Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
 help / color / mirror / Atom feed
* [FFmpeg-devel] [PATCH v2 0/4] Fix some issues in tls_openssl and udp
@ 2025-07-11 13:20 Jack Lau
  2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 1/4] avformat/tls_openssl: add record trace function Jack Lau
                   ` (3 more replies)
  0 siblings, 4 replies; 8+ messages in thread
From: Jack Lau @ 2025-07-11 13:20 UTC (permalink / raw)
  To: ffmpeg-devel; +Cc: Jack Lau

v2 patchset add new udp option autodetect_dest.

Original description:
This patchset aims to fix some issues when i try to utilize DTLS using avio.
I create a simple DTLS client and server case here
https://github.com/JackLau1222/openssl-dtls-bio-example/tree/master/ffmpeg_case

This patchset fix:
1. dtls_handshake can't return positive code when it still in progressing
2. udp server mode haven't dest_addr so we need set it through last_recv_addr
3. some code cleanup

This patchset depends on Timo's latest schannel patchset
More details: https://github.com/BtbN/FFmpeg/pull/3

Jack Lau (4):
  avformat/tls_openssl: add record trace function
  avformat/tls_openssl: fix dtls_handshake return code
  avformat/tls_openssl: remove all redundant "TLS: " in log with AVClass
  avformat/udp: fix udp server mode haven't dest_addr

 libavformat/tls_openssl.c | 78 +++++++++++++++++++++++++++++++--------
 libavformat/udp.c         |  4 ++
 2 files changed, 66 insertions(+), 16 deletions(-)

-- 
2.49.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

^ permalink raw reply	[flat|nested] 8+ messages in thread

* [FFmpeg-devel] [PATCH v2 1/4] avformat/tls_openssl: add record trace function
  2025-07-11 13:20 [FFmpeg-devel] [PATCH v2 0/4] Fix some issues in tls_openssl and udp Jack Lau
@ 2025-07-11 13:20 ` Jack Lau
  2025-07-11 15:03   ` Steven Liu
  2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 2/4] avformat/tls_openssl: fix dtls_handshake return code Jack Lau
                   ` (2 subsequent siblings)
  3 siblings, 1 reply; 8+ messages in thread
From: Jack Lau @ 2025-07-11 13:20 UTC (permalink / raw)
  To: ffmpeg-devel; +Cc: Jack Lau

Signed-off-by: Jack Lau <jacklau1222@qq.com>
---
 libavformat/tls_openssl.c | 51 +++++++++++++++++++++++++++++++++++++--
 1 file changed, 49 insertions(+), 2 deletions(-)

diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index 2a01fb387d..8639ac9758 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -20,6 +20,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  */
 
+#include "libavutil/intreadwrite.h"
 #include "libavutil/mem.h"
 #include "network.h"
 #include "os_support.h"
@@ -559,6 +560,48 @@ static int tls_close(URLContext *h)
     return 0;
 }
 
