1. 01 Nov, 2018 1 commit
    • Stefan Strogin's avatar
      http: use new API with LibreSSL >=2.7.0 · d2577d7f
      Stefan Strogin authored
      
      
      LibreSSL is not yet fully API compatible with OpenSSL 1.0.2 and later,
      However many APIs from OpenSSL 1.0.2 and 1.1 are already implemented in
      LibreSSL 2.7.0 and later. Old approach works in newer LibreSSL version
      as well, but it's not nice to force deprecated functions on LibreSSL
      users.
      
      Add additional conditionals for new LibreSSL versions to use the
      available new APIs.
      Signed-off-by: Ralph Giles's avatarRalph Giles <giles@thaumas.net>
      d2577d7f
  2. 01 Oct, 2018 1 commit
    • Stefan Strogin's avatar
      http: fix compilation with LibreSSL · d59a17ec
      Stefan Strogin authored
      LibreSSL defines OPENSSL_VERSION_NUMBER to 0x20000000L, but its API is
      compatible with OpenSSL 1.0.1.
      Therefore redefine OPENSSL_VERSION_NUMBER to 0x1000115fL (1.0.1u) if
      LibreSSL is used.
      
      Fixes: #2327
      d59a17ec
  3. 12 Jun, 2018 1 commit
  4. 17 Jun, 2017 1 commit
  5. 24 May, 2017 1 commit
  6. 19 May, 2017 3 commits
    • Timothy B. Terriberry's avatar
      Minor comment updates. · 21ebba38
      Timothy B. Terriberry authored
      No code changes.
      21ebba38
    • Timothy B. Terriberry's avatar
      Use OpenSSL's hostname validation if available. · cc1fff58
      Timothy B. Terriberry authored
      As of version 1.0.2, OpenSSL can finally do automatic hostname
       validation for us.
      Their implementation is likely to have received much better review
       than ours, and there are other good reasons to prefer it, so use it
       when we can.
      cc1fff58
    • Timothy B. Terriberry's avatar
      Fix two minor errors in hostname validation. · 0a94cf8f
      Timothy B. Terriberry authored
      RFC 6125 says that if the host is an IP address, a subjectAltName of
       type iPAddress must (no 2119 caps) be present and must be used.
      We would still fall back to checking the Common Name if no
       subjectAltName was present.
      
      https://marc.info/?l=openssl-dev&m=139617145216047&w=2 interprets
       RFC 6125 to say that if the host is a DNS name, but the certificate
       only contains a subjectAltName of type iPAddress, then we should
       still fall back to checking the Common Name.
      We would only check the Common Name if there was no subjectAltName
       of any type.
      
      Restructure the hostname validation to check IP addresses up-front
       and fall back to checking the Common Name in the proper cases.
      0a94cf8f
  7. 08 Feb, 2017 1 commit
    • eroen's avatar
      Use ASN1_STRING_get0_data for openssl-1.1.0 · aad0409a
      eroen authored
      This fixes a build failure from undefined references to ASN1_STRING_data in
      libopusurl.so.
      
      ASN1_STRING_data is deprecated in openssl-1.1.0. The new ASN1_STRING_get0_data
      is identical, except the returned string may not be modified, which we don't
      do anyway.
      
      Also include missing asn1.h header to silence compiler warnings.
      
      X-Gentoo-Bug: 592456
      X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=592456
      aad0409a
  8. 16 Sep, 2016 1 commit
    • Timothy B. Terriberry's avatar
      Fix MSVC warnings. · d0c82543
      Timothy B. Terriberry authored
      Some of these pointed to real potential overflows (given arbitrary
       inputs by the calling application).
      I was sad about stripping const qualifiers from the struct addrinfo
       pointers, but MSVC seems to erroneously think that an array of
       pointers to constant data is itself a pointer to constant data (or
       maybe that it is not compatible with a const void *?), and
       converting the memmove()s to for loops triggered an erroneous
       warning about out-of-bounds array accesses in gcc (but on only one
       of the two identical loops).
      d0c82543
  9. 06 Jul, 2016 1 commit
    • Timothy B. Terriberry's avatar
      Add support for OpenSSL 1.1.x. · 13a6a454
      Timothy B. Terriberry authored
      The API and ABI is not backwards-compatible.
      This is based on the prerelease version 1.1.0-pre5.
      It should continue to work with older versions of OpenSSL.
      
      Thanks to Ron Lee and the Debian project for reporting the build
       errors and testing the patch.
      13a6a454
  10. 26 Jun, 2016 1 commit
  11. 19 Jun, 2016 1 commit
  12. 30 Dec, 2015 1 commit
    • Timothy B. Terriberry's avatar
      Fix potential memory leaks with OpusServerInfo. · 0b2fe85a
      Timothy B. Terriberry authored
      In op_[v]open_url() and op_[v]test_url(), if we successfully
       connected to the URL but fail to parse it as an Opus stream, then
       we would return to the calling application without clearing any
       OpusServerInfo we might have filled in when connecting.
      This contradicts the general contract for user output buffers in
       our APIs, which is that they do not need to be initialized prior
       to a call and that their contents are untouched if a function
       fails (so that an application need do no additional clean-up on
       error).
      It would have been possible for an application to avoid these leaks
       by always calling opus_server_info_init() before a call to
       op_[v]open_url() or op_[v]test_url() and always calling
       opus_server_info_clear() afterwards (even on failure), but our
       examples don't do this and no other API of ours requires it.
      
