We should use the systems crypto policy by default. If there is no
system policy, gnutls will use the "NORMAL" policy.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
It avoids leaving dangling pointers behind in memory.
Also remove redundant checks for whether the URLContext to be closed is
already NULL.
Reviewed-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
It's completely absurd that libavcodec would care about libavformat
locking, but it was there because the lock manager was in libavcodec.
This is more stright forward. Changes ABI, but we don't require ABI
compatibility currently.
The GnuTLS version is checked through the macro GNUTLS_VERSION_NUMBER,
but this wasn't introduced before 2.7.2. Building with older versions
of GnuTLS (using icc) warns:
src/libavformat/tls_gnutls.c(38): warning #193: zero used for undefined preprocessing identifier "GNUTLS_VERSION_NUMBER"
#if HAVE_THREADS && GNUTLS_VERSION_NUMBER <= 0x020b00
This adds a fallback to the older, deprecated LIBGNUTLS_VERSION_NUMBER
macro.
Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
Commit 598e416840 added use of
GNUTLS_E_PREMATURE_TERMINATION, which wasn't introduced to GnuTLS
before 2.99.x / 3.x. This fixes compilation with older versions.
Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
GnuTLS is too strict on the SSL shutdown alert, and it's neither
mandatory in the spec or critical. As it's ignored in OpenSSL, we
should also suppress it in GnuTLS as well.
Ticket: #6667
Reviewed-by: wm4 <nfxjfg@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
The rtmp protocol uses nonblocking reads, to poll for incoming
messages from the server while publishing a stream.
Prior to 94599a6de3 and
d13b124eaf, the tls protocol
handled the nonblocking flag, mostly as a side effect from not
using custom IO callbacks for reading from the socket. When custom
IO callbacks were taken into use in
d15eec4d6b, the handling of a nonblocking
socket wasn't necessary for the default blocking mode any longer.
The code was simplified, since it was overlooked that other code
within libavformat actually used the tls protocol in nonblocking mode.
This fixes publishing over rtmps, with the gnutls backend.
Signed-off-by: Martin Storsjö <martin@martin.st>
TLS is currently implemented over either OpenSSL or GnuTLS, with more
backends likely to appear in the future. Currently, those backend libraries
are part of the protocol names used during e.g. the configure stage of a
build. Hide those details behind a generically-named declaration for the
TLS protocol to avoid leaking those details into the configuration stage.
Instead of a linked list constructed at av_register_all(), store them
in a constant array of pointers.
Since no registration is necessary now, this removes some global state
from lavf. This will also allow the urlprotocol layer caller to limit
the available protocols in a simple and flexible way in the following
commits.
GNUTLS_SHUT_RDWR means GnuTLS will keep waiting for the server's
termination reply. But since we don't shutdown the TCP connection at
this point yet, GnuTLS will just keep skipping actual data from the
server, which basically is perceived as hang.
Use GNUTLS_SHUT_WR instead, which doesn't have this problem.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
GNUTLS_SHUT_RDWR means GnuTLS will keep waiting for the server's
termination reply. But since we don't shutdown the TCP connection at
this point yet, GnuTLS will just keep skipping actual data from the
server, which basically is perceived as hang.
Use GNUTLS_SHUT_WR instead, which doesn't have this problem.
Signed-off-by: Martin Storsjö <martin@martin.st>
Move the OpenSSL and GnuTLS implementations to their own files. Other
than the connection code (including options) and some boilerplate, no
code is actually shared.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Move the OpenSSL and GnuTLS implementations to their own files. Other
than the connection code (including options) and some boilerplate, no
code is actually shared.
Signed-off-by: Martin Storsjö <martin@martin.st>
Andreas Schneider
Martin Storsjö
Andreas Rheinhardt
Błażej Szczygieł
Remita Amine
wm4
Moritz Barsnick
Tatsuyuki Ishi
Diego Biurrun
Jay Ridgeway
Anton Khirnov
Ganesh Ajjanagadde