From patchwork Sat Nov 4 15:11:18 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: sfan5 X-Patchwork-Id: 5857 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.2.161.90 with SMTP id m26csp1072871jah; Sat, 4 Nov 2017 08:11:30 -0700 (PDT) X-Google-Smtp-Source: ABhQp+QHqpYuJlbwNJB/lOS2lI8Rq4rkfSpsNu9ar5rbqTjFC/uoJOqXhpqukq30tF0KHRDgdqcW X-Received: by 10.28.194.6 with SMTP id s6mr1489816wmf.14.1509808290427; Sat, 04 Nov 2017 08:11:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1509808290; cv=none; d=google.com; s=arc-20160816; b=we6GwgKsMRpqErjkJVy9RCkcJlfAHaxbeIgU/eFOvhDKBFqpFUnhwxarvKZT3iBbpu thoiazf0LA90YG1udrg/2gTOAIqTbeEMZlniWLn99wWOGmJtVh2Tq6cK7shNq+HWHjd6 8lWEoEM9F3FqxC8hMN6xdP4LNPTFByw/Sw8jxAeRL63TEfrxgWDJhiaHH1iHjZodg92G sYhQ9N/YsvNSWdQSavPLiOWAYluA1kEIDiZTWJtd8CcZuiUbToIKceIu4Jfe9iSRpizg HHqRBGfmaA5n0HenccLeudXhK59ycDU5mfBVwlCG7WM/Nq/U//8Q5yNGVCklJl5jkWKH ewqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:spamdiagnosticmetadata:spamdiagnosticoutput :content-language:accept-language:message-id:date:thread-index :thread-topic:to:from:delivered-to:arc-authentication-results; bh=h61zx/PNX86zlidH6NVwgLW5HgPjAomzSBJJ6nM4uIg=; b=EpqzjH2P+hpIcAIFGbfBmg7HYiXaWxF/+ZbQNA5TxmBGpMkySdHWFzkUZ3D/zhBAF3 k9AhZ6wKaDOjxm9Ao1gy9bdzD/X5q44d8s5MHLBRLC4ANBnqlnDBBX9K7aI67+PYQ0hB vt0cEewp6JsB7HkK5UaeQoR6yukxF6rhyVnQJkl8sH11x+AYy6wxN/KGZm36/PfE3343 Vif+7lbj69sToOBhe7ZBD0ekrYg0XoIsk5n+q0QXuvCatUZewJQB5r5hsx35RfkhHbU2 tUIsbL7pAEUrDZry6SEwbgganh9yW0KNsouReD/0Y58vKLqfIX1Y/rm2mt4a/OTJp/WU 9b0A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id o9si7027315wrh.425.2017.11.04.08.11.29; Sat, 04 Nov 2017 08:11:30 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C5A2A68A11F; Sat, 4 Nov 2017 17:11:16 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-oln040092067077.outbound.protection.outlook.com [40.92.67.77]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 6E2C6689B6B for ; Sat, 4 Nov 2017 17:11:09 +0200 (EET) Received: from HE1EUR02FT029.eop-EUR02.prod.protection.outlook.com (10.152.10.52) by HE1EUR02HT202.eop-EUR02.prod.protection.outlook.com (10.152.11.106) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.178.5; Sat, 4 Nov 2017 15:11:19 +0000 Received: from VI1PR0201MB2414.eurprd02.prod.outlook.com (10.152.10.59) by HE1EUR02FT029.mail.protection.outlook.com (10.152.10.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.20.178.5 via Frontend Transport; Sat, 4 Nov 2017 15:11:19 +0000 Received: from VI1PR0201MB2414.eurprd02.prod.outlook.com ([fe80::f9f2:51de:193:fd5f]) by VI1PR0201MB2414.eurprd02.prod.outlook.com ([fe80::f9f2:51de:193:fd5f%17]) with mapi id 15.20.0197.017; Sat, 4 Nov 2017 15:11:18 +0000 From: Stefan _ To: "ffmpeg-devel@ffmpeg.org" Thread-Topic: [PATCH] libavformat: LibreSSL (libtls) support Thread-Index: AQHTVX8q8D1DHqdzR0CkUtMI8iCIlg== Date: Sat, 4 Nov 2017 15:11:18 +0000 Message-ID: Accept-Language: de-DE, en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-incomingtopheadermarker: OriginalChecksum:1FC35573C3DF421AA792DC9BBE31468DBDC62392D19967038E1023CC44F63EDA; UpperCasedChecksum:83BA2AC8DA03F8116D056C38787A611923B396319222BB11682C1700325CC322; SizeAsReceived:6909; Count:44 x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [RYEYa5AWjFQ/N9DFIUsjkJphQfb62BCl] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; HE1EUR02HT202; 