Fix fedora 36 warnings - OpenSSL 3.0 deprecations + GLib 2.72 tls-validation deprecations (!2494) · Merge requests · GStreamer / gstreamer

Nirbheek Chauhan requested to merge nirbheek/gstreamer:fix-f36-warnings into main May 25, 2022

dtls: Disable OpenSSL 3.0 deprecation warnings

Fedora 36 ships with OpenSSL 3.0, which deprecates all low-level APIs,
so this code needs to be rewritten. There is no easy fix in the
porting guide, and it recommends disabling the warnings if you can't
use the high-level API.

https://wiki.openssl.org/index.php/OpenSSL_3.0#Upgrading_to_OpenSSL_3.0_from_OpenSSL_1.1.1

rtsp: Forward warning added to tls-validation-flags to our users

With the 2.72 release, glib-networking developers have decided that
TLS certificate validation cannot be implemented correctly by them, so
they've deprecated it.

In a nutshell: a cert can have several validation errors, but there
are no guarantees that the TLS backend will return all those errors,
and things are made even more complicated by the fact that the list of
errors might refer to certs that are added for backwards-compat and
won't actually be used by the TLS library.

Our best option is to ignore the deprecation and pass the warning onto
users so they can make an appropriate security decision regarding
this.

We can't deprecate the tls-validation-flags property because it is
very useful when connecting to RTSP cameras that will never get
updates to fix certificate errors.

Relevant upstream merge requests / issues:

https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2214

https://gitlab.gnome.org/GNOME/glib-networking/-/issues/179

https://gitlab.gnome.org/GNOME/glib-networking/-/merge_requests/193

Edited Jul 29, 2022 by Nirbheek Chauhan

Fix fedora 36 warnings - OpenSSL 3.0 deprecations + GLib 2.72 tls-validation deprecations

Merge request reports