Go to the documentation of this file.
36 #include <Security/Security.h>
37 #include <Security/SecureTransport.h>
38 #include <CoreFoundation/CoreFoundation.h>
41 SecIdentityRef
SecIdentityCreate(CFAllocatorRef allocator, SecCertificateRef certificate, SecKeyRef privateKey);
56 case errSSLWouldBlock:
58 case errSSLXCertChainInvalid:
72 #if !HAVE_SECITEMIMPORT
79 SecExternalFormat
format = kSecFormatPEMSequence;
80 SecExternalFormat
type = kSecItemTypeAggregate;
81 CFStringRef pathStr = CFStringCreateWithCString(
NULL, path, 0x08000100);
88 &
h->interrupt_callback,
NULL,
89 h->protocol_whitelist,
h->protocol_blacklist)) < 0)
108 data = CFDataCreate(kCFAllocatorDefault, buf,
ret);
116 if (CFArrayGetCount(*
array) == 0) {
142 if (!(
c->ca_array = CFRetain(
array))) {
157 CFArrayRef certArray =
NULL;
158 CFArrayRef keyArray =
NULL;
159 SecIdentityRef
id =
NULL;
160 CFMutableArrayRef outArray =
NULL;
169 (SecCertificateRef)CFArrayGetValueAtIndex(certArray, 0),
170 (SecKeyRef)CFArrayGetValueAtIndex(keyArray, 0)))) {
175 if (!(outArray = CFArrayCreateMutableCopy(kCFAllocatorDefault, 0, certArray))) {
180 CFArraySetValueAtIndex(outArray, 0,
id);
182 SSLSetCertificate(
c->ssl_context, outArray);
186 CFRelease(certArray);
196 static OSStatus
tls_read_cb(SSLConnectionRef connection,
void *
data,
size_t *dataLength)
200 size_t requested = *dataLength;
207 return errSSLClosedGraceful;
209 return errSSLClosedAbort;
211 return errSSLWouldBlock;
218 if (
read < requested)
219 return errSSLWouldBlock;
225 static OSStatus
tls_write_cb(SSLConnectionRef connection,
const void *
data,
size_t *dataLength)
234 return errSSLWouldBlock;
236 c->lastErr = written;
240 *dataLength = written;
248 if (
c->ssl_context) {
249 SSLClose(
c->ssl_context);
250 CFRelease(
c->ssl_context);
253 CFRelease(
c->ca_array);
258 #define CHECK_ERROR(func, ...) do { \
259 OSStatus status = func(__VA_ARGS__); \
260 if (status != noErr) { \
261 ret = AVERROR_UNKNOWN; \
262 av_log(h, AV_LOG_ERROR, #func ": Error %i\n", (int)status); \
276 c->ssl_context = SSLCreateContext(
NULL,
s->listen ? kSSLServerSide : kSSLClientSide, kSSLStreamType);
277 if (!
c->ssl_context) {
286 if (
s->ca_file || !
s->verify)
287 CHECK_ERROR(SSLSetSessionOption,
c->ssl_context, kSSLSessionOptionBreakOnServerAuth,
true);
291 CHECK_ERROR(SSLSetPeerDomainName,
c->ssl_context,
s->host, strlen(
s->host));
295 OSStatus
status = SSLHandshake(
c->ssl_context);
296 if (
status == errSSLServerAuthCompleted) {
297 SecTrustRef peerTrust;
298 SecTrustResultType trustResult;
302 if (SSLCopyPeerTrust(
c->ssl_context, &peerTrust) != noErr) {
307 if (SecTrustSetAnchorCertificates(peerTrust,
c->ca_array) != noErr) {
312 if (SecTrustEvaluate(peerTrust, &trustResult) != noErr) {
317 if (trustResult == kSecTrustResultProceed ||
318 trustResult == kSecTrustResultUnspecified) {
320 status = errSSLWouldBlock;
321 }
else if (trustResult == kSecTrustResultRecoverableTrustFailure) {
323 status = errSSLXCertChainInvalid;
330 CFRelease(peerTrust);
334 }
else if (
status != errSSLWouldBlock) {
352 case errSSLClosedGraceful:
353 case errSSLClosedNoNotify:
355 case errSSLWouldBlock:
368 SSLGetBufferedReadSize(
c->ssl_context, &
available);
they must not be accessed directly The fifo field contains the frames that are queued in the input for processing by the filter The status_in and status_out fields contains the queued status(EOF or error) of the link
Filter the word “frame” indicates either a video frame or a group of audio as stored in an AVFrame structure Format for each input and each output the list of supported formats For video that means pixel format For audio that means channel sample they are references to shared objects When the negotiation mechanism computes the intersection of the formats supported at each end of a all references to both lists are replaced with a reference to the intersection And when a single format is eventually chosen for a link amongst the remaining all references to the list are updated That means that if a filter requires that its input and output have the same format amongst a supported all it has to do is use a reference to the same list of formats query_formats can leave some formats unset and return AVERROR(EAGAIN) to cause the negotiation mechanism toagain later. That can be used by filters with complex requirements to use the format negotiated on one link to set the formats supported on another. Frame references ownership and permissions
#define CHECK_ERROR(func,...)
