1. 27 Feb, 2013 1 commit
  2. 10 Feb, 2013 1 commit
    • Timothy B. Terriberry's avatar
      Support the Windows system certificate store. · c38dcfb3
      Timothy B. Terriberry authored
      OpenSSL on Windows does not pull certificates from any well-known
       location (in fact most binaries continue to use the default Unix
       path, which usually doesn't even exist).
      We could ship our own set of certificates (e.g., cloned from the
       Mozilla root list), but I don't want to be responsible for
       releasing libopusfile updates when things like DigiNotar
       fiasco [1] happen.
      That approach also means that we would need to load, parse, and
       keep a copy of every certificate in the system for every SSL
       session.
      
      OpenSSL has had patches sitting in their bugtracker which load
       certificates from the Crypto API's system certificate store.
      However, those patches have been sitting around for several years,
       so movement on that front in the near future seems unlikely.
      We don't care about using OpenSSL's builtin CAPI engine, though, so
       we can do the same thing with less than 200 lines of code.
      This puts the maintenance burden on Windows Update, which will be
       far more timely and effective than getting people to upgrade
       libopusfile, and gets us on-demand loading of just the
       certificates we need.
      
      [1] <https://bugzilla.mozilla.org/show_bug.cgi?id=682927>
      c38dcfb3
  3. 10 Jan, 2013 2 commits
  4. 08 Jan, 2013 2 commits
    • Timothy B. Terriberry's avatar
      Clean up winsock usage. · ae6da959
      Timothy B. Terriberry authored
      This keeps differences which can be cleanly abstracted away clean
       (closesocket, ioctlsocket, getsockopt, setsockopt), and makes
       differences which cannot be cleanly abstracted explicit (SOCKET,
       INVALID_SOCKET, WSAGetLastError/WSASetLastError).
      It also gets rid of wsockwrapper.[ch], since it contained just a
       single function.
      
      This can successfully pass the seeking_example tests on
       big.chained.blob over https when built with i686-w64-mingw32 and
       run under wine.
      It does not solve the certificate distribution problems with using
       OpenSSL on a real Windows system.
      ae6da959
    • Timothy B. Terriberry's avatar
      Use fseeko64/ftello64 for mingw32. · a974d3c6
      Timothy B. Terriberry authored
      It turns out i686-pc-mingw32 does define these functions, and they
       are always available (unlike _fseeki64/_ftelli64).
      This means we can build and link without requiring
       i686-w64-mingw32.
      The resulting binary still doesn't run in wine for me, but that may
       be a personal problem.
      a974d3c6
  5. 07 Jan, 2013 2 commits
    • Timothy B. Terriberry's avatar
      Require WindowsXP for mingw32. · b928237b
      Timothy B. Terriberry authored
      This allows an i686-pc-mingw32 build to use getaddrinfo/
       freeaddrinfo correctly.
      It's not needed for an i686-w64-mingw32 build, but it doesn't hurt
       to leave it in here.
      i686-pc-mingw32 still won't work correctly, because it does not
       support fseeko/ftello, nor (unless using MSVCRT 8.0 or later)
       _fseeki64/_ftelli64.
      We could define __MSVCRT_VERSION__ to 0x800 to get the latter, but
       this would require different MSVCRT versions than libogg and
       libopus are built with by default, which makes a bit of a mess.
      b928237b
    • Timothy B. Terriberry's avatar
      Clean up mingw32 configuruation. · 5ad305d7
      Timothy B. Terriberry authored
      Properly check for HTTP support and handle the case where it's
       disabled.
      Also fixes the include paths broken by 3e7f0ddc.
      5ad305d7
  6. 28 Nov, 2012 1 commit
  7. 27 Nov, 2012 3 commits
  8. 19 Nov, 2012 1 commit
  9. 14 Nov, 2012 1 commit
  10. 13 Nov, 2012 5 commits
    • Ralph Giles's avatar
      Remove 'export' from the NO_DOXYGEN Makefile variable. · d0a4b9bb
      Ralph Giles authored
      This was needed in the opus Makefile.am to pass the results
      to submakefiles. Since we build everything from the top-level
      Makefile, we don't need this for opusfile.
      d0a4b9bb
    • Ralph Giles's avatar
      Bump soname version for the v0.2 release. · 036328d4
      Ralph Giles authored
      036328d4
    • Timothy B. Terriberry's avatar
      Check for end_offset < data_offset. · 15193c53
      Timothy B. Terriberry authored
      I don't think it actually breaks anything if we don't (seeking will
       fail, but it will fail cleanly).
      However, it _is_ an indication that the file data changed out from
       under us (or of another library bug), so we should fail fast.
      15193c53
    • Timothy B. Terriberry's avatar
      Add op_get_last_page() for calculating duration. · 4dcf9b0d
      Timothy B. Terriberry authored
      Using op_get_prev_page_serial() meant if there were valid pages
       from another stream, we would re-scan them all repeatedly until we
       managed to back up, a page at a time, to a chunk with a page from
       the preferred stream with a valid granule position.
      Breaking this case into its own function means we can guarantee we
       only scan each page once, and that we can stop as soon as we hit a
       page from a different link (in the unlikely event that the stream
       has no pages with valid timestamps).
      4dcf9b0d
    • Timothy B. Terriberry's avatar
      Some minor comment updates. · 99c3c5e9
      Timothy B. Terriberry authored
      Be more specific about which RFC we're quoting in the SSL hostname
       verification.
      99c3c5e9
  11. 12 Nov, 2012 4 commits
    • Ron's avatar
      Support --disable-maintainer-mode · ac0af36f
      Ron authored
      Adding AM_MAINTAINER_MODE([enable]) preserves the current behaviour of
      rebuilding the autotools support by default if anything changed to make
      it out of date -- which is desirable for people building from git to
      avoid "Why is the build broken? Oh I forgot to rerun autogen.sh", which
      is an all too frequent FAQ.
      
