[FFmpeg-devel] [PATCH v5 13/15] avformat/tls: add new option use_srtp to control whether enable it
Jack Lau
jacklau1222gm at gmail.com
Tue Jul 22 15:36:14 EEST 2025
Signed-off-by: Jack Lau <jacklau1222 at qq.com>
---
libavformat/tls.h | 2 ++
libavformat/tls_openssl.c | 24 ++++++++++++------------
libavformat/whip.c | 1 +
3 files changed, 15 insertions(+), 12 deletions(-)
diff --git a/libavformat/tls.h b/libavformat/tls.h
index 157c0d0256..a11f8d6afb 100644
--- a/libavformat/tls.h
+++ b/libavformat/tls.h
@@ -51,6 +51,7 @@ typedef struct TLSShared {
URLContext *tcp;
int is_dtls;
+ int use_srtp;
/* The certificate and private key content used for DTLS handshake */
char* cert_buf;
@@ -77,6 +78,7 @@ typedef struct TLSShared {
{"listen", "Listen for incoming connections", offsetof(pstruct, options_field . listen), AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \
{"http_proxy", "Set proxy to tunnel through", offsetof(pstruct, options_field . http_proxy), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
{"external_sock", "Use external socket", offsetof(pstruct, options_field . external_sock), AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \
+ {"use_srtp", "Enable use_srtp DTLS extension", offsetof(pstruct, options_field . use_srtp), AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \
{"mtu", "Maximum Transmission Unit", offsetof(pstruct, options_field . mtu), AV_OPT_TYPE_INT, { .i64 = 0 }, 0, INT_MAX, .flags = TLS_OPTFL}, \
{"cert_pem", "Certificate PEM string", offsetof(pstruct, options_field . cert_buf), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
{"key_pem", "Private key PEM string", offsetof(pstruct, options_field . key_buf), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index 54860857c0..9a8456c438 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -818,12 +818,6 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
int ret = 0;
c->is_dtls = 1;
- /**
- * The profile for OpenSSL's SRTP is SRTP_AES128_CM_SHA1_80, see ssl/d1_srtp.c.
- * The profile for FFmpeg's SRTP is SRTP_AES128_CM_HMAC_SHA1_80, see libavformat/srtp.c.
- */
- const char* profiles = "SRTP_AES128_CM_SHA1_80";
-
p->ctx = SSL_CTX_new(c->listen ? DTLS_server_method() : DTLS_client_method());
if (!p->ctx) {
ret = AVERROR(ENOMEM);
@@ -837,12 +831,18 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
if (c->verify)
SSL_CTX_set_verify(p->ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
- /* Setup the SRTP context */
- if (SSL_CTX_set_tlsext_use_srtp(p->ctx, profiles)) {
- av_log(p, AV_LOG_ERROR, "Init SSL_CTX_set_tlsext_use_srtp failed, profiles=%s, %s\n",
- profiles, openssl_get_error(p));
- ret = AVERROR(EINVAL);
- return ret;
+ if (c->use_srtp) {
+ /**
+ * The profile for OpenSSL's SRTP is SRTP_AES128_CM_SHA1_80, see ssl/d1_srtp.c.
+ * The profile for FFmpeg's SRTP is SRTP_AES128_CM_HMAC_SHA1_80, see libavformat/srtp.c.
+ */
+ const char* profiles = "SRTP_AES128_CM_SHA1_80";
+ if (SSL_CTX_set_tlsext_use_srtp(p->ctx, profiles)) {
+ av_log(p, AV_LOG_ERROR, "Init SSL_CTX_set_tlsext_use_srtp failed, profiles=%s, %s\n",
+ profiles, openssl_get_error(p));
+ ret = AVERROR(EINVAL);
+ return ret;
+ }
}
/* The ssl should not be created unless the ctx has been initialized. */
diff --git a/libavformat/whip.c b/libavformat/whip.c
index cfcb8e8888..82c9cee5c8 100644
--- a/libavformat/whip.c
+++ b/libavformat/whip.c
@@ -1320,6 +1320,7 @@ static int dtls_handshake(AVFormatContext *s)
} else
av_dict_set(&opts, "key_pem", whip->key_buf, 0);
av_dict_set_int(&opts, "external_sock", 1, 0);
+ av_dict_set_int(&opts, "use_srtp", 1, 0);
av_dict_set_int(&opts, "listen", whip->flags & WHIP_FLAG_DTLS_ACTIVE ? 0 : 1, 0);
/* If got the first binding response, start DTLS handshake. */
ret = ffurl_open_whitelist(&whip->dtls_uc, buf, AVIO_FLAG_READ_WRITE, &s->interrupt_callback,
--
2.49.0
More information about the ffmpeg-devel
mailing list