* [FFmpeg-devel] [PATCH v2 0/4] Fix some issues in tls_openssl and udp
@ 2025-07-11 13:20 Jack Lau
2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 1/4] avformat/tls_openssl: add record trace function Jack Lau
` (3 more replies)
0 siblings, 4 replies; 8+ messages in thread
From: Jack Lau @ 2025-07-11 13:20 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: Jack Lau
v2 patchset add new udp option autodetect_dest.
Original description:
This patchset aims to fix some issues when i try to utilize DTLS using avio.
I create a simple DTLS client and server case here
https://github.com/JackLau1222/openssl-dtls-bio-example/tree/master/ffmpeg_case
This patchset fix:
1. dtls_handshake can't return positive code when it still in progressing
2. udp server mode haven't dest_addr so we need set it through last_recv_addr
3. some code cleanup
This patchset depends on Timo's latest schannel patchset
More details: https://github.com/BtbN/FFmpeg/pull/3
Jack Lau (4):
avformat/tls_openssl: add record trace function
avformat/tls_openssl: fix dtls_handshake return code
avformat/tls_openssl: remove all redundant "TLS: " in log with AVClass
avformat/udp: fix udp server mode haven't dest_addr
libavformat/tls_openssl.c | 78 +++++++++++++++++++++++++++++++--------
libavformat/udp.c | 4 ++
2 files changed, 66 insertions(+), 16 deletions(-)
--
2.49.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 8+ messages in thread
* [FFmpeg-devel] [PATCH v2 1/4] avformat/tls_openssl: add record trace function
2025-07-11 13:20 [FFmpeg-devel] [PATCH v2 0/4] Fix some issues in tls_openssl and udp Jack Lau
@ 2025-07-11 13:20 ` Jack Lau
2025-07-11 15:03 ` Steven Liu
2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 2/4] avformat/tls_openssl: fix dtls_handshake return code Jack Lau
` (2 subsequent siblings)
3 siblings, 1 reply; 8+ messages in thread
From: Jack Lau @ 2025-07-11 13:20 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: Jack Lau
Signed-off-by: Jack Lau <jacklau1222@qq.com>
---
libavformat/tls_openssl.c | 51 +++++++++++++++++++++++++++++++++++++--
1 file changed, 49 insertions(+), 2 deletions(-)
diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index 2a01fb387d..8639ac9758 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -20,6 +20,7 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
+#include "libavutil/intreadwrite.h"
#include "libavutil/mem.h"
#include "network.h"
#include "os_support.h"
@@ -559,6 +560,48 @@ static int tls_close(URLContext *h)
return 0;
}
+/*
+ * Trace a single TLS/DTLS record.
+ *
+ * See RFC 5246 Section 6.2.1, RFC 6347 Section 4.1
+ *
+ * @param data Raw record (network byte‑order).
+ * @param length Size of @data in bytes.
+ * @param incoming Non‑zero when the packet was received, zero when sent.
+ */
+static void openssl_state_trace(uint8_t *data, int length, int incoming)
+{
+ uint8_t content_type = 0; /* TLS/DTLS ContentType */
+ uint16_t record_length = 0; /* Length field from header */
+ uint8_t handshake_type = 0; /* First byte of Handshake msg */
+ int is_dtls = 0;
+
+ /* ContentType is always the very first byte */
+ if (length >= 1)
+ content_type = AV_RB8(&data[0]);
+ if (length >= 3 && data[1] == DTLS1_VERSION_MAJOR)
+ is_dtls = 1;
+ /* TLS header is 5 bytes, DTLS header is 13 bytes */
+ if (length >= 13 && is_dtls)
+ record_length = AV_RB16(&data[11]);
+ else if (length >= 5 && !is_dtls)
+ record_length = AV_RB16(&data[3]);
+ /*
+ * HandshakeType values (TLS 1.0–1.2, DTLS 1.0/1.2)
+ * See RFC 5246 Section 7.4, RFC 6347 Section 4.2
+ *
+ * Only present when ContentType == handshake(22)
+ */
+ if (content_type == 22) {
+ int hs_off = is_dtls ? 13 : 5;
+ if (length > hs_off)
+ handshake_type = AV_RB8(&data[hs_off]);
+ }
+
+ av_log(NULL, AV_LOG_TRACE ,"TLS: Trace %s, len=%u, cnt=%u, size=%u, hs=%u\n",
