On Fri, Oct 28, 2016 at 11:13 PM, Hendrik Leppkes <h.lepp...@gmail.com> wrote:
> On Fri, Oct 28, 2016 at 8:42 PM, Martin Larsson
> <martin.larss...@gmail.com> wrote:
>> Made by vpeter of the LibreELEC project.
>>
>> --- a/libavformat/tls_openssl.c 2016-10-28 18:52:40.526626700 +0200
>> +++ b/libavformat/tls_openssl.c 2016-10-28 19:21:41.520615426 +0200
>> @@ -233,7 +233,8 @@ static int tls_open(URLContext *h, const
>> if ((ret = ff_tls_open_underlying(c, h, uri, options)) < 0)
>> goto fail;
>>
>> - p->ctx = SSL_CTX_new(c->listen ? TLSv1_server_method() :
>> TLSv1_client_method());
>> + //SSLv23_client_method allows to use TLS v1.2 protocol
>> + p->ctx = SSL_CTX_new(c->listen ? TLSv1_server_method() :
>> SSLv23_client_method());
>> if (!p->ctx) {
>> av_log(h, AV_LOG_ERROR, "%s\n", ERR_error_string(ERR_get_error(),
>> NULL));
>> ret = AVERROR(EIO);
>
> To ensure the same security restrictions apply as before, it should
> perhaps set the options to disable SSLv2/3 then?
>
> SSL_CTX_set_options(p->ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3)
>
> Otherwise looks fine, the API seems to be rather weird there.
>
Nevermind, there is another patch on the ML doing just this.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
