[FFmpeg-cvslog] [ffmpeg] avformat/tls_gnutls: implement dtls handshake logic (branch master)

[Jack Lau via ffmpeg-cvslog]

This is an automated email from the git hooks/post-receive script.

Git pushed a commit to branch master
in repository ffmpeg.

The following commit(s) were added to refs/heads/master by this push:
     new 6f2d23a009 avformat/tls_gnutls: implement dtls handshake logic
6f2d23a009 is described below

commit 6f2d23a009284460590c21df49b31ad1d7c52630
Author:     Jack Lau <jacklau1...@qq.com>
AuthorDate: Tue Sep 23 09:35:07 2025 +0800
Commit:     Gyan Doshi <g...@gyan.dev>
CommitDate: Sat Jan 10 05:30:50 2026 +0000

    avformat/tls_gnutls: implement dtls handshake logic
    
    Get and set remote addr when dtls server mode.
    (Refer to url_bio_bread in tls_openssl.c)
    
    add tls_handshake function to handle the dtls
    or tls handshake
    
    TODO:
    add gnutls_pull_timeout function to make dtls
    handshake really work.
    
    Signed-off-by: Jack Lau <jacklau1...@qq.com>
---
 libavformat/tls_gnutls.c | 66 +++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 51 insertions(+), 15 deletions(-)

diff --git a/libavformat/tls_gnutls.c b/libavformat/tls_gnutls.c
index e4fe53318c..c991a712df 100644
--- a/libavformat/tls_gnutls.c
+++ b/libavformat/tls_gnutls.c
@@ -48,6 +48,8 @@ typedef struct TLSContext {
     gnutls_certificate_credentials_t cred;
     int need_shutdown;
     int io_err;
+    struct sockaddr_storage dest_addr;
+    socklen_t dest_addr_len;
 } TLSContext;
 
 static AVMutex gnutls_mutex = AV_MUTEX_INITIALIZER;
@@ -117,9 +119,23 @@ static ssize_t gnutls_url_pull(gnutls_transport_ptr_t 
transport,
                                void *buf, size_t len)
 {
     TLSContext *c = (TLSContext*) transport;
-    int ret = ffurl_read(c->tls_shared.tcp, buf, len);
-    if (ret >= 0)
+    TLSShared *s = &c->tls_shared;
+    URLContext *uc = s->is_dtls ? s->udp : s->tcp;
+    int ret = ffurl_read(uc, buf, len);
+    if (ret >= 0) {
+        if (s->is_dtls && s->listen && !c->dest_addr_len) {
+            int err_ret;
+
+            ff_udp_get_last_recv_addr(s->udp, &c->dest_addr, 
&c->dest_addr_len);
+            err_ret = ff_udp_set_remote_addr(s->udp, (struct sockaddr 
*)&c->dest_addr, c->dest_addr_len, 1);
+            if (err_ret < 0) {
+                av_log(c, AV_LOG_ERROR, "Failed connecting udp context\n");
+                return err_ret;
+            }
+            av_log(c, AV_LOG_TRACE, "Set UDP remote addr on UDP socket, now 
'connected'\n");
+        }
         return ret;
+    }
     if (ret == AVERROR_EXIT)
         return 0;
     if (ret == AVERROR(EAGAIN)) {
@@ -135,7 +151,9 @@ static ssize_t gnutls_url_push(gnutls_transport_ptr_t 
transport,
                                const void *buf, size_t len)
 {
     TLSContext *c = (TLSContext*) transport;
-    int ret = ffurl_write(c->tls_shared.tcp, buf, len);
+    TLSShared *s = &c->tls_shared;
+    URLContext *uc = s->is_dtls ? s->udp : s->tcp;
+    int ret = ffurl_write(uc, buf, len);
     if (ret >= 0)
         return ret;
     if (ret == AVERROR_EXIT)
@@ -149,6 +167,32 @@ static ssize_t gnutls_url_push(gnutls_transport_ptr_t 
transport,
     return -1;
 }
 
+static int tls_handshake(URLContext *h)
+{
+    TLSContext *c = h->priv_data;
+    TLSShared *s = &c->tls_shared;
+    URLContext *uc = s->is_dtls ? s->udp : s->tcp;
+    int ret;
+
+    uc->flags &= ~AVIO_FLAG_NONBLOCK;
+
+    do {
+        if (ff_check_interrupt(&h->interrupt_callback)) {
+            ret = AVERROR_EXIT;
+            goto end;
+        }
+
+        ret = gnutls_handshake(c->session);
+        if (gnutls_error_is_fatal(ret)) {
+            ret = print_tls_error(h, ret);
+            goto end;
+        }
+    } while (ret);
+
+end:
+    return ret;
+}
+
 static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary 
**options)
 {
     TLSContext *c = h->priv_data;
@@ -204,18 +248,9 @@ static int tls_open(URLContext *h, const char *uri, int 
flags, AVDictionary **op
         if (s->mtu)
             gnutls_dtls_set_mtu(c->session, s->mtu);
     gnutls_set_default_priority(c->session);
-    do {
-        if (ff_check_interrupt(&h->interrupt_callback)) {
-            ret = AVERROR_EXIT;
-            goto fail;
-        }
-
-        ret = gnutls_handshake(c->session);
-        if (gnutls_error_is_fatal(ret)) {
-            ret = print_tls_error(h, ret);
-            goto fail;
-        }
-    } while (ret);
+    ret = tls_handshake(h);
+    if (ret < 0)
+        goto fail;
     c->need_shutdown = 1;
     if (s->verify) {
         unsigned int status, cert_list_size;
@@ -345,6 +380,7 @@ static const AVClass dtls_class = {
 const URLProtocol ff_dtls_protocol = {
     .name           = "dtls",
     .url_open2      = dtls_open,
+    .url_handshake  = tls_handshake,
     .url_read       = tls_read,
     .url_write      = tls_write,
     .url_close      = tls_close,

_______________________________________________
ffmpeg-cvslog mailing list -- ffmpeg-cvslog@ffmpeg.org
To unsubscribe send an email to ffmpeg-cvslog-le...@ffmpeg.org