62f5a274168889142b35472b14173b6c1f4bce6f
Author: Aleix Conchillo Flaqué <aleix@oblong.com>
Date:   Fri Feb 14 17:14:42 2014 -0800

    rtspsrc: add tls-database property
    
    Add support for a new property: tls-database. If the property is set,
    the certificate database will be given to the rtsp connection if TLS
    protocol is being used. If the server certificate can't be verified with
    the default database, this additional database will be used.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=724396