From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id E222849644 for ; Fri, 17 May 2024 08:36:31 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 15EA468D3DC; Fri, 17 May 2024 11:36:16 +0300 (EEST) Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04olkn2105.outbound.protection.outlook.com [40.92.75.105]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 1FBB668D39C for ; Fri, 17 May 2024 11:36:10 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=J5er0RG9hvWrbn/ZzA/B1oWWLkyLkOvzoxsUvTcYOm264Qpsamym47umoxw5j5dlv6tYhJCmsoWiasnVi0yzptxCWKAHXg1I0mmQL/DDmxYRZep39Zh4XrXglG3zPFewp/flz0vHhcdxPbazDqAKaicbK7skhJqOoJQ+zqpfv0bvcZf74hTK2R1pP5FGJjNCDTIlNdpV9mC8V35WebvtMDS/+wsjD8uNin2kkC3ENr5poHVjqOZpSv12A4F9479Yh9j5/c3tm6CY0zsOGA3wXOPBWwsEJVNRMegGCuk573Jx9rI+STMxT8cFQ/n4b/QCtHuMYSdAlgQPN8eznZC2uw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=x2rvQiM03EFeaosMAVURg+nzzrrXukq+5I0H4HbU2lg=; b=mmVrI82G6t39BJweBDH563HMH+W2pSuQzJBRs8Ais4acoos2/dhcJubw7hxtxFxZ+ch/NYtKn0AWDatmCspvI4cwa/NWQJzBf6YEL+JWgsTDLs9zNcdBhK3lzYPOkiQJjOxMX6zuRM+RtVBWN52hcwFTJaA1J5oOhjeAVoU2GRXDiSy9bukykagARXA0rhLloKjGTzKklvaH/RqLT1fCn0kXt+w3cbZK5GpuE239B3XfaDB/e0Q8huMqvT/cWyc4Qo1vJB6OGigxbWZQFTecIursGaCRSKuC85xZKJCZmhsjhhv9+iQiNftypW4W6ZYjRj+BudhR5kMy2yJ5zzNtPw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=LIVE.DE; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=x2rvQiM03EFeaosMAVURg+nzzrrXukq+5I0H4HbU2lg=; b=daIRKSE/xJGFbXp4zF0doKgtMhiD3IA+KdDLu8VKp4at9p5MGk2q2lUygzKfQ4iGoR1orYEHFOV7s7HzrRVPRsXI/EJ8w4+c9VzlvDaWyTUzg2Ok8IE6br6nnw7dZzYLfgxVu0zh7AWVc711HUfAizFSytH6x5twCCmsNK1UeesnFwtLRiv+PNLyXcb99okmLd85EhOGZRSQ1ucHCkIhOaOpbDzbiXYa9Rgjt5I/5RiyysfS6gPM4nGKUd5r2raPpF/mO6rcUhOp5UlNo+TfFGpHSlfjmBzHuRyxAHbGN8c0hlQbfqCWqSo840SXb9h1Le0xHnvOwWL9nSfG5ZXX8A== Received: from DU0PR03MB9567.eurprd03.prod.outlook.com (2603:10a6:10:41f::20) by PR3PR03MB6442.eurprd03.prod.outlook.com (2603:10a6:102:70::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.12; Fri, 17 May 2024 08:35:54 +0000 Received: from DU0PR03MB9567.eurprd03.prod.outlook.com ([fe80::11d1:a48f:e0be:fc9f]) by DU0PR03MB9567.eurprd03.prod.outlook.com ([fe80::11d1:a48f:e0be:fc9f%5]) with mapi id 15.20.7544.041; Fri, 17 May 2024 08:35:54 +0000 Message-ID: Date: Fri, 17 May 2024 10:34:41 +0200 User-Agent: Mozilla Thunderbird From: Sfan5 To: ffmpeg-devel@ffmpeg.org Content-Language: en-US, de-DE X-TMN: [9o33SJAYqmcBd7Yvz6WNtpVZ40HNVaP2nK/rX3KRSOSBCqGbP5QI0shyjX/I1UAH6sArgqxvbsc=] X-ClientProxiedBy: FR0P281CA0247.