From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id D75494B6C9 for ; Tue, 11 Jun 2024 16:17:13 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 8084E68D874; Tue, 11 Jun 2024 19:17:10 +0300 (EEST) Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01olkn2107.outbound.protection.outlook.com [40.92.65.107]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 15B2768D84A for ; Tue, 11 Jun 2024 19:17:04 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Im2w6Jv3R6ZDVgT8Muyo9t8HGo0jiDFCWEFsk/H+qVFbHs4DYaS6cMgBrzauB7DTiFvdaXtp7d5+jCh9M248WRqUkPJnKK9QZ8tdr3FrmF5DRyS7V6cPjHxMWOV3xH/iKD+szqfTUXE4pPWhOUsDgSrxCiFPuSG5xDMyN1CltEv4mnr2KrFdrXN/tX08ADKgwYByWv1YL541Q1WtYSdc5pxR+9mA5WDDPoM/nBAjYCEW+lFlHrm8tL2Eo7jjh/BY7cJCYd3pIFisi9HDIWp9VD/7AGJm6yI9NPpcq93s2zHDLR5vWmykS6cUCA/oTz4/3LESguJd5ahjmVy6G9blhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ATotyrBm3EV4pH0DXohG8rHV2jrHcq8sTjIskP03TGM=; b=fU6gP3d5i74yEld6XvXD8AgQtcTK8axMD7E6O3z3pxWtj6SSWo75r7nSADTrIu+Syp8vf6KTCl1GWHG0pJuoRRmtwSRQq24HN0Vpbb5u5Dzk8h7uvYv/7h+U73FcocJNXbDCjl0SS2hG3YO9Jd7WWPYQ3Fyn32DI/lwX9azvgG3gpqOpI2c1tvraVS+m8kfDAtKss/992htfxrIL6/TDqR7U9TaHXTNujaueDdrDA19xqC6npHC2LOlh/uXcYDtrmQx/1lTX38B1xZl0bDKDkopLaKwfRP7uEj05tmFuvuzVh0wBfRPUTJjGKahseQfwl0qgSZE4zJv41R7bPhSrwA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=LIVE.DE; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ATotyrBm3EV4pH0DXohG8rHV2jrHcq8sTjIskP03TGM=; b=GEJHVSJqXw5xUBx+xYNY4vcPdL16DV2DjWl/Q53ONGpNMeeIF9k7SWE6dCybGoPxM5t38c8VwF5Q9xYF7GSymXDSzrNlnCY3T1pDOIJD40KSevDWhwyi2NXVhYPQxFz2qrH6gS11SjlQXXj7TkoopmK0YPwzhO4tE3Fn/Es4XO01pQBvRsQT4e7k+3eW1ka1OcRpjag8Sn3KQYwcR0GT1FHavtlIChHykE/PO8RTiFXgh2LjHEAjLuGIBvRdeHNYaTADcSdogpjpsxdkTGGWL8UFn991ICO07EecujhAkg2ikAUsmfY7FUh/bGRP15jEHs6rU5fklkh8z+M2anuGvg== Received: from DU0PR03MB9567.eurprd03.prod.outlook.com (2603:10a6:10:41f::20) by DBAPR03MB6645.eurprd03.prod.outlook.com (2603:10a6:10:17f::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.17; Tue, 11 Jun 2024 16:17:02 +0000 Received: from DU0PR03MB9567.eurprd03.prod.outlook.com ([fe80::e356:c67a:e5bb:cc8a]) by DU0PR03MB9567.eurprd03.prod.outlook.com ([fe80::e356:c67a:e5bb:cc8a%3]) with mapi id 15.20.7677.018; Tue, 11 Jun 2024 16:16:58 +0000 Message-ID: Date: Tue, 11 Jun 2024 18:17:00 +0200 User-Agent: Mozilla Thunderbird To: ffmpeg-devel@ffmpeg.org References: <171811817188.28895.14156769467014850780@lain.khirnov.net> Content-Language: en-US, de-DE From: sfan5 In-Reply-To: <171811817188.28895.14156769467014850780@lain.khirnov.net> X-TMN: [4/mgRtUYuf4Om1igIPv32dqsNVWOvv5P3CpT/iBDEs7k0L8e+A+sUQIX+miLj7K+F77fOv925Lw=] X-ClientProxiedBy: FR5P281CA0060.