[FFmpeg-devel] [PATCH 1/4] lavf/tls_openssl: add support for verifying the server hostname on >=1.1.0
Ridley Combs
rcombs at rcombs.me
Wed Jun 3 10:39:54 EEST 2020
> On Jun 3, 2020, at 02:29, Moritz Barsnick <barsnick at gmx.net> wrote:
>
> On Fri, May 29, 2020 at 22:57:50 -0500, rcombs wrote:
>> +#else
>> + av_log(h, AV_LOG_WARNING, "ffmpeg was built against an old version of OpenSSL\n"
>> + "which doesn't provide peer name verification, so this connection\n"
>> + "will be made insecurely. To make this connection securely,\n"
>> + "upgrade to a newer OpenSSL version, or use GNUTLS instead.\n");
>
> Aren't there also other options than just GnuTLS? From a quick check,
> it looks like most of ffmpeg's TLS implementations support
> verification, but I don't know the internals. (Perhaps the same
> misconception as with openssl.)
Ahh, this patch dates back to when the only other multiplatform option was GNUTLS. I can say "or use a different TLS implementation." if you like?
>
> Furthermore, is that the official spelling/capitalization of GnuTLS?
>
> Cheers,
> Moritz
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
More information about the ffmpeg-devel
mailing list