From patchwork Thu Jan 17 08:57:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rodger Combs X-Patchwork-Id: 11778 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id DAB5044DF70 for ; Thu, 17 Jan 2019 11:05:25 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 091BB68ABA6; Thu, 17 Jan 2019 11:05:14 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-io1-f66.google.com (mail-io1-f66.google.com [209.85.166.66]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id ADC6C68AB93 for ; Thu, 17 Jan 2019 11:05:07 +0200 (EET) Received: by mail-io1-f66.google.com with SMTP id s22so7188983ioc.8 for ; Thu, 17 Jan 2019 01:05:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=r+I433oi21RM3mdQCcRILMDlS8W6wcEgBstst/eq5N8=; b=H3jVLb7Gmw1xepv5yh/nc1fPhB7ue1tn87XLpyTb3dH5qcQTT5kItyagZsO17TSgTH y//qs+RPWmVPH6C/q3GEDGeGlGy2W92UzAmgd9iUzUPo5spmu0cf/PUVvcN5mrs7dj/v zPKJ+/Y56YcoyiljK9Nec2X64p2qYY7G6rp0lRjrpWIxF/jazYTfQIXtKzoMU6fB91aZ e9ZTtGVzmgI1EUuoML5cpERjEkpkbIPbVekPdsZjdGwJPqmR3OKwAWq239I/bc1PCYoZ 7SnQh9MW3XgkS/zw2FfkQRYnNwwiWgSLPRnkV+6t4+Gx/tgACU5gY3GBQnSPA57zk1IO wKjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=r+I433oi21RM3mdQCcRILMDlS8W6wcEgBstst/eq5N8=; b=cgt3irEciDMXEkS5QlSOrzxYmlzq0yhveQjwzBtZh337+vSJ97rk0K757qNm+3j0/0 OoFZsu2lE7Ey9gWtemeOWFCGW5H6RUCliyTaVt/raPztcu0hJ/yHj84yUWvt3lVmoNVD 9gwnT8b+0ZXSLGSYeDS15AsY/4gCUyNpiLl733oZYGZRM9X2J12Q/Vnr9WJpr74HO1Zp 53HS2dkYYcom+Hkg5NucU2MmseuojUZP+v/1MxsNUVTOA17n47757cSv1Ir2fNUmk/1B Jem9dFI1k3H9mkuQ3lxE5BOVQ8bPF6sYKVCC2VQIsJydNybz7RwoZyiKBpVB19orwVFq zsVw== X-Gm-Message-State: AJcUukfDgA3v+JJjSvOnDwDaaQqJpPs9R60ziiAJy0nYWQjdBZrvvyor KF7kOxvaVUtvYwCCvL40zj1GvKrI X-Google-Smtp-Source: ALg8bN7TylJh/fA5V4fInVUk/Z0duS0SroM4WlHKzOXRYoHNd9+NN4hih3LRlaU2dpYeOmh6NeQ5zg== X-Received: by 2002:a5e:9604:: with SMTP id a4mr7341007ioq.123.1547715490442; Thu, 17 Jan 2019 00:58:10 -0800 (PST) Received: from Rodgers-MBP.localdomain ([71.201.155.37]) by smtp.gmail.com with ESMTPSA id w16sm411342ita.38.2019.01.17.00.58.09 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 17 Jan 2019 00:58:09 -0800 (PST) From: Rodger Combs To: ffmpeg-devel@ffmpeg.org Date: Thu, 17 Jan 2019 02:57:13 -0600 Message-Id: <20190117085715.44726-2-rodger.combs@gmail.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190117085715.44726-1-rodger.combs@gmail.com> References: <20190117085715.44726-1-rodger.combs@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 2/4] lavf/tls_openssl: if no CA path is set, use the system default X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" This is consistent with the other TLS wrappers --- libavformat/tls_openssl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c index faa5b8636e..493f43e610 100644 --- a/libavformat/tls_openssl.c +++ b/libavformat/tls_openssl.c @@ -253,6 +253,9 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op if (c->ca_file) { if (!SSL_CTX_load_verify_locations(p->ctx, c->ca_file, NULL)) av_log(h, AV_LOG_ERROR, "SSL_CTX_load_verify_locations %s\n", ERR_error_string(ERR_get_error(), NULL)); + } else { + if (!SSL_CTX_set_default_verify_paths(p->ctx)) + av_log(h, AV_LOG_ERROR, "SSL_CTX_set_default_verify_paths %s\n", ERR_error_string(ERR_get_error(), NULL)); } if (c->cert_file && !SSL_CTX_use_certificate_chain_file(p->ctx, c->cert_file)) { av_log(h, AV_LOG_ERROR, "Unable to load cert file %s: %s\n",