36 #include <Security/Security.h> 
   37 #include <Security/SecureTransport.h> 
   38 #include <CoreFoundation/CoreFoundation.h> 
   41 SecIdentityRef 
SecIdentityCreate(CFAllocatorRef allocator, SecCertificateRef certificate, SecKeyRef privateKey);
 
   56     case errSSLWouldBlock:
 
   58     case errSSLXCertChainInvalid:
 
   76     SecExternalFormat 
format = kSecFormatPEMSequence;
 
   77     SecExternalFormat 
type = kSecItemTypeAggregate;
 
   78     CFStringRef pathStr = CFStringCreateWithCString(
NULL, path, 0x08000100);
 
  105     data = CFDataCreate(kCFAllocatorDefault, buf, ret);
 
  107     if (SecItemImport(data, pathStr, &format, &type,
 
  108                       0, 
NULL, 
NULL, array) != noErr || !array) {
 
  113     if (CFArrayGetCount(*array) == 0) {
 
  133     CFArrayRef array = 
NULL;
 
  138     if (!(c->
ca_array = CFRetain(array))) {
 
  153     CFArrayRef certArray = 
NULL;
 
  154     CFArrayRef keyArray = 
NULL;
 
  155     SecIdentityRef 
id = 
NULL;
 
  156     CFMutableArrayRef outArray = 
NULL;
 
  165                                  (SecCertificateRef)CFArrayGetValueAtIndex(certArray, 0),
 
  166                                  (SecKeyRef)CFArrayGetValueAtIndex(keyArray, 0)))) {
 
  171     if (!(outArray = CFArrayCreateMutableCopy(kCFAllocatorDefault, 0, certArray))) {
 
  176     CFArraySetValueAtIndex(outArray, 0, 
id);
 
  182         CFRelease(certArray);
 
  192 static OSStatus 
tls_read_cb(SSLConnectionRef connection, 
void *
data, 
size_t *dataLength)
 
  202                 return errSSLClosedGraceful;
 
  204                 return errSSLClosedAbort;
 
  206                 return errSSLWouldBlock;
 
  217 static OSStatus 
tls_write_cb(SSLConnectionRef connection, 
const void *
data, 
size_t *dataLength)
 
  226                 return errSSLWouldBlock;
 
  232         *dataLength = written;
 
  251 #define CHECK_ERROR(func, ...) do {                                     \ 
  252         OSStatus status = func(__VA_ARGS__);                            \ 
  253         if (status != noErr) {                                          \ 
  254             ret = AVERROR_UNKNOWN;                                      \ 
  255             av_log(h, AV_LOG_ERROR, #func ": Error %i\n", (int)status); \ 
  269     c->
ssl_context = SSLCreateContext(
NULL, s->
listen ? kSSLServerSide : kSSLClientSide, kSSLStreamType);
 
  289         if (status == errSSLServerAuthCompleted) {
 
  290             SecTrustRef peerTrust;
 
  291             SecTrustResultType trustResult;
 
  295             if (SSLCopyPeerTrust(c->
ssl_context, &peerTrust) != noErr) {
 
  300             if (SecTrustSetAnchorCertificates(peerTrust, c->
ca_array) != noErr) {
 
  305             if (SecTrustEvaluate(peerTrust, &trustResult) != noErr) {
 
  310             if (trustResult == kSecTrustResultProceed ||
 
  311                 trustResult == kSecTrustResultUnspecified) {
 
  313                 status = errSSLWouldBlock; 
 
  314             } 
else if (trustResult == kSecTrustResultRecoverableTrustFailure) {
 
  316                 status = errSSLXCertChainInvalid;
 
  319                 status = errSSLBadCert;
 
  323                 CFRelease(peerTrust);
 
  344     case errSSLClosedGraceful:
 
  345     case errSSLClosedNoNotify:
 
  355     size_t processed = 0;
 
  356     int ret = SSLRead(c->
ssl_context, buf, size, &processed);
 
  368     size_t processed = 0;
 
  369     int ret = SSLWrite(c->
ssl_context, buf, size, &processed);
 
  398     .priv_data_class = &tls_class,
 
static const AVClass tls_class
#define AVERROR_INVALIDDATA
Invalid data found when processing input. 
int64_t avio_size(AVIOContext *s)
Get the filesize. 
#define URL_PROTOCOL_FLAG_NETWORK
#define CHECK_ERROR(func,...)
ptrdiff_t const GLvoid * data
#define LIBAVUTIL_VERSION_INT
int ffurl_write(URLContext *h, const unsigned char *buf, int size)
Write size bytes from buf to the resource accessed by h. 
AVIOInterruptCB interrupt_callback
#define AVIO_FLAG_READ
read-only 
int ffio_open_whitelist(AVIOContext **s, const char *url, int flags, const AVIOInterruptCB *int_cb, AVDictionary **options, const char *whitelist)
static int tls_close(URLContext *h)
static int print_tls_error(URLContext *h, int ret)
static OSStatus tls_write_cb(SSLConnectionRef connection, const void *data, size_t *dataLength)
static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options)
const char * class_name
The name of the class; usually it is the same name as the context structure type to which the AVClass...
miscellaneous OS support macros and functions. 
static av_cold int end(AVCodecContext *avctx)
#define AVERROR_EOF
End of file. 
static int load_ca(URLContext *h)
int avio_read(AVIOContext *s, unsigned char *buf, int size)
Read size bytes from AVIOContext into buf. 
#define AV_LOG_ERROR
Something went wrong and cannot losslessly be recovered. 
const char * protocol_whitelist
int avio_close(AVIOContext *s)
Close the resource accessed by the AVIOContext s and free it. 
static int tls_read(URLContext *h, uint8_t *buf, int size)
static int import_pem(URLContext *h, char *path, CFArrayRef *array)
#define TLS_COMMON_OPTIONS(pstruct, options_field)
static int map_ssl_error(OSStatus status, size_t processed)
URLProtocol ff_tls_securetransport_protocol
static const char * format
Describe the class of an AVClass context structure. 
SSLContextRef ssl_context
static const AVOption options[]
int ffurl_close(URLContext *h)
common internal api header. 
int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AVDictionary **options)
int ffurl_read_complete(URLContext *h, unsigned char *buf, int size)
Read as many bytes as possible (up to size), calling the read function multiple times if necessary...
static int tls_write(URLContext *h, const uint8_t *buf, int size)
#define AVERROR_UNKNOWN
Unknown error, typically from an external library. 
static OSStatus tls_read_cb(SSLConnectionRef connection, void *data, size_t *dataLength)
SecIdentityRef SecIdentityCreate(CFAllocatorRef allocator, SecCertificateRef certificate, SecKeyRef privateKey)
unbuffered private I/O API 
static int load_cert(URLContext *h)