---
configure | 28
libavformat/tls.c | 2 +-
2 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/configure b/configure
index 1ef2908..5b68514 100755
--- a/configure
+++ b/configure
@@ -108,6 +108,7 @@ Configuration options:
--disable-alldisable building components, libraries and programs
--enable-incompatible-libav-abi enable incompatible Libav fork ABI [no]
--enable-raise-major increase major version numbers in sonames [no]
+ --default-ca-file=PATH default CA file for TLS verification [autodetect]
Program options:
--disable-programs do not build command line programs
@@ -1950,6 +1951,7 @@ PATHS_LIST=
mandir
prefix
shlibdir
+default_ca_file
CMDLINE_SET=
@@ -3135,6 +3137,8 @@ test -n $cross_prefix enable cross_compile
if enabled cross_compile; then
test -n $arch test -n $target_os ||
die Must specify target arch and OS when cross-compiling
+else
+enable find_cert_bundle
fi
ar_default=${cross_prefix}${ar_default}
@@ -4470,6 +4474,25 @@ check_cpp_condition stdlib.h defined(__PIC__) ||
defined(__pic__) || defined(PI
set_default libdir
: ${shlibdir_default:=$libdir}
+# CA bundle
+
+enabled securetransport disable find_cert_bundle
+
+if enabled find_cert_bundle [[ -z $default_ca_file ]]; then
+for a in /etc/ssl/certs/ca-certificates.crt \
+ /etc/pki/tls/certs/ca-bundle.crt \
+ /usr/share/ssl/certs/ca-bundle.crt \
+ /usr/local/share/certs/ca-root.crt \
+ /etc/ssl/cert.pem \
+ ${prefix}/share/curl/curl-ca-bundle.crt;
+ do
+if test -f $a; then
+default_ca_file=$a
+break
+fi
+done
+fi
+
set_default $PATHS_LIST
set_default nm
@@ -5720,6 +5743,7 @@ echo makeinfo enabled ${makeinfo-no}
echo makeinfo supports HTML${makeinfo_html-no}
test -n $random_seed
echo random seed ${random_seed}
+echo default CA file ${default_ca_file:-none}
echo
echo External libraries:
@@ -5912,6 +5936,10 @@ cat $TMPH EOF
#define SWS_MAX_FILTER_SIZE $sws_max_filter_size
EOF
+test -n $default_ca_file
+echo #define DEFAULT_CA_FILE \$(eval c_escape $default_ca_file)\
$TMPH ||
+echo #define DEFAULT_CA_FILE NULL $TMPH
+
test -n $assert_level
echo #define ASSERT_LEVEL $assert_level $TMPH
diff --git a/libavformat/tls.c b/libavformat/tls.c
index afa9017..305b15e 100644
--- a/libavformat/tls.c
+++ b/libavformat/tls.c
@@ -101,7 +101,7 @@ typedef struct TLSContext {
#define D AV_OPT_FLAG_DECODING_PARAM
#define E AV_OPT_FLAG_ENCODING_PARAM
static const AVOption options[] = {
-{ca_file,Certificate Authority database file, OFFSET(ca_file),
AV_OPT_TYPE_STRING, .flags = D|E },
+{ca_file,Certificate Authority database file, OFFSET(ca_file),
AV_OPT_TYPE_STRING, { .str = DEFAULT_CA_FILE }, .flags = D|E },
{cafile, Certificate Authority database file, OFFSET(ca_file),
AV_OPT_TYPE_STRING, .flags = D|E },
{tls_verify, Verify the peer certificate, OFFSET(verify),
AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = D|E },
{cert_file, Certificate file,OFFSET(cert_file),
AV_OPT_TYPE_STRING, .flags = D|E },
--
2.3.5
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel