* [FFmpeg-devel] [PATCH v3 0/9] Fix some issues in tls_openssl
@ 2025-07-13 7:09 Jack Lau
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 1/9] avformat/tls: add trace function for log TLS/DTLS record Jack Lau
` (8 more replies)
0 siblings, 9 replies; 10+ messages in thread
From: Jack Lau @ 2025-07-13 7:09 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: Jack Lau
This patchset aims to fix some issues so that DTLS can work properly (not just for WHIP)
Quick experience using such command:
ffmpeg -v debug -listen 1 -cert_file cert.pem -key_file key.pem -mtu 1500 -i dtls://127.0.0.1:4444 -c copy -y out.mp4
ffmpeg -v trace -f lavfi -re -i testsrc2=duration=5:size=128x72:rate=30 -an -sn -c:v libx264 -mtu 10000 -f mpegts "dtls://127.0.0.1:4444"
Or using avio public api:
https://github.com/JackLau1222/openssl-dtls-bio-example/tree/master/ffmpeg_case
I notice DTLS still have to do some cleanups, I plan to implement WHIP DTLS client role next step so i'll do it also in coming days
Original description:
This patchset aims to fix some issues when i try to utilize DTLS using avio.
I create a simple DTLS client and server case here
https://github.com/JackLau1222/openssl-dtls-bio-example/tree/master/ffmpeg_case
This patchset fix:
1. dtls_handshake can't return positive code when it still in progressing
2. udp server mode haven't dest_addr so we need set it through last_recv_addr
3. some code cleanup
This patchset depends on Timo's latest schannel patchset
More details: https://github.com/BtbN/FFmpeg/pull/3
Jack Lau (9):
avformat/tls: add trace function for log TLS/DTLS record
avformat/tls_openssl: fix dtls_handshake return code
avformat/tls_openssl: remove all redundant "TLS: " in log with AVClass
avformat/tls_openssl: make tls and dtls use one close function
avformat/whip: free udp socket after dtls free
avformat/tls_openssl: replace 1 to TLS_ST_OK to be more clear
avformat/tls_openssl: remove requirement for dtls must init cert and
key
avformat/tls_openssl: auto set the dest addr when dtls in listen mode
avformat/tls_openssl: init DTLS context with explicit method
libavformat/tls.c | 56 +++++++++++++++++++++++++++
libavformat/tls.h | 2 +
libavformat/tls_openssl.c | 81 ++++++++++++++++++++-------------------
libavformat/whip.c | 2 +-
4 files changed, 100 insertions(+), 41 deletions(-)
--
2.49.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 10+ messages in thread
* [FFmpeg-devel] [PATCH v3 1/9] avformat/tls: add trace function for log TLS/DTLS record
2025-07-13 7:09 [FFmpeg-devel] [PATCH v3 0/9] Fix some issues in tls_openssl Jack Lau
@ 2025-07-13 7:09 ` Jack Lau
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 2/9] avformat/tls_openssl: fix dtls_handshake return code Jack Lau
` (7 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Jack Lau @ 2025-07-13 7:09 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: Jack Lau
Refer to RFC 5246, RFC 6347
Signed-off-by: Jack Lau <jacklau1222@qq.com>
---
libavformat/tls.c | 56 +++++++++++++++++++++++++++++++++++++++
libavformat/tls.h | 2 ++
libavformat/tls_openssl.c | 8 ++++--
3 files changed, 64 insertions(+), 2 deletions(-)
diff --git a/libavformat/tls.c b/libavformat/tls.c
index bd9c05e6dc..c549b014cf 100644
--- a/libavformat/tls.c
+++ b/libavformat/tls.c
@@ -27,10 +27,66 @@
#include "url.h"
#include "tls.h"
#include "libavutil/avstring.h"
+#include "libavutil/intreadwrite.h"
#include "libavutil/getenv_utf8.h"
#include "libavutil/mem.h"
#include "libavutil/parseutils.h"
+enum {
+ CONTENT_TYPE_CHANGE_CIPHER_SPEC = 20,
+ CONTENT_TYPE_ALERT = 21,
+ CONTENT_TYPE_HANDSHAKE = 22,
+ CONTENT_TYPE_APPLICATION_DATA = 23,
+ CONTENT_TYPE_OTHERS = 255
+} ContentType;
+
+enum {
+ TLS1_MAJOR_VERSION = 0x03,
+ DTLS1_MAJOR_VERSION = 0xFE,
+} TLSVersion;
+
+/*
+ * Trace a single TLS/DTLS record.