+ (incoming? "RECV":"SEND"), length, content_type, record_length, handshake_type);
+}
+
static int url_bio_create(BIO *b)
{
BIO_set_init(b, 1);
@@ -576,8 +619,10 @@ static int url_bio_bread(BIO *b, char *buf, int len)
{
TLSContext *c = BIO_get_data(b);
int ret = ffurl_read(c->tls_shared.is_dtls ? c->tls_shared.udp : c->tls_shared.tcp, buf, len);
- if (ret >= 0)
+ if (ret >= 0) {
+ openssl_state_trace((uint8_t*)buf, ret, 1);
return ret;
+ }
BIO_clear_retry_flags(b);
if (ret == AVERROR_EXIT)
return 0;
@@ -592,8 +637,10 @@ static int url_bio_bwrite(BIO *b, const char *buf, int len)
{
TLSContext *c = BIO_get_data(b);
int ret = ffurl_write(c->tls_shared.is_dtls ? c->tls_shared.udp : c->tls_shared.tcp, buf, len);
- if (ret >= 0)
+ if (ret >= 0) {
+ openssl_state_trace((uint8_t*)buf, ret, 0);
return ret;
+ }
BIO_clear_retry_flags(b);
if (ret == AVERROR_EXIT)
return 0;
--
2.49.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 8+ messages in thread
* [FFmpeg-devel] [PATCH v2 2/4] avformat/tls_openssl: fix dtls_handshake return code
2025-07-11 13:20 [FFmpeg-devel] [PATCH v2 0/4] Fix some issues in tls_openssl and udp Jack Lau
2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 1/4] avformat/tls_openssl: add record trace function Jack Lau
@ 2025-07-11 13:20 ` Jack Lau
2025-07-11 15:05 ` Steven Liu
2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 3/4] avformat/tls_openssl: remove all redundant "TLS: " in log with AVClass Jack Lau
2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 4/4] avformat/udp: fix udp server mode haven't dest_addr Jack Lau
3 siblings, 1 reply; 8+ messages in thread
From: Jack Lau @ 2025-07-11 13:20 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: Jack Lau
If the handshake is still in progress, dtls_handshake should
return a positive status code.
Signed-off-by: Jack Lau <jacklau1222@qq.com>
---
libavformat/tls_openssl.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index 8639ac9758..ffd9cd51d2 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -716,15 +716,14 @@ static int openssl_dtls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
static int dtls_handshake(URLContext *h)
{
- int ret = 0, r0, r1;
+ int ret = EINPROGRESS, r0, r1;
TLSContext *p = h->priv_data;
r0 = SSL_do_handshake(p->ssl);
r1 = SSL_get_error(p->ssl, r0);
if (r0 <= 0) {
if (r1 != SSL_ERROR_WANT_READ && r1 != SSL_ERROR_WANT_WRITE && r1 != SSL_ERROR_ZERO_RETURN) {
- av_log(p, AV_LOG_ERROR, "TLS: Read failed, r0=%d, r1=%d %s\n", r0, r1, openssl_get_error(p));
- ret = AVERROR(EIO);
+ ret = print_ssl_error(h, r1);
goto end;
}
} else {
@@ -734,7 +733,7 @@ static int dtls_handshake(URLContext *h)
/* Check whether the DTLS is completed. */
if (SSL_is_init_finished(p->ssl) != 1)
goto end;
-
+ ret = 0;
p->tls_shared.state = DTLS_STATE_FINISHED;
end:
return ret;
--
2.49.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 8+ messages in thread
* [FFmpeg-devel] [PATCH v2 3/4] avformat/tls_openssl: remove all redundant "TLS: " in log with AVClass
2025-07-11 13:20 [FFmpeg-devel] [PATCH v2 0/4] Fix some issues in tls_openssl and udp Jack Lau
2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 1/4] avformat/tls_openssl: add record trace function Jack Lau
2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 2/4] avformat/tls_openssl: fix dtls_handshake return code Jack Lau
@ 2025-07-11 13:20 ` Jack Lau
2025-07-11 15:05 ` Steven Liu
2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 4/4] avformat/udp: fix udp server mode haven't dest_addr Jack Lau
3 siblings, 1 reply; 8+ messages in thread
From: Jack Lau @ 2025-07-11 13:20 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: Jack Lau
Signed-off-by: Jack Lau <jacklau1222@qq.com>
---
libavformat/tls_openssl.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index ffd9cd51d2..a519c8c880 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -509,7 +509,7 @@ int ff_dtls_export_materials(URLContext *h, char *dtls_srtp_materials, size_t ma
