[FFmpeg-devel] [PATCH] lavf/tls_openssl: Support building with LibreSSL

Mark Thompson sw at jkqxz.net
Sat Jan 28 00:20:29 EET 2017


On 27/01/17 21:42, Marek BehĂșn wrote:
> In configure, check if the function BIO_meth_new is defined in the
> corresponding OpenSSL/LibreSSL library, and if yes, define
> HAVE_OPENSSL_BIO_METH_CALLS variable to 1 in config.h, or to 0
> otherwise.
> 
> Change the heuristics preprocessor check
>   #if OPENSSL_VERSION_NUMBER >= 0x1010000fL
> to
>   #if HAVE_OPENSSL_BIO_METH_CALLS
> 
> This makes it possible to use LibreSSL, which defines
> OPENSSL_VERSION_NUMBER to >= 0x2000000fL, but does not support the
> BIO_meth_* calls from OpenSSL 1.1.0+.
> 
> Signed-off-by: Marek Behun <kabel at blackhole.sk>
> ---
>  configure                 |  9 ++++++++-
>  libavformat/tls_openssl.c | 12 ++++++------
>  2 files changed, 14 insertions(+), 7 deletions(-)
> 
> diff --git a/configure b/configure
> index 7154142..f2bf7b4 100755
> --- a/configure
> +++ b/configure
> @@ -2060,6 +2060,7 @@ HAVE_LIST="
>      makeinfo
>      makeinfo_html
>      MMAL_PARAMETER_VIDEO_MAX_NUM_CALLBACKS
> +    openssl_bio_meth_calls
>      perl
>      pod2man
>      sdl2
> @@ -5883,7 +5884,13 @@ enabled openssl           && { use_pkg_config openssl openssl/ssl.h OPENSSL_init
>                                 check_lib openssl/ssl.h SSL_library_init -lssl -lcrypto ||
>                                 check_lib openssl/ssl.h SSL_library_init -lssl32 -leay32 ||
>                                 check_lib openssl/ssl.h SSL_library_init -lssl -lcrypto -lws2_32 -lgdi32 ||
> -                               die "ERROR: openssl not found"; }
> +                               die "ERROR: openssl not found"; } &&
> +                             { { check_pkg_config openssl openssl/bio.h BIO_meth_new ||
> +                                 check_func BIO_meth_new -lssl -lcrypto ||
> +                                 check_func BIO_meth_new -lssl32 -leay32 ||
> +                                 check_func BIO_meth_new -lssl -lcrypto -lws2_32 -lgdi32; } &&
> +                               enable openssl_bio_meth_calls || disable openssl_bio_meth_calls
> +                             }

You don't need to duplicate the whole list of tests.  Once one of the first set has succeeded then the necessary libraries have already been added to the accumulated flags.

That is:

@@ -5883,7 +5884,8 @@ enabled openssl           && { use_pkg_config openssl openssl/ssl.h OPENSSL_init
                                check_lib openssl/ssl.h SSL_library_init -lssl -lcrypto ||
                                check_lib openssl/ssl.h SSL_library_init -lssl32 -leay32 ||
                                check_lib openssl/ssl.h SSL_library_init -lssl -lcrypto -lws2_32 -lgdi32 ||
-                               die "ERROR: openssl not found"; }
+                               die "ERROR: openssl not found"; } &&
+                             { check_func BIO_meth_new && enable openssl_bio_meth_calls; }
 enabled qtkit_indev      && { check_header_objcc QTKit/QTKit.h || disable qtkit_indev; }

>  enabled qtkit_indev      && { check_header_objcc QTKit/QTKit.h || disable qtkit_indev; }
>  
>  # libdc1394 check
> diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
> index 3d9768a..cede0b6 100644
> --- a/libavformat/tls_openssl.c
> +++ b/libavformat/tls_openssl.c
> @@ -43,7 +43,7 @@ typedef struct TLSContext {
>      TLSShared tls_shared;
>      SSL_CTX *ctx;
>      SSL *ssl;
> -#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
> +#if HAVE_OPENSSL_BIO_METH_CALLS
>      BIO_METHOD* url_bio_method;
>  #endif
>  } TLSContext;
> @@ -68,7 +68,7 @@ static unsigned long openssl_thread_id(void)
>  
>  static int url_bio_create(BIO *b)
>  {
> -#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
> +#if HAVE_OPENSSL_BIO_METH_CALLS
>      BIO_set_init(b, 1);
>      BIO_set_data(b, NULL);
>      BIO_set_flags(b, 0);
> @@ -85,7 +85,7 @@ static int url_bio_destroy(BIO *b)
>      return 1;
>  }
>  
> -#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
> +#if HAVE_OPENSSL_BIO_METH_CALLS
>  #define GET_BIO_DATA(x) BIO_get_data(x);
>  #else
>  #define GET_BIO_DATA(x) (x)->ptr;
> @@ -133,7 +133,7 @@ static int url_bio_bputs(BIO *b, const char *str)
>      return url_bio_bwrite(b, str, strlen(str));
>  }
>  
> -#if OPENSSL_VERSION_NUMBER < 0x1010000fL
> +#if !HAVE_OPENSSL_BIO_METH_CALLS
>  static BIO_METHOD url_bio_method = {
>      .type = BIO_TYPE_SOURCE_SINK,
>      .name = "urlprotocol bio",
> @@ -212,7 +212,7 @@ static int tls_close(URLContext *h)
>          SSL_CTX_free(c->ctx);
>      if (c->tls_shared.tcp)
>          ffurl_close(c->tls_shared.tcp);
> -#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
> +#if HAVE_OPENSSL_BIO_METH_CALLS
>      if (c->url_bio_method)
>          BIO_meth_free(c->url_bio_method);
>  #endif
> @@ -270,7 +270,7 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op
>          ret = AVERROR(EIO);
>          goto fail;
>      }
> -#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
> +#if HAVE_OPENSSL_BIO_METH_CALLS
>      p->url_bio_method = BIO_meth_new(BIO_TYPE_SOURCE_SINK, "urlprotocol bio");
>      BIO_meth_set_write(p->url_bio_method, url_bio_bwrite);
>      BIO_meth_set_read(p->url_bio_method, url_bio_bread);
> 

Otherwise LGTM, but we should wait to give other people a chance to comment on it (particularly those in the original discussion a few months ago).

Thanks,

- Mark


More information about the ffmpeg-devel mailing list