+ *
+ * See RFC 5246 Section 6.2.1, RFC 6347 Section 4.1
+ *
+ * @param data Raw record (network byte‑order).
+ * @param length Size of @data in bytes.
+ * @param incoming Non‑zero when the packet was received, zero when sent.
+ */
+void openssl_state_trace(uint8_t *data, int length, int incoming)
+{
+ uint8_t content_type = 0; /* TLS/DTLS ContentType */
+ uint16_t record_length = 0; /* Length field from header */
+ uint8_t handshake_type = 0; /* First byte of Handshake msg */
+ int is_dtls = 0;
+
+ /* ContentType is always the very first byte */
+ if (length >= 1)
+ content_type = AV_RB8(&data[0]);
+ if (length >= 3 && data[1] == DTLS1_MAJOR_VERSION)
+ is_dtls = 1;
+ /* TLS header is 5 bytes, DTLS header is 13 bytes */
+ if (length >= 13 && is_dtls)
+ record_length = AV_RB16(&data[11]);
+ else if (length >= 5 && !is_dtls)
+ record_length = AV_RB16(&data[3]);
+ /*
+ * HandshakeType values (TLS 1.0–1.2, DTLS 1.0/1.2)
+ * See RFC 5246 Section 7.4, RFC 6347 Section 4.2
+ *
+ * Only present when ContentType == handshake(22)
+ */
+ if (content_type == CONTENT_TYPE_HANDSHAKE) {
+ int hs_off = is_dtls ? 13 : 5;
+ if (length > hs_off)
+ handshake_type = AV_RB8(&data[hs_off]);
+ }
+
+ av_log(NULL, AV_LOG_TRACE ,"TLS: Trace %s, len=%u, cnt=%u, size=%u, hs=%u\n",
+ (incoming? "RECV":"SEND"), length, content_type, record_length, handshake_type);
+}
+
static int set_options(TLSShared *c, const char *uri)
{
char buf[1024];
diff --git a/libavformat/tls.h b/libavformat/tls.h
index 0c02a4ab27..cc8823e008 100644
--- a/libavformat/tls.h
+++ b/libavformat/tls.h
@@ -95,6 +95,8 @@ typedef struct TLSShared {
{"key_pem", "Private key PEM string", offsetof(pstruct, options_field . key_buf), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
FF_TLS_CLIENT_OPTIONS(pstruct, options_field)
+void openssl_state_trace(uint8_t *data, int length, int incoming);
+
int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AVDictionary **options);
int ff_url_read_all(const char *url, AVBPrint *bp);
diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index 2a01fb387d..2777a4f657 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -576,8 +576,10 @@ static int url_bio_bread(BIO *b, char *buf, int len)
{
TLSContext *c = BIO_get_data(b);
int ret = ffurl_read(c->tls_shared.is_dtls ? c->tls_shared.udp : c->tls_shared.tcp, buf, len);
- if (ret >= 0)
+ if (ret >= 0) {
+ openssl_state_trace((uint8_t*)buf, ret, 1);
return ret;
+ }
BIO_clear_retry_flags(b);
if (ret == AVERROR_EXIT)
return 0;
@@ -592,8 +594,10 @@ static int url_bio_bwrite(BIO *b, const char *buf, int len)
{
TLSContext *c = BIO_get_data(b);
int ret = ffurl_write(c->tls_shared.is_dtls ? c->tls_shared.udp : c->tls_shared.tcp, buf, len);
- if (ret >= 0)
+ if (ret >= 0) {
+ openssl_state_trace((uint8_t*)buf, ret, 0);
return ret;
+ }
BIO_clear_retry_flags(b);
if (ret == AVERROR_EXIT)
return 0;
--
2.49.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 10+ messages in thread
* [FFmpeg-devel] [PATCH v3 2/9] avformat/tls_openssl: fix dtls_handshake return code
2025-07-13 7:09 [FFmpeg-devel] [PATCH v3 0/9] Fix some issues in tls_openssl Jack Lau
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 1/9] avformat/tls: add trace function for log TLS/DTLS record Jack Lau
@ 2025-07-13 7:09 ` Jack Lau
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 3/9] avformat/tls_openssl: remove all redundant "TLS: " in log with AVClass Jack Lau
` (6 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Jack Lau @ 2025-07-13 7:09 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: Jack Lau
If the handshake is still in progress, dtls_handshake should
return a status code.
