diff --git a/docs/docs/configuration/autotracking.md b/docs/docs/configuration/autotracking.md index a8903441ec..9545fa7d3b 100644 --- a/docs/docs/configuration/autotracking.md +++ b/docs/docs/configuration/autotracking.md @@ -41,6 +41,7 @@ cameras: ... onvif: # Required: host of the camera being connected to. + # NOTE: HTTP is assumed by default; HTTPS is supported if you specify the scheme, ex: "https://0.0.0.0". host: 0.0.0.0 # Optional: ONVIF port for device (default: shown below). port: 8000 @@ -49,6 +50,8 @@ cameras: user: admin # Optional: password for login. password: admin + # Optional: Skip TLS verification from the ONVIF server (default: shown below) + tls_insecure: False # Optional: PTZ camera object autotracking. Keeps a moving object in # the center of the frame by automatically moving the PTZ camera. autotracking: diff --git a/docs/docs/configuration/reference.md b/docs/docs/configuration/reference.md index bb7ae49a3c..b13b137d22 100644 --- a/docs/docs/configuration/reference.md +++ b/docs/docs/configuration/reference.md @@ -686,6 +686,7 @@ cameras: # to enable PTZ controls. onvif: # Required: host of the camera being connected to. + # NOTE: HTTP is assumed by default; HTTPS is supported if you specify the scheme, ex: "https://0.0.0.0". host: 0.0.0.0 # Optional: ONVIF port for device (default: shown below). port: 8000 @@ -694,6 +695,8 @@ cameras: user: admin # Optional: password for login. password: admin + # Optional: Skip TLS verification from the ONVIF server (default: shown below) + tls_insecure: False # Optional: Ignores time synchronization mismatches between the camera and the server during authentication. # Using NTP on both ends is recommended and this should only be set to True in a "safe" environment due to the security risk it represents. ignore_time_mismatch: False diff --git a/frigate/config/camera/onvif.py b/frigate/config/camera/onvif.py index b7ac23d4e5..0c79854540 100644 --- a/frigate/config/camera/onvif.py +++ b/frigate/config/camera/onvif.py @@ -74,6 +74,7 @@ class OnvifConfig(FrigateBaseModel): port: int = Field(default=8000, title="Onvif Port") user: Optional[EnvString] = Field(default=None, title="Onvif Username") password: Optional[EnvString] = Field(default=None, title="Onvif Password") + tls_insecure: bool = Field(default=False, title="Onvif Disable TLS verification") autotracking: PtzAutotrackConfig = Field( default_factory=PtzAutotrackConfig, title="PTZ auto tracking config.", diff --git a/frigate/ptz/onvif.py b/frigate/ptz/onvif.py index f8c7a6bcbc..21c973baab 100644 --- a/frigate/ptz/onvif.py +++ b/frigate/ptz/onvif.py @@ -6,6 +6,7 @@ from pathlib import Path import numpy +import requests from onvif import ONVIFCamera, ONVIFError from zeep.exceptions import Fault, TransportError from zeep.transports import Transport @@ -48,7 +49,11 @@ def __init__( if cam.onvif.host: try: - transport = Transport(timeout=10, operation_timeout=10) + session = requests.Session() + session.verify = not cam.onvif.tls_insecure + transport = Transport( + timeout=10, operation_timeout=10, session=session + ) self.cams[cam_name] = { "onvif": ONVIFCamera( cam.onvif.host, diff --git a/web/src/types/frigateConfig.ts b/web/src/types/frigateConfig.ts index 5c5971fc08..8ed3119dc7 100644 --- a/web/src/types/frigateConfig.ts +++ b/web/src/types/frigateConfig.ts @@ -142,6 +142,7 @@ export interface CameraConfig { password: string | null; port: number; user: string | null; + tls_insecure: boolean; }; record: { enabled: boolean;