From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 3408940C8B for ; Wed, 29 Dec 2021 22:12:55 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 10CDC68A6B6; Thu, 30 Dec 2021 00:12:53 +0200 (EET) Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-oln040092067027.outbound.protection.outlook.com [40.92.67.27]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id AF7966808C2 for ; Thu, 30 Dec 2021 00:12:46 +0200 (EET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=D3MQ9DYve/G5AZjXGVshxkgkIkSlW2y4GRQ1SdECO2ov89YHYPpd/voVE4GmgycO6PnKlVQZwMxsBelT7o+/2DlEFOmVd9hc4TjgNhy1WBXT1/UlhiQqezYdPTFcTTNHboxSmJAmTG42S1bXxecLpPWzyJmOpcaN+OMPKUZdJmVAKzcbe8MIUyt7EQ4UzjrrijCsAAu+LhqO1D4sCngJp3UDv8v7iez+uXsxzTBrI7JKhzvsHTtRdK1T90WH8kdyEfpko9kRzjgmi6lM3/MAjRAiCY/v7cWMHzksfghkvbqK+9HNipKcg0en9SdJDm4NhfaRhUsMnZWVTpAQ0Eztug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/PIjVOisc3mHhZNFzaRhoi5RyUK/9pjgToF5KT4o91Y=; b=BWllauho7w/tq83uGfrneh5QNszPZaBQzTCXGtLE0LSMHLXAVUTQkh6Myndw7fHty3DUcQ24rBumSydBP9Thr/Z3lxf+Gbdk4g3SpbmDo5QU4y98N2P6Z/Ua46Dd/0dFu2kry2ErM43PwPJR5rd7Vr1YOIEpodoBlKkeF4XTF/J2RwxYRmTLH7DkEG6fjuCk2xbsV2krJgvRXuUdw0/7jNIfnCZBicgD4qiolZDWEeUiJAp5xVL4dKabbPy7GYkMrHzjA9ZOP+qVPzzxQrkFTI1/u8juhX9otrsw0oF39H/9Zi7SPzUll6613BfNmXgtpb6q0fq81xXj41j+djFG/Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none Received: from DB9PR09MB5212.eurprd09.prod.outlook.com (2603:10a6:10:2ac::13) by DB6PR0902MB2040.eurprd09.prod.outlook.com (2603:10a6:6:a::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4844.14; Wed, 29 Dec 2021 22:12:44 +0000 Received: from DB9PR09MB5212.eurprd09.prod.outlook.com ([fe80::c98b:2cda:4753:a475]) by DB9PR09MB5212.eurprd09.prod.outlook.com ([fe80::c98b:2cda:4753:a475%4]) with mapi id 15.20.4844.013; Wed, 29 Dec 2021 22:12:44 +0000 Message-ID: Date: Wed, 29 Dec 2021 23:12:37 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0 Content-Language: en-US To: ffmpeg-devel@ffmpeg.org References: <164080817914.2375.562798804139035140@lain.red.khirnov.net> From: sfan5 In-Reply-To: <164080817914.2375.562798804139035140@lain.red.khirnov.net> X-TMN: [hc4sM7vwiq8AG3VAhC7Yj72KpjIuBw3xBzHvHyCWEPg=] X-ClientProxiedBy: FR0P281CA0087.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:1e::12) To DB9PR09MB5212.eurprd09.prod.outlook.com (2603:10a6:10:2ac::13) X-Microsoft-Original-Message-ID: <82256cf4-526f-d033-8d66-7f5eca1191d0@live.de> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 34f61b1b-35f7-4ef0-34b2-08d9cb18563a X-MS-TrafficTypeDiagnostic: DB6PR0902MB2040:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 8Lsj6dq1BS8oS2w8Dl9p6Kf6lHZuPVZT73YuGBrsW/CbXHfWePYJsf2OuItgKeFKX+SPRvG2wbUBzCf5Z5cyeTPP6xqLSdC2fSAi1RgDLQLUNnqQWzom8KqKxyJUx0gNczZbBCK0QAYJCBmiRQvQudaqebjWhurAqmNr/+HhfaQjWYi3Z/Q4INZ3bSc69CE5nhaaOELhsPd5F9AGChdxdJPvnXLpL6inUlvkSdV4E1oH9WfYtS9glI/8KK26nJ1wAECVwkJzV3hAEYDyXUDpDkORgeVFyOxXev9HxZ0bPVn0JeKO3fo/oQu4djvgJP9KEb9C2+GLPV6/Sc3RQhJ9qv3FKfIrAObJ+1L0c3nHo1fRQY5GaZC2ai+gY4Zkt75NXIzouX+NYHZ7ktsb8XU9b3oxw0wZTTwTQZ2yHyBgGh+YP5epDMQYNNFSEiym6U1rxN0cYWoSBXL65XUckNdhDKls4wfQ2W+plfRBjareggpwnTWy4DMDDh6+i07/m5hO+dQpZ/o+oRcV/SWYi1rqJ6UuOfTOWXr/+Uhhz1GuLqrYyRnwqXxdbwYbff5k78dwupfDZZWI5XgA4fM/+ZQLhg== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?d2dBZTVyYlJML3k2dUxjRDhtTzVHQkRmamFqa2xuNVh5R3JZV1g0SkVhZUZH?= =?utf-8?B?Z213a2dSYk9HMk93cUpQVnZVOHlSbVRKMlJUN2UyVlRPamhNL2FJUDFSU2hv?