init ret=AVERROR(EAGAIN) to match most of FFmpeg code
Signed-off-by: Jack Lau <jacklau1222@qq.com>
---
libavformat/tls_openssl.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index 2777a4f657..25318d5fca 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -673,15 +673,14 @@ static int openssl_dtls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
static int dtls_handshake(URLContext *h)
{
- int ret = 0, r0, r1;
+ int ret = AVERROR(EAGAIN), r0, r1;
TLSContext *p = h->priv_data;
r0 = SSL_do_handshake(p->ssl);
r1 = SSL_get_error(p->ssl, r0);
if (r0 <= 0) {
if (r1 != SSL_ERROR_WANT_READ && r1 != SSL_ERROR_WANT_WRITE && r1 != SSL_ERROR_ZERO_RETURN) {
- av_log(p, AV_LOG_ERROR, "TLS: Read failed, r0=%d, r1=%d %s\n", r0, r1, openssl_get_error(p));
- ret = AVERROR(EIO);
+ ret = print_ssl_error(h, r1);
goto end;
}
} else {
@@ -691,7 +690,7 @@ static int dtls_handshake(URLContext *h)
/* Check whether the DTLS is completed. */
if (SSL_is_init_finished(p->ssl) != 1)
goto end;
-
+ ret = 0;
p->tls_shared.state = DTLS_STATE_FINISHED;
end:
return ret;
--
2.49.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 10+ messages in thread
* [FFmpeg-devel] [PATCH v3 3/9] avformat/tls_openssl: remove all redundant "TLS: " in log with AVClass
2025-07-13 7:09 [FFmpeg-devel] [PATCH v3 0/9] Fix some issues in tls_openssl Jack Lau
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 1/9] avformat/tls: add trace function for log TLS/DTLS record Jack Lau
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 2/9] avformat/tls_openssl: fix dtls_handshake return code Jack Lau
@ 2025-07-13 7:09 ` Jack Lau
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 4/9] avformat/tls_openssl: make tls and dtls use one close function Jack Lau
` (5 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Jack Lau @ 2025-07-13 7:09 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: Jack Lau
Signed-off-by: Jack Lau <jacklau1222@qq.com>
---
libavformat/tls_openssl.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index 25318d5fca..c824c5452b 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -508,7 +508,7 @@ int ff_dtls_export_materials(URLContext *h, char *dtls_srtp_materials, size_t ma
ret = SSL_export_keying_material(c->ssl, dtls_srtp_materials, materials_sz,
dst, strlen(dst), NULL, 0, 0);
if (!ret) {
- av_log(c, AV_LOG_ERROR, "TLS: Failed to export SRTP material, %s\n", openssl_get_error(c));
+ av_log(c, AV_LOG_ERROR, "Failed to export SRTP material, %s\n", openssl_get_error(c));
return -1;
}
return 0;
@@ -684,7 +684,7 @@ static int dtls_handshake(URLContext *h)
goto end;
}
} else {
- av_log(p, AV_LOG_TRACE, "TLS: Read %d bytes, r0=%d, r1=%d\n", r0, r0, r1);
+ av_log(p, AV_LOG_TRACE, "Read %d bytes, r0=%d, r1=%d\n", r0, r0, r1);
}
/* Check whether the DTLS is completed. */
@@ -725,7 +725,7 @@ static av_cold int openssl_init_ca_key_cert(URLContext *h)
return ret;
}
} else if (c->is_dtls){