+/*
+ * Trace a single TLS/DTLS record.
+ * 
+ * See RFC 5246 Section 6.2.1, RFC 6347 Section 4.1
+ * 
+ * @param data     Raw record (network byte‑order).
+ * @param length   Size of @data in bytes.
+ * @param incoming Non‑zero when the packet was received, zero when sent.
+ */
+static void openssl_state_trace(uint8_t *data, int length, int incoming)
+{
+    uint8_t  content_type   = 0;  /* TLS/DTLS ContentType       */
+    uint16_t record_length  = 0;  /* Length field from header   */
+    uint8_t  handshake_type = 0;  /* First byte of Handshake msg */
+    int is_dtls = 0;
+
+    /* ContentType is always the very first byte */
+    if (length >= 1)
+        content_type = AV_RB8(&data[0]);
+    if (length >= 3 && data[1] == DTLS1_VERSION_MAJOR)
+        is_dtls = 1;
+    /* TLS header is 5 bytes, DTLS header is 13 bytes */
+    if (length >= 13 && is_dtls)
+        record_length = AV_RB16(&data[11]);
+    else if (length >= 5 && !is_dtls)
+        record_length = AV_RB16(&data[3]);
+    /*
+     * HandshakeType values (TLS 1.0–1.2, DTLS 1.0/1.2)
+     * See RFC 5246 Section 7.4, RFC 6347 Section 4.2
+     *
+     * Only present when ContentType == handshake(22)
+     */
+    if (content_type == 22) {
+        int hs_off = is_dtls ? 13 : 5;
+        if (length > hs_off)
+            handshake_type = AV_RB8(&data[hs_off]);
+    }
+
+    av_log(NULL, AV_LOG_TRACE ,"TLS: Trace %s, len=%u, cnt=%u, size=%u, hs=%u\n",
+        (incoming? "RECV":"SEND"), length, content_type, record_length, handshake_type);
+}
+
 static int url_bio_create(BIO *b)
 {
     BIO_set_init(b, 1);
@@ -576,8 +619,10 @@ static int url_bio_bread(BIO *b, char *buf, int len)
 {
     TLSContext *c = BIO_get_data(b);
     int ret = ffurl_read(c->tls_shared.is_dtls ? c->tls_shared.udp : c->tls_shared.tcp, buf, len);
-    if (ret >= 0)
+    if (ret >= 0) {
+        openssl_state_trace((uint8_t*)buf, ret, 1);
         return ret;
+    }
     BIO_clear_retry_flags(b);
     if (ret == AVERROR_EXIT)
         return 0;
@@ -592,8 +637,10 @@ static int url_bio_bwrite(BIO *b, const char *buf, int len)
 {
     TLSContext *c = BIO_get_data(b);
     int ret = ffurl_write(c->tls_shared.is_dtls ? c->tls_shared.udp : c->tls_shared.tcp, buf, len);
-    if (ret >= 0)
+    if (ret >= 0) {
+        openssl_state_trace((uint8_t*)buf, ret, 0);
         return ret;
+    }
     BIO_clear_retry_flags(b);
     if (ret == AVERROR_EXIT)
         return 0;
-- 
2.49.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

^ permalink raw reply	[flat|nested] 8+ messages in thread

* [FFmpeg-devel] [PATCH v2 2/4] avformat/tls_openssl: fix dtls_handshake return code
  2025-07-11 13:20 [FFmpeg-devel] [PATCH v2 0/4] Fix some issues in tls_openssl and udp Jack Lau
  2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 1/4] avformat/tls_openssl: add record trace function Jack Lau
@ 2025-07-11 13:20 ` Jack Lau
  2025-07-11 15:05   ` Steven Liu
  2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 3/4] avformat/tls_openssl: remove all redundant "TLS: " in log with AVClass Jack Lau
  2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 4/4] avformat/udp: fix udp server mode haven't dest_addr Jack Lau
  3 siblings, 1 reply; 8+ messages in thread
From: Jack Lau @ 2025-07-11 13:20 UTC (permalink / raw)
  To: ffmpeg-devel; +Cc: Jack Lau

If the handshake is still in progress, dtls_handshake should
return a positive status code.

Signed-off-by: Jack Lau <jacklau1222@qq.com>
---
 libavformat/tls_openssl.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index 8639ac9758..ffd9cd51d2 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -716,15 +716,14 @@ static int openssl_dtls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 
 static int dtls_handshake(URLContext *h)
 {
-    int ret = 0, r0, r1;
+    int ret = EINPROGRESS, r0, r1;
     TLSContext *p = h->priv_data;
 
     r0 = SSL_do_handshake(p->ssl);
     r1 = SSL_get_error(p->ssl, r0);
     if (r0 <= 0) {
         if (r1 != SSL_ERROR_WANT_READ && r1 != SSL_ERROR_WANT_WRITE && r1 != SSL_ERROR_ZERO_RETURN) {
-            av_log(p, AV_LOG_ERROR, "TLS: Read failed, r0=%d, r1=%d %s\n", r0, r1, openssl_get_error(p));
-            ret = AVERROR(EIO);
+            ret = print_ssl_error(h, r1);
             goto end;
         }
     } else {
@@ -734,7 +733,7 @@ static int dtls_handshake(URLContext *h)
     /* Check whether the DTLS is completed. */
     if (SSL_is_init_finished(p->ssl) != 1)
         goto end;
-
+    ret = 0;
     p->tls_shared.state = DTLS_STATE_FINISHED;
 end:
     return ret;
-- 
2.49.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

