RTSP over TLS with IP Camera Not Working

Kommoju, Sekhar RajaShekar.Kommoju at honeywell.com
Fri Mar 12 03:01:01 PST 2021 

Hello Ross,

Good day!

I read your comment<http://lists.live555.com/pipermail/live-devel/2019-December/021409.html> on the live555 mailing list on 7th Dec 2019, regarding the TLS support to "RTSPClient" for connecting to the server via TLS (encrypted TCP). Also, I've read thru a lot of comments/change-logs/release-notes of Live555, but couldn't get clarifications, hence posting these question to you. We'll be thankful, if you can provide your valuable suggestions.

My requirement: Implement a client that connects to an IP camera via that protocol stack (i.e. on an encrypted channel using TLS) with the latest Live555 libraries (i.e. live.2021.02.11<http://www.live555.com/liveMedia/public/>).

Background: As per your comment<http://lists.live555.com/pipermail/live-devel/2019-December/021409.html>, I've modified the testRTSPClient to call the function "useTLS()" on "RTSPClient" before sending the first RTSP command, but unfortunately I was getting a "Bad Request" error response from IP camera for the OPTIONS command (as shown in the below screenshot).

Just for your reference, the sample code used in the testRTSPClient program:

       RTSPClient* rtspClient = ourRTSPClient::createNew(env, rtspURL, RTSP_CLIENT_VERBOSITY_LEVEL, progName, 443);
       if (rtspClient == NULL) {
              env << "Failed to create a RTSP client for URL \"" << rtspURL << "\": " << env.getResultMsg() << "\n";
              return;
       }
       ++rtspClientCount;
       rtspClient->useTLS();

// Next, send a RTSP "DESCRIBE" command, to get a SDP description for the stream.
       // Note that this command - like all RTSP commands - is sent asynchronously; we do not block, waiting for a response.
       // Instead, the following function call returns immediately, and we handle the RTSP response later, from within the event loop:
       rtspClient->sendOptionsCommand(continueAfterOptions, _authenticator);

Questions:

  1.  Is there a dependency on the specific version of OpenSSL? We have used with Openssl1.1.1d and Openssl1.1.1g, but same issue observed.
  2.  Do you see any issues in the way we've tried to enable TLS in the test client?
  3.  Does the Live555 library also handle the server root-certificate check/validation at the client side? Or Is it something that should be implemented out of the Live555 library?
  4.  Do you have any test client to check/test RTSP over TLS to connect to an IP camera using Live555 libraries? If so, it will of great help if you can share. Thanks!


[cid:image001.png at 01D7175A.B0B079D0]

Regards,
Raja Sekhar


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.live555.com/pipermail/live-devel/attachments/20210312/e019bd62/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 243643 bytes
Desc: image001.png
URL: <http://lists.live555.com/pipermail/live-devel/attachments/20210312/e019bd62/attachment-0001.png>

More information about the live-devel mailing list