Build steps to reproduce Zeranoe ffmpeg builds?

Questions that occur when trying to compile FFmpeg.
qyot27
Posts: 83
Joined: Wed Jan 23, 2013 4:10 pm
Contact:

Re: Build steps to reproduce Zeranoe ffmpeg builds?

Post by qyot27 » Tue May 14, 2019 12:21 am

iamstickfigure wrote:
Mon May 13, 2019 3:50 pm
Yeah, --enable-nonfree is definitely going to be an issue.

It would be better if I could just get GnuTLS to work instead.
mbedTLS (a.k.a. the project formerly known as PolarSSL) is far simpler to build than the GnuTLS stack and has no license conflicts.

hydra3333
Posts: 195
Joined: Sun Apr 28, 2013 1:03 pm
Contact:

Re: Build steps to reproduce Zeranoe ffmpeg builds?

Post by hydra3333 » Tue May 14, 2019 8:03 am

iamstickfigure wrote:
Mon May 13, 2019 3:50 pm
Yeah, --enable-nonfree is definitely going to be an issue.

It would be better if I could just get GnuTLS to work instead.
+1

I wonder if Zeranoe would very kindly care to comment ? Please ?

iamstickfigure
Posts: 8
Joined: Wed May 08, 2019 11:14 pm

Re: Build steps to reproduce Zeranoe ffmpeg builds?

Post by iamstickfigure » Tue May 14, 2019 4:56 pm

Update:
I got it working.
I used wireshark to see what the difference might be between my GnuTLS and Zeranoe's GnuTLS. It turns out that even though we are using the exact same version of GnuTLS (3.6.7.1), Zeranoe's build seems to have TLS 1.3 disabled.

All of the handshakes of Zeranoe's build use TLS 1.2.
But my builds attempt to use TLS 1.3 for the handshakes, and it fails.

So Zeranoe must be using special configuration flags to disable TLS 1.3 in GnuTLS (I was unable to find any), or he's applying a patch to disable TLS 1.3.

Not sure what Zeranoe did, but patching this file worked for me.
https://github.com/gnutls/gnutls/blob/m ... tate.c#L60

Code: Select all

unsigned _gnutls_disable_tls13 = 1;
Now, my build only ever uses TLS 1.2, and livestreaming over rtmps works fine. :-)
qyot27 wrote:
Tue May 14, 2019 12:21 am
mbedTLS (a.k.a. the project formerly known as PolarSSL) is far simpler to build than the GnuTLS stack and has no license conflicts.
I will also try that out of curiosity. :-) Thank you.
hydra3333 wrote:
Tue May 14, 2019 8:03 am
+1

I wonder if Zeranoe would very kindly care to comment ? Please ?
I would also be curious to know what Zeranoe did specifically regarding this issue.

hydra3333
Posts: 195
Joined: Sun Apr 28, 2013 1:03 pm
Contact:

Re: Build steps to reproduce Zeranoe ffmpeg builds?

Post by hydra3333 » Wed May 15, 2019 12:37 am

https://www.thesslstore.com/blog/apple- ... 0-tls-1-1/

I suppose TLS 1.2 is still OK for the time being. It seems 1.0 and 1.1 are compromised.

iamstickfigure
Posts: 8
Joined: Wed May 08, 2019 11:14 pm

Re: Build steps to reproduce Zeranoe ffmpeg builds?

Post by iamstickfigure » Fri May 17, 2019 3:10 pm

Made a fork of the DeadSix script to replicate the Zeranoe builds. Feel free to let me know if anything seems off about my changes or if something needs fixing. Like, there are some extra dependencies in ffmpeg_depends.py that might not be necessary. Haven't tried building without them yet. And there were a couple build flags that I couldn't get to work. But other than that, this fork should work for people.

I also included a readme with some details about how the script works. This was written up partly from my observations while using the script and partly from reading the python code. But I didn't write the code, so it's possible that there are some inaccuracies in the readme.

https://github.com/iamstickfigure/pytho ... ile_script

Open to feedback. :-)

Post Reply