From patchwork Fri Jan 18 08:46:04 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rodger Combs X-Patchwork-Id: 11790 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 27BFC44E019 for ; Fri, 18 Jan 2019 10:46:24 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 4BF6268AC7B; Fri, 18 Jan 2019 10:46:12 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-io1-f65.google.com (mail-io1-f65.google.com [209.85.166.65]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 6899168AC65 for ; Fri, 18 Jan 2019 10:46:05 +0200 (EET) Received: by mail-io1-f65.google.com with SMTP id t24so10131603ioi.0 for ; Fri, 18 Jan 2019 00:46:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=5KmYVKW2sjiG2TUdjPykyu0gjyAA2JDlH/+fy3xgLdk=; b=dt7yIkIl2rsMJbc7I+NXO69XNG+YgJ3BvBrG5TpfhP40ktwS7kes8Xqh9LLuNSxgCj f0Hl6DLyJGi/NUexFTNoPOz9PeDYYAn2bUf0WIll0rBtudPpWZItDIJny/mfjmMzgZ4V +Z/LVmSnxDXAiCgzE7MoWiq3YX5CEesVDXxx+lYPeTRSeqftGbQjnc8a1aCUyjPH7C5i xr8ZJxEFe5yeI8xO49dLeqYu4sy9uzCgC4uMBZ/RLYJ6uAwFQ9AmyKt/KaJI7M+inM3u vboslV4ELtjf7/O+8YZ/TvRJLPKSaceAc94wZcI9MqMCvfmox9BtlX70rM12fp7DcxYR G93Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=5KmYVKW2sjiG2TUdjPykyu0gjyAA2JDlH/+fy3xgLdk=; b=joyny18mOZdduuQKmL7Y4gktUCbDuE7TbAPockWqQR60MXVOetK7xm418xE86I57y0 w7lGOVSEHqpE36CXJg9oGyJvggadsbYHRJSyKYViWRB9Xiq1s2iaTPxsXGTCzP1QdSMT Nnn/ry/tTJJjxLTyzIv6u0HeMLZpv7UbGzBDwj/EbU8ck+KH2563teIWxMloRR6RmBGB n9KfBipEIW/vmgpZ669pPXXsqSXiECjm+ZG5Sbwnty8j4zvY6yaYzI0as3j3qYUbZfMa f5bsuc4ZszFYeHv6r6BmkKw61e/ZgSTN1jFb+Z/8DyHUSvR7+Kz1dLJNkgiy7YPDUtEo uxPw== X-Gm-Message-State: AJcUukckNgtcgbDlBW5Gg0rAH9bRD5VW24O1WiwU1K2wXRxpEtHLHAN5 EXhZ5UObWMQzG3zeJwn3Xuc6piig X-Google-Smtp-Source: ALg8bN7MadqohrwvT4sBsG2pcUDxH1j8HXD+llVCEddwgkB2oavMsfArL1KxxQvp6+0IjCZ6gzxuRw== X-Received: by 2002:a6b:cf1a:: with SMTP id o26mr10401080ioa.32.1547801179397; Fri, 18 Jan 2019 00:46:19 -0800 (PST) Received: from Rodgers-MBP.localdomain ([71.201.155.37]) by smtp.gmail.com with ESMTPSA id b25sm1477777iot.10.2019.01.18.00.46.18 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 18 Jan 2019 00:46:18 -0800 (PST) From: Rodger Combs To: ffmpeg-devel@ffmpeg.org Date: Fri, 18 Jan 2019 02:46:04 -0600 Message-Id: <20190118084604.82324-5-rodger.combs@gmail.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190118084604.82324-1-rodger.combs@gmail.com> References: <20190118084604.82324-1-rodger.combs@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 5/5] lavf/tls: enable server verification by default when not on mbedtls X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" All other TLS wrappers now have a mechanism to load a system trust store by default, without setting the cafile option. For Secure Transport and Secure Channel, it's the OS. For OpenSSL and libtls, it's a path set at compile-time. For GNUTLS, it's either a path set at compile-time, or the OS trust store (if on macOS, iOS, or Windows). It's possible to configure OpenSSL, GNUTLS, and libtls without a working trust store, but these are broken configurations and I don't have a problem with requiring users with that kind of install to either fix it, or explicitly opt in to insecure behavior. mbedtls doesn't have a default trust store (it's assumed that the application will provide one), so it continues to require the user to pass in a path and enable verification manually. --- libavformat/tls.c | 3 +++ libavformat/tls.h | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/libavformat/tls.c b/libavformat/tls.c index a6dcd3cc96..c564b1252b 100644 --- a/libavformat/tls.c +++ b/libavformat/tls.c @@ -62,6 +62,9 @@ int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AV const char *proxy_path; int use_proxy; + if (c->verify == -1) + c->verify = !c->listen && !CONFIG_MBEDTLS; + set_options(c, uri); if (c->listen) diff --git a/libavformat/tls.h b/libavformat/tls.h index beb19d6d55..bc4ee1c216 100644 --- a/libavformat/tls.h +++ b/libavformat/tls.h @@ -45,7 +45,7 @@ typedef struct TLSShared { #define TLS_COMMON_OPTIONS(pstruct, options_field) \ {"ca_file", "Certificate Authority database file", offsetof(pstruct, options_field . ca_file), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \ {"cafile", "Certificate Authority database file", offsetof(pstruct, options_field . ca_file), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \ - {"tls_verify", "Verify the peer certificate", offsetof(pstruct, options_field . verify), AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \ + {"tls_verify", "Verify the peer certificate", offsetof(pstruct, options_field . verify), AV_OPT_TYPE_BOOL, { .i64 = -1 }, -1, 1, .flags = TLS_OPTFL }, \ {"cert_file", "Certificate file", offsetof(pstruct, options_field . cert_file), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \ {"key_file", "Private key file", offsetof(pstruct, options_field . key_file), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \ {"listen", "Listen for incoming connections", offsetof(pstruct, options_field . listen), AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \