[FFmpeg-devel] [PATCH 16/18] avformat/tls: make passing an external socket universal

Timo Rothenpieler timo at rothenpieler.org
Wed Jul 2 19:56:44 EEST 2025 

---
 libavformat/tls.h         | 11 +++++------
 libavformat/tls_openssl.c | 14 ++++++++++----
 libavformat/whip.c        |  4 ++--
 3 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/libavformat/tls.h b/libavformat/tls.h
index 83d6b1ab6e..1ab115aa81 100644
--- a/libavformat/tls.h
+++ b/libavformat/tls.h
@@ -57,15 +57,14 @@ typedef struct TLSShared {
     char underlying_host[200];
     int numerichost;
 
+    int external_sock;
+    URLContext *udp;
     URLContext *tcp;
 
     int is_dtls;
 
     enum DTLSState state;
 
-    int use_external_udp;
-    URLContext *udp;
-
     /* The certificate and private key content used for DTLS handshake */
     char* cert_buf;
     char* key_buf;
@@ -89,14 +88,14 @@ typedef struct TLSShared {
     {"listen",     "Listen for incoming connections",     offsetof(pstruct, options_field . listen),    AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \
     {"verifyhost", "Verify against a specific hostname",  offsetof(pstruct, options_field . host),      AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
     {"http_proxy", "Set proxy to tunnel through",         offsetof(pstruct, options_field . http_proxy), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
-    {"use_external_udp", "Use external UDP from muxer or demuxer", offsetof(pstruct, options_field . use_external_udp), AV_OPT_TYPE_INT, { .i64 = 0}, 0, 1, .flags = TLS_OPTFL }, \
-    {"mtu",        "Maximum Transmission Unit",           offsetof(pstruct, options_field . mtu),       AV_OPT_TYPE_INT,  { .i64 = 0 }, 0, INT_MAX, .flags = TLS_OPTFL }
+    {"mtu",        "Maximum Transmission Unit",           offsetof(pstruct, options_field . mtu),       AV_OPT_TYPE_INT,  { .i64 = 0 }, 0, INT_MAX, .flags = TLS_OPTFL }, \
+    {"external_sock", "Use external socket",              offsetof(pstruct, options_field . external_sock), AV_OPT_TYPE_INT, { .i64 = 0}, 0, 1, .flags = TLS_OPTFL }
 
 int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AVDictionary **options);
 
 int ff_url_read_all(const char *url, AVBPrint *bp);
 
-int ff_dtls_set_udp(URLContext *h, URLContext *udp);
+int ff_tls_set_external_socket(URLContext *h, URLContext *sock);
 
 int ff_dtls_export_materials(URLContext *h, char *dtls_srtp_materials, size_t materials_sz);
 
diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index 2049eb021b..5805513065 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -502,10 +502,16 @@ static const char* openssl_get_error(TLSContext *ctx)
     return ctx->error_message;
 }
 
-int ff_dtls_set_udp(URLContext *h, URLContext *udp)
+int ff_tls_set_external_socket(URLContext *h, URLContext *sock)
 {
     TLSContext *c = h->priv_data;
-    c->tls_shared.udp = udp;
+    TLSShared *s = &c->tls_shared;
+
+    if (s->is_dtls)
+        c->tls_shared.udp = sock;
+    else
+        c->tls_shared.tcp = sock;
+
     return 0;
 }
 
@@ -980,7 +986,7 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
 #endif
     init_bio_method(h);
 
-    if (p->tls_shared.use_external_udp != 1) {
+    if (p->tls_shared.external_sock != 1) {
         if ((ret = ff_tls_open_underlying(&p->tls_shared, h, url, options)) < 0) {
             av_log(p, AV_LOG_ERROR, "Failed to connect %s\n", url);
             return ret;
@@ -1004,7 +1010,7 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
      *
      * The SSL_do_handshake can't be called if DTLS hasn't prepare for udp.
      */
-    if (p->tls_shared.use_external_udp != 1) {
+    if (p->tls_shared.external_sock != 1) {
         ret = dtls_handshake(h);
         // Fatal SSL error, for example, no available suite when peer is DTLS 1.0 while we are DTLS 1.2.
         if (ret < 0) {
diff --git a/libavformat/whip.c b/libavformat/whip.c
index 84d4c5a1f3..e109469a4f 100644
--- a/libavformat/whip.c
+++ b/libavformat/whip.c
@@ -387,7 +387,7 @@ static av_cold int dtls_initialize(AVFormatContext *s)
 {
     WHIPContext *whip = s->priv_data;
     /* reuse the udp created by whip */
-    ff_dtls_set_udp(whip->dtls_uc, whip->udp);
+    ff_tls_set_external_socket(whip->dtls_uc, whip->udp);
     return 0;
 }
 
@@ -1297,7 +1297,7 @@ next_packet:
                     av_dict_set(&opts, "key_file", whip->key_file, 0);
                 } else
                     av_dict_set(&opts, "key_pem", whip->key_buf, 0);
-                av_dict_set_int(&opts, "use_external_udp", 1, 0);
+                av_dict_set_int(&opts, "external_sock", 1, 0);
                 av_dict_set_int(&opts, "listen", 1, 0);
                 /* If got the first binding response, start DTLS handshake. */
                 ret = ffurl_open_whitelist(&whip->dtls_uc, buf, AVIO_FLAG_READ_WRITE, &s->interrupt_callback,
-- 
2.49.0

More information about the ffmpeg-devel mailing list