^ permalink raw reply	[flat|nested] 8+ messages in thread

* [FFmpeg-devel] [PATCH v2 3/4] avformat/tls_openssl: remove all redundant "TLS: " in log with AVClass
  2025-07-11 13:20 [FFmpeg-devel] [PATCH v2 0/4] Fix some issues in tls_openssl and udp Jack Lau
  2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 1/4] avformat/tls_openssl: add record trace function Jack Lau
  2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 2/4] avformat/tls_openssl: fix dtls_handshake return code Jack Lau
@ 2025-07-11 13:20 ` Jack Lau
  2025-07-11 15:05   ` Steven Liu
  2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 4/4] avformat/udp: fix udp server mode haven't dest_addr Jack Lau
  3 siblings, 1 reply; 8+ messages in thread
From: Jack Lau @ 2025-07-11 13:20 UTC (permalink / raw)
  To: ffmpeg-devel; +Cc: Jack Lau

Signed-off-by: Jack Lau <jacklau1222@qq.com>
---
 libavformat/tls_openssl.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index ffd9cd51d2..a519c8c880 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -509,7 +509,7 @@ int ff_dtls_export_materials(URLContext *h, char *dtls_srtp_materials, size_t ma
     ret = SSL_export_keying_material(c->ssl, dtls_srtp_materials, materials_sz,
         dst, strlen(dst), NULL, 0, 0);
     if (!ret) {
-        av_log(c, AV_LOG_ERROR, "TLS: Failed to export SRTP material, %s\n", openssl_get_error(c));
+        av_log(c, AV_LOG_ERROR, "Failed to export SRTP material, %s\n", openssl_get_error(c));
         return -1;
     }
     return 0;
@@ -727,7 +727,7 @@ static int dtls_handshake(URLContext *h)
             goto end;
         }
     } else {
-        av_log(p, AV_LOG_TRACE, "TLS: Read %d bytes, r0=%d, r1=%d\n", r0, r0, r1);
+        av_log(p, AV_LOG_TRACE, "Read %d bytes, r0=%d, r1=%d\n", r0, r0, r1);
     }
 
     /* Check whether the DTLS is completed. */
@@ -768,7 +768,7 @@ static av_cold int openssl_init_ca_key_cert(URLContext *h)
             return ret;
         }
     } else if (c->is_dtls){
-        av_log(p, AV_LOG_ERROR, "TLS: Init cert failed, %s\n", openssl_get_error(p));
+        av_log(p, AV_LOG_ERROR, "Init cert failed, %s\n", openssl_get_error(p));
         ret = AVERROR(EINVAL);
         goto fail;
     }
@@ -784,12 +784,12 @@ static av_cold int openssl_init_ca_key_cert(URLContext *h)
     } else if (c->key_buf) {
         p->pkey = pkey = pkey_from_pem_string(c->key_buf, 1);
         if (SSL_CTX_use_PrivateKey(p->ctx, pkey) != 1) {
-            av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_use_PrivateKey failed, %s\n", openssl_get_error(p));
+            av_log(p, AV_LOG_ERROR, "Init SSL_CTX_use_PrivateKey failed, %s\n", openssl_get_error(p));
             ret = AVERROR(EINVAL);
             return ret;
         }
     } else if (c->is_dtls) {
-        av_log(p, AV_LOG_ERROR, "TLS: Init pkey failed, %s\n", openssl_get_error(p));
+        av_log(p, AV_LOG_ERROR, "Init pkey failed, %s\n", openssl_get_error(p));
         ret = AVERROR(EINVAL);
         goto fail;
     }
@@ -826,7 +826,7 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
 
