* Re: [FFmpeg-devel] [PATCH] lavf/tls_mbedtls: fix handling of tls_verify=0 [not found] <DB9PR09MB5212F20AA1CC818151577A11EC749@DB9PR09MB5212.eurprd09.prod.outlook.com> @ 2021-12-27 11:52 ` sfan5 2021-12-29 20:02 ` Anton Khirnov 2021-12-30 17:44 ` Jan Ekström 2 siblings, 0 replies; 5+ messages in thread From: sfan5 @ 2021-12-27 11:52 UTC (permalink / raw) To: FFmpeg development discussions and patches ping. I'll look at getting this pushed in a few days if there are no objections. > If ca_file was set, setting tls_verify=0 would not actually disable > verification. > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [FFmpeg-devel] [PATCH] lavf/tls_mbedtls: fix handling of tls_verify=0 @ 2021-12-29 20:02 ` Anton Khirnov 2021-12-29 22:12 ` sfan5 2021-12-30 11:03 ` Anton Khirnov 0 siblings, 2 replies; 5+ messages in thread From: Anton Khirnov @ 2021-12-29 20:02 UTC (permalink / raw) To: FFmpeg development discussions and patches Quoting sfan5 (2021-12-13 21:55:41) > If ca_file was set, setting tls_verify=0 would not actually disable > verification. > > From 2677353187c4e3c20b50a3f9aab53130e3ead99b Mon Sep 17 00:00:00 2001 > From: sfan5 <sfan5@live.de> > Date: Mon, 13 Dec 2021 21:35:40 +0100 > Subject: [PATCH] lavf/tls_mbedtls: fix handling of tls_verify=0 > > If ca_file was set, setting tls_verify=0 would not actually disable verification. > --- > libavformat/tls_mbedtls.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c > index aadf17760d..5754d0d018 100644 > --- a/libavformat/tls_mbedtls.c > +++ b/libavformat/tls_mbedtls.c > @@ -223,7 +223,7 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op > } > > mbedtls_ssl_conf_authmode(&tls_ctx->ssl_config, > - shr->ca_file ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE); > + shr->verify ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE); > mbedtls_ssl_conf_rng(&tls_ctx->ssl_config, mbedtls_ctr_drbg_random, &tls_ctx->ctr_drbg_context); > mbedtls_ssl_conf_ca_chain(&tls_ctx->ssl_config, &tls_ctx->ca_cert, NULL); > > -- > 2.34.1 What will happen if verify=1, but ca_file is not set? -- Anton Khirnov _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [FFmpeg-devel] [PATCH] lavf/tls_mbedtls: fix handling of tls_verify=0 2021-12-29 20:02 ` Anton Khirnov @ 2021-12-29 22:12 ` sfan5 2021-12-30 11:03 ` Anton Khirnov 1 sibling, 0 replies; 5+ messages in thread From: sfan5 @ 2021-12-29 22:12 UTC (permalink / raw) To: ffmpeg-devel On 29.12.2021 at 21:02 Anton Khirnov wrote: > Quoting sfan5 (2021-12-13 21:55:41) >> If ca_file was set, setting tls_verify=0 would not actually disable >> verification. >> >> From 2677353187c4e3c20b50a3f9aab53130e3ead99b Mon Sep 17 00:00:00 2001 >> From: sfan5 <sfan5@live.de> >> Date: Mon, 13 Dec 2021 21:35:40 +0100 >> Subject: [PATCH] lavf/tls_mbedtls: fix handling of tls_verify=0 >> >> If ca_file was set, setting tls_verify=0 would not actually disable verification. >> --- >> libavformat/tls_mbedtls.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c >> index aadf17760d..5754d0d018 100644 >> --- a/libavformat/tls_mbedtls.c >> +++ b/libavformat/tls_mbedtls.c >> @@ -223,7 +223,7 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op >> } >> >> mbedtls_ssl_conf_authmode(&tls_ctx->ssl_config, >> - shr->ca_file ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE); >> + shr->verify ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE); >> mbedtls_ssl_conf_rng(&tls_ctx->ssl_config, mbedtls_ctr_drbg_random, &tls_ctx->ctr_drbg_context); >> mbedtls_ssl_conf_ca_chain(&tls_ctx->ssl_config, &tls_ctx->ca_cert, NULL); >> >> -- >> 2.34.1 > What will happen if verify=1, but ca_file is not set? > The verification fails as expected and mbedtls_ssl_handshake returns an error, just tested. