From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 6ADCA5015D for ; Tue, 8 Jul 2025 18:29:24 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 5CD9B68F174; Tue, 8 Jul 2025 21:29:00 +0300 (EEST) Received: from mail-ej1-f54.google.com (mail-ej1-f54.google.com [209.85.218.54]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id B98D968F114 for ; Tue, 8 Jul 2025 21:28:53 +0300 (EEST) Received: by mail-ej1-f54.google.com with SMTP id a640c23a62f3a-ae0df6f5758so783450366b.0 for ; Tue, 08 Jul 2025 11:28:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1751999333; x=1752604133; darn=ffmpeg.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=I26UZhWFYXJyg9ujISmOAA3Gal2JaBQwLhQsiopNazY=; b=Wq2dGoB/7Lr6WtdBVQKZkwMvL2sukMlpkXOHerC9IgTn5xv60GUXc/QFzoGOcxqeky OC+CZRcgRMVPKOwakStvYnBMKV8juej6voLQ109akv2322xdFrNWf/WgfCImyTF64anE SQXMIEPmvnZT8ndrBSq2UwRNCBbRGD+owDXqkyuC1lF83lhn5cRRcTeBHMAX5MuEsOp+ CPZ/y1R8IkOCez4uH+LLOdwS7842npIznPC5zq2Ua4Xm4R4UnHZ7zkG8p2upe4Cj88Ju XWXPrF3VGPRi8lQgW8vmFD/4N4mh9Cv6gvnOx4hl335fWcA5O91ppc2CUdBojH1TiXDa ir/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751999333; x=1752604133; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=I26UZhWFYXJyg9ujISmOAA3Gal2JaBQwLhQsiopNazY=; b=dlhI/x/uTx0m9UuZagNvVMxjoRiG6ZNGJDHujKaZHgw67df0Xjk514yhuaXEhbvuEq GrI/5AVFSLSvX4lAIskVq/x9uBrA33ndo77TNUVdtbdtWPx1dMUeqR4Cxa4WFNGMaAHC EiGijSNjxO5gGSy3teSZ+p6DpZ0WE2LZGAl6UES9hvz2xV62ab6RA4ewwRQkm2Ev4/3D LnEKNnpMNX9KyfiYGyoLIbPZvZgL5/YceJHOSH+zhNVsKaaDYdvgSsf62TzdWDjMqsJN z6WipPkFPOVTZQGrVkQEBY0iWLNCY3p34CEXC+WYNY4NEi1Wb/WdkNm3v3IpuwEZwTRK ov9A== X-Gm-Message-State: AOJu0YwjtabaI5Qv0aLkMwpg/wSg1Srq/bRG+NT+5EqhGuRl+iRjoP8p g1iwL3QTOwMPbQVoOLfQ55Kv+ola8RmHgYgZd+Hv0TipGHjOYMBjlBPtNIvEceqf X-Gm-Gg: ASbGncs7OUEyVAX7uFt/L+v4yUs4VEDE+aR53ng0s6jePPolt1JA2n3HPpLAxZLoDrD 7ipmQvpAP53pOKWjkiqgGdW2cTzuM+3jxUMdjcKzVBxTBZVceFV4tR7lc0DSjjdNi5U/RPzfHwC 3K7LfrwTBUj3hfua+Aqtw2/U75bRrmsLtzXi+7HwfDwqflwHP3HkYSXoakWmY2e5dk2g2wSbwSi CkF1Bv8JPF3UtNiUG/yIJxlKpPXpmKKXkhRFtvM5DUZBgbSymystXgNR3ActUhei7DM5YOwGYnJ XBsaNa7e2iSmeZnnZmn8bzlhUHaT0kSk+0MNDAUx6jca0HVQJcSQxY+Q4xW3//r9HnerJIoo30j zK5llATaFSs2qsQjwA+VfiU818q9hpldwD6ReiLO1kO2ulRhtlADWq4Meq9ppTrUHqHg3oyFmgS WS5odpLQSIxYAxrLEC X-Google-Smtp-Source: AGHT+IGj5wm5N5PEVfyWSwdN+BBDxIAT/Z/PsLwHSUWfz2huJ8nr5IfuW91qVRPI2lnMAs0IvfFu4g== X-Received: by 2002:a17:907:9444:b0:ade:3bec:ea30 with SMTP id a640c23a62f3a-ae3fe457932mr1860947266b.1.1751999332877; Tue, 08 Jul 2025 11:28:52 -0700 (PDT) Received: from localhost.localdomain (p200301023701fa00258573ace0251429.dip0.t-ipconnect.de. [2003:102:3701:fa00:2585:73ac:e025:1429]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ae3f69576c9sm946792466b.69.2025.07.08.11.28.52 for (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Tue, 08 Jul 2025 11:28:52 -0700 (PDT) From: Marvin Scholz To: ffmpeg-devel@ffmpeg.org Date: Tue, 8 Jul 2025 20:28:41 +0200 Message-Id: <20250708182841.61888-3-epirat07@gmail.com> X-Mailer: git-send-email 2.39.5 (Apple Git-154) In-Reply-To: <20250708182841.61888-1-epirat07@gmail.com> References: <20250708180617.59679-1-epirat07@gmail.com> <20250708182841.61888-1-epirat07@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH v2 3/3] avformat/tls_openssl: load default verify locations X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: When no explicit CAs file is set, load the default locations, else there is no way for verification to succeed. This matches the behavior of other TLS backends. --- libavformat/tls_openssl.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c index 248d1eedf9..d360dd320c 100644 --- a/libavformat/tls_openssl.c +++ b/libavformat/tls_openssl.c @@ -698,6 +698,12 @@ static av_cold int openssl_init_ca_key_cert(URLContext *h) if (c->ca_file) { if (!SSL_CTX_load_verify_locations(p->ctx, c->ca_file, NULL)) av_log(h, AV_LOG_ERROR, "SSL_CTX_load_verify_locations %s\n", openssl_get_error(p)); + } else { + if (!SSL_CTX_set_default_verify_paths(p->ctx)) { + // Only log the failure but do not error out, as this is not fatal + av_log(h, AV_LOG_WARNING, "Failure setting default verify locations: %s\n", + openssl_get_error(p)); + } } if (c->cert_file) { -- 2.39.5 (Apple Git-154) _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".