     /* For ECDSA, we could set the curves list. */
     if (SSL_CTX_set1_curves_list(p->ctx, curves) != 1) {
-        av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_set1_curves_list failed, curves=%s, %s\n",
+        av_log(p, AV_LOG_ERROR, "Init SSL_CTX_set1_curves_list failed, curves=%s, %s\n",
             curves, openssl_get_error(p));
         ret = AVERROR(EINVAL);
         return ret;
@@ -837,7 +837,7 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
      * ensuring maximum compatibility.
      */
     if (SSL_CTX_set_cipher_list(p->ctx, ciphers) != 1) {
-        av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_set_cipher_list failed, ciphers=%s, %s\n",
+        av_log(p, AV_LOG_ERROR, "Init SSL_CTX_set_cipher_list failed, ciphers=%s, %s\n",
             ciphers, openssl_get_error(p));
         ret = AVERROR(EINVAL);
         return ret;
@@ -854,7 +854,7 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
     SSL_CTX_set_read_ahead(p->ctx, 1);
     /* Setup the SRTP context */
     if (SSL_CTX_set_tlsext_use_srtp(p->ctx, profiles)) {
-        av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_set_tlsext_use_srtp failed, profiles=%s, %s\n",
+        av_log(p, AV_LOG_ERROR, "Init SSL_CTX_set_tlsext_use_srtp failed, profiles=%s, %s\n",
             profiles, openssl_get_error(p));
         ret = AVERROR(EINVAL);
         return ret;
@@ -906,12 +906,12 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
         ret = dtls_handshake(h);
         // Fatal SSL error, for example, no available suite when peer is DTLS 1.0 while we are DTLS 1.2.
         if (ret < 0) {
-            av_log(p, AV_LOG_ERROR, "TLS: Failed to drive SSL context, ret=%d\n", ret);
+            av_log(p, AV_LOG_ERROR, "Failed to drive SSL context, ret=%d\n", ret);
             return AVERROR(EIO);
         }
     }
 
-    av_log(p, AV_LOG_VERBOSE, "TLS: Setup ok, MTU=%d\n", p->tls_shared.mtu);
+    av_log(p, AV_LOG_VERBOSE, "Setup ok, MTU=%d\n", p->tls_shared.mtu);
 
     ret = 0;
 fail:
-- 
2.49.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

^ permalink raw reply	[flat|nested] 8+ messages in thread

* [FFmpeg-devel] [PATCH v2 4/4] avformat/udp: fix udp server mode haven't dest_addr
  2025-07-11 13:20 [FFmpeg-devel] [PATCH v2 0/4] Fix some issues in tls_openssl and udp Jack Lau
                   ` (2 preceding siblings ...)
  2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 3/4] avformat/tls_openssl: remove all redundant "TLS: " in log with AVClass Jack Lau
@ 2025-07-11 13:20 ` Jack Lau
  3 siblings, 0 replies; 8+ messages in thread
From: Jack Lau @ 2025-07-11 13:20 UTC (permalink / raw)
  To: ffmpeg-devel; +Cc: Jack Lau

If udp is in server mode(init local addr and port through url),
then it maybe haven't dest_addr, so we should set it after udp_read
get the client addr and port

This feature only enable when the new udp option autodetect_dest is specified

Signed-off-by: Jack Lau <jacklau1222@qq.com>
---
 libavformat/udp.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavformat/udp.c b/libavformat/udp.c
index 0fde3548e7..7d05e18dcd 100644
--- a/libavformat/udp.c
+++ b/libavformat/udp.c
@@ -99,6 +99,7 @@ typedef struct UDPContext {
     struct sockaddr_storage dest_addr;
     int dest_addr_len;
     int is_connected;
+    int autodetect_dest;
 