ret = SSL_export_keying_material(c->ssl, dtls_srtp_materials, materials_sz,
dst, strlen(dst), NULL, 0, 0);
if (!ret) {
- av_log(c, AV_LOG_ERROR, "TLS: Failed to export SRTP material, %s\n", openssl_get_error(c));
+ av_log(c, AV_LOG_ERROR, "Failed to export SRTP material, %s\n", openssl_get_error(c));
return -1;
}
return 0;
@@ -727,7 +727,7 @@ static int dtls_handshake(URLContext *h)
goto end;
}
} else {
- av_log(p, AV_LOG_TRACE, "TLS: Read %d bytes, r0=%d, r1=%d\n", r0, r0, r1);
+ av_log(p, AV_LOG_TRACE, "Read %d bytes, r0=%d, r1=%d\n", r0, r0, r1);
}
/* Check whether the DTLS is completed. */
@@ -768,7 +768,7 @@ static av_cold int openssl_init_ca_key_cert(URLContext *h)
return ret;
}
} else if (c->is_dtls){
- av_log(p, AV_LOG_ERROR, "TLS: Init cert failed, %s\n", openssl_get_error(p));
+ av_log(p, AV_LOG_ERROR, "Init cert failed, %s\n", openssl_get_error(p));
ret = AVERROR(EINVAL);
goto fail;
}
@@ -784,12 +784,12 @@ static av_cold int openssl_init_ca_key_cert(URLContext *h)
} else if (c->key_buf) {
p->pkey = pkey = pkey_from_pem_string(c->key_buf, 1);
if (SSL_CTX_use_PrivateKey(p->ctx, pkey) != 1) {
- av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_use_PrivateKey failed, %s\n", openssl_get_error(p));
+ av_log(p, AV_LOG_ERROR, "Init SSL_CTX_use_PrivateKey failed, %s\n", openssl_get_error(p));
ret = AVERROR(EINVAL);
return ret;
}
} else if (c->is_dtls) {
- av_log(p, AV_LOG_ERROR, "TLS: Init pkey failed, %s\n", openssl_get_error(p));
+ av_log(p, AV_LOG_ERROR, "Init pkey failed, %s\n", openssl_get_error(p));
ret = AVERROR(EINVAL);
goto fail;
}
@@ -826,7 +826,7 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
/* For ECDSA, we could set the curves list. */
if (SSL_CTX_set1_curves_list(p->ctx, curves) != 1) {
- av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_set1_curves_list failed, curves=%s, %s\n",
+ av_log(p, AV_LOG_ERROR, "Init SSL_CTX_set1_curves_list failed, curves=%s, %s\n",
curves, openssl_get_error(p));
ret = AVERROR(EINVAL);
return ret;
@@ -837,7 +837,7 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
* ensuring maximum compatibility.
*/
if (SSL_CTX_set_cipher_list(p->ctx, ciphers) != 1) {
- av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_set_cipher_list failed, ciphers=%s, %s\n",
+ av_log(p, AV_LOG_ERROR, "Init SSL_CTX_set_cipher_list failed, ciphers=%s, %s\n",
ciphers, openssl_get_error(p));
ret = AVERROR(EINVAL);
return ret;
@@ -854,7 +854,7 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
SSL_CTX_set_read_ahead(p->ctx, 1);
/* Setup the SRTP context */
if (SSL_CTX_set_tlsext_use_srtp(p->ctx, profiles)) {
- av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_set_tlsext_use_srtp failed, profiles=%s, %s\n",
+ av_log(p, AV_LOG_ERROR, "Init SSL_CTX_set_tlsext_use_srtp failed, profiles=%s, %s\n",
profiles, openssl_get_error(p));
ret = AVERROR(EINVAL);
return ret;
@@ -906,12 +906,12 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
ret = dtls_handshake(h);
// Fatal SSL error, for example, no available suite when peer is DTLS 1.0 while we are DTLS 1.2.
if (ret < 0) {
- av_log(p, AV_LOG_ERROR, "TLS: Failed to drive SSL context, ret=%d\n", ret);
+ av_log(p, AV_LOG_ERROR, "Failed to drive SSL context, ret=%d\n", ret);
return AVERROR(EIO);
}
}
- av_log(p, AV_LOG_VERBOSE, "TLS: Setup ok, MTU=%d\n", p->tls_shared.mtu);
+ av_log(p, AV_LOG_VERBOSE, "Setup ok, MTU=%d\n", p->tls_shared.mtu);
ret = 0;
fail:
--
2.49.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 8+ messages in thread
* [FFmpeg-devel] [PATCH v2 4/4] avformat/udp: fix udp server mode haven't dest_addr
2025-07-11 13:20 [FFmpeg-devel] [PATCH v2 0/4] Fix some issues in tls_openssl and udp Jack Lau
` (2 preceding siblings ...)
