Expected behavior of GetStreamURI(RtspOverHttp ) with HTTP and HTTPS

[kumaakh]

Discussed in #69

^{Originally posted by kumaakh February 15, 2024}
ONVIF TT version 23.06 rev 96
Compare the following two test cases:
5.1.1.2 MEDIA2 STREAMING – H.264 (RTP-Unicast/RTSP/HTTP/TCP)
5.1.1.15 MEDIA2 STREAMING – H.264 (RTP-Unicast/RTSP/HTTPS/TCP)

In both test cases ONVIFTT calls

GetStreamUri
wirh RtspOverHttp

In either case we return https://ip:443/ for the stream URI because the HTTP protocol has been disabled on our secure device we only allow HTTPS

5.1.1.15 passes fine but
5.1.1.2 fails at step 15 because ONVIT TT is trying to access an HTTPS URI without SSL handshake.
step 10,11,12,13 all pass, note step 13 chacks for URI scheme and finds it correct.

If you look at it from devices side we have no way of knowing why the client should be provided a non-SSL stream URI (http://) when the request came on a secure channel. Even If we do that, we are not secure any more.

I want to claim this as a bug on ONVIF TT implemetation as it is accessing a https:// URL without TLS handshake.

[madhurao68]

We are investigating and revert with our response shortly. Thanks for your patience!

[madhurao68]

Hello,
As a matter of fact, DTT doesn't support conformance over HTTPS. There are some tests which support HTTPS but not tests for conformance. Hope this helps!