How to make GStreamer's high-level RTSP client abstraction start TLS connection?

Rodrigo Pimenta Carvalho pimenta at inatel.br
Thu Feb 16 20:40:25 UTC 2017 

Hi.

When my rtsp server is not using TLS, I can run the following command with
success:

gst-launch-1.0 -v rtspsrc
location="rtspt://f9hE2ymDyVAK:YljYgExxh4ft@192.168.28.18:2554/h264/ch1/main/av_stream"!
rtph264depay ! avdec_h264 ! videoconvert ! autovideosink

In this case there is no encrypted data. All is ok.

However, when the server is using TLS, the client should use it too. That
is, the rtspsrc has to use a TLS connection to talk with the server, I
suppose. But, it doest happen, as I can see via Wireshark. So, I have been
studying about GStreamer since 2 days ago, to find a way of making the
rtspsrc to use a TLS connection. I have read about tls-database, protocols, 
GST_RTSP_LOWER_TRANS_TLS, tls-validation-flags and
G_TLS_CERTIFICATE_UNKNOWN_CA.  

I didn't find an example showing how to write the command line with
gst-lauch for this case. So, maybe my problem is a matter of syntax.  But
I'm not sure.

For example, when I run " gst-launch-1.0 -v -m --gst-debug-level=3 rtspsrc
location="rtspt://f9hE2ymDyVAK:YljYgExxh4ft@192.168.28.33:2554/h264/ch1/main/av_stream"
tls-database="~/cacert.pem"  username=f9hE2ymDyVAK password=YljYgExxh4ft !
rtph264depay ! avdec_h264 ! videoconvert ! autovideosink" I got:

ERROR           GST_PIPELINE ./grammar.y:453:gst_parse_element_set: could
not set property "tls-database" in element "rtspsrc0" to "~/cacert.pem"

-------------------------------------------------------------------------------------------------

In my server side I have something like this:

auth = gst_rtsp_auth_new ();

#ifdef WITH_TLS
    GError *error = NULL;
    cert = g_tls_certificate_new_from_files
("/usr/local/etc/opensips/tls/rootCA/certs/cert.pem",
"/usr/local/etc/opensips/tls/rootCA/private/key.pem", &error);
    g_assert_no_error (error);
    g_assert (cert);
#endif


    /* make user token */
    token =
        gst_rtsp_token_new (GST_RTSP_TOKEN_MEDIA_FACTORY_ROLE,
G_TYPE_STRING,
        "user", NULL);
    basic = gst_rtsp_auth_make_basic (user,password);
    gst_rtsp_auth_add_basic (auth, basic, token);
    g_free (basic);
    gst_rtsp_token_unref (token);

    /* configure in the server */
    gst_rtsp_server_set_auth (server, auth);

    g_object_unref (auth); 

----------------------------------------------------------------------------------------------------------------------

What more else should I do? Is my problem just a matter of syntax or should
I write more code in my server side?
What I want to do is pass the user and password from receiver to server in a
secure way.

Any hint will be very helpful!

Best regards.

Rodrigo Pimenta Carvalho.







--
View this message in context: http://gstreamer-devel.966125.n4.nabble.com/How-to-make-GStreamer-s-high-level-RTSP-client-abstraction-start-TLS-connection-tp4681914.html
Sent from the GStreamer-devel mailing list archive at Nabble.com.

More information about the gstreamer-devel mailing list