tls: Use TLSv1_client_method for OpenSSL

Message ID 1321521526-74917-1-git-send-email-martin@martin.st
State Committed
Commit 92db95e9ca5f8249e69e5ef7e1c31c835813e764
Headers show

Commit Message

Martin Storsjö Nov. 17, 2011, 9:18 a.m.
TLSv1 is compatible with SSLv3, so this doesn't change much
in terms of compatibility. By explicitly using TLSv1, OpenSSL
sends the server name indication (SNI) header, which we
already set using SSL_set_tlsext_host_name (earlier, this
didn't have any effect).

SNI allows servers to serve SSL-content for different host
names with separate certificates on one single port (vhosts).
---
 libavformat/tls.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

Comments

Luca Barbato Nov. 17, 2011, 12:27 p.m. | #1
On 17/11/11 10:18, Martin Storsjö wrote:
> SNI allows servers to serve SSL-content for different host

Seems quite interesting, patch ok.

lu

Patch

diff --git a/libavformat/tls.c b/libavformat/tls.c
index 33ee782..72c2b85 100644
--- a/libavformat/tls.c
+++ b/libavformat/tls.c
@@ -147,7 +147,7 @@  static int tls_open(URLContext *h, const char *uri, int flags)
             goto fail;
     }
 #elif CONFIG_OPENSSL
-    c->ctx = SSL_CTX_new(SSLv3_client_method());
+    c->ctx = SSL_CTX_new(TLSv1_client_method());
     if (!c->ctx) {
         av_log(h, AV_LOG_ERROR, "%s\n", ERR_error_string(ERR_get_error(), NULL));
         ret = AVERROR(EIO);