      Fix the potential leaks by wrapping the implementation of
       op_url_stream_vcreate() so we can a) tell if the information was
       requested and b) store it in a separate, local buffer and delay
       copying it to the application until we know we've succeeded.
      0b2fe85a
  13. 27 Feb, 2015 1 commit
    • Timothy B. Terriberry's avatar
      Broaden the test for AI_NUMERICSERV. · bb765c37
      Timothy B. Terriberry authored
      OS X 10.5.8 does not define AI_NUMIERCSERV either, so instead of
       trying to enumerate the platforms that don't, just test for the
       value itself.
      Patch by Dave Evans at MacPorts.
      
      Fixes #2172
      bb765c37
  14. 20 Nov, 2013 4 commits
  15. 25 Aug, 2013 1 commit
  16. 24 Aug, 2013 1 commit
  17. 23 Aug, 2013 2 commits
    • Timothy B. Terriberry's avatar
      Add API to report information from server headers. · 97917914
      Timothy B. Terriberry authored
      This allows the application to report details about the server for
       HTTP[S] streams.
      For all HTTP[S], this includes the server software, content-type,
       and whether or not it's using HTTPS.
      For live streams, it also includes the station name, description,
       genre, homepage, nominal bitrate, and whether or not it's publicly
       listed.
      97917914
    • Timothy B. Terriberry's avatar
      Fix backwards HTTP Server header test. · f310b9ef
      Timothy B. Terriberry authored
      This was treating every unknown header as a Server header.
      Good thing this was last!
      The only damage was that we might have enabled pipelining even on
       known-bad servers.
      f310b9ef
  18. 21 Aug, 2013 1 commit
  19. 06 Aug, 2013 1 commit
  20. 28 Jun, 2013 1 commit
  21. 13 May, 2013 1 commit
    • Timothy B. Terriberry's avatar
      Move last few URL functions into http.c · 5e3c66ce
      Timothy B. Terriberry authored
      This makes it easier to split http.c and friends into their own
       library.
      This allows distributions to ship a libopusfile with generic Opus
       parsing support, and a libopusurl with http/https support.
      Keeping the latter in a separate library means that GPL
       applications don't have to link against the GPL-incompatible
       openssl, and distributions don't have to disable http support to
       allow GPL applications to use libopusfile.
      5e3c66ce
  22. 28 Apr, 2013 1 commit
  23. 28 Feb, 2013 6 commits
    • Timothy B. Terriberry's avatar
      More minor win32 cleanups. · 27c8948a
      Timothy B. Terriberry authored
      Just normalizing coding style.
      27c8948a
    • Timothy B. Terriberry's avatar
      Support the Windows system certificate store. · 9a866b18
      Timothy B. Terriberry authored
      OpenSSL on Windows does not pull certificates from any well-known
       location (in fact most binaries continue to use the default Unix
       path, which usually doesn't even exist).
      We could ship our own set of certificates (e.g., cloned from the
       Mozilla root list), but I don't want to be responsible for
       releasing libopusfile updates when things like DigiNotar
       fiasco [1] happen.
      That approach also means that we would need to load, parse, and
       keep a copy of every certificate in the system for every SSL
       session.
      
      OpenSSL has had patches sitting in their bugtracker which load
       certificates from the Crypto API's system certificate store.
      However, those patches have been sitting around for several years,
       so movement on that front in the near future seems unlikely.
      We don't care about using OpenSSL's builtin CAPI engine, though, so
       we can do the same thing with less than 200 lines of code.
      This puts the maintenance burden on Windows Update, which will be
       far more timely and effective than getting people to upgrade
       libopusfile, and gets us on-demand loading of just the
       certificates we need.
      
      [1] <https://bugzilla.mozilla.org/show_bug.cgi?id=682927>
      9a866b18
    • Timothy B. Terriberry's avatar
      Fix warnings when compiling with a recent MSVC. · 4ce926cb
      Timothy B. Terriberry authored
      Apparently Vista includes more things in its Winsock implementation
       and errno.h than earlier versions of Windows.
      4ce926cb
    • Timothy B. Terriberry's avatar
      Clean up winsock usage. · 25477092
      Timothy B. Terriberry authored
      This keeps differences which can be cleanly abstracted away clean
       (closesocket, ioctlsocket, getsockopt, setsockopt), and makes
       differences which cannot be cleanly abstracted explicit (SOCKET,
       INVALID_SOCKET, WSAGetLastError/WSASetLastError).
      It also gets rid of wsockwrapper.[ch], since it contained just a
       single function.
      
      This can successfully pass the seeking_example tests on
       big.chained.blob over https when built with i686-w64-mingw32 and
       run under wine.
      It does not solve the certificate distribution problems with using
       OpenSSL on a real Windows system.
      25477092
    • Timothy B. Terriberry's avatar
      Clean up mingw32 configuruation. · 1e9d7d85
      Timothy B. Terriberry authored
      Properly check for HTTP support and handle the case where it's
       disabled.
      Also fixes the include paths broken by 3e7f0ddc.
      1e9d7d85
    • Ralph Giles's avatar
      Initial winsock support patch from nu774. · 9c097eee
      Ralph Giles authored
      Some tweak might be still needed to take care of OPENSSL_AppLink
      to get https support working. In win32, user application of openssl
      is required to include openssl/applink.c or something, when openssl
      is compiled with OPENSSL_USE_APPLINK.
      
      I don't know how it should be taken care of, from the library point of
      view (it must be done by user of libopusfile, since openssl always
      searches that function in executable module).
      
      Posted to the hydrogenaudio format 2012 November 19.
      http://www.hydrogenaudio.org/forums/index.php?s=&showtopic=97856&view=findpost&p=814582
      9c097eee
  24. 12 Feb, 2013 1 commit
  25. 10 Jan, 2013 1 commit
  26. 23 Dec, 2012 1 commit
  27. 13 Nov, 2012 1 commit
  28. 28 Oct, 2012 1 commit
  29. 27 Oct, 2012 1 commit