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [FFmpeg-devel] [PATCH] lavf/tls_mbedtls: fix handling of tls_verify=0 2021-12-29 20:02 ` Anton Khirnov 2021-12-29 22:12 ` sfan5 @ 2021-12-30 11:03 ` Anton Khirnov 1 sibling, 0 replies; 5+ messages in thread From: Anton Khirnov @ 2021-12-30 11:03 UTC (permalink / raw) To: FFmpeg development discussions and patches Quoting sfan5 (2021-12-29 23:12:37) > On 29.12.2021 at 21:02 Anton Khirnov wrote: > > Quoting sfan5 (2021-12-13 21:55:41) > >> If ca_file was set, setting tls_verify=0 would not actually disable > >> verification. > >> > >> From 2677353187c4e3c20b50a3f9aab53130e3ead99b Mon Sep 17 00:00:00 2001 > >> From: sfan5 <sfan5@live.de> > >> Date: Mon, 13 Dec 2021 21:35:40 +0100 > >> Subject: [PATCH] lavf/tls_mbedtls: fix handling of tls_verify=0 > >> > >> If ca_file was set, setting tls_verify=0 would not actually disable verification. > >> --- > >> libavformat/tls_mbedtls.c | 2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > >> > >> diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c > >> index aadf17760d..5754d0d018 100644 > >> --- a/libavformat/tls_mbedtls.c > >> +++ b/libavformat/tls_mbedtls.c > >> @@ -223,7 +223,7 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op > >> } > >> > >> mbedtls_ssl_conf_authmode(&tls_ctx->ssl_config, > >> - shr->ca_file ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE); > >> + shr->verify ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE); > >> mbedtls_ssl_conf_rng(&tls_ctx->ssl_config, mbedtls_ctr_drbg_random, &tls_ctx->ctr_drbg_context); > >> mbedtls_ssl_conf_ca_chain(&tls_ctx->ssl_config, &tls_ctx->ca_cert, NULL); > >> > >> -- > >> 2.34.1 > > What will happen if verify=1, but ca_file is not set? > > > The verification fails as expected and mbedtls_ssl_handshake returns an > error, just tested. Then patch looks good -- Anton Khirnov _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [FFmpeg-devel] [PATCH] lavf/tls_mbedtls: fix handling of tls_verify=0 [not found] <DB9PR09MB5212F20AA1CC818151577A11EC749@DB9PR09MB5212.eurprd09.prod.outlook.com> 2021-12-27 11:52 ` [FFmpeg-devel] [PATCH] lavf/tls_mbedtls: fix handling of tls_verify=0 sfan5 2021-12-29 20:02 ` Anton Khirnov @ 2021-12-30 17:44 ` Jan Ekström 2 siblings, 0 replies; 5+ messages in thread From: Jan Ekström @ 2021-12-30 17:44 UTC (permalink / raw) To: FFmpeg development discussions and patches On Mon, Dec 13, 2021 at 10:55 PM sfan5 <sfan5@live.de> wrote: > > If ca_file was set, setting tls_verify=0 would not actually disable > verification. Applied to master as 65197e9c98f46a79dd02c993cfcb0e70f65878cf . Jan _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-12-30 17:44 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <DB9PR09MB5212F20AA1CC818151577A11EC749@DB9PR09MB5212.eurprd09.prod.outlook.com>
2021-12-27 11:52 ` [FFmpeg-devel] [PATCH] lavf/tls_mbedtls: fix handling of tls_verify=0 sfan5
2021-12-29 20:02 ` Anton Khirnov
2021-12-29 22:12 ` sfan5
2021-12-30 11:03 ` Anton Khirnov
2021-12-30 17:44 ` Jan Ekström
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel This inbox may be cloned and mirrored by anyone: git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \ ffmpegdev@gitmailbox.com public-inbox-index ffmpegdev Example config snippet for mirrors. AGPL code for this site: git clone https://public-inbox.org/public-inbox.git