Fix #7944: Adds tls_insecure to the onvif configuration (#15603)

* Adds tls_insecure to the onvif configuration * reformat using ruff
2025-03-04 00:17:22 +01:00 · 2024-12-19 16:54:33 -03:00 · 2024-12-19 16:54:33 -03:00 · ddfe8f3921
commit ddfe8f3921
parent 4af752028f
5 changed files with 14 additions and 1 deletions
--- a/docs/docs/configuration/autotracking.md
+++ b/docs/docs/configuration/autotracking.md
@ -41,6 +41,7 @@ cameras:
    ...
    onvif:
      # Required: host of the camera being connected to.
      # NOTE: HTTP is assumed by default; HTTPS is supported if you specify the scheme, ex: "https://0.0.0.0".
      host: 0.0.0.0
      # Optional: ONVIF port for device (default: shown below).
      port: 8000
@ -49,6 +50,8 @@ cameras:
      user: admin
      # Optional: password for login.
      password: admin
      # Optional: Skip TLS verification from the ONVIF server (default: shown below)
      tls_insecure: False
      # Optional: PTZ camera object autotracking. Keeps a moving object in
      # the center of the frame by automatically moving the PTZ camera.
      autotracking:
--- a/docs/docs/configuration/reference.md
+++ b/docs/docs/configuration/reference.md
@ -686,6 +686,7 @@ cameras:
    # to enable PTZ controls.
    onvif:
      # Required: host of the camera being connected to.
      # NOTE: HTTP is assumed by default; HTTPS is supported if you specify the scheme, ex: "https://0.0.0.0".
      host: 0.0.0.0
      # Optional: ONVIF port for device (default: shown below).
      port: 8000
@ -694,6 +695,8 @@ cameras:
      user: admin
      # Optional: password for login.
      password: admin
      # Optional: Skip TLS verification from the ONVIF server (default: shown below)
      tls_insecure: False
      # Optional: Ignores time synchronization mismatches between the camera and the server during authentication.
      # Using NTP on both ends is recommended and this should only be set to True in a "safe" environment due to the security risk it represents.
      ignore_time_mismatch: False
--- a/frigate/config/camera/onvif.py
+++ b/frigate/config/camera/onvif.py
@ -74,6 +74,7 @@ class OnvifConfig(FrigateBaseModel):
    port: int = Field(default=8000, title="Onvif Port")
    user: Optional[EnvString] = Field(default=None, title="Onvif Username")
    password: Optional[EnvString] = Field(default=None, title="Onvif Password")
    tls_insecure: bool = Field(default=False, title="Onvif Disable TLS verification")
    autotracking: PtzAutotrackConfig = Field(
        default_factory=PtzAutotrackConfig,
        title="PTZ auto tracking config.",
--- a/frigate/ptz/onvif.py
+++ b/frigate/ptz/onvif.py
@ -6,6 +6,7 @@ from importlib.util import find_spec
 from pathlib import Path
 import numpy
 import requests
 from onvif import ONVIFCamera, ONVIFError
 from zeep.exceptions import Fault, TransportError
 from zeep.transports import Transport
@ -48,7 +49,11 @@ class OnvifController:
            if cam.onvif.host:
                try:
-                    transport = Transport(timeout=10, operation_timeout=10)
+                    session = requests.Session()
                    session.verify = not cam.onvif.tls_insecure
                    transport = Transport(
                        timeout=10, operation_timeout=10, session=session
                    )
                    self.cams[cam_name] = {
                        "onvif": ONVIFCamera(
                            cam.onvif.host,
--- a/web/src/types/frigateConfig.ts
+++ b/web/src/types/frigateConfig.ts
@ -142,6 +142,7 @@ export interface CameraConfig {
    password: string | null;
    port: number;
    user: string | null;
    tls_insecure: boolean;
  };
  record: {
    enabled: boolean;