[Live-devel] RTSPS and PKI
Ross Finlayson
finlayson at live555.com
Sat Jul 19 12:03:17 PDT 2025
> On Jul 19, 2025, at 4:48 PM, BENMOUSSA Yahia - Contractor via live-devel <live-devel at us.live555.com> wrote:
>
> We do not provide a general “TLS client”. We provide a RTSP client, that can (optionally) use TLS to set up a RTSP connection.
>
> A client accesses a RTSP connection using a “rtsp://“ or “rtsps://“ URL - only. There is no provision in the RTSP protocol for a client to also use its own certificate file, in addition to the URL.
[…]
> (This is just like HTTP - a web browser uses just a URL; it doesn’t also use a certificate file.) Allowing the client to do this would be creating a new, non-standard protocol.
>
>> Both Firefox and Chrome HTTP browsers allow to set private CA files in their security setting :)
But that doesn't necessarily make it a good idea.
I still don’t understand why you want to do this. There’s more going on here than just TLS. There’s also SRTP. If you don’t trust the RTSP server to give you a secure TLS connection, then why would you also trust it to deliver a secure SRTP stream?
Why can’t you install the certificate you want on your server(s), rather than trying to fake this in your client? (What if some other client - not under your control - ends up accessing the server?)
Ross Finlayson
Live Networks, Inc.
http://www.live555.com/
More information about the live-devel
mailing list