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:af::16) To DU0PR03MB9567.eurprd03.prod.outlook.com (2603:10a6:10:41f::20) X-Microsoft-Original-Message-ID: <0b298aed-96c0-44a8-af22-9119300d2dd6@live.de> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR03MB9567:EE_|PR3PR03MB6442:EE_ X-MS-Office365-Filtering-Correlation-Id: d35ac119-eb6d-4e8a-fa70-08dc764c5db3 X-Microsoft-Antispam: BCL:0;ARA:14566002|461199019|3412199016|440099019; X-Microsoft-Antispam-Message-Info: ekjhYEVW4y1xeFnrNlOq55znxj/QXhYSYivvgPa9UxKHgiLCWYF7XifJ1Byz9oM6s9+Zqay4rgaq2y1OEZW6K3cVb6WRB4hBCkgW15KHM0CtI1q6wgnek1PT8AOmLEqriQrp62aL1h4rCKzFpRhQMoWuX7CFUU9VKTjo13eyXb93HmOhIrjJMvrXjVK6E710ChpWQXPu1JKWzCdKK4jmECfLmP4k4iAJ3wZ7w5rKg8VfW0DvdkZatrW4TqSlWv9B5vwjvlre2HTXSQbW80RHE1oIKnBiWmhyz79Wc16D/hUgZw2HFY2n0Hqu6PxRFi9EgpXSU5McNSBViMjyotj6EbaYnB0m1Zj+OJDNIdmYqtGnmrLlFoWfLA4eZgwaLC0doLsvgI/3Xuq+2QyR1zLqFv2FxuyvYwN7ydT4w4S2db8rPZ3zNlYHnSlN0qtEYeiPzqL4W+9/RJR//ebc/N42ThaF35fS7f2X3DzxP0soo6SDXhMNzFmC00F3bYqnWqphNJvNC7XPycgp5h/kFLIKr+u26FQv0Hyh3NG29PFxKTR9FeDG6wnJsuDPoqkFHQ7+ X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?cDFXcW5aaVNnUzM3cERZQWpVNnFJYm9ud3RsOUV3UHVUS01LMFNCK1JocStV?= =?utf-8?B?bFR0OUpLY005dG1MTC9ySVU5cW8yNkNMajl2T0ZjQ0hXc0orZklKSlhBUWdY?= =?utf-8?B?bDFadi9Da2dvdVRzcmQ5Zi9CRC81d0NuRGp3UHdYQytwUUtwQ2hOT2VkdCtP?= =?utf-8?B?VVZWVU1VTjJFUjZkV3VKUWs3TEU2dlZmb2RuVUR2OTl2ekRIcjBQalFzLzZz?= =?utf-8?B?QXpWcjJSSUhWQ1AxcWg0WXE5K3d4NnVQSHhwOEdaclBqOTViUHphQzZlWmZ4?= =?utf-8?B?OStRT2dlcUhrcVdLVGZ5aWxSYnM2ZXlSWEx0VGtXanRmUlJKSlF4OWZGcGxD?= =?utf-8?B?VWJRQWN4NlFTVFhTY2Z4UG02cGlMMCtyYUpJejEwTS8xUm1hWnJFbUx5RUkx?= =?utf-8?B?YjFOWnRSbUJpaGYyZk01dFUrcldQM2t2eFhQaEwxL2NvbFh2ZC9vVkRMYkEz?= =?utf-8?B?Wk9HV3I3MXkxTUVqbU5JemdTRzZpOHV0LzFlMCtQL3kreUdsVHlnNnFWNkJI?= =?utf-8?B?ZzZxcEo5cFlKV2FDeWFnclN4OFUrVW5SRHEzOHJTSC9vTXdUY2xDaWZTL2pq?= =?utf-8?B?bTd4ZStwUVQ1enlsaHdoMyttdFpNVGZmaktDKzhCQy81SVYyaTBFSDcvSjBx?= =?utf-8?B?QjFkTWMyV0pzSk1RTmxORlRyK1Rvb3duSVp2VjUzMWtEL1dZbjZkcHNNMUc4?= =?utf-8?B?UjhCSGM0VmJEb3orZVBzM2lRUmxLU21vaGlnaTgwenlLUXo3Y3FUdkVIYnVp?= =?utf-8?B?QlBZUnhqWXVqNE9PUUxIK1JjbFBCQjAyeDZIOHovY3EwUGRTbFdydkNYempo?= =?utf-8?B?VjRISXBDVFV0R21MMERkYjkvOHN3OHo4bENiNEZlRjBORFc4bmVZdnNBOTNC?= =?utf-8?B?WDBmTmR1cTRwaHIveTVwTzlHd0JWM0crK1Z4cHFrY3RRQmJFRXkvNFFTNWZk?= =?utf-8?B?TGRKd0Z1UUdtNGhrWi9zTzkyRXFKT0xWZUtDMUdmbjBkMFFtT2p0YkFvWllL?= =?utf-8?B?YnBkU096NHhVME94V3JJQkZyMGkrTUtBSUkxZ2ZUYk41QlpmTFdPcXo2OEFi?