[FFmpeg-devel] [PATCH] lavf/tls_openssl: Support building with LibreSSL

Mark Thompson sw at jkqxz.net
Sat Jan 28 15:01:54 EET 2017


On 28/01/17 11:28, wm4 wrote:
> On Fri, 27 Jan 2017 19:53:50 +0000
> Mark Thompson <sw at jkqxz.net> wrote:
> 
>> On 27/01/17 19:15, Marek Behun wrote:
>>> On Fri, 27 Jan 2017 18:41:09 +0000
>>> Mark Thompson <sw at jkqxz.net> wrote:
>>>   
>>>> On 27/01/17 17:31, Marek BehĂșn wrote:  
>>>>> Use the LIBRESSL_VERSION_NUMBER macro to determine if building with
>>>>> LibreSSL instead of OpenSSL. This is pretty straightforward, since
>>>>> it is enough to add this check to existing #if macros.
>>>>>
>>>>> Signed-off-by: Marek Behun <kabel at blackhole.sk>
>>>>> ---
>>>>>  libavformat/tls_openssl.c | 12 ++++++------
>>>>>  1 file changed, 6 insertions(+), 6 deletions(-)
>>>>>
>>>>> diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
>>>>> index 3d9768a..cf1a62e 100644
>>>>> --- a/libavformat/tls_openssl.c
>>>>> +++ b/libavformat/tls_openssl.c
>>>>> @@ -43,7 +43,7 @@ typedef struct TLSContext {
>>>>>      TLSShared tls_shared;
>>>>>      SSL_CTX *ctx;
>>>>>      SSL *ssl;
>>>>> -#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
>>>>> +#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
>>>>> && !defined(LIBRESSL_VERSION_NUMBER)    
>>>>
>>>> I don't understand what this is trying to do.
>>>>
>>>> Does LibreSSL support the OpenSSL 1.1.0 API:
>>>>
>>>> If yes, why would the additional check be needed?
>>>>
>>>> If no, isn't this doing nothing because the first check would be
>>>> false?  
>>>
>>> LibreSSL defines OPENSSL_VERSION_NUMBER to >=0x2000000, thus
>>> OPENSSL_VERSION_NUMBER is always greater than 0x1010000, but LibreSSL
>>> does not support 1.1.0 API.  
>>
>> Er, right, so it just lies and leaves it to user programs to sort it out.  How nice.
>>
>> Looking back, I can see this has been discussed before:
>> <https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2016-October/201960.html>
>> <https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2016-December/203998.html>
>>
>> That (beyond the disapprobation towards libressl for being naughty) looks like people would prefer the test to be in configure rather than copying the nontrivial #if condition everywhere?
> 
> Maybe LibreSSL should fix this upstream.
> 
> They're doing an extreme disservice to everyone by breaking every
> single downstream program.
> 
> I'd even go as far as saying we shouldn't bother with LibreSSL if
> trying to keep compatibility is going to be a mess this huge.

If it becomes more inconvenient to do so, yes.  (At that point probably just clone tls_openssl.c to tls_libressl.c and let them diverge if support is still wanted.)

On the other hand, I think the now-proposed change (configure-detected) is positive even ignoring the existence of LibreSSL, since it moves a whole set of repeated version-conditional #ifs into one configure variable.


More information about the ffmpeg-devel mailing list