From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id 300305013C
	for <ffmpegdev@gitmailbox.com>; Tue,  8 Jul 2025 18:06:55 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 39B3968F3B6;
	Tue,  8 Jul 2025 21:06:35 +0300 (EEST)
Received: from mail-ej1-f52.google.com (mail-ej1-f52.google.com
 [209.85.218.52])
 by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id A8E4F68F064
 for <ffmpeg-devel@ffmpeg.org>; Tue,  8 Jul 2025 21:06:27 +0300 (EEST)
Received: by mail-ej1-f52.google.com with SMTP id
 a640c23a62f3a-ae0c4945c76so725447766b.3
 for <ffmpeg-devel@ffmpeg.org>; Tue, 08 Jul 2025 11:06:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1751997987; x=1752602787; darn=ffmpeg.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=uxByWZMJ6YV+YBY5QHOilu/Yl/62mIDeMKUi78nvhbs=;
 b=BGF6IiukH0qKWsQcIdcUiitFCZneCu5csbyE6Udx5FXDmYBNmdK4N6/+OXaYeZn62n
 hbhbU0wsYv/wtGtZVu0Bsyj2d6Do5twF7UvMiWVLWSROuD6ILUNjSurkWTYXfdysPIfN
 a7ut0LW7aLJjyofPG2+72KwQHscwohZqO1pzO6oUHuK/aUXst09wJPvqezcdROtLv3Hl
 XjpEN/vHMFX3V/aETfhEx8SL6aTpOuIvV5IKcIO/x4WbC+NHvnX0CqXWMyf9fsUidk6f
 WZYg/1vbmVcVkAmW0NoCaGiEIckXgASyBhwHiQO90r0O28zE1KesFrBeiC/0XI0I0YbR
 V9MQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1751997987; x=1752602787;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=uxByWZMJ6YV+YBY5QHOilu/Yl/62mIDeMKUi78nvhbs=;
 b=AR6hKpeRSu2njlv0L/x87igYQH1e/jqCXzTnHq0ihZAP7BydXFmH6r0DH8Mcv0wYtR
 opEncYNsHBj8hD2HiDuJBtpnEr/5j9MW6JqWt19Uuf+YcWLqIsXosvmCISV8G/F384HJ
 LU/XA8vF1DGGI8QQtX2GVz2oThZLytu+z4ZjK+AY7zDKALNZGedtAun81FvehVQpbZok
 caEj6kh9E0fqyvrTOe7Q6pdQKLkZU5N7q1c/uFJooF32EsABFGedb+stWqPZXZkCB3E0
 LRypIfVayKsTxrQqRp3E2lR22yyUMcKkejOVkJhPgfnBoVMscOFMQveMHfxy/VJuPrU+
 YWVA==
X-Gm-Message-State: AOJu0YzX2Xyru1nMzLW3zdKgXx12VePJkYYO4Tgs+Qe5epna/xdUI3Cj
 Cj34poyMo/fFyh6LEmSGH+MxywMhRHrO7N+62rUPWRgl3Km0yL5kerR1Gjsp+Qal
X-Gm-Gg: ASbGncuRrU9dEp7vU5iC+iT1Jk0PzrLK5qy8xHTe2XGwHIwSHbnHWfs5uws3yuzQbAM
 LyOKipOXNxSuxc6ALdUh8Px2m5SkeiRJgBoAF0pslFiofTuqr5XlEi0P2/8ADXfEIvRZ9L5Mksd
 0XKbAeABXvScnmm7O2W8knsSimicvpJR8WN8tDiWFGBFlhJY3Efp3yLngVwaWCQqiMxeVb3cJp7
 M2tcxGdaV6SVcbUocvr/8ju3+zRkrG4Z/kM0UC+3XlthRo2vngjihskhltVuexJR+nOY4NsdI9J
 0MAb0VKDJaTIZv4uBFxAoeuXeh7N95TdCLhtOxzvl6yAOkVY91Ky90ZOoPMgzKEBdXYYc97CH0h
 IsZSBUtSaCq9NX3CedD1THsfK1CotpeOZc35IZHZ6t8VhndP9QqaPq1GZm2Kcgf6ZutHufXq3+6
 9scFcCYQ==
X-Google-Smtp-Source: AGHT+IE2asaRL46n3Ux+4gDNoyua8fv4N4KC7Jut8rfAHJkzICyebgbuz46pJjqJ/D+mR6LQWI6B8w==
X-Received: by 2002:a17:907:1b0c:b0:ae0:d1f3:f7f4 with SMTP id
 a640c23a62f3a-ae3fe483d29mr1820475966b.13.1751997986909; 
 Tue, 08 Jul 2025 11:06:26 -0700 (PDT)
Received: from localhost.localdomain
 (p200301023701fa00258573ace0251429.dip0.t-ipconnect.de.
 [2003:102:3701:fa00:2585:73ac:e025:1429])
 by smtp.gmail.com with ESMTPSA id
 a640c23a62f3a-ae3f66d93c8sm945841666b.11.2025.07.08.11.06.26
 for <ffmpeg-devel@ffmpeg.org>
 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256);
 Tue, 08 Jul 2025 11:06:26 -0700 (PDT)
From: Marvin Scholz <epirat07-at-gmail.com@ffmpeg.org>
To: ffmpeg-devel@ffmpeg.org
Date: Tue,  8 Jul 2025 20:06:17 +0200
Message-Id: <20250708180617.59679-3-epirat07@gmail.com>
X-Mailer: git-send-email 2.39.5 (Apple Git-154)
In-Reply-To: <20250708180617.59679-1-epirat07@gmail.com>
References: <20250708180617.59679-1-epirat07@gmail.com>
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH 3/3] avformat/tls_openssl: load default
 verify locations
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20250708180617.59679-3-epirat07@gmail.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

When no explicit CAs file is set, load the default locations,
else there is no way for verification to succeed.

This matches the behavior of other TLS backends.
---
 libavformat/tls_openssl.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index e65914f11a..d112043977 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -698,6 +698,12 @@ static av_cold int openssl_init_ca_key_cert(URLContext *h)
     if (c->ca_file) {
         if (!SSL_CTX_load_verify_locations(p->ctx, c->ca_file, NULL))
             av_log(h, AV_LOG_ERROR, "SSL_CTX_load_verify_locations %s\n", openssl_get_error(p));
+    } else {
+        if (!SSL_CTX_set_default_verify_paths(p->ctx)) {
+            // Only log the failure but do not error out, as this is not fatal
+            av_log(h, AV_LOG_WARNING, "Failure setting default verify locations: %s\n",
+                openssl_get_error(p));
+        }
     }
 
     if (c->cert_file) {
-- 
2.39.5 (Apple Git-154)

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".