[Live-devel] RTSPS and PKI
Jonathan Brady
jonathan.brady+live555 at denbridgemarine.com
Tue Jun 17 04:03:31 PDT 2025
As far as I know with the current client implementation the server
certificate is always valid and I believe additional work is required to
bypass validity checks and allow things like self signed certificates.
A client could check this, but it would require work to do this in
ClientTLSState::setup.
After SSL_CTX_new I believe you would need to add a call
SSL_CTX_set_verify with a verification callback which could be used to
inspect the server certificate and bypass checks. I'm not sure it's
worth the effort.
However it might be useful to add a virtual function call after the if
(fCtx == NULL) check to allow the user to make changes to the context,
e.g. setting allowed TLS versions, allowed encryption methods, ciphers etc.
The same goes for ServerTLSState::setup a virtual function might be
useful to allow the user to customise the context, if you do so I'd move
the 3 calls between SSL_CTX_new and SSL_new in setup into that virtual
function, maybe have it return a boolean value to replicate the current
break statements.
On 17/06/2025 10:21, Ross Finlayson wrote:
>
>> On Jun 17, 2025, at 2:13 AM, BENMOUSSA Yahia - Contractor via live-devel <live-devel at us.live555.com> wrote:
>>
>> At the client side, how we can check the validity of the server certificate ?
>> For ex. It is self-signed certificate or not.
> As far as I know, there’s no way for the client to check this. Once the TLS connection succeeds, it is assumed to be valid.
>
>
> Ross Finlayson
> Live Networks, Inc.
> http://www.live555.com/
>
>
> _______________________________________________
> live-devel mailing list
> live-devel at lists.live555.com
> http://lists.live555.com/mailman/listinfo/live-devel
More information about the live-devel
mailing list