2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 3/4] avformat/tls_openssl: remove all redundant "TLS: " in log with AVClass Jack Lau
@ 2025-07-11 13:20 ` Jack Lau
3 siblings, 0 replies; 8+ messages in thread
From: Jack Lau @ 2025-07-11 13:20 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: Jack Lau
If udp is in server mode(init local addr and port through url),
then it maybe haven't dest_addr, so we should set it after udp_read
get the client addr and port
This feature only enable when the new udp option autodetect_dest is specified
Signed-off-by: Jack Lau <jacklau1222@qq.com>
---
libavformat/udp.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libavformat/udp.c b/libavformat/udp.c
index 0fde3548e7..7d05e18dcd 100644
--- a/libavformat/udp.c
+++ b/libavformat/udp.c
@@ -99,6 +99,7 @@ typedef struct UDPContext {
struct sockaddr_storage dest_addr;
int dest_addr_len;
int is_connected;
+ int autodetect_dest;
/* Circular Buffer variables for use in UDP receive code */
int circular_buffer_size;
@@ -143,6 +144,7 @@ static const AVOption options[] = {
{ "broadcast", "explicitly allow or disallow broadcast destination", OFFSET(is_broadcast), AV_OPT_TYPE_BOOL, { .i64 = 0 }, 0, 1, E },
{ "ttl", "Time to live (multicast only)", OFFSET(ttl), AV_OPT_TYPE_INT, { .i64 = 16 }, 0, 255, E },
{ "connect", "set if connect() should be called on socket", OFFSET(is_connected), AV_OPT_TYPE_BOOL, { .i64 = 0 }, 0, 1, .flags = D|E },
+ { "autodetect_dest", "Auto detect destination from last received addr", OFFSET(autodetect_dest), AV_OPT_TYPE_BOOL, {.i64 = 0}, 0, 1, D|E },
{ "fifo_size", "set the UDP receiving circular buffer size, expressed as a number of packets with size of 188 bytes", OFFSET(circular_buffer_size), AV_OPT_TYPE_INT, {.i64 = 7*4096}, 0, INT_MAX, D },
{ "overrun_nonfatal", "survive in case of UDP receiving circular buffer overrun", OFFSET(overrun_nonfatal), AV_OPT_TYPE_BOOL, {.i64 = 0}, 0, 1, D },
{ "timeout", "set raise error timeout, in microseconds (only in read mode)",OFFSET(timeout), AV_OPT_TYPE_INT, {.i64 = 0}, 0, INT_MAX, D },
@@ -1144,6 +1146,8 @@ static int udp_write(URLContext *h, const uint8_t *buf, int size)
}
if (!s->is_connected) {
+ if (s->autodetect_dest && !s->dest_addr_len && !s->dest_addr.ss_family)
+ ff_udp_get_last_recv_addr(h, &s->dest_addr, &s->dest_addr_len);
ret = sendto (s->udp_fd, buf, size, 0,
(struct sockaddr *) &s->dest_addr,
s->dest_addr_len);
--
2.49.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [FFmpeg-devel] [PATCH v2 1/4] avformat/tls_openssl: add record trace function
2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 1/4] avformat/tls_openssl: add record trace function Jack Lau
@ 2025-07-11 15:03 ` Steven Liu
0 siblings, 0 replies; 8+ messages in thread
From: Steven Liu @ 2025-07-11 15:03 UTC (permalink / raw)
To: FFmpeg development discussions and patches; +Cc: Jack Lau
Jack Lau <jacklau1222gm-at-gmail.com@ffmpeg.org> 于2025年7月11日周五 21:21写道:
>
> Signed-off-by: Jack Lau <jacklau1222@qq.com>
> ---
> libavformat/tls_openssl.c | 51 +++++++++++++++++++++++++++++++++++++--
> 1 file changed, 49 insertions(+), 2 deletions(-)
>
> diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
> index 2a01fb387d..8639ac9758 100644
> --- a/libavformat/tls_openssl.c
> +++ b/libavformat/tls_openssl.c
> @@ -20,6 +20,7 @@
> * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
> */
>
> +#include "libavutil/intreadwrite.h"
> #include "libavutil/mem.h"
> #include "network.h"
> #include "os_support.h"
> @@ -559,6 +560,48 @@ static int tls_close(URLContext *h)
> return 0;
> }
>
> +/*
> + * Trace a single TLS/DTLS record.
