From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id CC5964ADC0 for ; Tue, 21 May 2024 10:31:03 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 95E9468D307; Tue, 21 May 2024 13:31:02 +0300 (EEST) Received: from EUR02-VI1-obe.outbound.protection.outlook.com (mail-vi1eur02olkn2057.outbound.protection.outlook.com [40.92.48.57]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 504D968D2B3 for ; Tue, 21 May 2024 13:30:56 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CxNYmWARx6FdZpAm9pLxRcXKy1avkB6J/wWdgBgggPKM0/dzGEkJnYtNZbKoRCt5+3f6N3e57MXNnKFqQfgmkhrCSxrb2505MLYn9JWFOfX3YnFxyIEk6f/T8dnsuFNGXFTtmV4Mlv3kr0tK6sb0IMS1CGzDEXYimO7AIG0cUVP8zU5c12S1GMMfqd23rCj7apG8eG8QkZQakS7xAlgA2n7oEq5KV98xDyjLkQVQFijBtyTdcKA24YyPeIqjVFpVXU5jaZDrz9NkajsDuzLOGIiGp5tqO0k09Ssfd2q6D6p0CzoKDjMtQy/IMrQadDD/pMgmjhAFETaK2uwJH9ofGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JvYTIXbAvyEDhd1zemWLyBENoS92fbgEAZXLVi0deQg=; b=bevpi3hvJjRY3DIRMNLq1tDvRgGpKL5RTmOtvmYKQXaM8CmWeXX0aAGcuPGeT9BRzvKngXl0jcyiJHcS3rY9yE3T4sKi2gAD+c2m2X6hqcmW4+7hmD77R4Irm5E4hz2iSiGHFSOso18j1XcKwHyC3NYGqwLUnjdOtvTyUiW9vskr7/lJGdBrDnm2rqaZyx0VSL+yGaLZttGlN9lSAhOgSWB7sVQAcoflu4E4NEXmQX0MROrxdZev5ocmWvLtyyi2XACISvw+3NGF/v23J5/RUOaUIbXBI+MoIWm4f85cwpWcMMXxvMDTsVEPfIQ/0lMAAvt5BwIMGfyYaKEzPd7NoA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=LIVE.DE; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JvYTIXbAvyEDhd1zemWLyBENoS92fbgEAZXLVi0deQg=; b=SCQFhYFQmiQ8AqFJmUx5QR4DYLynoiUh7mxsheUbSM7T3UGQjRAGORbo7xXX1rx1ale1B+XzRRkoSAJZiu3ieudtwzdCmeijr9gEd9Ay2QKdndnR29f3BBblMVstic3hdwPFwhvqXhcL1L0vDtJmQ09e3yThlnjZIscRdFj8egOijoqTbuzrd3tF/h3rKZYJkUtJjnHX30ZrdR5/oCL/zW9OqZWzUEPYNUrHce64wcbJs/I77tok9sCYDHAC8WtogrPSLzrQaZwU486vTDZSbRP295eswSSUDFmuFHvHhuCkXPS4iHPdCzcE4+Ptkt2ihn2x7THUtfMGaoc30HNkDg== Received: from DU0PR03MB9567.eurprd03.prod.outlook.com (2603:10a6:10:41f::20) by AM7PR03MB6498.eurprd03.prod.outlook.com (2603:10a6:20b:1c2::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.17; Tue, 21 May 2024 10:15:22 +0000 Received: from DU0PR03MB9567.eurprd03.prod.outlook.com ([fe80::e356:c67a:e5bb:cc8a]) by DU0PR03MB9567.eurprd03.prod.outlook.com ([fe80::e356:c67a:e5bb:cc8a%3]) with mapi id 15.20.7611.016; Tue, 21 May 2024 10:15:22 +0000 Message-ID: Date: Tue, 21 May 2024 12:13:34 +0200 User-Agent: Mozilla Thunderbird To: ffmpeg-devel@ffmpeg.org References: <20240518195354.GD2821752@pb2> Content-Language: en-US, de-DE From: sfan5 In-Reply-To: <20240518195354.GD2821752@pb2> X-TMN: [+SxeGZ0q0yK59rLLLmHyJi7AabHwCzFMYd5kLXwCFlOlhALIgMgNL0DH1Rj4eaIMwnLUmRL2qgs=] X-ClientProxiedBy: FR3P281CA0055.