1. 24 Mar, 2016 1 commit
    • Martin Storsjö's avatar
      avio: Copy URLContext generic options into child URLContexts · fab8156b
      Martin Storsjö authored
      Since all URLContexts have the same AVOptions, such AVOptions
      will be applied on the outermost context only and removed from the
      dict, while they probably make sense on all contexts.
      
      This makes sure that rw_timeout gets propagated to the innermost
      URLContext (to make sure it gets passed to the tcp protocol, when
      opening a http connection for instance).
      
      Alternatively, such matching options would be kept in the dict
      and only removed after the ffurl_connect call.
      Signed-off-by: 's avatarMartin Storsjö <martin@martin.st>
      fab8156b
  2. 04 Mar, 2016 1 commit
  3. 22 Feb, 2016 1 commit
  4. 02 Feb, 2016 1 commit
  5. 08 Jun, 2015 1 commit
  6. 27 May, 2015 1 commit
    • wm4's avatar
      lavf: split tls.c · 4a006b9e
      wm4 authored
      Move the OpenSSL and GnuTLS implementations to their own files. Other
      than the connection code (including options) and some boilerplate, no
      code is actually shared.
      Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
      4a006b9e
  7. 26 May, 2015 1 commit
    • wm4's avatar
      lavf: split tls.c · d8ffb205
      wm4 authored
      Move the OpenSSL and GnuTLS implementations to their own files. Other
      than the connection code (including options) and some boilerplate, no
      code is actually shared.
      Signed-off-by: 's avatarMartin Storsjö <martin@martin.st>
      d8ffb205
  8. 22 May, 2015 2 commits
  9. 21 May, 2015 3 commits
  10. 28 Feb, 2015 1 commit
  11. 16 Feb, 2015 1 commit
  12. 14 Feb, 2015 1 commit
  13. 03 Feb, 2015 1 commit
  14. 10 Oct, 2014 1 commit
  15. 15 Aug, 2014 1 commit
  16. 23 Jan, 2014 1 commit
  17. 27 Sep, 2013 1 commit
  18. 26 Sep, 2013 2 commits
    • Martin Storsjö's avatar
      tls: Add support for listen mode · 705b748e
      Martin Storsjö authored
      Also add options for specifying a certificate and key, which can
      be used both when operating as client and as server.
      
      Partially based on a patch by Peter Ross.
      Signed-off-by: 's avatarMartin Storsjö <martin@martin.st>
      705b748e
    • Martin Storsjö's avatar
      tls: Add options for verifying the peer certificate · 8b09d917
      Martin Storsjö authored
      A file containing the trusted CA certificates needs to be
      supplied via the ca_file AVOption, unless the TLS library
      has got a system default file/database set up.
      
      This doesn't check the hostname of the peer certificate with
      openssl, which requires a non-trivial piece of code for
      manually matching the desired hostname to the string provided
      by the certificate, not provided as a library function.
      
      That is, with openssl, this only validates that the received
      certificate is signed with the right CA, but not that it is
      the actual server we think we're talking to.
      
      Verification is still disabled by default since we can't count
      on a proper CA database existing at all times.
      Signed-off-by: 's avatarMartin Storsjö <martin@martin.st>
      8b09d917
  19. 22 Sep, 2013 1 commit
  20. 30 Aug, 2013 1 commit
  21. 27 Feb, 2013 1 commit
    • Martin Storsjö's avatar
      lavf: Handle the environment variable no_proxy more properly · de9cd1b1
      Martin Storsjö authored
      The handling of the environment variable no_proxy, present since
      one of the initial commits (de6d9b64), is inconsistent with
      how many other applications and libraries interpret this
      variable. Its bare presence does not indicate that the use of
      proxies should be skipped, but it is some sort of pattern for
      hosts that does not need using a proxy (e.g. for a local network).
      
      As investigated by Rudolf Polzer, different libraries handle this
      in different ways, some supporting IP address masks, some supporting
      arbitrary globbing using *, some just checking that the pattern matches
      the end of the hostname without regard for whether it actually is
      the right domain or a domain that ends in the same string.
      
      This simple logic should be pretty similar to the logic used by
      lynx and curl.
      Signed-off-by: 's avatarMartin Storsjö <martin@martin.st>
      de9cd1b1
  22. 27 Jul, 2012 1 commit
  23. 22 Jul, 2012 4 commits
  24. 05 Jan, 2012 1 commit
  25. 28 Nov, 2011 1 commit
  26. 18 Nov, 2011 1 commit
  27. 17 Nov, 2011 1 commit
    • Martin Storsjö's avatar
      tls: Use TLSv1_client_method for OpenSSL · 92db95e9
      Martin Storsjö authored
      TLSv1 is compatible with SSLv3, so this doesn't change much
      in terms of compatibility. By explicitly using TLSv1, OpenSSL
      sends the server name indication (SNI) header, which we
      already set using SSL_set_tlsext_host_name (earlier, this
      didn't have any effect).
      
      SNI allows servers to serve SSL content for different host
      names with separate certificates on one single port (vhosts).
      Signed-off-by: 's avatarMartin Storsjö <martin@martin.st>
      92db95e9
  28. 13 Nov, 2011 3 commits
  29. 10 Nov, 2011 2 commits
  30. 08 Nov, 2011 1 commit