Expected behavior of GetStreamURI(RtspOverHttp ) with HTTP and HTTPS

[kumaakh]

Discussed in https://github.com/onvif/testspecs/discussions/69

^{Originally posted by **kumaakh** February 15, 2024} ONVIF TT version 23.06 rev 96 Compare the following two test cases: 5.1.1.2 MEDIA2 STREAMING – H.264 (RTP-Unicast/RTSP/HTTP/TCP) 5.1.1.15 MEDIA2 STREAMING – H.264 (RTP-Unicast/RTSP/HTTPS/TCP) In both test cases ONVIFTT calls GetStreamUri wirh RtspOverHttp In either case we return https://ip:443/ for the stream URI because the HTTP protocol has been disabled on our secure device we only allow HTTPS 5.1.1.15 passes fine but 5.1.1.2 fails at step 15 because ONVIT TT is trying to access an HTTPS URI without SSL handshake. step 10,11,12,13 all pass, note step 13 chacks for URI scheme and finds it correct. If you look at it from devices side we have no way of knowing why the client should be provided a non-SSL stream URI (http://) when the request came on a secure channel. Even If we do that, we are not secure any more. I want to claim this as a bug on ONVIF TT implemetation as it is accessing a https:// URL without TLS handshake.

[madhurao68]

We are investigating and revert with our response shortly. Thanks for your patience!

[madhurao68]

Hello, As a matter of fact, DTT doesn't support conformance over HTTPS. There are some tests which support HTTPS but not tests for conformance. Hope this helps!