- av_log(p, AV_LOG_ERROR, "TLS: Init cert failed, %s\n", openssl_get_error(p));
+ av_log(p, AV_LOG_ERROR, "Init cert failed, %s\n", openssl_get_error(p));
ret = AVERROR(EINVAL);
goto fail;
}
@@ -741,12 +741,12 @@ static av_cold int openssl_init_ca_key_cert(URLContext *h)
} else if (c->key_buf) {
p->pkey = pkey = pkey_from_pem_string(c->key_buf, 1);
if (SSL_CTX_use_PrivateKey(p->ctx, pkey) != 1) {
- av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_use_PrivateKey failed, %s\n", openssl_get_error(p));
+ av_log(p, AV_LOG_ERROR, "Init SSL_CTX_use_PrivateKey failed, %s\n", openssl_get_error(p));
ret = AVERROR(EINVAL);
return ret;
}
} else if (c->is_dtls) {
- av_log(p, AV_LOG_ERROR, "TLS: Init pkey failed, %s\n", openssl_get_error(p));
+ av_log(p, AV_LOG_ERROR, "Init pkey failed, %s\n", openssl_get_error(p));
ret = AVERROR(EINVAL);
goto fail;
}
@@ -783,7 +783,7 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
/* For ECDSA, we could set the curves list. */
if (SSL_CTX_set1_curves_list(p->ctx, curves) != 1) {
- av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_set1_curves_list failed, curves=%s, %s\n",
+ av_log(p, AV_LOG_ERROR, "Init SSL_CTX_set1_curves_list failed, curves=%s, %s\n",
curves, openssl_get_error(p));
ret = AVERROR(EINVAL);
return ret;
@@ -794,7 +794,7 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
* ensuring maximum compatibility.
*/
if (SSL_CTX_set_cipher_list(p->ctx, ciphers) != 1) {
- av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_set_cipher_list failed, ciphers=%s, %s\n",
+ av_log(p, AV_LOG_ERROR, "Init SSL_CTX_set_cipher_list failed, ciphers=%s, %s\n",
ciphers, openssl_get_error(p));
ret = AVERROR(EINVAL);
return ret;
@@ -811,7 +811,7 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
SSL_CTX_set_read_ahead(p->ctx, 1);
/* Setup the SRTP context */
if (SSL_CTX_set_tlsext_use_srtp(p->ctx, profiles)) {
- av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_set_tlsext_use_srtp failed, profiles=%s, %s\n",
+ av_log(p, AV_LOG_ERROR, "Init SSL_CTX_set_tlsext_use_srtp failed, profiles=%s, %s\n",
profiles, openssl_get_error(p));
ret = AVERROR(EINVAL);
return ret;
@@ -863,12 +863,12 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
ret = dtls_handshake(h);
// Fatal SSL error, for example, no available suite when peer is DTLS 1.0 while we are DTLS 1.2.
if (ret < 0) {
- av_log(p, AV_LOG_ERROR, "TLS: Failed to drive SSL context, ret=%d\n", ret);
+ av_log(p, AV_LOG_ERROR, "Failed to drive SSL context, ret=%d\n", ret);
return AVERROR(EIO);
}
}
- av_log(p, AV_LOG_VERBOSE, "TLS: Setup ok, MTU=%d\n", p->tls_shared.mtu);
+ av_log(p, AV_LOG_VERBOSE, "Setup ok, MTU=%d\n", p->tls_shared.mtu);
ret = 0;
fail:
--
2.49.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 10+ messages in thread
* [FFmpeg-devel] [PATCH v3 4/9] avformat/tls_openssl: make tls and dtls use one close function
2025-07-13 7:09 [FFmpeg-devel] [PATCH v3 0/9] Fix some issues in tls_openssl Jack Lau
` (2 preceding siblings ...)
