aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Storsjö <martin@martin.st>2011-11-17 11:15:27 +0200
committerMartin Storsjö <martin@martin.st>2011-11-17 15:11:38 +0200
commit92db95e9ca5f8249e69e5ef7e1c31c835813e764 (patch)
tree4594c6bf39a431fca605fd82779e97699adae27c
parent268fb3f9851590aed724dba83d3999c8369c929f (diff)
downloadffmpeg-92db95e9ca5f8249e69e5ef7e1c31c835813e764.tar.gz
tls: Use TLSv1_client_method for OpenSSL
TLSv1 is compatible with SSLv3, so this doesn't change much in terms of compatibility. By explicitly using TLSv1, OpenSSL sends the server name indication (SNI) header, which we already set using SSL_set_tlsext_host_name (earlier, this didn't have any effect). SNI allows servers to serve SSL content for different host names with separate certificates on one single port (vhosts). Signed-off-by: Martin Storsjö <martin@martin.st>
-rw-r--r--libavformat/tls.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/tls.c b/libavformat/tls.c
index 33ee782fa8..72c2b85016 100644
--- a/libavformat/tls.c
+++ b/libavformat/tls.c
@@ -147,7 +147,7 @@ static int tls_open(URLContext *h, const char *uri, int flags)
goto fail;
}
#elif CONFIG_OPENSSL
- c->ctx = SSL_CTX_new(SSLv3_client_method());
+ c->ctx = SSL_CTX_new(TLSv1_client_method());
if (!c->ctx) {
av_log(h, AV_LOG_ERROR, "%s\n", ERR_error_string(ERR_get_error(), NULL));
ret = AVERROR(EIO);