[FFmpeg-cvslog] tls: Use TLSv1_client_method for OpenSSL
    Martin Storsjö 
    git at videolan.org
       
    Fri Nov 18 03:13:17 CET 2011
    
    
  
ffmpeg | branch: master | Martin Storsjö <martin at martin.st> | Thu Nov 17 11:15:27 2011 +0200| [92db95e9ca5f8249e69e5ef7e1c31c835813e764] | committer: Martin Storsjö
tls: Use TLSv1_client_method for OpenSSL
TLSv1 is compatible with SSLv3, so this doesn't change much
in terms of compatibility. By explicitly using TLSv1, OpenSSL
sends the server name indication (SNI) header, which we
already set using SSL_set_tlsext_host_name (earlier, this
didn't have any effect).
SNI allows servers to serve SSL content for different host
names with separate certificates on one single port (vhosts).
Signed-off-by: Martin Storsjö <martin at martin.st>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=92db95e9ca5f8249e69e5ef7e1c31c835813e764
---
 libavformat/tls.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/libavformat/tls.c b/libavformat/tls.c
index 33ee782..72c2b85 100644
--- a/libavformat/tls.c
+++ b/libavformat/tls.c
@@ -147,7 +147,7 @@ static int tls_open(URLContext *h, const char *uri, int flags)
             goto fail;
     }
 #elif CONFIG_OPENSSL
-    c->ctx = SSL_CTX_new(SSLv3_client_method());
+    c->ctx = SSL_CTX_new(TLSv1_client_method());
     if (!c->ctx) {
         av_log(h, AV_LOG_ERROR, "%s\n", ERR_error_string(ERR_get_error(), NULL));
         ret = AVERROR(EIO);
    
    
More information about the ffmpeg-cvslog
mailing list