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 3/9] avformat/tls_openssl: remove all redundant "TLS: " in log with AVClass Jack Lau
@ 2025-07-13 7:09 ` Jack Lau
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 5/9] avformat/whip: free udp socket after dtls free Jack Lau
` (4 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Jack Lau @ 2025-07-13 7:09 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: Jack Lau
Signed-off-by: Jack Lau <jacklau1222@qq.com>
---
libavformat/tls_openssl.c | 25 +++++++++----------------
1 file changed, 9 insertions(+), 16 deletions(-)
diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index c824c5452b..3ed4585ecf 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -553,9 +553,16 @@ static int tls_close(URLContext *h)
}
if (c->ctx)
SSL_CTX_free(c->ctx);
- ffurl_closep(&c->tls_shared.tcp);
+ if (c->tls_shared.external_sock != 1)
+ ffurl_closep(c->tls_shared.is_dtls ? &c->tls_shared.udp : &c->tls_shared.tcp);
+ if (c->tls_shared.cert_buf)
+ av_freep(&c->tls_shared.cert_buf);
+ if (c->tls_shared.key_buf)
+ av_freep(&c->tls_shared.key_buf);
if (c->url_bio_method)
BIO_meth_free(c->url_bio_method);
+ if (c->pkey)
+ EVP_PKEY_free(c->pkey);
return 0;
}
@@ -875,20 +882,6 @@ fail:
return ret;
}
-/**
- * Cleanup the DTLS context.
- */
-static av_cold int dtls_close(URLContext *h)
-{
- TLSContext *ctx = h->priv_data;
- SSL_free(ctx->ssl);
- SSL_CTX_free(ctx->ctx);
- av_freep(&ctx->tls_shared.cert_buf);
- av_freep(&ctx->tls_shared.key_buf);
- EVP_PKEY_free(ctx->pkey);
- return 0;
-}
-
static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options)
{
TLSContext *p = h->priv_data;
@@ -1032,7 +1025,7 @@ const URLProtocol ff_dtls_protocol = {
.name = "dtls",
.url_open2 = dtls_start,
.url_handshake = dtls_handshake,
- .url_close = dtls_close,
+ .url_close = tls_close,
.url_read = tls_read,
.url_write = tls_write,
.url_get_file_handle = tls_get_file_handle,
--
2.49.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 10+ messages in thread
* [FFmpeg-devel] [PATCH v3 5/9] avformat/whip: free udp socket after dtls free
2025-07-13 7:09 [FFmpeg-devel] [PATCH v3 0/9] Fix some issues in tls_openssl Jack Lau
` (3 preceding siblings ...)
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 4/9] avformat/tls_openssl: make tls and dtls use one close function Jack Lau
@ 2025-07-13 7:09 ` Jack Lau
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 6/9] avformat/tls_openssl: replace 1 to TLS_ST_OK to be more clear Jack Lau
` (3 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Jack Lau @ 2025-07-13 7:09 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: Jack Lau
the SSL_shutdown in tls_close need call the url_bio_bwrite
so we should keep udp still alive
Signed-off-by: Jack Lau <jacklau1222@qq.com>
---
libavformat/whip.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/whip.c b/libavformat/whip.c
index e272254a6f..17a3cd0ea8 100644
--- a/libavformat/whip.c
+++ b/libavformat/whip.c
@@ -1865,12 +1865,12 @@ static av_cold void whip_deinit(AVFormatContext *s)
av_freep(&whip->authorization);
av_freep(&whip->cert_file);
av_freep(&whip->key_file);
- ffurl_closep(&whip->udp);
ff_srtp_free(&whip->srtp_audio_send);
ff_srtp_free(&whip->srtp_video_send);
ff_srtp_free(&whip->srtp_rtcp_send);
ff_srtp_free(&whip->srtp_recv);
ffurl_close(whip->dtls_uc);
+ ffurl_closep(&whip->udp);
}
static int whip_check_bitstream(AVFormatContext *s, AVStream *st, const AVPacket *pkt)
--
2.49.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 10+ messages in thread
* [FFmpeg-devel] [PATCH v3 6/9] avformat/tls_openssl: replace 1 to TLS_ST_OK to be more clear
2025-07-13 7:09 [FFmpeg-devel] [PATCH v3 0/9] Fix some issues in tls_openssl Jack Lau
` (4 preceding siblings ...)