= =?utf-8?B?bCs5VGRhUGRrbXpYaXBjVXdic0VIVXFZRUQ2QXdId3pqRS9VYlE2THhDV2Rx?= =?utf-8?B?aGxtSDl2R2JGWFJxL1MzNnM5NXRyTytGbU1vMVoybHpFRVBic2RBTzd0amZC?= =?utf-8?B?eWp3TEVyOFdNNERPZzBiTXhwN2J2RHhLajdtcUpNMjg1Y3pQaG01akpHOFZh?= =?utf-8?B?dHNWWXZoa2k0RTR4T1NmMExvaEdUWDJ3YUlublFKVEd0dzJuMVpPamJqTStU?= =?utf-8?B?VnBseEhIdUo3bnM3Z252R2YxNjZrdERsUHNtUkNyQ0FETEgzWTBZb3hjd3lU?= =?utf-8?B?alZrakwycW1BQy9leUhwaEtjZlVTdGNjd05vanVOcFRzOW5GM29hN244ajRl?= =?utf-8?B?UEVpOGhTRTJEMmNiNWNrdWQ2WTNIK09DWTdTNHpTYTV5SElQRVZnanhPYlBo?= =?utf-8?B?M0RTTWRKckFkbkFyeEdlT0h1ZXFxbzh1ek1XMkZzVEpsK3d2NGpQWC9oQkg1?= =?utf-8?B?aS9zcEpzaTdBK3FraURJNjNsZmU1VSsvb1J5ZHYyTEpJRVhKaFBOMTk5T0xw?= =?utf-8?B?eExtT2dvU1Z6NzhQY2hkakRSSXBTb3NGMHh6aXdsT21QSHZoTVpxMEt4SXZ3?= =?utf-8?B?STB4TStIN3FjelhFWGFNRC9tUlNkTTFrekdSTVBCTTRySGJuRDRKZDNEV1By?= =?utf-8?B?eitNSFhqbUIxa2x5ckpBa1JzLzhGSEUyWm1KQUVFeGRiMU9HdFdaOFN4bTMv?= =?utf-8?B?L3RIRGx2VUYzOE1GL1FBUnMxRHJpU0NXWjZYMWNBOVlGOHFHYkg5djFwZlJQ?= =?utf-8?B?K1c2TUtPcWV1b3lkZWdUQ2RGKzRMMko5WHFKMDVHV0ZqRlVCRnhWNFplSllt?= =?utf-8?B?a0dIODljV1M2enNBOUN4ZE5HOW9XeGp1WXV1dEliMjdRKzhIRHNUSEc1QzhS?= =?utf-8?B?SUJMcmFkWTIyekRBZE45RGw2Z0I4MUZQVUNlT1o0dGJGRm9sc2ovK1hOVFVV?= =?utf-8?B?V05mczZ0dStQQjBHNEQ5N0VST212aGtMUGFTdEpBdUkyaUF0a3dscnlpbWQx?= =?utf-8?B?WE8yYWlaclRldlo3N3NtZHJRUjlZOXQzaXVWbCtiaWZaYlFtU2VZMEpXbyt6?= =?utf-8?B?bFpGeFdoRUFqOWZiMHdhaGx5ejByZ3lpeENsRVhVR0ROYjh4Mi9yV3ViUDNJ?= =?utf-8?B?VWdPcWZscGtQVFZ4Y3hueUpwaUhjM1Ezc21vSEp1NlV4cnA3Zz09?= X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-64da6.templateTenant X-MS-Exchange-CrossTenant-Network-Message-Id: 34f61b1b-35f7-4ef0-34b2-08d9cb18563a X-MS-Exchange-CrossTenant-AuthSource: DB9PR09MB5212.eurprd09.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Dec 2021 22:12:43.9850 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0902MB2040 Subject: Re: [FFmpeg-devel] [PATCH] lavf/tls_mbedtls: fix handling of tls_verify=0 X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On 29.12.2021 at 21:02 Anton Khirnov wrote: > Quoting sfan5 (2021-12-13 21:55:41) >> If ca_file was set, setting tls_verify=0 would not actually disable >> verification. >> >> From 2677353187c4e3c20b50a3f9aab53130e3ead99b Mon Sep 17 00:00:00 2001 >> From: sfan5 >> Date: Mon, 13 Dec 2021 21:35:40 +0100 >> Subject: [PATCH] lavf/tls_mbedtls: fix handling of tls_verify=0 >> >> If ca_file was set, setting tls_verify=0 would not actually disable verification. >> --- >> libavformat/tls_mbedtls.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c >> index aadf17760d..5754d0d018 100644 >> --- a/libavformat/tls_mbedtls.c >> +++ b/libavformat/tls_mbedtls.c >> @@ -223,7 +223,7 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op >> } >> >> mbedtls_ssl_conf_authmode(&tls_ctx->ssl_config, >> - shr->ca_file ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE); >> + shr->verify ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE); >> mbedtls_ssl_conf_rng(&tls_ctx->ssl_config, mbedtls_ctr_drbg_random, &tls_ctx->ctr_drbg_context); >> mbedtls_ssl_conf_ca_chain(&tls_ctx->ssl_config, &tls_ctx->ca_cert, NULL); >> >> -- >> 2.34.1 > What will happen if verify=1, but ca_file is not set? > The verification fails as expected and mbedtls_ssl_handshake returns an error, just tested. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".