[FFmpeg-devel] [PATCH v2 1/6] lavf/tls_mbedtls: handle more error codes for

[FFmpeg-devel] [PATCH v2 1/6] lavf/tls_mbedtls: handle more error codes for

[sfan5]

[-- Attachment #1: v2-0001-lavf-tls_mbedtls-handle-more-error-codes-for-huma.patch --]
[-- Type: text/x-patch, Size: 1542 bytes --]

From e8b5b6dee2d29690d1ae18090659120399b84e7c Mon Sep 17 00:00:00 2001
From: sfan5 <sfan5@live.de>
Date: Mon, 13 May 2024 20:22:44 +0200
Subject: [PATCH v2 1/6] lavf/tls_mbedtls: handle more error codes for
 human-readable message

Signed-off-by: sfan5 <sfan5@live.de>
---
 libavformat/tls_mbedtls.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c
index 1a182e735e..1226e3780b 100644
--- a/libavformat/tls_mbedtls.c
+++ b/libavformat/tls_mbedtls.c
@@ -138,6 +138,9 @@ static void handle_handshake_error(URLContext *h, int ret)
     case MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:
         av_log(h, AV_LOG_ERROR, "TLS handshake failed.\n");
         break;
+    case MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION:
+        av_log(h, AV_LOG_ERROR, "TLS protocol version mismatch.\n");
+        break;
 #endif
     case MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE:
         av_log(h, AV_LOG_ERROR, "A fatal alert message was received from the peer, has the peer a correct certificate?\n");
@@ -145,6 +148,9 @@ static void handle_handshake_error(URLContext *h, int ret)
     case MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED:
         av_log(h, AV_LOG_ERROR, "No CA chain is set, but required to operate. Was the CA correctly set?\n");
         break;
+    case MBEDTLS_ERR_SSL_INTERNAL_ERROR:
+        av_log(h, AV_LOG_ERROR, "Internal error encountered.\n");
+        break;
     case MBEDTLS_ERR_NET_CONN_RESET:
         av_log(h, AV_LOG_ERROR, "TLS handshake was aborted by peer.\n");
         break;
-- 
2.45.1


[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH v2 1/6] lavf/tls_mbedtls: handle more error codes for

[Jan Ekström]

On Wed, May 29, 2024 at 2:05 PM sfan5 <sfan5@live.de> wrote:
>

Did an initial tired look at the set, and in general it looks alright
and the wrapper still builds with Fedora's mbedtls 2.28.8.

(Of course then it fails to link due to unchecked usage of
`mbedtls_x509_crt_{init,free,parse_file}` in tls_mbedtls, as well as
`mbedtls_mpi_copy` in rtmpdh. But this breakage is unrelated to this
patch, as current master does exactly the same)

I'd just probably move the MBEDTLS_ERR_X509_CERT_VERIFY_FAILED logging
diff into the first commit that adds error codes (also probably
"messages" in the commit message there?), as adding that error's
logging really doesn't have anything to do with the verify=0 + TLS 1.3
workaround.

Jan
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH v2 1/6] lavf/tls_mbedtls: handle more error codes for

[sfan5]

Am 03.06.24 um 22:08 schrieb Jan Ekström:
> On Wed, May 29, 2024 at 2:05 PM sfan5<sfan5@live.de>  wrote:
> Did an initial tired look at the set, and in general it looks alright
> and the wrapper still builds with Fedora's mbedtls 2.28.8.
>
> (Of course then it fails to link due to unchecked usage of
> `mbedtls_x509_crt_{init,free,parse_file}` in tls_mbedtls, as well as
> `mbedtls_mpi_copy` in rtmpdh. But this breakage is unrelated to this
> patch, as current master does exactly the same)
>
> I'd just probably move the MBEDTLS_ERR_X509_CERT_VERIFY_FAILED logging
> diff into the first commit that adds error codes (also probably
> "messages" in the commit message there?), as adding that error's
> logging really doesn't have anything to do with the verify=0 + TLS 1.3
> workaround.
>
> Jan
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org  with subject "unsubscribe".

I will move that change to the first commit for v3 as discussed on IRC.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".