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 5/9] avformat/whip: free udp socket after dtls free Jack Lau
@ 2025-07-13 7:09 ` Jack Lau
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 7/9] avformat/tls_openssl: remove requirement for dtls must init cert and key Jack Lau
` (2 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: Jack Lau @ 2025-07-13 7:09 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: Jack Lau
Signed-off-by: Jack Lau <jacklau1222@qq.com>
---
libavformat/tls_openssl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index 3ed4585ecf..4f950a2fde 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -695,7 +695,7 @@ static int dtls_handshake(URLContext *h)
}
/* Check whether the DTLS is completed. */
- if (SSL_is_init_finished(p->ssl) != 1)
+ if (SSL_is_init_finished(p->ssl) != TLS_ST_OK)
goto end;
ret = 0;
p->tls_shared.state = DTLS_STATE_FINISHED;
--
2.49.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 10+ messages in thread
* [FFmpeg-devel] [PATCH v3 7/9] avformat/tls_openssl: remove requirement for dtls must init cert and key
2025-07-13 7:09 [FFmpeg-devel] [PATCH v3 0/9] Fix some issues in tls_openssl Jack Lau
` (5 preceding siblings ...)
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 6/9] avformat/tls_openssl: replace 1 to TLS_ST_OK to be more clear Jack Lau
@ 2025-07-13 7:09 ` Jack Lau
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 8/9] avformat/tls_openssl: auto set the dest addr when dtls in listen mode Jack Lau
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 9/9] avformat/tls_openssl: init DTLS context with explicit method Jack Lau
8 siblings, 0 replies; 10+ messages in thread
From: Jack Lau @ 2025-07-13 7:09 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: Jack Lau
Signed-off-by: Jack Lau <jacklau1222@qq.com>
---
libavformat/tls_openssl.c | 8 --------
1 file changed, 8 deletions(-)
diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index 4f950a2fde..1c4d114205 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -731,10 +731,6 @@ static av_cold int openssl_init_ca_key_cert(URLContext *h)
ret = AVERROR(EINVAL);
return ret;
}
- } else if (c->is_dtls){
- av_log(p, AV_LOG_ERROR, "Init cert failed, %s\n", openssl_get_error(p));
- ret = AVERROR(EINVAL);
- goto fail;
}
if (c->key_file) {
@@ -752,10 +748,6 @@ static av_cold int openssl_init_ca_key_cert(URLContext *h)
ret = AVERROR(EINVAL);
return ret;
}
- } else if (c->is_dtls) {
- av_log(p, AV_LOG_ERROR, "Init pkey failed, %s\n", openssl_get_error(p));
- ret = AVERROR(EINVAL);
- goto fail;
}
ret = 0;
fail:
--
2.49.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 10+ messages in thread
* [FFmpeg-devel] [PATCH v3 8/9] avformat/tls_openssl: auto set the dest addr when dtls in listen mode
2025-07-13 7:09 [FFmpeg-devel] [PATCH v3 0/9] Fix some issues in tls_openssl Jack Lau
` (6 preceding siblings ...)