     /* Circular Buffer variables for use in UDP receive code */
     int circular_buffer_size;
@@ -143,6 +144,7 @@ static const AVOption options[] = {
     { "broadcast", "explicitly allow or disallow broadcast destination",   OFFSET(is_broadcast),   AV_OPT_TYPE_BOOL,   { .i64 = 0  },     0, 1,       E },
     { "ttl",            "Time to live (multicast only)",                   OFFSET(ttl),            AV_OPT_TYPE_INT,    { .i64 = 16 },     0, 255,     E },
     { "connect",        "set if connect() should be called on socket",     OFFSET(is_connected),   AV_OPT_TYPE_BOOL,   { .i64 =  0 },     0, 1,       .flags = D|E },
+    { "autodetect_dest", "Auto detect destination from last received addr", OFFSET(autodetect_dest), AV_OPT_TYPE_BOOL, {.i64 = 0}, 0, 1,    D|E },
     { "fifo_size",      "set the UDP receiving circular buffer size, expressed as a number of packets with size of 188 bytes", OFFSET(circular_buffer_size), AV_OPT_TYPE_INT, {.i64 = 7*4096}, 0, INT_MAX, D },
     { "overrun_nonfatal", "survive in case of UDP receiving circular buffer overrun", OFFSET(overrun_nonfatal), AV_OPT_TYPE_BOOL, {.i64 = 0}, 0, 1,    D },
     { "timeout",        "set raise error timeout, in microseconds (only in read mode)",OFFSET(timeout),         AV_OPT_TYPE_INT,  {.i64 = 0}, 0, INT_MAX, D },
@@ -1144,6 +1146,8 @@ static int udp_write(URLContext *h, const uint8_t *buf, int size)
     }
 
     if (!s->is_connected) {
+        if (s->autodetect_dest && !s->dest_addr_len && !s->dest_addr.ss_family)
+            ff_udp_get_last_recv_addr(h, &s->dest_addr, &s->dest_addr_len);
         ret = sendto (s->udp_fd, buf, size, 0,
                       (struct sockaddr *) &s->dest_addr,
                       s->dest_addr_len);
-- 
2.49.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [FFmpeg-devel] [PATCH v2 1/4] avformat/tls_openssl: add record trace function
  2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 1/4] avformat/tls_openssl: add record trace function Jack Lau
@ 2025-07-11 15:03   ` Steven Liu
  0 siblings, 0 replies; 8+ messages in thread
From: Steven Liu @ 2025-07-11 15:03 UTC (permalink / raw)
  To: FFmpeg development discussions and patches; +Cc: Jack Lau

Jack Lau <jacklau1222gm-at-gmail.com@ffmpeg.org> 于2025年7月11日周五 21:21写道:
>
> Signed-off-by: Jack Lau <jacklau1222@qq.com>
> ---
>  libavformat/tls_openssl.c | 51 +++++++++++++++++++++++++++++++++++++--
>  1 file changed, 49 insertions(+), 2 deletions(-)
>
> diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
> index 2a01fb387d..8639ac9758 100644
> --- a/libavformat/tls_openssl.c
> +++ b/libavformat/tls_openssl.c
> @@ -20,6 +20,7 @@
>   * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
>   */
>
> +#include "libavutil/intreadwrite.h"
>  #include "libavutil/mem.h"
>  #include "network.h"
>  #include "os_support.h"
> @@ -559,6 +560,48 @@ static int tls_close(URLContext *h)
>      return 0;
>  }
>
> +/*
> + * Trace a single TLS/DTLS record.
> + *
> + * See RFC 5246 Section 6.2.1, RFC 6347 Section 4.1
> + *
> + * @param data     Raw record (network byte‑order).
> + * @param length   Size of @data in bytes.
> + * @param incoming Non‑zero when the packet was received, zero when sent.
> + */
> +static void openssl_state_trace(uint8_t *data, int length, int incoming)
> +{
> +    uint8_t  content_type   = 0;  /* TLS/DTLS ContentType       */
> +    uint16_t record_length  = 0;  /* Length field from header   */
> +    uint8_t  handshake_type = 0;  /* First byte of Handshake msg */
> +    int is_dtls = 0;
> +
> +    /* ContentType is always the very first byte */
> +    if (length >= 1)
> +        content_type = AV_RB8(&data[0]);
> +    if (length >= 3 && data[1] == DTLS1_VERSION_MAJOR)
> +        is_dtls = 1;
> +    /* TLS header is 5 bytes, DTLS header is 13 bytes */
> +    if (length >= 13 && is_dtls)
> +        record_length = AV_RB16(&data[11]);
> +    else if (length >= 5 && !is_dtls)
> +        record_length = AV_RB16(&data[3]);
> +    /*
> +     * HandshakeType values (TLS 1.0–1.2, DTLS 1.0/1.2)
> +     * See RFC 5246 Section 7.4, RFC 6347 Section 4.2
> +     *
> +     * Only present when ContentType == handshake(22)
> +     */
> +    if (content_type == 22) {
use #define or enum should understand easyer than only number 22.