      But it also allows it to be disabled, which is mostly useful for things
      like distro package builds where the files should be preserved in their
      original form, and configure shouldn't be run twice on the first build
      if the timestamps were not strictly preserved for these files.
      Signed-off-by: default avatarRalph Giles <giles@mozilla.com>
      ac0af36f
    • Ron's avatar
      Add some extra makefile targets · 009e8253
      Ron authored
      The opusfile and install-opusfile targets let us build and install just
      the library (without the docs, even if doxygen is present and enabled).
      
      The docs and install-docs targets let us build and install just the docs
      without the library.
      
      The default for make and make install remains to build both if doxgen
      is present and enabled.
      Signed-off-by: default avatarRalph Giles <giles@mozilla.com>
      009e8253
    • Ron's avatar
      Move the extra EXTRA_DIST out of HAVE_DOXYGEN · 9502cd84
      Ron authored
      We'll want that stuff in the release tarballs, even if the person running
      make dist doesn't have doxygen installed (or --enabled) themselves.
      Signed-off-by: default avatarRalph Giles <giles@mozilla.com>
      9502cd84
    • Ron's avatar
      Trim some things out of autogen.sh that aren't doing anything · a6e62879
      Ron authored
      Mostly so that people looking at or cloning it later don't get confused
      into thinking that they are.
      Signed-off-by: default avatarRalph Giles <giles@mozilla.com>
      a6e62879
  12. 11 Nov, 2012 2 commits
  13. 07 Nov, 2012 1 commit
    • Ralph Giles's avatar
      Use /bin/echo so -n works on osx. · 0ad11587
      Ralph Giles authored
      The 'echo' built into /bin/sh on MacOS X doesn't support -n, which
      confuses the AC_INIT macro. Use the separate binary which does.
      0ad11587
  14. 02 Nov, 2012 2 commits
    • Ralph Giles's avatar
      Fix a ci script typo. · 2effe9d3
      Ralph Giles authored
      2effe9d3
    • Ralph Giles's avatar
      Attempt to fix the autotools linking issue on jenkins. · 2b4bc458
      Ralph Giles authored
      The jenkins autotools build has never worked because we try to
      build against uninstalled versions of the opus and ogg libraries,
      whose pkg-config files export a static library. This works fine
      for executables, but libtool seemingly can't link a dynamic library
      against a static library.
      
      We could change the -uninstalled.pc files to reference the libtool
      versions of the libraries, but that breaks the unix makefile builds,
      which of course don't use libtool.
      
      As a work around, write out our own versions of the pc files and
      use those to reference the file we need.
      
      Also sets -x on both continuous integration scripts so it's more
      clear what steps are being applied.
      2b4bc458
  15. 01 Nov, 2012 1 commit
  16. 28 Oct, 2012 1 commit
  17. 27 Oct, 2012 3 commits
    • Timothy B. Terriberry's avatar
      A few small updates to the hostname verification. · 3bc74807
      Timothy B. Terriberry authored
      Fixes the case where a raw IPv6 address would be rejected as not
       looking like a FQDN.
      Also simplifies the wildcard comparison a little.
      3bc74807
    • Timothy B. Terriberry's avatar
      Remove OP_SSL_SKIP_CERTIFICATE_CHECK from opusfile_example. · 3f54b9dd
      Timothy B. Terriberry authored
      a7c5b93c flipped the argument to it from true to false, since it
       made certificate checking actually work.
      This commit removes the option entirely to avoid encouraging people
       to use it now that that checking does work.
      
      seeking_example still disables checking (since it's not really
       needed).
      3f54b9dd
    • Timothy B. Terriberry's avatar
      Make SSL/TLS certificate checking actually work. · a7c5b93c
      Timothy B. Terriberry authored
      We weren't loading the default certificate store, so there were no
       trusted certificates to validate hosts with, and all checks would
       fail (unless explicitly disabled with
       OP_SSL_SKIP_CERTIFICATE_CHECK(0)).
      This adds that call, and also adds hostname verification (which
       OpenSSL does not do for us, because they are morons).
      I've done my best to get the latter right by reading the RFCs, but
       this stuff is complex, it's easy to make mistakes, and I only have
       a limited ability to test it, so caveat emptor.
      a7c5b93c
  18. 26 Oct, 2012 1 commit
    • Ralph Giles's avatar
      Document the release process. · 4f538abc
      Ralph Giles authored
      This is, as far as I can remember, the process I went through
      to produce the 0.1 source and win32 binary packages.
      
      I also added a few things I wish I'd done, like stripping
      the binaries and including release notes and dependency versions
      in the README to help us remember next time.
      4f538abc
  19. 24 Oct, 2012 5 commits
  20. 23 Oct, 2012 1 commit