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 7/9] avformat/tls_openssl: remove requirement for dtls must init cert and key Jack Lau
@ 2025-07-13 7:09 ` Jack Lau
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 9/9] avformat/tls_openssl: init DTLS context with explicit method Jack Lau
8 siblings, 0 replies; 10+ messages in thread
From: Jack Lau @ 2025-07-13 7:09 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: Jack Lau
Signed-off-by: Jack Lau <jacklau1222@qq.com>
---
libavformat/tls_openssl.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index 1c4d114205..344b152902 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -465,6 +465,8 @@ typedef struct TLSContext {
BIO_METHOD* url_bio_method;
int io_err;
char error_message[256];
+ struct sockaddr_storage dest_addr;
+ socklen_t dest_addr_len;
} TLSContext;
/**
@@ -582,8 +584,19 @@ static int url_bio_destroy(BIO *b)
static int url_bio_bread(BIO *b, char *buf, int len)
{
TLSContext *c = BIO_get_data(b);
+ TLSShared *s = &c->tls_shared;
int ret = ffurl_read(c->tls_shared.is_dtls ? c->tls_shared.udp : c->tls_shared.tcp, buf, len);
if (ret >= 0) {
+ if (!s->external_sock && s->is_dtls && s->listen && !c->dest_addr_len && !c->dest_addr.ss_family) {
+ int r1;
+ ff_udp_get_last_recv_addr(s->udp, &c->dest_addr, &c->dest_addr_len);
+ r1 = ff_udp_set_remote_addr(s->udp, (struct sockaddr*)&c->dest_addr, c->dest_addr_len, 1);
+ if (r1 < 0) {
+ av_log(c, AV_LOG_ERROR, "Failed to set remote addr\n");
+ return r1;
+ }
+ av_log(c, AV_LOG_DEBUG, "Set UDP remote addr successfully\n");
+ }
openssl_state_trace((uint8_t*)buf, ret, 1);
return ret;
}
--
2.49.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 10+ messages in thread
* [FFmpeg-devel] [PATCH v3 9/9] avformat/tls_openssl: init DTLS context with explicit method
2025-07-13 7:09 [FFmpeg-devel] [PATCH v3 0/9] Fix some issues in tls_openssl Jack Lau
` (7 preceding siblings ...)
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 8/9] avformat/tls_openssl: auto set the dest addr when dtls in listen mode Jack Lau
@ 2025-07-13 7:09 ` Jack Lau
8 siblings, 0 replies; 10+ messages in thread
From: Jack Lau @ 2025-07-13 7:09 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: Jack Lau
Signed-off-by: Jack Lau <jacklau1222@qq.com>
---
libavformat/tls_openssl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index 344b152902..4874260b6b 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -787,7 +787,7 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
/* Refer to the test cases regarding these curves in the WebRTC code. */
const char* curves = "X25519:P-256:P-384:P-521";
- p->ctx = SSL_CTX_new(DTLS_method());
+ p->ctx = SSL_CTX_new(c->listen ? DTLS_server_method() : DTLS_client_method());
if (!p->ctx) {
ret = AVERROR(ENOMEM);
goto fail;
--
2.49.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2025-07-13 7:12 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-07-13 7:09 [FFmpeg-devel] [PATCH v3 0/9] Fix some issues in tls_openssl Jack Lau
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 1/9] avformat/tls: add trace function for log TLS/DTLS record Jack Lau
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 2/9] avformat/tls_openssl: fix dtls_handshake return code Jack Lau
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 3/9] avformat/tls_openssl: remove all redundant "TLS: " in log with AVClass Jack Lau
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 4/9] avformat/tls_openssl: make tls and dtls use one close function Jack Lau
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 5/9] avformat/whip: free udp socket after dtls free Jack Lau
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 6/9] avformat/tls_openssl: replace 1 to TLS_ST_OK to be more clear Jack Lau
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 7/9] avformat/tls_openssl: remove requirement for dtls must init cert and key Jack Lau
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 8/9] avformat/tls_openssl: auto set the dest addr when dtls in listen mode Jack Lau
2025-07-13 7:09 ` [FFmpeg-devel] [PATCH v3 9/9] avformat/tls_openssl: init DTLS context with explicit method Jack Lau
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git