> + *
> + * See RFC 5246 Section 6.2.1, RFC 6347 Section 4.1
> + *
> + * @param data Raw record (network byte‑order).
> + * @param length Size of @data in bytes.
> + * @param incoming Non‑zero when the packet was received, zero when sent.
> + */
> +static void openssl_state_trace(uint8_t *data, int length, int incoming)
> +{
> + uint8_t content_type = 0; /* TLS/DTLS ContentType */
> + uint16_t record_length = 0; /* Length field from header */
> + uint8_t handshake_type = 0; /* First byte of Handshake msg */
> + int is_dtls = 0;
> +
> + /* ContentType is always the very first byte */
> + if (length >= 1)
> + content_type = AV_RB8(&data[0]);
> + if (length >= 3 && data[1] == DTLS1_VERSION_MAJOR)
> + is_dtls = 1;
> + /* TLS header is 5 bytes, DTLS header is 13 bytes */
> + if (length >= 13 && is_dtls)
> + record_length = AV_RB16(&data[11]);
> + else if (length >= 5 && !is_dtls)
> + record_length = AV_RB16(&data[3]);
> + /*
> + * HandshakeType values (TLS 1.0–1.2, DTLS 1.0/1.2)
> + * See RFC 5246 Section 7.4, RFC 6347 Section 4.2
> + *
> + * Only present when ContentType == handshake(22)
> + */
> + if (content_type == 22) {
use #define or enum should understand easyer than only number 22.
#define CONTENT_TYPE_CHANGE_CIPHER_SPEC 20
#define CONTENT_TYPE_CHANGE_ALERT 21
#define CONTENT_TYPE_HANDSHAKE 22
#define CONTENT_TYPE_APPLICATION_DATA 23
or
enum {
content_type_change_cipher_spec = 20,
contentt_ype_alert = 21,
content_type_handshake = 22,
content_type_application_data = 23,
content_type_others = 255
} ContentType;
perhapes enum better than define?
> + int hs_off = is_dtls ? 13 : 5;
> + if (length > hs_off)
> + handshake_type = AV_RB8(&data[hs_off]);
> + }
> +
> + av_log(NULL, AV_LOG_TRACE ,"TLS: Trace %s, len=%u, cnt=%u, size=%u, hs=%u\n",
> + (incoming? "RECV":"SEND"), length, content_type, record_length, handshake_type);
> +}
> +
> static int url_bio_create(BIO *b)
> {
> BIO_set_init(b, 1);
> @@ -576,8 +619,10 @@ static int url_bio_bread(BIO *b, char *buf, int len)
> {
> TLSContext *c = BIO_get_data(b);
> int ret = ffurl_read(c->tls_shared.is_dtls ? c->tls_shared.udp : c->tls_shared.tcp, buf, len);
> - if (ret >= 0)
> + if (ret >= 0) {
> + openssl_state_trace((uint8_t*)buf, ret, 1);
> return ret;
> + }
> BIO_clear_retry_flags(b);
> if (ret == AVERROR_EXIT)
> return 0;
> @@ -592,8 +637,10 @@ static int url_bio_bwrite(BIO *b, const char *buf, int len)
> {
> TLSContext *c = BIO_get_data(b);
> int ret = ffurl_write(c->tls_shared.is_dtls ? c->tls_shared.udp : c->tls_shared.tcp, buf, len);
> - if (ret >= 0)
> + if (ret >= 0) {
> + openssl_state_trace((uint8_t*)buf, ret, 0);
> return ret;
> + }
> BIO_clear_retry_flags(b);
> if (ret == AVERROR_EXIT)
> return 0;
> --
> 2.49.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [FFmpeg-devel] [PATCH v2 2/4] avformat/tls_openssl: fix dtls_handshake return code
2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 2/4] avformat/tls_openssl: fix dtls_handshake return code Jack Lau
@ 2025-07-11 15:05 ` Steven Liu
0 siblings, 0 replies; 8+ messages in thread
From: Steven Liu @ 2025-07-11 15:05 UTC (permalink / raw)
To: FFmpeg development discussions and patches; +Cc: Jack Lau
Jack Lau <jacklau1222gm-at-gmail.com@ffmpeg.org> 于2025年7月11日周五 21:22写道:
>
> If the handshake is still in progress, dtls_handshake should
> return a positive status code.