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:4b::18) To DU0PR03MB9567.eurprd03.prod.outlook.com (2603:10a6:10:41f::20) X-Microsoft-Original-Message-ID: <4bbe456b-253b-4bf9-a56c-eaf995a4461c@live.de> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR03MB9567:EE_|AM7PR03MB6498:EE_ X-MS-Office365-Filtering-Correlation-Id: 8476ad10-e4f9-48b2-ff9f-08dc797eec6a X-Microsoft-Antispam: BCL:0;ARA:14566002|461199019|3412199016|440099019; X-Microsoft-Antispam-Message-Info: fy1ULxcTP/+/98vF4oLowzq3uQ1pvh4NBNd4CXw3gwqG0cUz2od8fMrwVRW6PoUhWLvxprdW0YIqGLkmzSDugwiVI7MizDXOYLR6YNADnKI6tETgkFFNqESWSJ/uyOxrvbPIJJUpDcYKTB4aPtSZ/oRJmA9KL0kQtsYhwfit4R10QjppDAS94FtpjZfTmSgPaHE0AXffeKMnjUVzYU0PTMP6jRCowiUUprIlq9hNZaQsMVg3c6gIfv2Vqn9n/v/7u7XG/sA6Mhbl7xYMI8sw0RDrGcFV0TcapidQ/ngsTkgWvsJqx0ZSfeC3vmkFKXH/PI2Jnmiv2jdJpKPRaivgPNz4udhP/nY3g2auoJ78FbYF2dAQLWSKvu9SivaxWqFl41IkuUSeBGZW8VwxBMMd6LDGIIffh1R7VEC7hrasPI/LDr86T3IjKy2qQFwmJsBQizJ5H0jaEFL9cPdtOwAqsFkiHCkAgU71JjI0vMKwsYPbr1ZPt2M2GYmbby2MWB4/y4TDbY10a7VlEE5fwZFS8cit69a+CK5DZ4LFmLH5MMI1o8wuAmTco1Mi5aE2e1pr X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?U3hLV2tsQ2tNN2d5Zlk5SEFQRGd0dko4c3ZyV1I5bDRLcXFVWG51QW5WR0dI?= =?utf-8?B?blA5eTVZSnJDWlkrZDhmbVEzSk5GTTE2S3JIT3NXenRPN204MDM3bHVaS3I1?= =?utf-8?B?Vno1azhEQnYvUGlWR05MVEpKR1QvWStXUVNnWlBNUnZsMmsyTlFvL3NQOG5y?= =?utf-8?B?cEc2MFc4TTloWU1jVytuZEdqRFg0a1dleW14ZzFxSm4yV1pJQ2psV0xuUWpR?= =?utf-8?B?VklLZFd0UnpMcUhKWVF1TTk0aExxUEFhSzhCaWlhUlRyL3pPRlUySW9iRFQ1?= =?utf-8?B?eElkZVhQUDFFS0UrN1F1L1VnWEZuc3dYbkh0MkdMQWtaYU5jb240SzVOK0s0?= =?utf-8?B?aTMwSHRMMFRSa0QxNnllVkhzOU1uU0FKRHJyQkw3dE5OMXBiY1pnejhOS2sz?= =?utf-8?B?NStia1lEcHgrUUloRzArNWtxSGN3RER2Qmo4Z3RScE5yVlhtSTY4ZXNJU2JX?= =?utf-8?B?SkJpSWROcDJBVWQ5Q3NTbjRDL0p0MHdxSndwVGtPWk82ZmlORk1oM3JsL3dL?= =?utf-8?B?M1U0U0lBdjVjQ29URkxBK29hTGdRNHdKemJiL2YzbjVwN3Z2bnE0S2FNdnds?= =?utf-8?B?N3VibnRkRUJjbUIxbTAzalV5aVVwdkFPYlVVUjlyZ292Q3p1QU1tWFZvcVIr?= =?utf-8?B?TG01YjVxV1pYMGZBbEc5SEdabE9xMnhPRUtJZGw2VGcrUkNYbmdQRGRKZXM1?= =?utf-8?B?UW5uN21hQ3R3bHpWTnc2OXkvaUowbjNHRjRZME5uelZMcUNUWFl2YXl2NS9G?= =?utf-8?B?d2liN09LQy9DSFk1TFc5blQ2cVRXL0ZTUnJ1dHJRTUNnU24yRlp6V0JkNTEw?= =?utf-8?B?UytxWVB0djg3azFTOEsxbGVESVhpTkZQb0dHQnorVGhqOUc4cWFRZ2V5VDN4?= =?utf-8?B?Y1U3dXY0cXRIVXU0NzhjcFFuc2Qwc09mVnQvZkdMT1A3YlNIV3FmeDRtVHht?= =?utf-8?B?UDYzaDRkdTlIMEc5NFp0NXlZMFhPMzhLU2dHanFYU0lxQ2NLUXhPTlQ2eTZC?= =?utf-8?B?TDRYUE51djVsUWM2T01EY3h5RWhKV1ZQZ3lERElZbTJtTWJFYVpRODhFem8z?= =?utf-8?B?Y05LZ2dvZHl3aDhEb0dmbStOUU93ZmpIc08yZ0c4UVVvYTRVV05pMjgvbFFp?= =?utf-8?B?OTByUEthY2lyVFJwYmFWZU9melN0YzBrcEJQYmM2NEY4RitERDdMTndLWFhP?= =?utf-8?B?ZnRMd2NlZWtvVU5SZ2hiUjBnK0F3c1VqNTlJZ3dBUWVKTS9MYlQ4d0d1dzdh?