Commit Graph

25 Commits

Author SHA1 Message Date
Martin Storsjö
70d8077b79 tls: Hook up the url_get_short_seek function in the TLS backends
This makes sure that small seeks forward on https don't end up
doing new requests.

Signed-off-by: Martin Storsjö <martin@martin.st>
2020-11-05 09:22:17 +02:00
Andreas Rheinhardt
82bf41f3ab avformat: Replace ffurl_close() by ffurl_closep() where appropriate
It avoids leaving dangling pointers behind in memory.

Also remove redundant checks for whether the URLContext to be closed is
already NULL.

Reviewed-by: Anton Khirnov <anton@khirnov.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
2020-05-25 13:11:36 +02:00
Błażej Szczygieł
561ba15c97 lavf/tls_gnutls: check for interrupt inside handshake loop
fixes #8080

Signed-off-by: Błażej Szczygieł <spaz16@wp.pl>
2020-04-21 21:14:26 +03:00
Remita Amine
bc1749c6e4 lavf/tls_gnutls: retry gnutls_handshake on non fatal errors
fixes #7801

Signed-off-by: Remita Amine <remitamine@gmail.com>
2019-06-14 21:19:41 +03:00
wm4
86a13bf2ff lavc, lavf: move avformat static mutex from avcodec to avformat
It's completely absurd that libavcodec would care about libavformat
locking, but it was there because the lock manager was in libavcodec.

This is more stright forward. Changes ABI, but we don't require ABI
compatibility currently.
2017-12-26 02:50:00 +01:00
James Almer
2805c8dcfc Merge commit 'eb061ad6fd0e3cea7cf7cfbff0749bc90dd7d888'
* commit 'eb061ad6fd0e3cea7cf7cfbff0749bc90dd7d888':
  tls_gnutls: Readd support for nonblocking operation

Merged-by: James Almer <jamrial@gmail.com>
2017-11-02 23:39:28 -03:00
James Almer
4600b0619a Merge commit '61cec5adaacb358783c18aa07362f15824c1b274'
* commit '61cec5adaacb358783c18aa07362f15824c1b274':
  tls: Hide backend implementation details from users

Also includes ed434be106
Changes were made to support schannel and securetransport.

Merged-by: James Almer <jamrial@gmail.com>
2017-11-01 16:52:05 -03:00
Moritz Barsnick
6bf48c4805 lavf/tls_gnutls: fix warnings from version check
The GnuTLS version is checked through the macro GNUTLS_VERSION_NUMBER,
but this wasn't introduced before 2.7.2. Building with older versions
of GnuTLS (using icc) warns:

src/libavformat/tls_gnutls.c(38): warning #193: zero used for undefined preprocessing identifier "GNUTLS_VERSION_NUMBER"
  #if HAVE_THREADS && GNUTLS_VERSION_NUMBER <= 0x020b00

This adds a fallback to the older, deprecated LIBGNUTLS_VERSION_NUMBER
macro.

Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
2017-09-26 15:05:32 +02:00
Moritz Barsnick
16c8a9feea lavf/tls_gnutls: fix compilation with GnuTLS 2.x
Commit 598e416840 added use of
GNUTLS_E_PREMATURE_TERMINATION, which wasn't introduced to GnuTLS
before 2.99.x / 3.x. This fixes compilation with older versions.

Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
2017-09-26 15:05:00 +02:00
Tatsuyuki Ishi
598e416840 GnuTLS: eat PREMATURE_TERMINATION error
GnuTLS is too strict on the SSL shutdown alert, and it's neither
mandatory in the spec or critical. As it's ignored in OpenSSL, we
should also suppress it in GnuTLS as well.

Ticket: #6667

Reviewed-by: wm4 <nfxjfg@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-09-21 03:02:24 +02:00
Martin Storsjö
eb061ad6fd tls_gnutls: Readd support for nonblocking operation
The rtmp protocol uses nonblocking reads, to poll for incoming
messages from the server while publishing a stream.

Prior to 94599a6de3 and
d13b124eaf, the tls protocol
handled the nonblocking flag, mostly as a side effect from not
using custom IO callbacks for reading from the socket. When custom
IO callbacks were taken into use in
d15eec4d6b, the handling of a nonblocking
socket wasn't necessary for the default blocking mode any longer.

The code was simplified, since it was overlooked that other code
within libavformat actually used the tls protocol in nonblocking mode.

