subject:"\\\\\\\[FFmpeg\\\\\\\-devel\\\\\\\] \\\\\\\[PATCH 3\\\\\\\/3\\\\\\\] lavf\\\\\\\/tls\\\\\\\: accept a default CA bundle at configure\\\\\\\-time"

[FFmpeg-devel] [PATCH 3/3] lavf/tls: accept a default CA bundle at configure-time

2015-05-02 Thread Rodger Combs

---
 configure | 28 
 libavformat/tls.c |  2 +-
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/configure b/configure
index 1ef2908..5b68514 100755
--- a/configure
+++ b/configure
@@ -108,6 +108,7 @@ Configuration options:
   --disable-alldisable building components, libraries and programs
   --enable-incompatible-libav-abi enable incompatible Libav fork ABI [no]
   --enable-raise-major increase major version numbers in sonames [no]
+  --default-ca-file=PATH   default CA file for TLS verification [autodetect]
 
 Program options:
   --disable-programs   do not build command line programs
@@ -1950,6 +1951,7 @@ PATHS_LIST=
 mandir
 prefix
 shlibdir
+default_ca_file
 
 
 CMDLINE_SET=
@@ -3135,6 +3137,8 @@ test -n $cross_prefix  enable cross_compile
 if enabled cross_compile; then
 test -n $arch  test -n $target_os ||
 die Must specify target arch and OS when cross-compiling
+else
+enable find_cert_bundle
 fi
 
 ar_default=${cross_prefix}${ar_default}
@@ -4470,6 +4474,25 @@ check_cpp_condition stdlib.h defined(__PIC__) || 
defined(__pic__) || defined(PI
 set_default libdir
 : ${shlibdir_default:=$libdir}
 
+# CA bundle
+
+enabled securetransport  disable find_cert_bundle
+
+if enabled find_cert_bundle  [[ -z $default_ca_file ]]; then
+for a in /etc/ssl/certs/ca-certificates.crt \
+ /etc/pki/tls/certs/ca-bundle.crt \
+ /usr/share/ssl/certs/ca-bundle.crt \
+ /usr/local/share/certs/ca-root.crt \
+ /etc/ssl/cert.pem \
+ ${prefix}/share/curl/curl-ca-bundle.crt;
+ do
+if test -f $a; then
+default_ca_file=$a
+break
+fi
+done
+fi
+
 set_default $PATHS_LIST
 set_default nm
 
@@ -5720,6 +5743,7 @@ echo makeinfo enabled  ${makeinfo-no}
 echo makeinfo supports HTML${makeinfo_html-no}
 test -n $random_seed 
 echo random seed   ${random_seed}
+echo default CA file   ${default_ca_file:-none}
 echo
 
 echo External libraries:
@@ -5912,6 +5936,10 @@ cat  $TMPH EOF
 #define SWS_MAX_FILTER_SIZE $sws_max_filter_size
 EOF
 
+test -n $default_ca_file 
+echo #define DEFAULT_CA_FILE \$(eval c_escape $default_ca_file)\ 
$TMPH ||
+echo #define DEFAULT_CA_FILE NULL  $TMPH
+
 test -n $assert_level 
 echo #define ASSERT_LEVEL $assert_level $TMPH
 
diff --git a/libavformat/tls.c b/libavformat/tls.c
index afa9017..305b15e 100644
--- a/libavformat/tls.c
+++ b/libavformat/tls.c
@@ -101,7 +101,7 @@ typedef struct TLSContext {
 #define D AV_OPT_FLAG_DECODING_PARAM
 #define E AV_OPT_FLAG_ENCODING_PARAM
 static const AVOption options[] = {
-{ca_file,Certificate Authority database file, OFFSET(ca_file),   
AV_OPT_TYPE_STRING, .flags = D|E },
+{ca_file,Certificate Authority database file, OFFSET(ca_file),   
AV_OPT_TYPE_STRING, { .str = DEFAULT_CA_FILE }, .flags = D|E },
 {cafile, Certificate Authority database file, OFFSET(ca_file),   
AV_OPT_TYPE_STRING, .flags = D|E },
 {tls_verify, Verify the peer certificate, OFFSET(verify),
AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = D|E },
 {cert_file,  Certificate file,OFFSET(cert_file), 
AV_OPT_TYPE_STRING, .flags = D|E },
-- 
2.3.5

___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [PATCH 3/3] lavf/tls: accept a default CA bundle at configure-time

2015-05-02 Thread Michael Niedermayer

On Sat, May 02, 2015 at 02:07:31AM -0500, Rodger Combs wrote:
 ---
  configure | 28 
  libavformat/tls.c |  2 +-
  2 file
 
 diff --git a/configure b/configure
 index 1ef2908..5b68514 100755
 --- a/configure
 +++ b/configure
 @@ -108,6 +108,7 @@ Configuration options:
--disable-alldisable building components, libraries and 
 programs
--enable-incompatible-libav-abi enable incompatible Libav fork ABI [no]
--enable-raise-major increase major version numbers in sonames [no]
 +  --default-ca-file=PATH   default CA file for TLS verification [autodetect]
  
  Program options:
--disable-programs   do not build command line programs
 @@ -1950,6 +1951,7 @@ PATHS_LIST=
  mandir
  prefix
  shlibdir
 +default_ca_file
  
  
  CMDLINE_SET=
 @@ -3135,6 +3137,8 @@ test -n $cross_prefix  enable cross_compile
  if enabled cross_compile; then
  test -n $arch  test -n $target_os ||
  die Must specify target arch and OS when cross-compiling
 +else
 +enable find_cert_bundle
  fi
  
  ar_default=${cross_prefix}${ar_default}
 @@ -4470,6 +4474,25 @@ check_cpp_condition stdlib.h defined(__PIC__) || 
 defined(__pic__) || defined(PI
  set_default libdir
  : ${shlibdir_default:=$libdir}
  
 +# CA bundle
 +
 +enabled securetransport  disable find_cert_bundle
 +
 +if enabled find_cert_bundle  [[ -z $default_ca_file ]]; then
  ^^   ^^
these look wrong

[...]

-- 
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

In fact, the RIAA has been known to suggest that students drop out
of college or go to community college in order to be able to afford
settlements. -- The RIAA


signature.asc
Description: Digital signature
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

[FFmpeg-devel] [PATCH 3/3] lavf/tls: accept a default CA bundle at configure-time

Re: [FFmpeg-devel] [PATCH 3/3] lavf/tls: accept a default CA bundle at configure-time

2 matches

Site Navigation

Mail list logo

Footer information