--- Begin Message ---Classified as: {OPEN} I don't understand how to implement ClientTLSState::setupExtra without having to modify the source code.I'd suggest adding a basic verify_callback function to the code, then adding two properties to the RTSPCLient class: fSSLVerifyPeer and fSSCAFileName. These parameters can be set using RTSPClient::setSSLCAFileName(char const* CAFileName RTSPClient::setSSLVerifyPeer(Boolean Verify) to control RTSPClient's SSL verification behavior. No modification of the RTSPClient constructor is required. If fSSLVerifyPeer is enabled, the server certificate will be verified using the system CA store, unless fSSCAFileName is set. If fSSLVerifyPeer is not enabled, live behaves as usual, i.e. there is no SSL certificate verification. The above propositions are described in the attached patch. Most TLS clients offer the option of using a private CA file. It would be nice if live555 could do this. Yahia {OPEN} -----Message d'origine----- De : live-devel <[email protected]> De la part de Ross Finlayson Envoyé : jeudi 10 juillet 2025 06:43 À : LIVE555 Streaming Media - development & use <[email protected]> Objet : Re: [Live-devel] RTSPS and PKI I have just installed a new version (2025.07.10) of the code that makes it possible for RTSP clients to do extra work (e.g., certificate checking) while setting up a TLS connection. To do this, you must compile “TLSState.cpp” with CLIENT_TLS_SETUP_EXTRA defined, and then implement the member function Boolean ClientTLSState::setupExtra(int socketNum); (This member function exists only if CLIENT_TLS_SETUP_EXTRA is defined.) Your implementation of this member function can do whatever it wants, but it must eventually call “setupContinue()” (perhaps within a callback function). The function must also return True (unless it fails). Ross Finlayson Live Networks, Inc. http://www.live555.com/ _______________________________________________ live-devel mailing list [email protected] http://lists.live555.com/mailman/listinfo/live-devel
live555-CA.patch
Description: live555-CA.patch
--- End Message ---
_______________________________________________ live-devel mailing list [email protected] http://lists.live555.com/mailman/listinfo/live-devel
