Quantcast

How to make GStreamer's high-level RTSP client abstraction start TLS connection?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

How to make GStreamer's high-level RTSP client abstraction start TLS connection?

Rodrigo Pimenta Carvalho
Hi.

When my rtsp server is not using TLS, I can run the following command with success:

gst-launch-1.0 -v rtspsrc location="rtspt://f9hE2ymDyVAK:YljYgExxh4ft@192.168.28.18:2554/h264/ch1/main/av_stream"! rtph264depay ! avdec_h264 ! videoconvert ! autovideosink

In this case there is no encrypted data. All is ok.

However, when the server is using TLS, the client should use it too. That is, the rtspsrc has to use a TLS connection to talk with the server, I suppose. But, it doest happen, as I can see via Wireshark. So, I have been studying about GStreamer since 2 days ago, to find a way of making the rtspsrc to use a TLS connection. I have read about tls-database, protocols,  GST_RTSP_LOWER_TRANS_TLS, tls-validation-flags and G_TLS_CERTIFICATE_UNKNOWN_CA.  

I didn't find an example showing how to write the command line with gst-lauch for this case. So, maybe my problem is a matter of syntax.  But I'm not sure.

For example, when I run " gst-launch-1.0 -v -m --gst-debug-level=3 rtspsrc location="rtspt://f9hE2ymDyVAK:YljYgExxh4ft@192.168.28.33:2554/h264/ch1/main/av_stream" tls-database="~/cacert.pem"  username=f9hE2ymDyVAK password=YljYgExxh4ft ! rtph264depay ! avdec_h264 ! videoconvert ! autovideosink" I got:

ERROR           GST_PIPELINE ./grammar.y:453:gst_parse_element_set: could not set property "tls-database" in element "rtspsrc0" to "~/cacert.pem"

-------------------------------------------------------------------------------------------------

In my server side I have something like this:

auth = gst_rtsp_auth_new ();

#ifdef WITH_TLS
    GError *error = NULL;
    cert = g_tls_certificate_new_from_files ("/usr/local/etc/opensips/tls/rootCA/certs/cert.pem", "/usr/local/etc/opensips/tls/rootCA/private/key.pem", &error);
    g_assert_no_error (error);
    g_assert (cert);
#endif


    /* make user token */
    token =
        gst_rtsp_token_new (GST_RTSP_TOKEN_MEDIA_FACTORY_ROLE, G_TYPE_STRING,
        "user", NULL);
    basic = gst_rtsp_auth_make_basic (user,password);
    gst_rtsp_auth_add_basic (auth, basic, token);
    g_free (basic);
    gst_rtsp_token_unref (token);

    /* configure in the server */
    gst_rtsp_server_set_auth (server, auth);

    g_object_unref (auth);

----------------------------------------------------------------------------------------------------------------------

What more else should I do? Is my problem just a matter of syntax or should I write more code in my server side?
What I want to do is pass the user and password from receiver to server in a secure way.

Any hint will be very helpful!

Best regards.

Rodrigo Pimenta Carvalho.



Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to make GStreamer's high-level RTSP client abstraction start TLS connection?

Rodrigo Pimenta Carvalho
I was analyzing it a bit more and I found one problem.

I was using rtspt, when I should use rtsps. So, my problem now is a bit different.

Without tls-database, I get the error not-authorized.
With tls-database, I get the error "could not set property "tls-database" in element "rtspsrc0"".

So, now I have to find how to pass the tls-database in the correct way.

Any suggestion?

Best regards.
Loading...