#define CONTENT_TYPE_CHANGE_CIPHER_SPEC 20
#define CONTENT_TYPE_CHANGE_ALERT 21
#define CONTENT_TYPE_HANDSHAKE 22
#define CONTENT_TYPE_APPLICATION_DATA 23

or


enum {
          content_type_change_cipher_spec = 20,
          contentt_ype_alert = 21,
          content_type_handshake = 22,
          content_type_application_data = 23,
          content_type_others = 255
      } ContentType;

perhapes enum better than define?

> +        int hs_off = is_dtls ? 13 : 5;
> +        if (length > hs_off)
> +            handshake_type = AV_RB8(&data[hs_off]);
> +    }
> +
> +    av_log(NULL, AV_LOG_TRACE ,"TLS: Trace %s, len=%u, cnt=%u, size=%u, hs=%u\n",
> +        (incoming? "RECV":"SEND"), length, content_type, record_length, handshake_type);
> +}
> +
>  static int url_bio_create(BIO *b)
>  {
>      BIO_set_init(b, 1);
> @@ -576,8 +619,10 @@ static int url_bio_bread(BIO *b, char *buf, int len)
>  {
>      TLSContext *c = BIO_get_data(b);
>      int ret = ffurl_read(c->tls_shared.is_dtls ? c->tls_shared.udp : c->tls_shared.tcp, buf, len);
> -    if (ret >= 0)
> +    if (ret >= 0) {
> +        openssl_state_trace((uint8_t*)buf, ret, 1);
>          return ret;
> +    }
>      BIO_clear_retry_flags(b);
>      if (ret == AVERROR_EXIT)
>          return 0;
> @@ -592,8 +637,10 @@ static int url_bio_bwrite(BIO *b, const char *buf, int len)
>  {
>      TLSContext *c = BIO_get_data(b);
>      int ret = ffurl_write(c->tls_shared.is_dtls ? c->tls_shared.udp : c->tls_shared.tcp, buf, len);
> -    if (ret >= 0)
> +    if (ret >= 0) {
> +        openssl_state_trace((uint8_t*)buf, ret, 0);
>          return ret;
> +    }
>      BIO_clear_retry_flags(b);
>      if (ret == AVERROR_EXIT)
>          return 0;
> --
> 2.49.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [FFmpeg-devel] [PATCH v2 2/4] avformat/tls_openssl: fix dtls_handshake return code
  2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 2/4] avformat/tls_openssl: fix dtls_handshake return code Jack Lau
@ 2025-07-11 15:05   ` Steven Liu
  0 siblings, 0 replies; 8+ messages in thread
From: Steven Liu @ 2025-07-11 15:05 UTC (permalink / raw)
  To: FFmpeg development discussions and patches; +Cc: Jack Lau

