From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id 2620F4E963
	for <ffmpegdev@gitmailbox.com>; Mon,  9 Feb 2026 09:37:58 +0000 (UTC)
Authentication-Results: ffbox; dkim=fail (body hash mismatch (got 
   b'cicUYSIMAqb36dXCeHyLl4ObVpLkndwVsp2OWdnj+cI=', expected 
   b'8gAw0bYhB+kpZTEGVtqBvL/eRj+ac0qVdAmiXb5XY1s=')) header.d=ffmpeg.org 
   header.i=@ffmpeg.org header.a=rsa-sha256
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1770629865; h=mime-version : to :
 date : message-id : reply-to : subject : list-id : list-archive :
 list-archive : list-help : list-owner : list-post : list-subscribe :
 list-unsubscribe : from : cc : content-type :
 content-transfer-encoding : from;
 bh=cicUYSIMAqb36dXCeHyLl4ObVpLkndwVsp2OWdnj+cI=;
 b=c+imngYtIgNGYD5LtVK24sDKdtOKhQncyc+DmeJs+8KQdRzfHzoLPQJe1D5yHg4KiopFC
 LtYtWwsZVHdfq+0+VmRU7eScvFALAvvs7vZA5+BxDvIKoSIosnh4BIgX0rQ7uJCdEVNxWQG
 sHvXEaW6lJsapgtUkvaScadb+nwRNjDUFfN9drAHEeF+mH8McdwhZA0/wkWhkfKAX3Lq3Kt
 g2KLKNeoCmyTLv8n4m+KXrI7mOQOxt1gQmE2wBvluw5oj7UCCPA5rv4na1tNmAiEMazU5QT
 V2Ns8tSkOnRGmgNYuRMdmgntGnfSFMrjLFKrCqJoKUk6GSGVewKu2Y+KC5Zw==
Received: from [172.20.0.4] (unknown [172.20.0.4])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 462AB6910F1;
	Mon,  9 Feb 2026 11:37:45 +0200 (EET)
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1770629842;
 b=S06/BH9e5nymzJFJFAaPcZ6c3GXIFbJzOTQiMnNpEXmRUu5oWfsgbHlbK66Ymg+z9hpgn
 67SOROoZKEa1mLdWq5ed+T8ZsX+DAZP9fNGASF+BQmVzjM/IVNcKmZPX1jwYb+vpX1FjSPY
 g8N9IxMPh+FaqtCKAOrv5pVG2wBH2KjXO2xzT6tpf1vpdgh56YOTfKW0/ES6Wlqw2Jho/oL
 6M6kjGrZOqgchg/Wv0xTDh658bM+YuhEuy91JMMSOgd0mMhTnKWIOpmI0+5k9Dnn+No/4hm
 rOGjgT+zXZHKJhexY77YREGmLV01J0qQqGG9q7SPAdo1Tb38IwQsAfxgmN1g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=ffmpeg.org; s=arc; t=1770629842; h=from : sender : reply-to :
 subject : date : message-id : to : cc : mime-version : content-type :
 content-transfer-encoding : content-id : content-description :
 resent-date : resent-from : resent-sender : resent-to : resent-cc :
 resent-message-id : in-reply-to : references : list-id : list-help :
 list-unsubscribe : list-subscribe : list-post : list-owner :
 list-archive; bh=DgphVtQPVXoS+7LTh0ampNCYegphj5kl1EnTbdhM45Y=;
 b=J52A94MHgt6AqO11fE5jXytepx/yOvU6hg78UbrVJxLE/6rSUs85BWnA3PUaMuDBccDGQ
 yM9+zuKzHtM+wnc/o8zVFMwmWpHehxrqPFqsdp9jnCBLxr1HJl9G2jSrUMvct++ZEarGtiI
 z5FDaB24OLCNXqil1fVVTWyYikIhR99P2/BMhPlBDZJAGtEnWWzOQr+fczy6EL+cJUrzIvq
 HZMc3z6SuXxIFHvMT1FkTq0EB4nJtLxGeOb6kqBEBBfrjcFBhN3iZi7emoCj9byl/Z7AQP/
 B0QM4XITq4QCZvhbzUn6wap092wjO07O9fy8g1F5lmCj69XU4ZXO22D53m5A==
ARC-Authentication-Results: i=1; ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none;
 dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine
Authentication-Results: ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none (Message is not ARC signed);
 dmarc=pass (Used From Domain Record) header.from=ffmpeg.org
 policy.dmarc=quarantine
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1770629833; h=content-type :
 mime-version : content-transfer-encoding : from : to : reply-to :
 subject : date : from;
 bh=8gAw0bYhB+kpZTEGVtqBvL/eRj+ac0qVdAmiXb5XY1s=;
 b=0i/tqmMVPhm6wBEZhrYBWxFMKdF1lpUQiC1xhwWnbfpYzX6Va0dUTDJG/UkM1ZHILml2t
 ZOkGczOtQ180wJ9XzDuguDInpdiAvc9oCoJcl0TqxtWObn2+eWjGNmXj6DwMPxfz8TBa81u
 jC/X6tRAL1SAAlWwBpT4BqrDoyrTqd4v3xeeH4CDO2dLmDq5qL9HQG07D8SvTArPmaywI7i
 dS+oFxmOVXSrmkQQ9494LSPGRttfILHf97FRwPEzSTPDudB1cnfm++ZuYGZd6+6CqfYCYVV
 iuc8HI2X9pTK78IU79Wd/dVisXx0DwXSFZZLrUytQQMzoc3rmUA4DvsOmcYw==
Received: from c8d966988b92 (code.ffmpeg.org [188.245.149.3])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 2B40968E77E
	for <ffmpeg-devel@ffmpeg.org>; Mon,  9 Feb 2026 11:37:13 +0200 (EET)
MIME-Version: 1.0
To: ffmpeg-devel@ffmpeg.org
Date: Mon, 09 Feb 2026 09:37:12 -0000
Message-ID: <177062983329.25.3597347337825758923@4457048688e7>
Message-ID-Hash: TSMOZVU3XWPKQYVYWAGRUWZJK2QBTPJA
X-Message-ID-Hash: TSMOZVU3XWPKQYVYWAGRUWZJK2QBTPJA
X-MailFrom: code@ffmpeg.org
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-ffmpeg-devel.ffmpeg.org-0;
 header-match-ffmpeg-devel.ffmpeg.org-1;
 header-match-ffmpeg-devel.ffmpeg.org-2;
 header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation
X-Mailman-Version: 3.3.10
Precedence: list
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: [FFmpeg-devel] [PR] avformat/tls_openssl: two small cleanup (PR #21697)
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
Archived-At: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/message/TSMOZVU3XWPKQYVYWAGRUWZJK2QBTPJA/>
Archived-At: 
 <https://lists.ffmpeg.org/lore/ffmpeg-devel/177062983329.25.3597347337825758923@4457048688e7/>
List-Archive: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/>
List-Archive: <https://lists.ffmpeg.org/lore/ffmpeg-devel/>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Owner: <mailto:ffmpeg-devel-owner@ffmpeg.org>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Subscribe: <mailto:ffmpeg-devel-join@ffmpeg.org>
List-Unsubscribe: <mailto:ffmpeg-devel-leave@ffmpeg.org>
From: Jack Lau via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
Cc: Jack Lau <code@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <https://master.gitmailbox.com/ffmpegdev/177062983329.25.3597347337825758923@4457048688e7/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