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f0::18) To DU0PR03MB9567.eurprd03.prod.outlook.com (2603:10a6:10:41f::20) X-Microsoft-Original-Message-ID: <85bca316-667c-498d-bc9a-7b771dcf3a6a@live.de> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR03MB9567:EE_|DBAPR03MB6645:EE_ X-MS-Office365-Filtering-Correlation-Id: 7d166bd3-5d4d-448a-b282-08dc8a31eac1 X-Microsoft-Antispam: BCL:0; ARA:14566002|461199020|3412199017|1602099004|440099020; X-Microsoft-Antispam-Message-Info: DojxTNlPvxegkivH3DRnZHy/hi9JUX0i0jMmCdHn7httSs0HwCOdWXqe5KwlFwVzOCupnz9e4qKYcCgtJZIrsM96ud9iDdehZ8Af3GNrjzivGch14qErr+DuF56rLzLS7AqxszU4wy7ccR+jYTEaEvrkftuPvwepKkRMljbrOYriqlHjDAqAw/4//XVsyXtMtJorP29jo/J2FgdBhEZ86Ci9hBbmcS4W+7kRlejR1nVpCvetpfGbMaudUdrZum1g0fQZokCVVC0QzQ+vKKQNi1yVIK8N+7ZIdfHe0xt9Nk7epM7ZZfAoFw4A5soDmQmJFuYA2AKqqM685VT2/O1nTENBJKKMoEKaQMjEfZPehnt2PIwOnKDkrCMcPWXYfDUcvD+hGi3p9vlKkFlwmZ6IdOGGQqIr34mCjI39/fgJF1xlyICGMJCkhHK1TvjG7+7/G6UPxA0uu/ENP4g/JL1/w9d3kkrOz4XFf7E3we3Xs0wBnt4JyPwn8Xt6ZsLDbTDj1jTacTX/919SxAXRnkZ7PFbXlAFaa5NjGPjYoHz6iRXZq4bnifSICtOAWw9uuZrFMKEQz9iH4xzjXqPrqky9RZefo9+4Y7vYorOvfZS3+R9ueoKTQ3B+HyAYXaRS5ISIx58XquP1dLhCKFuY35Ci2JA5nqW03JyIJzipu2FMfxk= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?N2UySUtuTjc2a21nc1dzdGxYZXZkR1c4SGNUbks4SC9NODI5YWUrc09Vc3h3?= =?utf-8?B?bFdxTmVyN3dYbnFWYmVXQ0dKQlJma055ZWo3TmZVa1Jsbmh5akx1cHZCaGFv?= =?utf-8?B?cGo2ZTU0aTZ3eWNRMU5XVjkwZDFLZDRwT0NKMVBuNUQrUExXdC9TdzZ0S0VH?= =?utf-8?B?V200Tm1GbHlnVER3R21ERE16VVJ0S01LMmJaYklILzlZN3J6cEhiRUtZYko3?= =?utf-8?B?R2NyVDljNUZVdDBSTkVZQUV6ZERUbVJFQW4rMkpXYVlKeEFrb1NNSm9sRUVF?= =?utf-8?B?bTkyRGwxTzJlWkdNYjdhVHVFQUdxR0hsZWRKenB5UEdYTFV2bmVqS0RHNHpE?= =?utf-8?B?eEFXbkI0MWZsNFQzNDFMRXlqZmJlNlN2Q2FLMS9XL20ySEtjWm42bDhlaUlN?= =?utf-8?B?OGZneURuSS96WkFpa2FQcklidGgvbldvRnJWeUQ3ZXdtQklXZFhKNnlPOTNO?= =?utf-8?B?dGF6ZDUvVTFEZnZGNFZUcFpWbWNJT0k0c3RyMzVyK1RTM0pxMUxCMGFTeHdS?= =?utf-8?B?dHdXUWJnekw5dGROM0lYTjc3QnRONDZjTG51ZUlRYjY0TkQ0dFhjMDhVSVFW?= =?utf-8?B?MnRtUEdkYm4zWmN1VVc0bm8yNG5kOTVMc2gwdVdtMnBjV1JkR0o4L2xtaEhO?= =?utf-8?B?Z2lUbXZocjRHU29oWE1EZ21WSUhqbGZXUTFkbEpySnI2bDJHZXYrOG5rMUNL?= =?utf-8?B?N0lwbklyNWk3bnU0RTZlYnE3VE9sYnBHa3hjWktEZmpLS3JNWjVJeGhocFlo?= =?utf-8?B?Z1FhVnlMMEJ1MVVhMFJXcDl0UTlTN0Q3dy9yMEF6ZERXQkZDVUFsa21rSWxi?= =?utf-8?B?QStqazErbDRZditSUERXSmJlZlVpZGoxazlibjFNRC9Hck5MM1JBWkJrcTIw?= =?utf-8?B?KzRZb1R2ZEVmY3dDeWwwZ1pNSmpEZ2hOZG4vb09ZSVVwTXZuellYTGg0V1F1?