Jack Lau <jacklau1222gm-at-gmail.com@ffmpeg.org> 于2025年7月11日周五 21:22写道:
>
> If the handshake is still in progress, dtls_handshake should
> return a positive status code.
>
> Signed-off-by: Jack Lau <jacklau1222@qq.com>
> ---
>  libavformat/tls_openssl.c | 7 +++----
>  1 file changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
> index 8639ac9758..ffd9cd51d2 100644
> --- a/libavformat/tls_openssl.c
> +++ b/libavformat/tls_openssl.c
> @@ -716,15 +716,14 @@ static int openssl_dtls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
>
>  static int dtls_handshake(URLContext *h)
>  {
> -    int ret = 0, r0, r1;
> +    int ret = EINPROGRESS, r0, r1;
AVERROR(EINPROGRESS) ?
>      TLSContext *p = h->priv_data;
>
>      r0 = SSL_do_handshake(p->ssl);
>      r1 = SSL_get_error(p->ssl, r0);
>      if (r0 <= 0) {
>          if (r1 != SSL_ERROR_WANT_READ && r1 != SSL_ERROR_WANT_WRITE && r1 != SSL_ERROR_ZERO_RETURN) {
> -            av_log(p, AV_LOG_ERROR, "TLS: Read failed, r0=%d, r1=%d %s\n", r0, r1, openssl_get_error(p));
> -            ret = AVERROR(EIO);
> +            ret = print_ssl_error(h, r1);
>              goto end;
>          }
>      } else {
> @@ -734,7 +733,7 @@ static int dtls_handshake(URLContext *h)
>      /* Check whether the DTLS is completed. */
>      if (SSL_is_init_finished(p->ssl) != 1)
>          goto end;
> -
> +    ret = 0;
>      p->tls_shared.state = DTLS_STATE_FINISHED;
>  end:
>      return ret;
> --
> 2.49.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [FFmpeg-devel] [PATCH v2 3/4] avformat/tls_openssl: remove all redundant "TLS: " in log with AVClass
  2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 3/4] avformat/tls_openssl: remove all redundant "TLS: " in log with AVClass Jack Lau
@ 2025-07-11 15:05   ` Steven Liu
  0 siblings, 0 replies; 8+ messages in thread
From: Steven Liu @ 2025-07-11 15:05 UTC (permalink / raw)
  To: FFmpeg development discussions and patches; +Cc: Jack Lau