6:nmyI6sgPmyymj10TmL6dp1lNfOc9FFupfE7AOFvbpwkPf4bs7fT8+YwGaUyPzlaSO9FvwgK/+9F+MMiNRSci1k4cy/tIKbdYRcA1dKYiFNT8AfsQUw5n7e8VCSgo5QxdagSzmhbgIMjITIwf91s0Cef9zDdMen52j4I3yFmenT1P4xhkNToF+Oi0zwghmzp/PKOhHfcv1csHSPfllgtfK/No7iyyVFUWDgJu6LXbVqSlJ5rZQol3ziNdzcAmKhAkMdCETiD/nR+dFlIAZBwSIrLX0O/x3GFlU6Ganwc1dQ3h1LxUBGPf/GOXeBdObSzRjce1od4hW6ovxi3t9g5fDM5xWNpq7EAkBQBUbc8tPiI=; 5:ZQsaijowq5qS+/98rYBSmFU3m3zQMaV/QiltyBzC2ps73PFpqPJqp/yPYZs4Vq5MpzRCSIxibXymqrN9LxamzGVFasMni2AI8sjUS0dYausprYFjaEXqaQ9LOw42q4IcWuSabVd1Qnf6fHhBhQQUYFJcgo/LHQ7Hx8nL5VLQv0o=; 24:ITmeCf1LQ/kBk9Lrs8e1C8PGfYuQ+a1hnceDxaaC3piri0FkhyFQVjReV5auLgLLSORlvcGaYZczNE9vGFhvdzcnWk4SrkF1nTOeBOvyfW8=; 7:bj4D1oLIccpPWQ7tvvsG8wVB/VIxRWasZwMuObIe0WGN/w1IwFocEu1Jumjdeq3rc55uGy5eGZw1fqZk1srkCBk2IAxKzf8AV3s9y0afngFUkgdOXCh8zFD95+CL1OHUgk9OAJe0WQ+vBo3Ejk6dYXN1rdwhrQDiMU56uZM5Q6CP2UC2YfYzOqxSjyRnF6ELRa6Sj0lTX2Dz8VAzpaSsQsnWAqNImEaBxo3StqawXkCIavYtpBCI7r5PhN6LZByM x-incomingheadercount: 44 x-eopattributedmessage: 0 x-ms-office365-filtering-correlation-id: 4002ea49-d3f3-4e8d-6565-08d523964c8d x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(201702061074)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322404)(1601125374)(1603101448)(1701031045); SRVR:HE1EUR02HT202; x-ms-traffictypediagnostic: HE1EUR02HT202: x-exchange-antispam-report-test: UriScan:(150554046322364); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(444000031); SRVR:HE1EUR02HT202; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:HE1EUR02HT202; x-forefront-prvs: 048111149A x-forefront-antispam-report: SFV:NSPM; SFS:(7070007)(98901004); DIR:OUT; SFP:1901; SCL:1; SRVR:HE1EUR02HT202; H:VI1PR0201MB2414.eurprd02.prod.outlook.com; FPR:; SPF:None; LANG:; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4002ea49-d3f3-4e8d-6565-08d523964c8d X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Nov 2017 15:11:18.5288 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1EUR02HT202 Subject: [FFmpeg-devel] [PATCH] libavformat: LibreSSL (libtls) support X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Attached patch adds support for LibreSSL. Instead of trying to implement support into the existing tls_openssl.c using lots of #ifdefs (which was rejected previously(?)) this adds a new TLS backend making use of the new libtls library. Things to note: - Haven't looked at LibreSSL's license closely, I assume that it has the same GPL licensing incompatibility as a derivative of OpenSSL (requires --enable-nonfree if --enable-gpl is used) - ffrtmpcrypt support is not implemented since the bignum functions are not part of libtls itself - Not sure why anyone would use libtls without pkg-config but supporting it probably doesn't hurt I have tested all features (client mode, listen mode, cert/hostname verification) on both Alpine and Arch Linux. Before michaelni asks again: Yes, the absence of my real name in git is intended. From d4336b0733a1e582d7bf30795bf99df4cc60d7df Mon Sep 17 00:00:00 2001 From: sfan5 Date: Sat, 4 Nov 2017 15:45:16 +0100 Subject: [PATCH] libavformat: LibreSSL (libtls) support Signed-off-by: sfan5 --- Changelog | 1 + configure | 16 ++-- doc/protocols.texi | 2 +- libavformat/Makefile | 1 + libavformat/tls_libtls.c | 207 +++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 221 insertions(+), 6 deletions(-) create mode 100644 