[FFmpeg-devel] [PATCH] lavf/tls_openssl: Support building with LibreSSL

wm4 nfxjfg at googlemail.com
Sat Jan 28 13:28:35 EET 2017 

On Fri, 27 Jan 2017 19:53:50 +0000
Mark Thompson <sw at jkqxz.net> wrote:

> On 27/01/17 19:15, Marek Behun wrote:
> > On Fri, 27 Jan 2017 18:41:09 +0000
> > Mark Thompson <sw at jkqxz.net> wrote:
> >   
> >> On 27/01/17 17:31, Marek BehĂșn wrote:  
> >>> Use the LIBRESSL_VERSION_NUMBER macro to determine if building with
> >>> LibreSSL instead of OpenSSL. This is pretty straightforward, since
> >>> it is enough to add this check to existing #if macros.
> >>>
> >>> Signed-off-by: Marek Behun <kabel at blackhole.sk>
> >>> ---
> >>>  libavformat/tls_openssl.c | 12 ++++++------
> >>>  1 file changed, 6 insertions(+), 6 deletions(-)
> >>>
> >>> diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
> >>> index 3d9768a..cf1a62e 100644
> >>> --- a/libavformat/tls_openssl.c
> >>> +++ b/libavformat/tls_openssl.c
> >>> @@ -43,7 +43,7 @@ typedef struct TLSContext {
> >>>      TLSShared tls_shared;
> >>>      SSL_CTX *ctx;
> >>>      SSL *ssl;
> >>> -#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
> >>> +#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
> >>> && !defined(LIBRESSL_VERSION_NUMBER)    
> >>
> >> I don't understand what this is trying to do.
> >>
> >> Does LibreSSL support the OpenSSL 1.1.0 API:
> >>
> >> If yes, why would the additional check be needed?
> >>
> >> If no, isn't this doing nothing because the first check would be
> >> false?  
> > 
> > LibreSSL defines OPENSSL_VERSION_NUMBER to >=0x2000000, thus
> > OPENSSL_VERSION_NUMBER is always greater than 0x1010000, but LibreSSL
> > does not support 1.1.0 API.  
> 
> Er, right, so it just lies and leaves it to user programs to sort it out.  How nice.
> 
> Looking back, I can see this has been discussed before:
> <https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2016-October/201960.html>
> <https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2016-December/203998.html>
> 
> That (beyond the disapprobation towards libressl for being naughty) looks like people would prefer the test to be in configure rather than copying the nontrivial #if condition everywhere?

Maybe LibreSSL should fix this upstream.

They're doing an extreme disservice to everyone by breaking every
single downstream program.

I'd even go as far as saying we shouldn't bother with LibreSSL if
trying to keep compatibility is going to be a mess this huge.

More information about the ffmpeg-devel mailing list