Jack Lau <jacklau1222gm-at-gmail.com@ffmpeg.org> 于2025年7月11日周五 21:22写道:
>
> Signed-off-by: Jack Lau <jacklau1222@qq.com>
> ---
>  libavformat/tls_openssl.c | 20 ++++++++++----------
>  1 file changed, 10 insertions(+), 10 deletions(-)
>
> diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
> index ffd9cd51d2..a519c8c880 100644
> --- a/libavformat/tls_openssl.c
> +++ b/libavformat/tls_openssl.c
> @@ -509,7 +509,7 @@ int ff_dtls_export_materials(URLContext *h, char *dtls_srtp_materials, size_t ma
>      ret = SSL_export_keying_material(c->ssl, dtls_srtp_materials, materials_sz,
>          dst, strlen(dst), NULL, 0, 0);
>      if (!ret) {
> -        av_log(c, AV_LOG_ERROR, "TLS: Failed to export SRTP material, %s\n", openssl_get_error(c));
> +        av_log(c, AV_LOG_ERROR, "Failed to export SRTP material, %s\n", openssl_get_error(c));
>          return -1;
>      }
>      return 0;
> @@ -727,7 +727,7 @@ static int dtls_handshake(URLContext *h)
>              goto end;
>          }
>      } else {
> -        av_log(p, AV_LOG_TRACE, "TLS: Read %d bytes, r0=%d, r1=%d\n", r0, r0, r1);
> +        av_log(p, AV_LOG_TRACE, "Read %d bytes, r0=%d, r1=%d\n", r0, r0, r1);
>      }
>
>      /* Check whether the DTLS is completed. */
> @@ -768,7 +768,7 @@ static av_cold int openssl_init_ca_key_cert(URLContext *h)
>              return ret;
>          }
>      } else if (c->is_dtls){
> -        av_log(p, AV_LOG_ERROR, "TLS: Init cert failed, %s\n", openssl_get_error(p));
> +        av_log(p, AV_LOG_ERROR, "Init cert failed, %s\n", openssl_get_error(p));
>          ret = AVERROR(EINVAL);
>          goto fail;
>      }
> @@ -784,12 +784,12 @@ static av_cold int openssl_init_ca_key_cert(URLContext *h)
>      } else if (c->key_buf) {
>          p->pkey = pkey = pkey_from_pem_string(c->key_buf, 1);
>          if (SSL_CTX_use_PrivateKey(p->ctx, pkey) != 1) {
> -            av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_use_PrivateKey failed, %s\n", openssl_get_error(p));
> +            av_log(p, AV_LOG_ERROR, "Init SSL_CTX_use_PrivateKey failed, %s\n", openssl_get_error(p));
>              ret = AVERROR(EINVAL);
>              return ret;
>          }
>      } else if (c->is_dtls) {
> -        av_log(p, AV_LOG_ERROR, "TLS: Init pkey failed, %s\n", openssl_get_error(p));
> +        av_log(p, AV_LOG_ERROR, "Init pkey failed, %s\n", openssl_get_error(p));
>          ret = AVERROR(EINVAL);
>          goto fail;
>      }
> @@ -826,7 +826,7 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
>
>      /* For ECDSA, we could set the curves list. */
>      if (SSL_CTX_set1_curves_list(p->ctx, curves) != 1) {
> -        av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_set1_curves_list failed, curves=%s, %s\n",
> +        av_log(p, AV_LOG_ERROR, "Init SSL_CTX_set1_curves_list failed, curves=%s, %s\n",
>              curves, openssl_get_error(p));
>          ret = AVERROR(EINVAL);
>          return ret;
> @@ -837,7 +837,7 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
>       * ensuring maximum compatibility.
>       */
>      if (SSL_CTX_set_cipher_list(p->ctx, ciphers) != 1) {
> -        av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_set_cipher_list failed, ciphers=%s, %s\n",
> +        av_log(p, AV_LOG_ERROR, "Init SSL_CTX_set_cipher_list failed, ciphers=%s, %s\n",
>              ciphers, openssl_get_error(p));
>          ret = AVERROR(EINVAL);
>          return ret;
> @@ -854,7 +854,7 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
>      SSL_CTX_set_read_ahead(p->ctx, 1);
>      /* Setup the SRTP context */
>      if (SSL_CTX_set_tlsext_use_srtp(p->ctx, profiles)) {
> -        av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_set_tlsext_use_srtp failed, profiles=%s, %s\n",
> +        av_log(p, AV_LOG_ERROR, "Init SSL_CTX_set_tlsext_use_srtp failed, profiles=%s, %s\n",
>              profiles, openssl_get_error(p));
>          ret = AVERROR(EINVAL);
>          return ret;
> @@ -906,12 +906,12 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
>          ret = dtls_handshake(h);
>          // Fatal SSL error, for example, no available suite when peer is DTLS 1.0 while we are DTLS 1.2.
>          if (ret < 0) {
> -            av_log(p, AV_LOG_ERROR, "TLS: Failed to drive SSL context, ret=%d\n", ret);
> +            av_log(p, AV_LOG_ERROR, "Failed to drive SSL context, ret=%d\n", ret);
>              return AVERROR(EIO);
>          }
>      }
>
> -    av_log(p, AV_LOG_VERBOSE, "TLS: Setup ok, MTU=%d\n", p->tls_shared.mtu);
> +    av_log(p, AV_LOG_VERBOSE, "Setup ok, MTU=%d\n", p->tls_shared.mtu);
>
>      ret = 0;
>  fail:
> --
> 2.49.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

LGTM


Thanks
Steven
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2025-07-11 15:06 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-07-11 13:20 [FFmpeg-devel] [PATCH v2 0/4] Fix some issues in tls_openssl and udp Jack Lau
2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 1/4] avformat/tls_openssl: add record trace function Jack Lau
2025-07-11 15:03   ` Steven Liu
2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 2/4] avformat/tls_openssl: fix dtls_handshake return code Jack Lau
2025-07-11 15:05   ` Steven Liu
2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 3/4] avformat/tls_openssl: remove all redundant "TLS: " in log with AVClass Jack Lau
2025-07-11 15:05   ` Steven Liu
2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 4/4] avformat/udp: fix udp server mode haven't dest_addr Jack Lau

Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
		ffmpegdev@gitmailbox.com
	public-inbox-index ffmpegdev

Example config snippet for mirrors.


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git