Fix #7944: Adds tls_insecure to the onvif configuration (#15603)

* Adds tls_insecure to the onvif configuration * reformat using ruff
blakeblackshear · Dec 19, 2024 · ddfe8f3 · ddfe8f3
1 parent 4af7520
commit ddfe8f3
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 1 deletion.
diff --git a/docs/docs/configuration/autotracking.md b/docs/docs/configuration/autotracking.md
@@ -41,6 +41,7 @@ cameras:
     ...
     onvif:
       # Required: host of the camera being connected to.
+      # NOTE: HTTP is assumed by default; HTTPS is supported if you specify the scheme, ex: "https://0.0.0.0".
       host: 0.0.0.0
       # Optional: ONVIF port for device (default: shown below).
       port: 8000
@@ -49,6 +50,8 @@ cameras:
       user: admin
       # Optional: password for login.
       password: admin
+      # Optional: Skip TLS verification from the ONVIF server (default: shown below)
+      tls_insecure: False
       # Optional: PTZ camera object autotracking. Keeps a moving object in
       # the center of the frame by automatically moving the PTZ camera.
       autotracking:

diff --git a/docs/docs/configuration/reference.md b/docs/docs/configuration/reference.md
@@ -686,6 +686,7 @@ cameras:
     # to enable PTZ controls.
     onvif:
       # Required: host of the camera being connected to.
+      # NOTE: HTTP is assumed by default; HTTPS is supported if you specify the scheme, ex: "https://0.0.0.0".
       host: 0.0.0.0
       # Optional: ONVIF port for device (default: shown below).
       port: 8000
@@ -694,6 +695,8 @@ cameras:
       user: admin
       # Optional: password for login.
       password: admin
+      # Optional: Skip TLS verification from the ONVIF server (default: shown below)
+      tls_insecure: False
       # Optional: Ignores time synchronization mismatches between the camera and the server during authentication.
       # Using NTP on both ends is recommended and this should only be set to True in a "safe" environment due to the security risk it represents.
       ignore_time_mismatch: False

diff --git a/frigate/config/camera/onvif.py b/frigate/config/camera/onvif.py
@@ -74,6 +74,7 @@ class OnvifConfig(FrigateBaseModel):
     port: int = Field(default=8000, title="Onvif Port")
     user: Optional[EnvString] = Field(default=None, title="Onvif Username")
     password: Optional[EnvString] = Field(default=None, title="Onvif Password")
+    tls_insecure: bool = Field(default=False, title="Onvif Disable TLS verification")
     autotracking: PtzAutotrackConfig = Field(
         default_factory=PtzAutotrackConfig,
         title="PTZ auto tracking config.",

diff --git a/frigate/ptz/onvif.py b/frigate/ptz/onvif.py
@@ -6,6 +6,7 @@
 from pathlib import Path
 
 import numpy
+import requests
 from onvif import ONVIFCamera, ONVIFError
 from zeep.exceptions import Fault, TransportError
 from zeep.transports import Transport
@@ -48,7 +49,11 @@ def __init__(
 
             if cam.onvif.host:
                 try:
-                    transport = Transport(timeout=10, operation_timeout=10)
+                    session = requests.Session()
+                    session.verify = not cam.onvif.tls_insecure
+                    transport = Transport(
+                        timeout=10, operation_timeout=10, session=session
+                    )
                     self.cams[cam_name] = {
                         "onvif": ONVIFCamera(
                             cam.onvif.host,

diff --git a/web/src/types/frigateConfig.ts b/web/src/types/frigateConfig.ts
@@ -142,6 +142,7 @@ export interface CameraConfig {
     password: string | null;
     port: number;
     user: string | null;
+    tls_insecure: boolean;
   };
   record: {
     enabled: boolean;