Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
 help / color / mirror / Atom feed
From: James Almer <jamrial@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Subject: [FFmpeg-devel] [PATCH] avformat/tls_schannel: add check for Windows 10 only types and defines
Date: Sun, 13 Jul 2025 12:36:32 -0300
Message-ID: <20250713153632.39655-1-jamrial@gmail.com> (raw)

Old Mingw-w64 releases provided by supported distros seemingly don't have them, so
check for them and disable the dtls protocol if unavailable.

Signed-off-by: James Almer <jamrial@gmail.com>
---
 configure                  |  3 +++
 libavformat/tls_schannel.c | 33 +++++++++++++++++++++++++++++++--
 2 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/configure b/configure
index 6df8fa4deb..0735527ed4 100755
--- a/configure
+++ b/configure
@@ -7271,6 +7271,9 @@ enabled schannel &&
     schannel_extralibs="-lsecur32 -lncrypt -lcrypt32" ||
         disable schannel
 
+enabled schannel && check_type "windows.h security.h schnlsp.h" SecPkgContext_KeyingMaterialInfo "-DSECURITY_WIN32 -D_WIN32_WINNT=0x0A00" ||
+    disable dtls_protocol
+
 makeinfo --version > /dev/null 2>&1 && enable makeinfo  || disable makeinfo
 enabled makeinfo \
     && [ 0$(makeinfo --version | grep "texinfo" | sed 's/.*texinfo[^0-9]*\([0-9]*\)\..*/\1/') -ge 5 ] \
diff --git a/libavformat/tls_schannel.c b/libavformat/tls_schannel.c
index da6a284376..28641c5f13 100644
--- a/libavformat/tls_schannel.c
+++ b/libavformat/tls_schannel.c
@@ -20,6 +20,13 @@
 
 /** Based on the CURL SChannel module */
 
+#if !defined(_WIN32_WINNT) || _WIN32_WINNT < 0x0A00
+#undef _WIN32_WINNT
+#define _WIN32_WINNT 0x0A00
+#endif
+
+#include "config_components.h"
+
 #include "libavutil/mem.h"
 #include "avformat.h"
 #include "internal.h"
@@ -634,6 +641,7 @@ int ff_tls_set_external_socket(URLContext *h, URLContext *sock)
 
 int ff_dtls_export_materials(URLContext *h, char *dtls_srtp_materials, size_t materials_sz)
 {
+#if CONFIG_DTLS_PROTOCOL
     TLSContext *c = h->priv_data;
 
     SecPkgContext_KeyingMaterialInfo keying_info = { 0 };
@@ -672,6 +680,9 @@ int ff_dtls_export_materials(URLContext *h, char *dtls_srtp_materials, size_t ma
     }
 
     return 0;
+#else
+    return AVERROR(ENOSYS);
+#endif
 }
 
 int ff_dtls_state(URLContext *h)
@@ -773,7 +784,11 @@ static int tls_shutdown_client(URLContext *h)
                 }
                 FreeContextBuffer(outbuf.pvBuffer);
             }
-        } while(sspi_ret == SEC_I_MESSAGE_FRAGMENT || sspi_ret == SEC_I_CONTINUE_NEEDED);
+        } while(
+#if CONFIG_DTLS_PROTOCOL
+                sspi_ret == SEC_I_MESSAGE_FRAGMENT ||
+#endif
+                sspi_ret == SEC_I_CONTINUE_NEEDED);
 
         av_log(h, AV_LOG_DEBUG, "Close session result: 0x%lx\n", sspi_ret);
 
@@ -928,7 +943,11 @@ static int tls_handshake_loop(URLContext *h, int initial)
         }
 
         /* continue handshake */
-        if (sspi_ret == SEC_I_CONTINUE_NEEDED || sspi_ret == SEC_I_MESSAGE_FRAGMENT || sspi_ret == SEC_E_OK) {
+        if (sspi_ret == SEC_I_CONTINUE_NEEDED ||
+#if CONFIG_DTLS_PROTOCOL
+            sspi_ret == SEC_I_MESSAGE_FRAGMENT ||
+#endif
+            sspi_ret == SEC_E_OK) {
             for (i = 0; i < 3; i++) {
                 if (outbuf[i].BufferType == SECBUFFER_TOKEN && outbuf[i].cbBuffer > 0) {
                     ret = ffurl_write(uc, outbuf[i].pvBuffer, outbuf[i].cbBuffer);
@@ -1080,6 +1099,7 @@ static int tls_handshake(URLContext *h)
     if (ret < 0)
         goto fail;
 
+#if CONFIG_DTLS_PROTOCOL
     if (s->is_dtls && s->mtu > 0) {
         ULONG mtu = s->mtu;
         sspi_ret = SetContextAttributes(&c->ctxt_handle, SECPKG_ATTR_DTLS_MTU, &mtu, sizeof(mtu));
@@ -1090,6 +1110,7 @@ static int tls_handshake(URLContext *h)
         }
         av_log(h, AV_LOG_VERBOSE, "Set DTLS MTU to %d\n", s->mtu);
     }
+#endif
 
     c->connected = 1;
     s->state = DTLS_STATE_FINISHED;
@@ -1136,8 +1157,10 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op
 
         schannel_cred.dwFlags = SCH_CRED_NO_SYSTEM_MAPPER | SCH_CRED_MANUAL_CRED_VALIDATION;
 
+#if CONFIG_DTLS_PROTOCOL
         if (s->is_dtls)
             schannel_cred.grbitEnabledProtocols = SP_PROT_DTLS1_X_SERVER;
+#endif
     } else {
         if (s->verify)
             schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION |
@@ -1147,8 +1170,10 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op
                                     SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
                                     SCH_CRED_IGNORE_REVOCATION_OFFLINE;
 
+#if CONFIG_DTLS_PROTOCOL
         if (s->is_dtls)
             schannel_cred.grbitEnabledProtocols = SP_PROT_DTLS1_X_CLIENT;
+#endif
     }
 
     /* Get credential handle */
@@ -1439,6 +1464,7 @@ static const AVOption options[] = {
     { NULL }
 };
 
+#if CONFIG_TLS_PROTOCOL
 static const AVClass tls_class = {
     .class_name = "tls",
     .item_name  = av_default_item_name,
@@ -1458,7 +1484,9 @@ const URLProtocol ff_tls_protocol = {
     .flags          = URL_PROTOCOL_FLAG_NETWORK,
     .priv_data_class = &tls_class,
 };
+#endif
 
+#if CONFIG_DTLS_PROTOCOL
 static const AVClass dtls_class = {
     .class_name = "dtls",
     .item_name  = av_default_item_name,
@@ -1479,3 +1507,4 @@ const URLProtocol ff_dtls_protocol = {
     .flags          = URL_PROTOCOL_FLAG_NETWORK,
     .priv_data_class = &dtls_class,
 };
+#endif
-- 
2.50.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

             reply	other threads:[~2025-07-13 15:36 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-07-13 15:36 James Almer [this message]
2025-07-13 16:25 ` [FFmpeg-devel] [PATCH v2] " James Almer
2025-07-13 17:37   ` Michael Niedermayer
2025-07-13 19:56     ` [FFmpeg-devel] [PATCH v3] " James Almer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250713153632.39655-1-jamrial@gmail.com \
    --to=jamrial@gmail.com \
    --cc=ffmpeg-devel@ffmpeg.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
		ffmpegdev@gitmailbox.com
	public-inbox-index ffmpegdev

Example config snippet for mirrors.


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git