virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-04 22:03:09 +02:00
Code Issues Releases Activity

avformat/tls_openssl: fix build error when openssl version < 3

Browse Source 
add the missing data structure pkey in the tls_context
properly set this pkey and free it

Signed-off-by: Jack Lau <jacklau1222@qq.com>
Reviewed-by: Martin Storsjö <martin@martin.st>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Jack Lau
2025-06-06 16:17:38 +08:00
committed by Michael Niedermayer
parent d811966ba6
commit 4611ed5cc3
1 changed files with 20 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
libavformat/tls_openssl.c
View File

@ -467,6 +467,7 @@ typedef struct TLSContext {
TLSShared tls_shared; TLSShared tls_shared;
SSL_CTX *ctx; SSL_CTX *ctx;
SSL *ssl; SSL *ssl;
EVP_PKEY *pkey;
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL #if OPENSSL_VERSION_NUMBER >= 0x1010000fL
BIO_METHOD* url_bio_method; BIO_METHOD* url_bio_method;
#endif #endif
@ -849,7 +850,7 @@ static av_cold int openssl_init_ca_key_cert(URLContext *h)
goto fail; goto fail;
} }
} else if (p->tls_shared.key_buf) { } else if (p->tls_shared.key_buf) {
pkey = pkey_from_pem_string(p->tls_shared.key_buf, 1); p->pkey = pkey = pkey_from_pem_string(p->tls_shared.key_buf, 1);
if (SSL_CTX_use_PrivateKey(p->ctx, pkey) != 1) { if (SSL_CTX_use_PrivateKey(p->ctx, pkey) != 1) {
av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_use_PrivateKey failed, %s\n", openssl_get_error(p)); av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_use_PrivateKey failed, %s\n", openssl_get_error(p));
ret = AVERROR(EINVAL); ret = AVERROR(EINVAL);
@ -876,6 +877,9 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
int ret = 0; int ret = 0;
c->is_dtls = 1; c->is_dtls = 1;
const char* ciphers = "ALL"; const char* ciphers = "ALL";
#if OPENSSL_VERSION_NUMBER < 0x10002000L // v1.0.2
EC_KEY *ec_key = NULL;
#endif
/** /**
* The profile for OpenSSL's SRTP is SRTP_AES128_CM_SHA1_80, see ssl/d1_srtp.c. * The profile for OpenSSL's SRTP is SRTP_AES128_CM_SHA1_80, see ssl/d1_srtp.c.
* The profile for FFmpeg's SRTP is SRTP_AES128_CM_HMAC_SHA1_80, see libavformat/srtp.c. * The profile for FFmpeg's SRTP is SRTP_AES128_CM_HMAC_SHA1_80, see libavformat/srtp.c.
@ -908,15 +912,6 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
} }
#endif #endif
#if OPENSSL_VERSION_NUMBER < 0x10100000L // v1.1.x
#if OPENSSL_VERSION_NUMBER < 0x10002000L // v1.0.2
if (ctx->dtls_eckey)
SSL_CTX_set_tmp_ecdh(p->ctx, p->dtls_eckey);
#else
SSL_CTX_set_ecdh_auto(p->ctx, 1);
#endif
#endif
/** /**
* We activate "ALL" cipher suites to align with the peer's capabilities, * We activate "ALL" cipher suites to align with the peer's capabilities,
* ensuring maximum compatibility. * ensuring maximum compatibility.
@ -930,6 +925,17 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
ret = openssl_init_ca_key_cert(h); ret = openssl_init_ca_key_cert(h);
if (ret < 0) goto fail; if (ret < 0) goto fail;
#if OPENSSL_VERSION_NUMBER < 0x10100000L // v1.1.x
#if OPENSSL_VERSION_NUMBER < 0x10002000L // v1.0.2
if (p->pkey)
ec_key = EVP_PKEY_get1_EC_KEY(p->pkey);
if (ec_key)
SSL_CTX_set_tmp_ecdh(p->ctx, ec_key);
#else
SSL_CTX_set_ecdh_auto(p->ctx, 1);
#endif
#endif
/* Server will send Certificate Request. */ /* Server will send Certificate Request. */
SSL_CTX_set_verify(p->ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, openssl_dtls_verify_callback); SSL_CTX_set_verify(p->ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, openssl_dtls_verify_callback);
/* The depth count is "level 0:peer certificate", "level 1: CA certificate", /* The depth count is "level 0:peer certificate", "level 1: CA certificate",
@ -1001,6 +1007,9 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
ret = 0; ret = 0;
fail: fail:
#if OPENSSL_VERSION_NUMBER < 0x10002000L // v1.0.2
EC_KEY_free(ec_key);
#endif
return ret; return ret;
} }
@ -1015,9 +1024,7 @@ static av_cold int dtls_close(URLContext *h)
av_freep(&ctx->tls_shared.fingerprint); av_freep(&ctx->tls_shared.fingerprint);
av_freep(&ctx->tls_shared.cert_buf); av_freep(&ctx->tls_shared.cert_buf);
av_freep(&ctx->tls_shared.key_buf); av_freep(&ctx->tls_shared.key_buf);
#if OPENSSL_VERSION_NUMBER < 0x30000000L /* OpenSSL 3.0 */ EVP_PKEY_free(ctx->pkey);
EC_KEY_free(ctx->dtls_eckey);
#endif
return 0; return 0;
} }