GNOME Bugzilla – Bug 724396
rtspsrc: add tls-database property
Last modified: 2014-02-21 18:59:01 UTC
Allow setting an additional certificate database file. The file will be given to rtsp connection and used when a server certificate cannot be verified against the default certificate database.
Created attachment 269159 [details] [review] add tls-database-file property
Review of attachment 269159 [details] [review]: ::: gst/rtsp/gstrtspsrc.c @@ +592,3 @@ + * + * TLS database file with anchor certificate authorities used to + * validate the server certificate. Add a "Since: 1.4" marker here please Also does this require a single file with all certificates or will a directory like /etc/ssl/certs work too?
(In reply to comment #2) > Review of attachment 269159 [details] [review]: > > ::: gst/rtsp/gstrtspsrc.c > @@ +592,3 @@ > + * > + * TLS database file with anchor certificate authorities used to > + * validate the server certificate. > > Add a "Since: 1.4" marker here please > > Also does this require a single file with all certificates or will a directory > like /etc/ssl/certs work too? It requires a single file with PEM encoded certificates. rtspconnection will use: https://developer.gnome.org/gio/2.32/GTlsFileDatabase.html#g-tls-file-database-new
Created attachment 269351 [details] [review] add tls-database-file property fixup added Since note and note in documentation regarding certificates being in PEM format.
Created attachment 269481 [details] [review] add tls-database-file property 2nd fixup now uses gst_rtsp_connection_set_tls_database.
Comment on attachment 269481 [details] [review] add tls-database-file property 2nd fixup I think for consistency this should also directly use a GTlsDataBase instead of a string Otherwise looks good
(In reply to comment #6) > (From update of attachment 269481 [details] [review]) > I think for consistency this should also directly use a GTlsDataBase instead of > a string > > Otherwise looks good But that means you can't use the option from the command line. I guess it's OK. Is that right?
Yes
Created attachment 269739 [details] [review] add tls-database property Property renamed to tls-database. Thanks for the feedback.
commit 62f5a274168889142b35472b14173b6c1f4bce6f Author: Aleix Conchillo Flaqué <aleix@oblong.com> Date: Fri Feb 14 17:14:42 2014 -0800 rtspsrc: add tls-database property Add support for a new property: tls-database. If the property is set, the certificate database will be given to the rtsp connection if TLS protocol is being used. If the server certificate can't be verified with the default database, this additional database will be used. https://bugzilla.gnome.org/show_bug.cgi?id=724396