= =?utf-8?B?SzRCRGMzdWpkU0pFZXdsRWIyMzJaZmVtd1dtYnF1T2JEOG0wV2ljdzI0WXpV?= =?utf-8?B?WHczNGpnSG9aWDRCbDJ3QWgyTXN6Rk55b09KeEM1OVJxSHJiMUFxekhzb1RC?= =?utf-8?B?NHJ0V1FZQmFQSWE1M3BaQmhvMkgrdEgwT1JLLzlZa3NVUU40Uk5hOW9hY3Vm?= =?utf-8?B?QkEyV1JoVlJ0UTNGZFpPSndVKys0aFN5dHY0VXBtU1F5aXMxY05jdVVjanNp?= =?utf-8?B?QkpPK3lBb3JzMkhJcWw2VWF0L2ZKOEd4Tm9udjgxZzZiSFJFUmNLeFVRQmhp?= =?utf-8?B?K29iV3hIWHFwaTdOc0hFZFJNWHF0UllOM0RoenNFVFlmWERBRHFqcHhlVTdp?= =?utf-8?B?L253b3N0cU9oMThkVUt2VUZicXBHbEdXcW5pRnAyZllXM1Jlbnl0R0pXYlJI?= =?utf-8?B?dVFlRGJFTUMxSmQyeHNnbHZJN2FudjM1UjdRUE1QRVh0ZVFKSWUvT0ZWcFda?= =?utf-8?B?aFEzK2t4STFhMlVDdHVDTWxCRXVROURDclFxZlpqdzZVZDR1aXI3NElHNUI2?= =?utf-8?B?ZjlJZXZsRjBaWWI1VmJySDkrNjh4SFpYMjdiOVkrTkI5dkhxR3RlcGlxYk5x?= =?utf-8?B?ampLNUlrUWhjak9neDNxSHo3ZlQ1REEySlFQV3g5WGFEcUdNZDRQVHJxZGxa?= =?utf-8?B?RXE0U244WmVZazBxR3VoQnM1bjBycVJxNzdKaExmeXQydTNlM3ZBYngvalNJ?= =?utf-8?B?bURHajA2RS9vSWR2bXB4c2Zldkd5ckFzS1NkNFc4a0M3Z3dvSVNJcHI2NFN0?= =?utf-8?Q?vjcjRlPmorIsbVFxp4=3D?= X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-76d7b.templateTenant X-MS-Exchange-CrossTenant-Network-Message-Id: 7d166bd3-5d4d-448a-b282-08dc8a31eac1 X-MS-Exchange-CrossTenant-AuthSource: DU0PR03MB9567.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Jun 2024 16:16:57.8530 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAPR03MB6645 Subject: Re: [FFmpeg-devel] [PATCH 6/6] lavf/tls_mbedtls: add workaround for TLSv1.3 vs. verify=0 X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Am 11.06.24 um 17:02 schrieb Anton Khirnov: > Quoting Sfan5 (2024-05-17 10:34:50) >> As of mbedTLS 3.6.0 TLSv1.3 is enabled by default and certificate >> verification >> is now mandatory. Our default configuration does not do verification, so >> downgrade to 1.2 in these situations to avoid breaking it. >> >> ref: https://github.com/Mbed-TLS/mbedtls/issues/7075 >> Signed-off-by: sfan5 >> --- > Would it not be simpler to simply set authmode to > MBEDTLS_SSL_VERIFY_OPTIONAL unconditionally, then just disregard the > verification result? > That's the thing and it's exactly as stupid as it sounds: When using TLSv1.3 it will ignore the MBEDTLS_SSL_VERIFY mode entirely. If the verification doesn't pass the handshake fails and you don't get an usable connection. I'm hoping the mbedTLS devs realize at some point how nonviable this is and fix it but as of right now this is the only way to not have ffmpeg "randomly" (depending on if the server speaks TLSv1.3) fail with mbedTLS 3.6.0. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".