libavformat/tls_libtls.c diff --git a/Changelog b/Changelog index 8c45b2946d..bd37971af5 100644 --- a/Changelog +++ b/Changelog @@ -7,6 +7,7 @@ version : requires 2.1 (or later) and pkg-config. - VDA dropped (use VideoToolbox instead) - MagicYUV encoder +- support LibreSSL (via libtls) version 3.4: diff --git a/configure b/configure index 1b0f064607..2938be7b07 100755 --- a/configure +++ b/configure @@ -215,7 +215,7 @@ External library support: --enable-gmp enable gmp, needed for rtmp(t)e support if openssl or librtmp is not used [no] --enable-gnutls enable gnutls, needed for https support - if openssl is not used [no] + if openssl or libtls is not used [no] --disable-iconv disable iconv [autodetect] --enable-jni enable JNI support [no] --enable-ladspa enable LADSPA audio filtering [no] @@ -260,6 +260,8 @@ External library support: --enable-libssh enable SFTP protocol via libssh [no] --enable-libtesseract enable Tesseract, needed for ocr filter [no] --enable-libtheora enable Theora encoding via libtheora [no] + --enable-libtls enable LibreSSL (via libtls), needed for https support + if openssl or gnutls is not used [no] --enable-libtwolame enable MP2 encoding via libtwolame [no] --enable-libv4l2 enable libv4l2/v4l-utils [no] --enable-libvidstab enable video stabilization using vid.stab [no] @@ -292,7 +294,7 @@ External library support: --enable-opencl enable OpenCL code --enable-opengl enable OpenGL rendering [no] --enable-openssl enable openssl, needed for https support - if gnutls is not used [no] + if gnutls or libtls is not used [no] --disable-sndio disable sndio support [autodetect] --disable-schannel disable SChannel SSP, needed for TLS support on Windows if openssl and gnutls are not used [autodetect] @@ -1563,6 +1565,7 @@ EXTERNAL_LIBRARY_NONFREE_LIST=" libndi_newtek libfdk_aac openssl + libtls " EXTERNAL_LIBRARY_VERSION3_LIST=" @@ -3135,6 +3138,7 @@ librtmpt_protocol_deps="librtmp" librtmpte_protocol_deps="librtmp" libsmbclient_protocol_deps="libsmbclient gplv3" libssh_protocol_deps="libssh" +libtls_conflict="openssl gnutls" mmsh_protocol_select="http_protocol" mmst_protocol_select="network" rtmp_protocol_conflict="librtmp_protocol" @@ -3152,13 +3156,13 @@ rtmpte_protocol_suggest="zlib" rtmpts_protocol_select="ffrtmphttp_protocol https_protocol" rtmpts_protocol_suggest="zlib" rtp_protocol_select="udp_protocol" -schannel_conflict="openssl gnutls" +schannel_conflict="openssl gnutls libtls" sctp_protocol_deps="struct_sctp_event_subscribe struct_msghdr_msg_flags" sctp_protocol_select="network" -securetransport_conflict="openssl gnutls" +securetransport_conflict="openssl gnutls libtls" srtp_protocol_select="rtp_protocol srtp" tcp_protocol_select="network" -tls_protocol_deps_any="gnutls openssl schannel securetransport" +tls_protocol_deps_any="gnutls openssl schannel securetransport libtls" tls_protocol_select="tcp_protocol" udp_protocol_select="network" udplite_protocol_select="network" @@ -6009,6 +6013,8 @@ enabled libssh && require_pkg_config libssh libssh libssh/sftp.h sftp enabled libspeex && require_pkg_config libspeex speex speex/speex.h speex_decoder_init -lspeex enabled libtesseract && require_pkg_config libtesseract tesseract tesseract/capi.h TessBaseAPICreate enabled libtheora && require libtheora theora/theoraenc.h th_info_init -ltheoraenc -ltheoradec -logg +enabled libtls && { use_pkg_config libtls libtls tls.h tls_configure || + require libtls tls.h tls_configure -ltls; } enabled libtwolame && require libtwolame twolame.h twolame_init -ltwolame && { check_lib libtwolame twolame.h twolame_encode_buffer_float32_interleaved -ltwolame || die "ERROR: libtwolame must be installed and version must be >= 0.3.10"; } diff --git a/doc/protocols.texi b/doc/protocols.texi index a7968ff56e..f4209f31fb 100644 --- a/doc/protocols.texi +++ b/doc/protocols.texi @@ -1277,7 +1277,7 @@ If enabled, try to verify the peer that we are communicating with. Note, if using OpenSSL, this currently only makes sure that the peer certificate is signed by one of the root certificates in the CA database, but it does not validate that the certificate actually -matches the host name we are trying to connect to. (With GnuTLS, +matches the host name we are trying to connect to. (With other backends, the host name is validated as well.) This is disabled by default since it requires a CA database to be diff --git a/libavformat/Makefile b/libavformat/Makefile index caebe5b146..cdd98dfdd6 100644 --- a/libavformat/Makefile +++ b/libavformat/Makefile @@ -587,6 +587,7 @@ OBJS-$(CONFIG_SUBFILE_PROTOCOL) += subfile.o OBJS-$(CONFIG_TEE_PROTOCOL) += teeproto.o tee_common.o OBJS-$(CONFIG_TCP_PROTOCOL) += tcp.o TLS-OBJS-$(CONFIG_GNUTLS) += tls_gnutls.o +TLS-OBJS-$(CONFIG_LIBTLS) += tls_libtls.o TLS-OBJS-$(CONFIG_OPENSSL) += tls_openssl.o TLS-OBJS-$(CONFIG_SECURETRANSPORT) += tls_securetransport.o TLS-OBJS-$(CONFIG_SCHANNEL) += tls_schannel.o diff --git a/libavformat/tls_libtls.c b/libavformat/tls_libtls.c new file mode 100644 index 0000000000..1321f79229 --- /dev/null +++ b/libavformat/tls_libtls.c @@ -0,0 +1,207 @@ +/* + * TLS/SSL Protocol + * Copyright (c) 2011 Martin Storsjo + * Copyright (c) 2017 sfan5 + * + * This file is part of FFmpeg. + * + * FFmpeg is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * FFmpeg is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with FFmpeg; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include "avformat.h" +#include "internal.h" +#include "network.h" +#include "url.h" +#include "tls.h" +#include "libavcodec/internal.h" +#include "libavutil/avutil.h" +#include "libavutil/opt.h" + +#include + +typedef struct TLSContext { + const AVClass *class; + TLSShared tls_shared; + struct tls *ctx; +} TLSContext; + +static int ff_tls_close(URLContext *h) +{ + TLSContext *p = h->priv_data; + if (p->ctx) { + tls_close(p->ctx); + tls_free(p->ctx); + } + if (p->tls_shared.tcp) + ffurl_close(p->tls_shared.tcp); + return 0; +} + +static ssize_t tls_read_callback(struct tls *ctx, void *buf, size_t buflen, void *cb_arg) +{ + URLContext *h = (URLContext*) cb_arg; + int ret = ffurl_read(h, buf, buflen); + if (ret == AVERROR(EAGAIN)) + return TLS_WANT_POLLIN; + else if (ret == AVERROR_EXIT) + return 0; + return ret >= 0 ? ret : -1; +} + +static ssize_t tls_write_callback(struct tls *ctx, const void *buf, size_t buflen, void *cb_arg) +{ + URLContext *h = (URLContext*) cb_arg; + int ret = ffurl_write(h, buf, buflen); + if (ret == AVERROR(EAGAIN)) + return TLS_WANT_POLLOUT; + else if (ret == AVERROR_EXIT) + return 0; + return ret >= 0 ? ret : -1; +} + +static int ff_tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options) +{ + TLSContext *p = h->priv_data; + TLSShared *c = &p->tls_shared; + struct tls_config *cfg = NULL; + int ret; + + if (tls_init() == -1) { + ret = AVERROR(EIO); + goto fail; + } + + if ((ret = ff_tls_open_underlying(c, h, uri, options)) < 0) + goto fail; + + p->ctx = !c->listen ? tls_client() : tls_server(); + if (!p->ctx) { + ret = AVERROR(EIO); + goto fail; + } + + cfg = tls_config_new(); + if (!p->ctx) { + ret = AVERROR(EIO); + goto fail; + } + if (tls_config_set_protocols(cfg, TLS_PROTOCOLS_ALL) == -1) + goto err_config; + // While TLSv1.0 and TLSv1.1 are already enabled by the above, + // we need to be less strict with ciphers so it works in practice. + if (tls_config_set_ciphers(cfg, "compat") == -1) + goto err_config; + if (c->ca_file && tls_config_set_ca_file(cfg, c->ca_file) == -1) + goto err_config; + if (c->cert_file && tls_config_set_cert_file(cfg, c->cert_file) == -1) + goto err_config; + if (c->key_file && tls_config_set_key_file(cfg, c->key_file) == -1) + goto err_config; + if (!c->verify) { + tls_config_insecure_noverifycert(cfg); + tls_config_insecure_noverifyname(cfg); + tls_config_insecure_noverifytime(cfg); + } + if (tls_configure(p->ctx, cfg) == -1) + goto err_ctx; + + if (!c->listen) { + ret = tls_connect_cbs(p->ctx, tls_read_callback, tls_write_callback, + c->tcp, !c->numerichost ? c->host : NULL); + } else { + struct tls *ctx_new; + ret = tls_accept_cbs(p->ctx, &ctx_new, tls_read_callback, + tls_write_callback, c->tcp); + if (ret == 0) { + // free "server" context and replace by "connection" context + tls_free(p->ctx); + p->ctx = ctx_new; + } + } + if (ret == -1) + goto err_ctx; + + tls_config_free(cfg); + return 0; +err_config: + av_log(h, AV_LOG_ERROR, "%s\n", tls_config_error(cfg)); + ret = AVERROR(EIO); + goto fail; +err_ctx: + av_log(h, AV_LOG_ERROR, "%s\n", tls_error(p->ctx)); + ret = AVERROR(EIO); + /* fallthrough */ +fail: + if (cfg) + tls_config_free(cfg); + ff_tls_close(h); + return ret; +} + +static int ff_tls_read(URLContext *h, uint8_t *buf, int size) +{ + TLSContext *p = h->priv_data; + ssize_t ret; + ret = tls_read(p->ctx, buf, size); + if (ret > 0) + return ret; + else if (ret == 0) + return AVERROR_EOF; + av_log(h, AV_LOG_ERROR, "%s\n", tls_error(p->ctx)); + return AVERROR(EIO); +} + +static int ff_tls_write(URLContext *h, const uint8_t *buf, int size) +{ + TLSContext *p = h->priv_data; + ssize_t ret; + ret = tls_write(p->ctx, buf, size); + if (ret > 0) + return ret; + else if (ret == 0) + return AVERROR_EOF; + av_log(h, AV_LOG_ERROR, "%s\n", tls_error(p->ctx)); + return AVERROR(EIO); +} + +static int tls_get_file_handle(URLContext *h) +{ + TLSContext *c = h->priv_data; + return ffurl_get_file_handle(c->tls_shared.tcp); +} + +static const AVOption options[] = { + TLS_COMMON_OPTIONS(TLSContext, tls_shared), + { NULL } +}; + +static const AVClass tls_class = { + .class_name = "tls", + .item_name = av_default_item_name, + .option = options, + .version = LIBAVUTIL_VERSION_INT, +}; + +const URLProtocol ff_tls_protocol = { + .name = "tls", + .url_open2 = ff_tls_open, + .url_read = ff_tls_read, + .url_write = ff_tls_write, + .url_close = ff_tls_close, + .url_get_file_handle = tls_get_file_handle, + .priv_data_size = sizeof(TLSContext), + .flags = URL_PROTOCOL_FLAG_NETWORK, + .priv_data_class = &tls_class, +}; -- 2.14.3