From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 300305013C for ; Tue, 8 Jul 2025 18:06:55 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 39B3968F3B6; Tue, 8 Jul 2025 21:06:35 +0300 (EEST) Received: from mail-ej1-f52.google.com (mail-ej1-f52.google.com [209.85.218.52]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id A8E4F68F064 for ; Tue, 8 Jul 2025 21:06:27 +0300 (EEST) Received: by mail-ej1-f52.google.com with SMTP id a640c23a62f3a-ae0c4945c76so725447766b.3 for ; Tue, 08 Jul 2025 11:06:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1751997987; x=1752602787; darn=ffmpeg.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=uxByWZMJ6YV+YBY5QHOilu/Yl/62mIDeMKUi78nvhbs=; b=BGF6IiukH0qKWsQcIdcUiitFCZneCu5csbyE6Udx5FXDmYBNmdK4N6/+OXaYeZn62n hbhbU0wsYv/wtGtZVu0Bsyj2d6Do5twF7UvMiWVLWSROuD6ILUNjSurkWTYXfdysPIfN a7ut0LW7aLJjyofPG2+72KwQHscwohZqO1pzO6oUHuK/aUXst09wJPvqezcdROtLv3Hl XjpEN/vHMFX3V/aETfhEx8SL6aTpOuIvV5IKcIO/x4WbC+NHvnX0CqXWMyf9fsUidk6f WZYg/1vbmVcVkAmW0NoCaGiEIckXgASyBhwHiQO90r0O28zE1KesFrBeiC/0XI0I0YbR V9MQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751997987; x=1752602787; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uxByWZMJ6YV+YBY5QHOilu/Yl/62mIDeMKUi78nvhbs=; b=AR6hKpeRSu2njlv0L/x87igYQH1e/jqCXzTnHq0ihZAP7BydXFmH6r0DH8Mcv0wYtR opEncYNsHBj8hD2HiDuJBtpnEr/5j9MW6JqWt19Uuf+YcWLqIsXosvmCISV8G/F384HJ LU/XA8vF1DGGI8QQtX2GVz2oThZLytu+z4ZjK+AY7zDKALNZGedtAun81FvehVQpbZok caEj6kh9E0fqyvrTOe7Q6pdQKLkZU5N7q1c/uFJooF32EsABFGedb+stWqPZXZkCB3E0 LRypIfVayKsTxrQqRp3E2lR22yyUMcKkejOVkJhPgfnBoVMscOFMQveMHfxy/VJuPrU+ YWVA== X-Gm-Message-State: AOJu0YzX2Xyru1nMzLW3zdKgXx12VePJkYYO4Tgs+Qe5epna/xdUI3Cj Cj34poyMo/fFyh6LEmSGH+MxywMhRHrO7N+62rUPWRgl3Km0yL5kerR1Gjsp+Qal X-Gm-Gg: ASbGncuRrU9dEp7vU5iC+iT1Jk0PzrLK5qy8xHTe2XGwHIwSHbnHWfs5uws3yuzQbAM LyOKipOXNxSuxc6ALdUh8Px2m5SkeiRJgBoAF0pslFiofTuqr5XlEi0P2/8ADXfEIvRZ9L5Mksd 0XKbAeABXvScnmm7O2W8knsSimicvpJR8WN8tDiWFGBFlhJY3Efp3yLngVwaWCQqiMxeVb3cJp7 M2tcxGdaV6SVcbUocvr/8ju3+zRkrG4Z/kM0UC+3XlthRo2vngjihskhltVuexJR+nOY4NsdI9J 0MAb0VKDJaTIZv4uBFxAoeuXeh7N95TdCLhtOxzvl6yAOkVY91Ky90ZOoPMgzKEBdXYYc97CH0h IsZSBUtSaCq9NX3CedD1THsfK1CotpeOZc35IZHZ6t8VhndP9QqaPq1GZm2Kcgf6ZutHufXq3+6 9scFcCYQ== X-Google-Smtp-Source: AGHT+IE2asaRL46n3Ux+4gDNoyua8fv4N4KC7Jut8rfAHJkzICyebgbuz46pJjqJ/D+mR6LQWI6B8w== X-Received: by 2002:a17:907:1b0c:b0:ae0:d1f3:f7f4 with SMTP id a640c23a62f3a-ae3fe483d29mr1820475966b.13.1751997986909; Tue, 08 Jul 2025 11:06:26 -0700 (PDT) Received: from localhost.localdomain (p200301023701fa00258573ace0251429.dip0.t-ipconnect.de. [2003:102:3701:fa00:2585:73ac:e025:1429]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ae3f66d93c8sm945841666b.11.2025.07.08.11.06.26 for (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Tue, 08 Jul 2025 11:06:26 -0700 (PDT) From: Marvin Scholz To: ffmpeg-devel@ffmpeg.org Date: Tue, 8 Jul 2025 20:06:17 +0200 Message-Id: <20250708180617.59679-3-epirat07@gmail.com> X-Mailer: git-send-email 2.39.5 (Apple Git-154) In-Reply-To: <20250708180617.59679-1-epirat07@gmail.com> References: <20250708180617.59679-1-epirat07@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 3/3] avformat/tls_openssl: load default verify locations X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: When no explicit CAs file is set, load the default locations, else there is no way for verification to succeed. This matches the behavior of other TLS backends. --- libavformat/tls_openssl.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c index e65914f11a..d112043977 100644 --- a/libavformat/tls_openssl.c +++ b/libavformat/tls_openssl.c @@ -698,6 +698,12 @@ static av_cold int openssl_init_ca_key_cert(URLContext *h) if (c->ca_file) { if (!SSL_CTX_load_verify_locations(p->ctx, c->ca_file, NULL)) av_log(h, AV_LOG_ERROR, "SSL_CTX_load_verify_locations %s\n", openssl_get_error(p)); + } else { + if (!SSL_CTX_set_default_verify_paths(p->ctx)) { + // Only log the failure but do not error out, as this is not fatal + av_log(h, AV_LOG_WARNING, "Failure setting default verify locations: %s\n", + openssl_get_error(p)); + } } if (c->cert_file) { -- 2.39.5 (Apple Git-154) _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".