[FFmpeg-devel] [PATCH] fix tls 1.2 when ffmpeg is compiled with openssl
Hendrik Leppkes
h.leppkes at gmail.com
Sat Oct 29 00:13:46 EEST 2016
On Fri, Oct 28, 2016 at 8:42 PM, Martin Larsson
<martin.larsson2 at gmail.com> wrote:
> Made by vpeter of the LibreELEC project.
>
> --- a/libavformat/tls_openssl.c 2016-10-28 18:52:40.526626700 +0200
> +++ b/libavformat/tls_openssl.c 2016-10-28 19:21:41.520615426 +0200
> @@ -233,7 +233,8 @@ static int tls_open(URLContext *h, const
> if ((ret = ff_tls_open_underlying(c, h, uri, options)) < 0)
> goto fail;
>
> - p->ctx = SSL_CTX_new(c->listen ? TLSv1_server_method() :
> TLSv1_client_method());
> + //SSLv23_client_method allows to use TLS v1.2 protocol
> + p->ctx = SSL_CTX_new(c->listen ? TLSv1_server_method() :
> SSLv23_client_method());
> if (!p->ctx) {
> av_log(h, AV_LOG_ERROR, "%s\n", ERR_error_string(ERR_get_error(),
> NULL));
> ret = AVERROR(EIO);
To ensure the same security restrictions apply as before, it should
perhaps set the options to disable SSLv2/3 then?
SSL_CTX_set_options(p->ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3)
Otherwise looks fine, the API seems to be rather weird there.
- Hendrik
More information about the ffmpeg-devel
mailing list