PR #21697 opened by Jack Lau (JackLau)
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21697
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21697.patch


>>From db6e39b3a380b2635859bfca7864548c5626fb72 Mon Sep 17 00:00:00 2001
From: Jack Lau <jacklau1222gm@gmail.com>
Date: Mon, 9 Feb 2026 15:12:23 +0800
Subject: [PATCH 1/2] avformat/tls_openssl: use EINVAL when X509_digest failed

This function just calculate and copy the fingerprint
to the provided buf, will not allocate memory.

It fails when the input (such as cert) is invalid.

Signed-off-by: Jack Lau <jacklau1222gm@gmail.com>
---
 libavformat/tls_openssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index c7d6ff6cf4..821f9ffd04 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -100,7 +100,7 @@ static int x509_fingerprint(X509 *cert, char **fingerprint)
     if (X509_digest(cert, EVP_sha256(), md, &n) != 1) {
         av_log(NULL, AV_LOG_ERROR, "TLS: Failed to generate fingerprint, %s\n",
                ERR_error_string(ERR_get_error(), NULL));
-        return AVERROR(ENOMEM);
+        return AVERROR(EINVAL);
     }
 
     av_bprint_init(&buf, n*3, n*3);
-- 
2.52.0


>>From 8dd94aa113c01a5c88c0205a6756638311b2ac9d Mon Sep 17 00:00:00 2001
From: Jack Lau <jacklau1222gm@gmail.com>
Date: Mon, 9 Feb 2026 17:27:03 +0800
Subject: [PATCH 2/2] avformat/tls_openssl: update the outdated comments

Loading CA certificate is supported.

Remove unrelated comments.

The underlying socket can be tcp or udp.

Signed-off-by: Jack Lau <jacklau1222gm@gmail.com>
---
 libavformat/tls_openssl.c | 15 ++-------------
 1 file changed, 2 insertions(+), 13 deletions(-)

diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index 821f9ffd04..0ae0980cc3 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -267,7 +267,6 @@ static int openssl_gen_certificate(EVP_PKEY *pkey, X509 **cert, char **fingerpri
         goto enomem_end;
     }
 
-    // TODO: Support non-self-signed certificate, for example, load from a file.
     subject = X509_NAME_new();
     if (!subject) {
         goto enomem_end;
@@ -812,17 +811,7 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
     else
         SSL_set_connect_state(c->ssl);
 
-    /**
-     * During initialization, we only need to call SSL_do_handshake once because SSL_read consumes
-     * the handshake message if the handshake is incomplete.
-     * To simplify maintenance, we initiate the handshake for both the DTLS server and client after
-     * sending out the ICE response in the start_active_handshake function. It's worth noting that
-     * although the DTLS server may receive the ClientHello immediately after sending out the ICE
-     * response, this shouldn't be an issue as the handshake function is called before any DTLS
-     * packets are received.
-     *
-     * The SSL_do_handshake can't be called if DTLS hasn't prepare for udp.
-     */
+    /* The SSL_do_handshake can't be called if DTLS hasn't prepare for udp. */
     if (!c->tls_shared.external_sock) {
         ret = dtls_handshake(h);
         // Fatal SSL error, for example, no available suite when peer is DTLS 1.0 while we are DTLS 1.2.
@@ -933,7 +922,7 @@ static int tls_write(URLContext *h, const uint8_t *buf, int size)
     URLContext *uc = s->is_dtls ? s->udp : s->tcp;
     int ret;
 
-    // Set or clear the AVIO_FLAG_NONBLOCK on c->tls_shared.tcp
+    // Set or clear the AVIO_FLAG_NONBLOCK on the underlying socket
     uc->flags &= ~AVIO_FLAG_NONBLOCK;
     uc->flags |= h->flags & AVIO_FLAG_NONBLOCK;
 
-- 
2.52.0

_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org