[FFmpeg-devel] [PATCH] fix tls 1.2 when ffmpeg is compiled with openssl

Hendrik Leppkes h.leppkes at gmail.com
Sat Oct 29 00:13:46 EEST 2016


On Fri, Oct 28, 2016 at 8:42 PM, Martin Larsson
<martin.larsson2 at gmail.com> wrote:
> Made by vpeter of the LibreELEC project.
>
> --- a/libavformat/tls_openssl.c 2016-10-28 18:52:40.526626700 +0200
> +++ b/libavformat/tls_openssl.c 2016-10-28 19:21:41.520615426 +0200
> @@ -233,7 +233,8 @@ static int tls_open(URLContext *h, const
>      if ((ret = ff_tls_open_underlying(c, h, uri, options)) < 0)
>          goto fail;
>
> -    p->ctx = SSL_CTX_new(c->listen ? TLSv1_server_method() :
> TLSv1_client_method());
> +    //SSLv23_client_method allows to use TLS v1.2 protocol
> +    p->ctx = SSL_CTX_new(c->listen ? TLSv1_server_method() :
> SSLv23_client_method());
>      if (!p->ctx) {
>          av_log(h, AV_LOG_ERROR, "%s\n", ERR_error_string(ERR_get_error(),
> NULL));
>          ret = AVERROR(EIO);

To ensure the same security restrictions apply as before, it should
perhaps set the options to disable SSLv2/3 then?

SSL_CTX_set_options(p->ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3)

Otherwise looks fine, the API seems to be rather weird there.

- Hendrik


More information about the ffmpeg-devel mailing list