= =?utf-8?B?WVllWnVoZTlwcUkwc09GTWYzbFBGTXFrajluTnlLem1sdWFqRXhxOXZHbExX?= =?utf-8?B?VzBUeHV6QjlsSzNJaFIxbEpNUU5xQ0x4VlNaMEdWM1pmR25kdGtoMW9IVmhF?= =?utf-8?B?czRGVFRTM0FmeE1RVEk4UVBDUWdSMkRnUDFFZlExT3h3Skw2Q2VGd09uQXVt?= =?utf-8?B?bFZCYWR3UWhxUmNOR1laRStHVFNZUENTRkZmN1JuMnJ2V20rZkVBeHNKODlz?= =?utf-8?B?eHFycEpjMGozVDJ0bm1nRmFZMUFCcDhWRkdOcG03amdaNzVZY3V5V3ljdEor?= =?utf-8?B?S1lFbFpZL1NqVE5kMjMyblVxbzBqYm9qSGx6VDNnMDg1WkpPMHZUNk41bE5I?= =?utf-8?B?RHp0bGl3eEticEhQV0k4WlVxVk5Pd3NkTU9jWUJmajIyQ3EwZXBBbzEwNVZw?= =?utf-8?B?MDc2elZCTVFHWGllclVOZGZyZ1MzVktZeCtONDRrWlNndkphb0laWUk4Q21n?= =?utf-8?Q?kHWqJYB5bmVM5wTQE0=3D?= X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-76d7b.templateTenant X-MS-Exchange-CrossTenant-Network-Message-Id: 8476ad10-e4f9-48b2-ff9f-08dc797eec6a X-MS-Exchange-CrossTenant-AuthSource: DU0PR03MB9567.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 May 2024 10:15:22.1739 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR03MB6498 Subject: Re: [FFmpeg-devel] [PATCH 4/6] lavf/tls_mbedtls: fix handling of certification validation failures X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Am 18.05.24 um 21:53 schrieb Michael Niedermayer: > On Fri, May 17, 2024 at 10:34:41AM +0200, Sfan5 wrote: >> We manually check the verification status after the handshake has completed >> using mbedtls_ssl_get_verify_result(). However with VERIFY_REQUIRED >> mbedtls_ssl_handshake() already returns an error, so this code is never >> reached. >> Fix that by using VERIFY_OPTIONAL, which performs the verification but >> does not abort the handshake. >> >> Signed-off-by: sfan5 >> --- >> libavformat/tls_mbedtls.c | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c >> index 9508fe3436..67d5c568b9 100644 >> --- a/libavformat/tls_mbedtls.c >> +++ b/libavformat/tls_mbedtls.c >> @@ -263,8 +263,9 @@ static int tls_open(URLContext *h, const char *uri, int >> flags, AVDictionary **op >> goto fail; >> } >> + // not VERIFY_REQUIRED because we manually check after handshake >> mbedtls_ssl_conf_authmode(&tls_ctx->ssl_config, >> - shr->verify ? MBEDTLS_SSL_VERIFY_REQUIRED : >> MBEDTLS_SSL_VERIFY_NONE); >> + shr->verify ? MBEDTLS_SSL_VERIFY_OPTIONAL : >> MBEDTLS_SSL_VERIFY_NONE); >> mbedtls_ssl_conf_rng(&tls_ctx->ssl_config, mbedtls_ctr_drbg_random, >> &tls_ctx->ctr_drbg_context); >> mbedtls_ssl_conf_ca_chain(&tls_ctx->ssl_config, &tls_ctx->ca_cert, >> NULL); > This patch looks corrupted by extra line breaks > > [...] Thanks for pointing that out. It looks like years later Microsoft is still incapable of leaving patches intact... Will send as attachments for v2. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".