From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id 8DBDA50298
	for <ffmpegdev@gitmailbox.com>; Thu, 10 Jul 2025 11:52:09 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id B76A168FC14;
	Thu, 10 Jul 2025 14:51:52 +0300 (EEST)
Received: from mail-ej1-f51.google.com (mail-ej1-f51.google.com
 [209.85.218.51])
 by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 9005C68FC04
 for <ffmpeg-devel@ffmpeg.org>; Thu, 10 Jul 2025 14:51:46 +0300 (EEST)
Received: by mail-ej1-f51.google.com with SMTP id
 a640c23a62f3a-ae3703c2a8bso167297266b.0
 for <ffmpeg-devel@ffmpeg.org>; Thu, 10 Jul 2025 04:51:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1752148306; x=1752753106; darn=ffmpeg.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=0pOAnGI1hPuhegbUGYcqDFDkm6tOYag2/Oh4M43P/4s=;
 b=QddlMGrk1aKyme28qsFZ+QNBwS1g0KXvjRcdzQMtoVupXlhTGaEfLV3yU3fjh3YdnL
 FMzGcUizVufXjb847CYWp6OrF1AvW8bAxt99DiTvo866CBg+QW/Uzu2sHSbO5k+SV8pE
 gPky1YLY5Xm6KwA0xfwnel+hJulFg1o5QIYaOzbbOOPnzSfnIVCbHnchbCpEdN4yNdKl
 Tf2JZcUdKsb/oM46D52H9o8SMWBP8HG3AlDGZMhqd00to1vfek7F04hIOe+LlRe3WaDU
 hF8ewsAgQkaOy0eJO/wgwGYk8NARJrPn9X1ko3feMOlxecttafL59jRotYdbEElf9a3r
 8gXg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1752148306; x=1752753106;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=0pOAnGI1hPuhegbUGYcqDFDkm6tOYag2/Oh4M43P/4s=;
 b=A+o4edM7ozeStwfNwLBKmk2k+4fm5nUVKNTzg99QV1jjrmbqDW5QoutAMs7YAueoq9
 seDz/D+FrXewI3h+cHBVDAcggkjk25dKR9wyqptNKyrFq17oTRrLoBsZmXHz4irHdmrs
 P+aQU5Ol4Pg5FjJOE26K3UwsyAcap6t9sTK0NKGCFNrsnJfUAZXaJmn1Sym7eCUpIaLR
 MFYEd4ix45XJ+eRKqO0SoIiOIpd3Eh3BYetFH/x9QO2EhSANV0V2es8/I54/w2k/F32N
 qCK9/IVL/FWBNdY1WCNQ04IR/qZA3qPW2p821gH8twtF27pjJCVCd6OBf3Y7os8ZV+D4
 XA7A==
X-Gm-Message-State: AOJu0Ywy213V4+arGeMlSCxPqsB8zFIKb+qsZklWKu/OuwuszezhISm4
 C8YuoFg5E37vWjLz23jrVfFoXnX/4UHQ14m0cTAkdt21VYQvC7U65BaQCki1AA==
X-Gm-Gg: ASbGncsSOtCs8QY9lWmwzE2J/zkA//FPQsAuxnxxPezQ+vmJwst7dIXp6pWDU1jeIse
 giiB3gXCvRftfVpkZbYe+anl9BoU2y3UpO4UB3o+rjxN1zkHUPfDTJewkYxZaJdJFOSwa73Pes1
 JdfMhBpIou/0lSXA0FsR2VR1xa6YNbamK6VZZQPSTBcq7ao1G5TCOzcYu339bmGJt52KporgOyo
 pBb0F3qJztYs16IpmAV10wFc/hPl4zNlfE99Dr0Al4zfcAAqG7xRDDgKwrPE/N48dB2c27nx7x7
 MtKXZU3w/II0/4vlzcp6Xu366Oq8gHBYECJn6FBuLlSx/hiRMg4z7kJUzIz8upwvykY3FNU5kS2
 5IpbVRS59IXU6q6nQUQryjEIeCtQgvB/fWHFlVnjmeOaBb6Fuz0QKT/cRcADiDy2IkT8Gs1RKGK
 DKk+4x
X-Google-Smtp-Source: AGHT+IEGZAsihLPTDT1oAnj6BB2EuZQWxtvqa1z8dpZM5ecw212fJFfL82s05NBXDSlo9P7X6AWhJQ==
X-Received: by 2002:a17:906:6289:b0:ae2:dd9f:f75c with SMTP id
 a640c23a62f3a-ae6e1132b34mr319480166b.25.1752148305422; 
 Thu, 10 Jul 2025 04:51:45 -0700 (PDT)
Received: from localhost.localdomain
 (p200301023701fa002500dc3b45b00394.dip0.t-ipconnect.de.
 [2003:102:3701:fa00:2500:dc3b:45b0:394])
 by smtp.gmail.com with ESMTPSA id
 a640c23a62f3a-ae6e8313c93sm117101966b.183.2025.07.10.04.51.44
 for <ffmpeg-devel@ffmpeg.org>
 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256);
 Thu, 10 Jul 2025 04:51:44 -0700 (PDT)
From: Marvin Scholz <epirat07-at-gmail.com@ffmpeg.org>
To: ffmpeg-devel@ffmpeg.org
Date: Thu, 10 Jul 2025 13:51:17 +0200
Message-Id: <20250710115117.13102-3-epirat07@gmail.com>
X-Mailer: git-send-email 2.39.5 (Apple Git-154)
In-Reply-To: <20250710115117.13102-1-epirat07@gmail.com>
References: <20250708180617.59679-1-epirat07@gmail.com>
 <20250710115117.13102-1-epirat07@gmail.com>
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH v4 3/3] avformat/tls_openssl: load default
 verify locations
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20250710115117.13102-3-epirat07@gmail.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

When no explicit CAs file is set, load the default locations,
else there is no way for verification to succeed.

This matches the behavior of other TLS backends.
---
 libavformat/tls_openssl.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index 33b3a46dfd..79801b7261 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -699,6 +699,12 @@ static av_cold int openssl_init_ca_key_cert(URLContext *h)
     if (c->ca_file) {
         if (!SSL_CTX_load_verify_locations(p->ctx, c->ca_file, NULL))
             av_log(h, AV_LOG_ERROR, "SSL_CTX_load_verify_locations %s\n", openssl_get_error(p));
+    } else {
+        if (!SSL_CTX_set_default_verify_paths(p->ctx)) {
+            // Only log the failure but do not error out, as this is not fatal
+            av_log(h, AV_LOG_WARNING, "Failure setting default verify locations: %s\n",
+                openssl_get_error(p));
+        }
     }
 
     if (c->cert_file) {
-- 
2.39.5 (Apple Git-154)

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".