#define URL_PROTOCOL_FLAG_NETWORK
int avio_close(AVIOContext *s)
Close the resource accessed by the AVIOContext s and free it.
#define AVERROR_EOF
End of file.
static int print_tls_error(URLContext *h, int ret)
static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options)
static int map_ssl_error(OSStatus status, size_t processed)
static int tls_write(URLContext *h, const uint8_t *buf, int size)
int ffio_open_whitelist(AVIOContext **s, const char *url, int flags, const AVIOInterruptCB *int_cb, AVDictionary **options, const char *whitelist, const char *blacklist)
status_in is a status change that must be taken into account after all frames in fifo have been processed
#define AVERROR_UNKNOWN
Unknown error, typically from an external library.
int64_t avio_size(AVIOContext *s)
Get the filesize.
#define TLS_COMMON_OPTIONS(pstruct, options_field)
static OSStatus tls_write_cb(SSLConnectionRef connection, const void *data, size_t *dataLength)
static OSStatus tls_read_cb(SSLConnectionRef connection, void *data, size_t *dataLength)
it s the only field you need to keep assuming you have a context There is some magic you don t need to care about around this just let it vf type
static int tls_get_short_seek(URLContext *h)
#define AV_LOG_ERROR
Something went wrong and cannot losslessly be recovered.
static int load_ca(URLContext *h)
Filter the word “frame” indicates either a video frame or a group of audio as stored in an AVFrame structure Format for each input and each output the list of supported formats For video that means pixel format For audio that means channel sample format(the sample packing is implied by the sample format) and sample rate. The lists are not just lists
#define LIBAVUTIL_VERSION_INT
Describe the class of an AVClass context structure.
#define AVERROR_PATCHWELCOME
Not yet implemented in FFmpeg, patches welcome.
const char * av_default_item_name(void *ptr)
Return the context name.
Undefined Behavior In the C some operations are like signed integer dereferencing freed accessing outside allocated Undefined Behavior must not occur in a C it is not safe even if the output of undefined operations is unused The unsafety may seem nit picking but Optimizing compilers have in fact optimized code on the assumption that no undefined Behavior occurs Optimizing code based on wrong assumptions can and has in some cases lead to effects beyond the output of computations The signed integer overflow problem in speed critical code Code which is highly optimized and works with signed integers sometimes has the problem that often the output of the computation does not c
SecIdentityRef SecIdentityCreate(CFAllocatorRef allocator, SecCertificateRef certificate, SecKeyRef privateKey)
static int tls_get_file_handle(URLContext *h)
static int tls_read(URLContext *h, uint8_t *buf, int size)
static const AVClass tls_class
static int import_pem(URLContext *h, char *path, CFArrayRef *array)
SSLContextRef ssl_context
static int tls_close(URLContext *h)
int ffurl_get_short_seek(URLContext *h)
Return the current short seek threshold value for this URL.
static const AVOption options[]
int ffurl_closep(URLContext **hh)
Close the resource accessed by the URLContext h, and free the memory used by it.
static int array[MAX_W *MAX_W]
int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AVDictionary **options)
const char * class_name
The name of the class; usually it is the same name as the context structure type to which the AVClass...
int ffurl_read(URLContext *h, unsigned char *buf, int size)
Read up to size bytes from the resource accessed by h, and store the read bytes in buf.
int avio_read(AVIOContext *s, unsigned char *buf, int size)
Read size bytes from AVIOContext into buf.
int ffurl_write(URLContext *h, const unsigned char *buf, int size)
Write size bytes from buf to the resource accessed by h.
static int load_cert(URLContext *h)
#define AVIO_FLAG_READ
read-only
#define flags(name, subs,...)
#define AVERROR_INVALIDDATA
Invalid data found when processing input.
const URLProtocol ff_tls_protocol
int ffurl_get_file_handle(URLContext *h)
Return the file descriptor associated with this URL.
static uint32_t BS_FUNC() read(BSCTX *bc, unsigned int n)
Return n bits from the buffer, n has to be in the 0-32 range.