Expected behavior of GetStreamURI(RtspOverHttp ) with HTTP and HTTPS

[kumaakh]

ONVIF TT version 23.06 rev 96
Compare the following two test cases:
5.1.1.2 MEDIA2 STREAMING – H.264 (RTP-Unicast/RTSP/HTTP/TCP)
5.1.1.15 MEDIA2 STREAMING – H.264 (RTP-Unicast/RTSP/HTTPS/TCP)

In both test cases ONVIFTT calls

GetStreamUri
wirh RtspOverHttp

In either case we return https://ip:443/ for the stream URI because the HTTP protocol has been disabled on our secure device we only allow HTTPS

5.1.1.15 passes fine but
5.1.1.2 fails at step 15 because ONVIT TT is trying to access the an HTTPS URI without SSL handshake.
step 10,11,12,13 all pass, note step 13 chacks for URI scheme and finds it correct.

I want to claim this as a bug on ONVIF TT implemetation as it is accessing a https:// URL without TLS handshake.

If you look at it from devices side we have no way of knowing why the client should be provided a non-SSL stream URI (http://) when the request came on a secure channel. Even If we do that, we are not secure any more.

Comments ?

[madhurao68]

Closing this it is a duplicate of #70.