From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 13A724C73C for ; Thu, 1 Aug 2024 17:35:01 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C9E4768D866; Thu, 1 Aug 2024 20:34:57 +0300 (EEST) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7B81668D726 for ; Thu, 1 Aug 2024 20:34:51 +0300 (EEST) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-4281d812d3eso51401155e9.3 for ; Thu, 01 Aug 2024 10:34:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722533689; x=1723138489; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=oZrIlFPp7qi6wwMNWvfnXGlsv/01Qcf2QKkraw25c9s=; b=ubnZlK0SF9zYYwHr/RHXJ97rR3FLWklA7FnQPOlIcemNMkvAeENek9Erj4RwXNzRtN jGo1pcRQjMJFE+XHuG3VgqgwPqghjyRg3CvQuqTM8lL00fHkafApXlRYbwkIm4tuUwXf tlesXv9vtsv7UTq8viEqfNsFuMNtw+ZgyRrXgLBQ5HfKpMp+Nfj/OSW4C+3ACinCj816 p0CJxF3VSZIC+Q1qLJep58tUJis0hvYaMQSYxmJOJo20uKuJ6QiGsAq7Yrg82yKdwzU3 pg6d2mHvZEu9mBSFDGR3gSs4631+g3EYpoPw+5xmlh0hPknXQWwcA+6We1Lkp71qoyQV LgCA== X-Gm-Message-State: AOJu0YyIWCyj3Recbimotp2BKnbVHEe1WMahR4HZA4OLmTF3ONHj+5KX pOcxK9hnOAL6CSqqhtznvrKMzDDDlcHmWyARcuWhykB4DqOD/9gotQuZ7oDLKJXQpRx5VvAkzF3 IAZ6y6w== X-Google-Smtp-Source: AGHT+IFdn9PdEn/ZXP3gbCJKVcQMJGLlclN55uAbmJmp1NSOc5MS5LDw/vSTwx1LLk6+MKzom0NO2Q== X-Received: by 2002:a05:600c:5489:b0:426:6b14:1839 with SMTP id 5b1f17b1804b1-428e6a5f361mr6596585e9.0.1722533689019; Thu, 01 Aug 2024 10:34:49 -0700 (PDT) Received: from laputa.barge.lan ([2a01:4b00:9e28:1e00:cfd9:92a0:185:2585]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4282bb64b84sm64526535e9.32.2024.08.01.10.34.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Aug 2024 10:34:48 -0700 (PDT) From: Mohit Gupta To: ffmpeg-devel@ffmpeg.org Date: Thu, 1 Aug 2024 18:34:37 +0100 Message-ID: <20240801173439.18646-2-ffmpeg@skybound.link> X-Mailer: git-send-email 2.45.2 In-Reply-To: References: MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH v3] libavformat/tls_mbedtls: Changes the return code handling of mbedtls_x509_crt_parse_file X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: mbedtls_x509_crt_parse_file returns an error with negative numbers, and positive numbers indicate the number of failed certificates to load from certificate specific issues, such as critical extensions. This would fix ticket #11079. Signed-off-by: Mohit Gupta --- libavformat/tls_mbedtls.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index 567b95b129..ccf5ee38ad 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -223,9 +223,11 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op // load trusted CA if (shr->ca_file) { - if ((ret = mbedtls_x509_crt_parse_file(&tls_ctx->ca_cert, shr->ca_file)) != 0) { + if ((ret = mbedtls_x509_crt_parse_file(&tls_ctx->ca_cert, shr->ca_file)) < 0) { av_log(h, AV_LOG_ERROR, "mbedtls_x509_crt_parse_file for CA cert returned %d\n", ret); goto fail; + } else if (ret > 0) { + av_log(h, AV_LOG_WARNING, "Failed to process %d certificate(s) from the CA bundle, ignoring these certificates\n", ret); } } -- 2.45.2 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".