= =?utf-8?B?Rk80R3M5WDVEdktYbmI1cGNMVFlZQ1JJLyt3MFhBdmxKRWt5aWJaaU0rYjgw?= =?utf-8?B?eWN6bHdUVHdLeEVnbkY5NTJBYWwvQ2krMXVUS2IxWXBwV0VIWTY5Z0xGY0Nl?= =?utf-8?B?d09ZdXROU0FqeXVzSkF3T3loL09NemNzMWVqQUhXNzBLNGExN1VFb2ZrTC9n?= =?utf-8?B?endpTmhXMXpZR3BEUytCUVFuTnJwWUtvcThTeGZ4SXpXQk1ZS2pGQkl0bCs5?= =?utf-8?B?TWZDbG1VN3pXWFpqWEl0M2NEZjhpMVhSVWRlY1J6YmRtZ3JPMEtPWFJvNHMx?= =?utf-8?B?ei9IbDhMdHcxd1p6ekJrbVQ0N015eHIrZ2JUNHRXUG5rbXNWYXdoOVpIZ21B?= =?utf-8?B?WnJURExtY1ZISDc2M2NHbHc1WmtFRjBKeTlWTWZjT2lEQ0hlSVVnRk4rMm5h?= =?utf-8?B?NDhnNWVDRUxCK3c4S3ZNbWo2WXdJQ09iMTZnM3IycVFSdkgrUzRoN0NjVEFm?= =?utf-8?B?RThIOWZjNUdweGt2b3I4S1h1a2VMZHpTa3JaRTMxbTB4ZFg2dG5SOUhVajZo?= =?utf-8?B?NTVZTzNJbTEwZU5RcnNiMWFodG90Uks4bkJWUU8yL1IvL3Jlb3JwWnBHcVBO?= =?utf-8?B?dEk1M3FTeUM5bTZnYjN3d29oa2RUMFZlRE4ydUhlampSTXZMbGpqZ2FPTjEw?= =?utf-8?Q?3L1yiMnxkdguUkamwE=3D?= X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-76d7b.templateTenant X-MS-Exchange-CrossTenant-Network-Message-Id: d35ac119-eb6d-4e8a-fa70-08dc764c5db3 X-MS-Exchange-CrossTenant-AuthSource: DU0PR03MB9567.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 May 2024 08:35:54.3595 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR03MB6442 Subject: [FFmpeg-devel] [PATCH 4/6] lavf/tls_mbedtls: fix handling of certification validation failures X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: We manually check the verification status after the handshake has completed using mbedtls_ssl_get_verify_result(). However with VERIFY_REQUIRED mbedtls_ssl_handshake() already returns an error, so this code is never reached. Fix that by using VERIFY_OPTIONAL, which performs the verification but does not abort the handshake. Signed-off-by: sfan5 --- libavformat/tls_mbedtls.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index 9508fe3436..67d5c568b9 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -263,8 +263,9 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op goto fail; } + // not VERIFY_REQUIRED because we manually check after handshake mbedtls_ssl_conf_authmode(&tls_ctx->ssl_config, - shr->verify ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE); + shr->verify ? MBEDTLS_SSL_VERIFY_OPTIONAL : MBEDTLS_SSL_VERIFY_NONE); mbedtls_ssl_conf_rng(&tls_ctx->ssl_config, mbedtls_ctr_drbg_random, &tls_ctx->ctr_drbg_context); mbedtls_ssl_conf_ca_chain(&tls_ctx->ssl_config, &tls_ctx->ca_cert, NULL); -- 2.45.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".