- 23 Jan, 2014 1 commit
-
-
Matt Oliver authored
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
-
- 27 Sep, 2013 1 commit
-
-
Michael Niedermayer authored
Found-by: " Geek.Song" <ffmpeg@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
-
- 26 Sep, 2013 2 commits
-
-
Martin Storsjö authored
Also add options for specifying a certificate and key, which can be used both when operating as client and as server. Partially based on a patch by Peter Ross. Signed-off-by: Martin Storsjö <martin@martin.st>
-
Martin Storsjö authored
A file containing the trusted CA certificates needs to be supplied via the ca_file AVOption, unless the TLS library has got a system default file/database set up. This doesn't check the hostname of the peer certificate with openssl, which requires a non-trivial piece of code for manually matching the desired hostname to the string provided by the certificate, not provided as a library function. That is, with openssl, this only validates that the received certificate is signed with the right CA, but not that it is the actual server we think we're talking to. Verification is still disabled by default since we can't count on a proper CA database existing at all times. Signed-off-by: Martin Storsjö <martin@martin.st>
-
- 22 Sep, 2013 1 commit
-
-
Martin Storsjö authored
Signed-off-by: Martin Storsjö <martin@martin.st>
-
- 30 Aug, 2013 1 commit
-
-
Thilo Borgmann authored
-
- 27 Feb, 2013 1 commit
-
-
Martin Storsjö authored
The handling of the environment variable no_proxy, present since one of the initial commits (de6d9b64), is inconsistent with how many other applications and libraries interpret this variable. Its bare presence does not indicate that the use of proxies should be skipped, but it is some sort of pattern for hosts that does not need using a proxy (e.g. for a local network). As investigated by Rudolf Polzer, different libraries handle this in different ways, some supporting IP address masks, some supporting arbitrary globbing using *, some just checking that the pattern matches the end of the hostname without regard for whether it actually is the right domain or a domain that ends in the same string. This simple logic should be pretty similar to the logic used by lynx and curl. Signed-off-by: Martin Storsjö <martin@martin.st>
-
- 27 Jul, 2012 1 commit
-
-
Martin Storsjö authored
OpenSSL returns 0 when the peer has closed the connection. GnuTLS doesn't return that though, but returns GNUTLS_E_UNEXPECTED_PACKET_LENGTH if the connection simply is closed without a clean close notify packet. Tested-by: Antti Seppälä <a.seppala@gmail.com> Signed-off-by: Martin Storsjö <martin@martin.st>
-
- 22 Jul, 2012 4 commits
-
-
Peter Ross authored
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
-
Peter Ross authored
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
-
Peter Ross authored
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
-
Peter Ross authored
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
-
- 05 Jan, 2012 1 commit
-
-
Martin Storsjö authored
This definition is in two files, since the definitions will move to the private header at the next bump. Signed-off-by: Martin Storsjö <martin@martin.st>
-
- 28 Nov, 2011 1 commit
-
-
Diego Biurrun authored
-
- 18 Nov, 2011 1 commit
-
-
Martin Storsjö authored
Signed-off-by: Martin Storsjö <martin@martin.st>
-
- 17 Nov, 2011 1 commit
-
-
Martin Storsjö authored
TLSv1 is compatible with SSLv3, so this doesn't change much in terms of compatibility. By explicitly using TLSv1, OpenSSL sends the server name indication (SNI) header, which we already set using SSL_set_tlsext_host_name (earlier, this didn't have any effect). SNI allows servers to serve SSL content for different host names with separate certificates on one single port (vhosts). Signed-off-by: Martin Storsjö <martin@martin.st>
-
- 13 Nov, 2011 3 commits
-
-
Anton Khirnov authored
Not used anywhere yet, support for passing options from avio_open() will follow.
-
Martin Storsjö authored
Change all uses of these function to pass the relevant callback on.
-
Martin Storsjö authored
-
- 10 Nov, 2011 2 commits
-
-
Martin Storsjö authored
Signed-off-by: Martin Storsjö <martin@martin.st>
-
Anton Khirnov authored
-
- 08 Nov, 2011 1 commit
-
-
Martin Storsjö authored
The return value ret isn't an error code that can be passed to ERR_error_string(). This makes the error messages printed actually contain useful information. Signed-off-by: Martin Storsjö <martin@martin.st>
-
- 05 Nov, 2011 1 commit
-
-
Martin Storsjö authored
Note, this protocol doesn't yet check verify the server certificate against a local database of trusted CA root certificates. Signed-off-by: Martin Storsjö <martin@martin.st>
-