>
> Signed-off-by: Jack Lau <jacklau1222@qq.com>
> ---
> libavformat/tls_openssl.c | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
> index 8639ac9758..ffd9cd51d2 100644
> --- a/libavformat/tls_openssl.c
> +++ b/libavformat/tls_openssl.c
> @@ -716,15 +716,14 @@ static int openssl_dtls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
>
> static int dtls_handshake(URLContext *h)
> {
> - int ret = 0, r0, r1;
> + int ret = EINPROGRESS, r0, r1;
AVERROR(EINPROGRESS) ?
> TLSContext *p = h->priv_data;
>
> r0 = SSL_do_handshake(p->ssl);
> r1 = SSL_get_error(p->ssl, r0);
> if (r0 <= 0) {
> if (r1 != SSL_ERROR_WANT_READ && r1 != SSL_ERROR_WANT_WRITE && r1 != SSL_ERROR_ZERO_RETURN) {
> - av_log(p, AV_LOG_ERROR, "TLS: Read failed, r0=%d, r1=%d %s\n", r0, r1, openssl_get_error(p));
> - ret = AVERROR(EIO);
> + ret = print_ssl_error(h, r1);
> goto end;
> }
> } else {
> @@ -734,7 +733,7 @@ static int dtls_handshake(URLContext *h)
> /* Check whether the DTLS is completed. */
> if (SSL_is_init_finished(p->ssl) != 1)
> goto end;
> -
> + ret = 0;
> p->tls_shared.state = DTLS_STATE_FINISHED;
> end:
> return ret;
> --
> 2.49.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [FFmpeg-devel] [PATCH v2 3/4] avformat/tls_openssl: remove all redundant "TLS: " in log with AVClass
2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 3/4] avformat/tls_openssl: remove all redundant "TLS: " in log with AVClass Jack Lau
@ 2025-07-11 15:05 ` Steven Liu
0 siblings, 0 replies; 8+ messages in thread
From: Steven Liu @ 2025-07-11 15:05 UTC (permalink / raw)
To: FFmpeg development discussions and patches; +Cc: Jack Lau
Jack Lau <jacklau1222gm-at-gmail.com@ffmpeg.org> 于2025年7月11日周五 21:22写道:
>
> Signed-off-by: Jack Lau <jacklau1222@qq.com>
> ---
> libavformat/tls_openssl.c | 20 ++++++++++----------
> 1 file changed, 10 insertions(+), 10 deletions(-)
>
> diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
> index ffd9cd51d2..a519c8c880 100644
> --- a/libavformat/tls_openssl.c
> +++ b/libavformat/tls_openssl.c
> @@ -509,7 +509,7 @@ int ff_dtls_export_materials(URLContext *h, char *dtls_srtp_materials, size_t ma
> ret = SSL_export_keying_material(c->ssl, dtls_srtp_materials, materials_sz,
> dst, strlen(dst), NULL, 0, 0);
> if (!ret) {
> - av_log(c, AV_LOG_ERROR, "TLS: Failed to export SRTP material, %s\n", openssl_get_error(c));
> + av_log(c, AV_LOG_ERROR, "Failed to export SRTP material, %s\n", openssl_get_error(c));
> return -1;
> }
> return 0;
> @@ -727,7 +727,7 @@ static int dtls_handshake(URLContext *h)
> goto end;
> }
> } else {
> - av_log(p, AV_LOG_TRACE, "TLS: Read %d bytes, r0=%d, r1=%d\n", r0, r0, r1);
> + av_log(p, AV_LOG_TRACE, "Read %d bytes, r0=%d, r1=%d\n", r0, r0, r1);
> }
>
> /* Check whether the DTLS is completed. */
> @@ -768,7 +768,7 @@ static av_cold int openssl_init_ca_key_cert(URLContext *h)
> return ret;
> }
> } else if (c->is_dtls){
> - av_log(p, AV_LOG_ERROR, "TLS: Init cert failed, %s\n", openssl_get_error(p));
> + av_log(p, AV_LOG_ERROR, "Init cert failed, %s\n", openssl_get_error(p));
> ret = AVERROR(EINVAL);
> goto fail;
> }
> @@ -784,12 +784,12 @@ static av_cold int openssl_init_ca_key_cert(URLContext *h)
> } else if (c->key_buf) {
> p->pkey = pkey = pkey_from_pem_string(c->key_buf, 1);
> if (SSL_CTX_use_PrivateKey(p->ctx, pkey) != 1) {
