From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id A69815013C
	for <ffmpegdev@gitmailbox.com>; Tue,  8 Jul 2025 18:17:08 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 8161268F0A0;
	Tue,  8 Jul 2025 21:17:06 +0300 (EEST)
Received: from mail-ej1-f41.google.com (mail-ej1-f41.google.com
 [209.85.218.41])
 by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 920E368EED4
 for <ffmpeg-devel@ffmpeg.org>; Tue,  8 Jul 2025 21:17:04 +0300 (EEST)
Received: by mail-ej1-f41.google.com with SMTP id
 a640c23a62f3a-ae0d758c3a2so782369466b.2
 for <ffmpeg-devel@ffmpeg.org>; Tue, 08 Jul 2025 11:17:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1751998624; x=1752603424; darn=ffmpeg.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=hSGDJoFZ4FsW/SjP0z7xp82/gImrTzytDT0YtaB3aBQ=;
 b=SD1rhEUTuHSd8cRi4brrvB7tYkz6mpMlovMgnbXXbzT2wcbNHbTyXdSKjBZNCn+0/n
 PrUaP/a6yHc4zhl5Pq8T5VPHGG8/x/lN2Lwpue0rfXt9Qvsl+Ts0MrFj1IMYq+YGgR7t
 mcOk2PbTkEkqFBwGtdpz9Fh2Znc1yjKVlb6vJzYo/0SXCHnBJcErCRKtnulrOy5gmixp
 Wr1RliJOOVZhE+BxEZFByFHcLqc1g9aOxqdi9cqdDQRQwRxf07UTUOzNhT1ZKkWPKA0u
 PbfK5UwxhdrRT4AoeIH5Mzyqso7Qqv7fU/iP0pgaWG+a8KtCRGjymR7URiKuoTYs8dTL
 song==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1751998624; x=1752603424;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=hSGDJoFZ4FsW/SjP0z7xp82/gImrTzytDT0YtaB3aBQ=;
 b=ZcnTZtTUvcsgq/ldb+f00Mx4w+FfbX0F3qW3BE0b2YgFSuVE+HftBO4QU15dbytEPa
 mwBc4BN0YkcE3GwZnBTccrFwjWxztwbWypJ9X20xQEtbeuo4HsrCysE9MdWvQ1emGsby
 6nD+aUfH/E5H7IuLidvP8FwyRARAxHogDzEKoSQR0MmSvOaFDFfOpidum5pdubSgZM7X
 na+BxS3UOcNRtFml+w1VawY68GycrzcZy2yKBKSwpGRk88bNt35rY++G66DapUu3IZmA
 SEdMMEMPPeIDpRKRfENY5SjDKfKkDuTh3LBy8ORfxZUukt0IurXqxVOmz0qqzAo+1I5X
 ekqA==
X-Gm-Message-State: AOJu0YxCN7PnSzbs7r2J18lR4rGio1hX8adKKyrkkgqJ9vZ6o43qlGgf
 6cw0fK2sAeZ0kAVWLPt14Wb6IoQhzmlHH3VoxIpG1F9Ep75dJ6TzWq8NH5ir5Fpr
X-Gm-Gg: ASbGncsteEMLTvQoo/2sNNXO9y068YwgW+aBAM01KExsG/+A6llNPpj5jXwpdzFvT79
 Oxlaa5YVXgyKXyoSCs2tgqbrm0zdiU4qz9iP1bzMsqTNcNrrQRfrQtYrxce5tOV3FG+fa2u/peE
 zUJ0dsDy7qgX1XrNBDAJLr2DDREcSuyJoW0dt3n+AAeLHFUYAsf4CiHYeh6N9CjjrOxpjG4nHPN
 geOLvrm1ngausI+Qt7c9xqrwO3yamltlXVdf4YeWV+h3GF3C8qye3h0EzBEIQ79HUXEYDahTQbC
 gqled840l2+lxv8q/l0v1ZSUhK0LIsxIneUuMHC5rwkx/fiQxuA3oqLIjD7jWLmpJ98BdvGbVb4
 OMjFVJxXFPBdo+RP3eo9ToEPrllqhLUUGTqV6sp+cNS1QVuovjKhlBclSS1t+OQ5aWXaG5O2Dy7
 FigsGs5kSw04M=
X-Google-Smtp-Source: AGHT+IEC4ILKB6EnDb1Ch9Mx6vSBx3B9SC4HEgikO18GfDtlCuC/SHXPf9bry1R5gVqe/Ha46tAwdA==
X-Received: by 2002:a17:907:9404:b0:ae3:ed39:89ba with SMTP id
 a640c23a62f3a-ae6b0b1e8dcmr432374266b.11.1751998623412; 
 Tue, 08 Jul 2025 11:17:03 -0700 (PDT)
Received: from [192.168.178.143]
 (p200301023701fa00258573ace0251429.dip0.t-ipconnect.de.
 [2003:102:3701:fa00:2585:73ac:e025:1429])
 by smtp.gmail.com with ESMTPSA id
 a640c23a62f3a-ae3f66e6f25sm929494066b.20.2025.07.08.11.17.02
 for <ffmpeg-devel@ffmpeg.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 08 Jul 2025 11:17:02 -0700 (PDT)
From: Marvin Scholz <epirat07-at-gmail.com@ffmpeg.org>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Tue, 08 Jul 2025 20:17:02 +0200
X-Mailer: MailMate (2.0r6222)
Message-ID: <E5B3FC2D-B682-4C44-90B6-0E5B5607134C@gmail.com>
In-Reply-To: <aG1gdla6zRenk6kS@phare.normalesup.org>
References: <20250708180617.59679-1-epirat07@gmail.com>
 <aG1gdla6zRenk6kS@phare.normalesup.org>
MIME-Version: 1.0
Subject: Re: [FFmpeg-devel] [PATCH 1/3] avformat/tls_openssl: add host
 verification
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/E5B3FC2D-B682-4C44-90B6-0E5B5607134C@gmail.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>



On 8 Jul 2025, at 20:16, Nicolas George wrote:

> Marvin Scholz (HE12025-07-08):
>> From: Daniel N Pettersson <danielnp@axis.com>
>>
>> Co-Authored-By: Marvin Scholz <epirat07@gmail.com>
>> ---
>>  libavformat/tls_openssl.c | 9 ++++++++-
>>  1 file changed, 8 insertions(+), 1 deletion(-)
>>
>> diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
>> index a0fa3285d5..7614caf089 100644
>> --- a/libavformat/tls_openssl.c
>> +++ b/libavformat/tls_openssl.c
>> @@ -921,8 +921,15 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op
>>      ret = init_bio_method(h);
>>      if (ret < 0)
>>          goto fail;
>> -    if (!c->listen && !c->numerichost)
>> +    if (!c->listen && !c->numerichost) {
>
>> +        if (!SSL_set1_host(p->ssl, c->host)) {
>
> Must be optional.

Can you clarify?

>
>> +            av_log(h, AV_LOG_ERROR, "Failed to set hostname for TLS/SSL verification: %s\n",
>> +                openssl_get_error(p));
>
>> +            ret = AVERROR(EIO);
>
> AVERROR_EXTERNAL
>
>> +            goto fail;
>> +        }
>>          SSL_set_tlsext_host_name(p->ssl, c->host);
>> +    }
>>      ret = c->listen ? SSL_accept(p->ssl) : SSL_connect(p->ssl);
>>      if (ret == 0) {
>>          av_log(h, AV_LOG_ERROR, "Unable to negotiate TLS/SSL session\n");
>
> Regards,
>
> -- 
>   Nicolas George
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".