[Live-devel] RTSPS and PKI
BENMOUSSA Yahia - Contractor
yahia.benmoussa at external.thalesgroup.com
Sat Jul 19 02:28:54 PDT 2025
Classified as: {OPEN}
I don't understand how to implement ClientTLSState::setupExtra without having to modify the source code.
I'd suggest adding a basic verify_callback function to the code, then adding two properties to the RTSPCLient class: fSSLVerifyPeer and fSSCAFileName.
These parameters can be set using RTSPClient::setSSLCAFileName(char const* CAFileName RTSPClient::setSSLVerifyPeer(Boolean Verify) to control RTSPClient's SSL verification behavior. No modification of the RTSPClient constructor is required.
If fSSLVerifyPeer is enabled, the server certificate will be verified using the system CA store, unless fSSCAFileName is set.
If fSSLVerifyPeer is not enabled, live behaves as usual, i.e. there is no SSL certificate verification.
The above propositions are described in the attached patch.
Most TLS clients offer the option of using a private CA file. It would be nice if live555 could do this.
Yahia
{OPEN}
-----Message d'origine-----
De : live-devel <live-devel-bounces at us.live555.com> De la part de Ross Finlayson
Envoyé : jeudi 10 juillet 2025 06:43
À : LIVE555 Streaming Media - development & use <live-devel at us.live555.com>
Objet : Re: [Live-devel] RTSPS and PKI
I have just installed a new version (2025.07.10) of the code that makes it possible for RTSP clients to do extra work (e.g., certificate checking) while setting up a TLS connection.
To do this, you must compile “TLSState.cpp” with
CLIENT_TLS_SETUP_EXTRA
defined, and then implement the member function
Boolean ClientTLSState::setupExtra(int socketNum); (This member function exists only if CLIENT_TLS_SETUP_EXTRA is defined.)
Your implementation of this member function can do whatever it wants, but it must eventually call “setupContinue()” (perhaps within a callback function). The function must also return True (unless it fails).
Ross Finlayson
Live Networks, Inc.
http://www.live555.com/
_______________________________________________
live-devel mailing list
live-devel at lists.live555.com
http://lists.live555.com/mailman/listinfo/live-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: live555-CA.patch
Type: application/octet-stream
Size: 3327 bytes
Desc: live555-CA.patch
URL: <http://lists.live555.com/pipermail/live-devel/attachments/20250719/947aa361/attachment.obj>
More information about the live-devel
mailing list