From b7f01957ec37590a2143e45b377b8e6bb3bc36ed Mon Sep 17 00:00:00 2001 From: wm4 Date: Fri, 27 Sep 2013 18:07:53 +0200 Subject: network: add options to control TLS verification --- DOCS/man/en/options.rst | 8 ++++++++ mpvcore/options.c | 4 ++++ mpvcore/options.h | 2 ++ stream/stream_lavf.c | 3 +++ 4 files changed, 17 insertions(+) diff --git a/DOCS/man/en/options.rst b/DOCS/man/en/options.rst index 2eac6ddee5..9230529d54 100644 --- a/DOCS/man/en/options.rst +++ b/DOCS/man/en/options.rst @@ -2283,6 +2283,14 @@ is often a slow operation, and if the title changes every frame, playback can be ruined. +``--tls-ca-file=`` + Certificate authority database file for use with TLS. (Silently fails with + older ffmpeg or libav versions.) + +``--tls-verify`` + Verify peer certificates when using TLS (e.g. with ``https://...``). + (Silently fails with older ffmpeg or libav versions.) + ``--tv=`` This option tunes various properties of the TV capture module. For watching TV with mpv, use ``tv://`` or ``tv://`` or diff --git a/mpvcore/options.c b/mpvcore/options.c index 9cffb07284..234d8646bd 100644 --- a/mpvcore/options.c +++ b/mpvcore/options.c @@ -47,6 +47,8 @@ int network_cookies_enabled = 0; char *network_useragent="mpv " VERSION; char *network_referrer=NULL; char **network_http_header_fields=NULL; +int network_tls_verify; +char *network_tls_ca_file; extern char *lirc_configfile; @@ -388,6 +390,8 @@ const m_option_t mp_opts[] = { {"udp", 1}, {"tcp", 2}, {"http", 3})), + {"tls-verify", &network_tls_verify, CONF_TYPE_FLAG, 0, 0, 0, NULL}, + {"tls-ca-file", &network_tls_ca_file, CONF_TYPE_STRING, 0, 0, 0, NULL}, // ------------------------- demuxer options -------------------- diff --git a/mpvcore/options.h b/mpvcore/options.h index 025ff63b5d..fb88456ac9 100644 --- a/mpvcore/options.h +++ b/mpvcore/options.h @@ -281,6 +281,8 @@ extern char **network_http_header_fields; extern char *network_useragent; extern char *network_referrer; extern int network_cookies_enabled; +extern int network_tls_verify; +extern char *network_tls_ca_file; extern char *cookies_file; extern const m_option_t mp_opts[]; diff --git a/stream/stream_lavf.c b/stream/stream_lavf.c index 545a8dfc5c..c7161b506c 100644 --- a/stream/stream_lavf.c +++ b/stream/stream_lavf.c @@ -179,6 +179,9 @@ static int open_f(stream_t *stream, int mode) av_dict_set(&dict, "user-agent", network_useragent, 0); if (network_cookies_enabled) av_dict_set(&dict, "cookies", talloc_steal(temp, cookies_lavf()), 0); + av_dict_set(&dict, "tls_verify", network_tls_verify ? "1" : "0", 0); + if (network_tls_ca_file) + av_dict_set(&dict, "ca_file", network_tls_ca_file, 0); char *cust_headers = talloc_strdup(temp, ""); if (network_referrer) { cust_headers = talloc_asprintf_append(cust_headers, "Referer: %s\r\n", -- cgit v1.2.3