This fixes publishing over rtmps, with the gnutls backend.

Signed-off-by: Martin Storsjö <martin@martin.st>
2017-06-20 23:55:52 +03:00
Diego Biurrun
61cec5adaa tls: Hide backend implementation details from users
TLS is currently implemented over either OpenSSL or GnuTLS, with more
backends likely to appear in the future. Currently, those backend libraries
are part of the protocol names used during e.g. the configure stage of a
build. Hide those details behind a generically-named declaration for the
TLS protocol to avoid leaking those details into the configuration stage.
2017-06-02 10:41:52 +02:00
Jay Ridgeway
295601bba3 avformat/tls: add tls url_get_file_handle
Support url_get_file_handle on TLS streams.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-12-17 19:46:30 +01:00
Diego Biurrun
e122b12c88 build: Drop gcrypt support
GnuTLS in combination with gcrypt has been deprecated since 2010.
2016-11-25 18:46:53 +01:00
Derek Buitenhuis
9c75148e6e Merge commit '2758cdedfb7ac61f8b5e4861f99218b6fd43491d'
This commit also disables the async fate test, because it
used internal APIs in a non-kosher way, which no longer
exists.

* commit '2758cdedfb7ac61f8b5e4861f99218b6fd43491d':
  lavf: reorganize URLProtocols

Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2016-02-29 16:51:10 +00:00
Anton Khirnov
2758cdedfb lavf: reorganize URLProtocols
Instead of a linked list constructed at av_register_all(), store them
in a constant array of pointers.

Since no registration is necessary now, this removes some global state
from lavf. This will also allow the urlprotocol layer caller to limit
the available protocols in a simple and flexible way in the following
commits.
2016-02-22 11:30:58 +01:00
Ganesh Ajjanagadde
1bbb5ea10d avformat/tls_gnutls: correct version detection for certificate support
Fixes Ticket3748

Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-08-13 02:24:37 +02:00
wm4
2222f419da tls_gnutls: fix hang on disconnection
GNUTLS_SHUT_RDWR means GnuTLS will keep waiting for the server's
termination reply. But since we don't shutdown the TCP connection at
this point yet, GnuTLS will just keep skipping actual data from the
server, which basically is perceived as hang.

Use GNUTLS_SHUT_WR instead, which doesn't have this problem.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-06-14 21:40:08 +02:00
wm4
74ea1167d9 tls_gnutls: fix hang on disconnection
GNUTLS_SHUT_RDWR means GnuTLS will keep waiting for the server's
termination reply. But since we don't shutdown the TCP connection at
this point yet, GnuTLS will just keep skipping actual data from the
server, which basically is perceived as hang.

Use GNUTLS_SHUT_WR instead, which doesn't have this problem.

Signed-off-by: Martin Storsjö <martin@martin.st>
2015-06-14 19:50:03 +03:00
Michael Niedermayer
f0b99112e3 Merge commit 'd4d90504a687d2c0ef77ccf11d831f24dcff9cf1'
* commit 'd4d90504a687d2c0ef77ccf11d831f24dcff9cf1':
  tls_gnutls: Add missing includes for the gcrypt thread safety callbacks

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-28 21:21:07 +02:00
Martin Storsjö
d4d90504a6 tls_gnutls: Add missing includes for the gcrypt thread safety callbacks
This fixes building with gcrypt-backed gnutls versions, broken
in 57cde2b180.

Signed-off-by: Martin Storsjö <martin@martin.st>
2015-05-28 15:05:52 +03:00
wm4
a9f1d584e5 lavf: move TLS-related ifdeffery to library specific files
There is no need to have this mess in network.c.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-27 22:24:00 +02:00
wm4
4a006b9eb7 lavf: split tls.c
Move the OpenSSL and GnuTLS implementations to their own files. Other
than the connection code (including options) and some boilerplate, no
code is actually shared.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-27 21:48:47 +02:00
wm4
57cde2b180 lavf: move TLS-related ifdeffery to library specific files
There is no need to have this mess in network.c.

Signed-off-by: Martin Storsjö <martin@martin.st>
2015-05-26 21:48:51 +03:00
wm4
d8ffb2055f lavf: split tls.c
Move the OpenSSL and GnuTLS implementations to their own files. Other
than the connection code (including options) and some boilerplate, no
code is actually shared.

Signed-off-by: Martin Storsjö <martin@martin.st>
2015-05-26 21:48:32 +03:00