tls: Add options for verifying the peer certificate

Multimedia / Libav - Martin Storsjö [martin.st] - 26 September 2013 15:13 UTC

A file containing the trusted CA certificates needs to be supplied via the ca_file AVOption, unless the TLS library has got a system default file/database set up.

This doesn't check the hostname of the peer certificate with openssl, which requires a non-trivial piece of code for manually matching the desired hostname to the string provided by the certificate, not provided as a library function.

That is, with openssl, this only validates that the received certificate is signed with the right CA, but not that it is the actual server we think we're talking to.

Verification is still disabled by default since we can't count on a proper CA database existing at all times.

8b09d91 tls: Add options for verifying the peer certificate
doc/protocols.texi | 33 ++++++++++++++++++++++++
libavformat/tls.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++-
libavformat/version.h | 2 +-
3 files changed, 101 insertions(+), 2 deletions(-)

Upstream: git.libav.org

Related Libav Activity

tls: Use custom IO to read from the URLContext
Martin Storsjö

Recent Libav Activity

rtsp: add pkt_size option
Tristan Matthews

aarch64: vp8: Optimize vp8_idct_add_neon for aarch64
Martin Storsjö

aarch64: vp8: Fix assembling with clang
Martin Storsjö

libavcodec: vp8 neon optimizations for aarch64
Magnus Röös

h264/aarch64: add intra loop filter neon asm
Janne Grunau

tls: Add options for verifying the peer certificate

Multimedia / Libav - Martin Storsjö [martin.st] - 26 September 2013 15:13 UTC

Related Libav Activity

Share

Recent Libav Activity