> - av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_use_PrivateKey failed, %s\n", openssl_get_error(p));
> + av_log(p, AV_LOG_ERROR, "Init SSL_CTX_use_PrivateKey failed, %s\n", openssl_get_error(p));
> ret = AVERROR(EINVAL);
> return ret;
> }
> } else if (c->is_dtls) {
> - av_log(p, AV_LOG_ERROR, "TLS: Init pkey failed, %s\n", openssl_get_error(p));
> + av_log(p, AV_LOG_ERROR, "Init pkey failed, %s\n", openssl_get_error(p));
> ret = AVERROR(EINVAL);
> goto fail;
> }
> @@ -826,7 +826,7 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
>
> /* For ECDSA, we could set the curves list. */
> if (SSL_CTX_set1_curves_list(p->ctx, curves) != 1) {
> - av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_set1_curves_list failed, curves=%s, %s\n",
> + av_log(p, AV_LOG_ERROR, "Init SSL_CTX_set1_curves_list failed, curves=%s, %s\n",
> curves, openssl_get_error(p));
> ret = AVERROR(EINVAL);
> return ret;
> @@ -837,7 +837,7 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
> * ensuring maximum compatibility.
> */
> if (SSL_CTX_set_cipher_list(p->ctx, ciphers) != 1) {
> - av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_set_cipher_list failed, ciphers=%s, %s\n",
> + av_log(p, AV_LOG_ERROR, "Init SSL_CTX_set_cipher_list failed, ciphers=%s, %s\n",
> ciphers, openssl_get_error(p));
> ret = AVERROR(EINVAL);
> return ret;
> @@ -854,7 +854,7 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
> SSL_CTX_set_read_ahead(p->ctx, 1);
> /* Setup the SRTP context */
> if (SSL_CTX_set_tlsext_use_srtp(p->ctx, profiles)) {
> - av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_set_tlsext_use_srtp failed, profiles=%s, %s\n",
> + av_log(p, AV_LOG_ERROR, "Init SSL_CTX_set_tlsext_use_srtp failed, profiles=%s, %s\n",
> profiles, openssl_get_error(p));
> ret = AVERROR(EINVAL);
> return ret;
> @@ -906,12 +906,12 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
> ret = dtls_handshake(h);
> // Fatal SSL error, for example, no available suite when peer is DTLS 1.0 while we are DTLS 1.2.
> if (ret < 0) {
> - av_log(p, AV_LOG_ERROR, "TLS: Failed to drive SSL context, ret=%d\n", ret);
> + av_log(p, AV_LOG_ERROR, "Failed to drive SSL context, ret=%d\n", ret);
> return AVERROR(EIO);
> }
> }
>
> - av_log(p, AV_LOG_VERBOSE, "TLS: Setup ok, MTU=%d\n", p->tls_shared.mtu);
> + av_log(p, AV_LOG_VERBOSE, "Setup ok, MTU=%d\n", p->tls_shared.mtu);
>
> ret = 0;
> fail:
> --
> 2.49.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
LGTM
Thanks
Steven
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2025-07-11 15:06 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-07-11 13:20 [FFmpeg-devel] [PATCH v2 0/4] Fix some issues in tls_openssl and udp Jack Lau
2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 1/4] avformat/tls_openssl: add record trace function Jack Lau
2025-07-11 15:03 ` Steven Liu
2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 2/4] avformat/tls_openssl: fix dtls_handshake return code Jack Lau
2025-07-11 15:05 ` Steven Liu
2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 3/4] avformat/tls_openssl: remove all redundant "TLS: " in log with AVClass Jack Lau
2025-07-11 15:05 ` Steven Liu
2025-07-11 13:20 ` [FFmpeg-devel] [PATCH v2 4/4] avformat/udp: fix udp server mode haven't dest_addr Jack Lau
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git