From 1ee8ce75f1f079e7d482297abd0848689718b35b Mon Sep 17 00:00:00 2001 From: Joschka Tillmanns Date: Tue, 20 Oct 2015 20:27:58 +0200 Subject: [PATCH] options: add support for client certificate authentication Client certificates are supported by ffmpeg as documented here: > https://www.ffmpeg.org/ffmpeg-protocols.html#tls Signed-off-by: wm4 --- DOCS/man/options.rst | 7 +++++++ options/options.c | 2 ++ options/options.h | 2 ++ stream/stream_lavf.c | 4 ++++ 4 files changed, 15 insertions(+) diff --git a/DOCS/man/options.rst b/DOCS/man/options.rst index e230ad2adc..e4a1050c5d 100644 --- a/DOCS/man/options.rst +++ b/DOCS/man/options.rst @@ -3278,6 +3278,13 @@ Network Verify peer certificates when using TLS (e.g. with ``https://...``). (Silently fails with older FFmpeg or Libav versions.) +``--tls-cert-file`` + A file containing a certificate to use in the handshake with the + peer. + +``--tls-key-file`` + A file containing the private key for the certificate. + ``--referrer=`` Specify a referrer path or URL for HTTP requests. diff --git a/options/options.c b/options/options.c index 7a23e0c9c2..4e63332444 100644 --- a/options/options.c +++ b/options/options.c @@ -185,6 +185,8 @@ const m_option_t mp_opts[] = { {"http", 3})), OPT_FLAG("tls-verify", network_tls_verify, 0), OPT_STRING("tls-ca-file", network_tls_ca_file, M_OPT_FILE), + OPT_STRING("tls-cert-file", network_tls_cert_file, M_OPT_FILE), + OPT_STRING("tls-key-file", network_tls_key_file, M_OPT_FILE), OPT_DOUBLE("network-timeout", network_timeout, M_OPT_MIN, .min = 0), // ------------------------- demuxer options -------------------- diff --git a/options/options.h b/options/options.h index 8d7246e8b9..e76c0cbf0c 100644 --- a/options/options.h +++ b/options/options.h @@ -277,6 +277,8 @@ typedef struct MPOpts { char **network_http_header_fields; int network_tls_verify; char *network_tls_ca_file; + char *network_tls_cert_file; + char *network_tls_key_file; double network_timeout; struct tv_params *tv_params; diff --git a/stream/stream_lavf.c b/stream/stream_lavf.c index c5d8f1a8c4..a66ff94374 100644 --- a/stream/stream_lavf.c +++ b/stream/stream_lavf.c @@ -168,6 +168,10 @@ void mp_setup_av_network_options(AVDictionary **dict, struct mpv_global *global, av_dict_set(dict, "tls_verify", opts->network_tls_verify ? "1" : "0", 0); if (opts->network_tls_ca_file) av_dict_set(dict, "ca_file", opts->network_tls_ca_file, 0); + if (opts->network_tls_cert_file) + av_dict_set(dict, "cert_file", opts->network_tls_cert_file, 0); + if (opts->network_tls_key_file) + av_dict_set(dict, "key_file", opts->network_tls_key_file, 0); char *cust_headers = talloc_strdup(temp, ""); if (opts->network_referrer) { cust_headers = talloc_asprintf_append(cust_headers, "Referer: %s\r\n",