From patchwork Thu Jan 17 08:57:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rodger Combs X-Patchwork-Id: 11779 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id BB99144DF70 for ; Thu, 17 Jan 2019 11:05:38 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id E31EE68ABB7; Thu, 17 Jan 2019 11:05:26 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-io1-f67.google.com (mail-io1-f67.google.com [209.85.166.67]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7DA4C68ABAC for ; Thu, 17 Jan 2019 11:05:19 +0200 (EET) Received: by mail-io1-f67.google.com with SMTP id b23so7182785ios.10 for ; Thu, 17 Jan 2019 01:05:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=9smMLa77VeCImG8h1W4fe2e92CPfVd/uRQ/v000qbtU=; b=lpiAB3EJ8PcB1+mPHdomuDgPY1yANetShHgc7nfYYIY5L7rM3Ht/cy6K49H9wWrEBu 3cDj3ju2nodWD5ChvPW9IAL/2mir3OtQQERnZX1p/UMo2ScdUw1wbll0zmd0tUSOvV3O H5zaoxthUV2QAd2m80vRu8pTKt6QmlAA+RnXZDr1uoM/UT3UZgdAYqld+zZdZ7yBjcls laHOQX+zpjw0Ms88vQWKhf45693xJmnFGuC3bx65VFdyD9lmVjrVhLi5oPyyXYeEn9DR be3d5Rfgc7Y8DzHllxVr0Tw91501QyX7U6HQbpsJY0Mqg6pokp6DG1gjj4i1+b1WJ6FE mUPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=9smMLa77VeCImG8h1W4fe2e92CPfVd/uRQ/v000qbtU=; b=ZFpxIAO+kwDbRbWPJ5C7pBY84lSzFSxSdaqc80EkAY4vCUtAipvWNhNUub6ImoPn4g Wq8rMyKMCoZm77UYSp1oCug7aqtos8fLr7Jx6I3VBf5gkWYEHa+b1/gcQaFnV1/v/1/l N5Upnlb7WS5kftxC2VczDtQXTjlZmRg4mpJR8a9L1AZ02yOiIBBD+YLoRBn7v3kLqRG5 xslxkq+puHTgKlerJW9STwlocSUwEob4mCqNxoqUBgHUxuMa8BOoJurtov3BjrWVzCWn jFJPKGmwNRljTKxIK/qfUUA03H10Fs3qbtrq+qi7sh5QSi8EBA/ZUtuRbL0gnUzNNcAE ly3Q== X-Gm-Message-State: AJcUukdvy5hWpAI2m5YQfxWtvWc4QrQDmEQjhdtR+cQd1Ht9HTZ7LBFc 88De9jHPGa+cd1VY4pr872Y/typa X-Google-Smtp-Source: ALg8bN46HFQbkef/gByK5O1wlWKbw/92gOzMWyRgbAEK79I6mVNJxNXVU6bGeRpgnnr8O2sSG49p/w== X-Received: by 2002:a6b:b717:: with SMTP id h23mr6707336iof.14.1547715493651; Thu, 17 Jan 2019 00:58:13 -0800 (PST) Received: from Rodgers-MBP.localdomain ([71.201.155.37]) by smtp.gmail.com with ESMTPSA id w16sm411342ita.38.2019.01.17.00.58.12 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 17 Jan 2019 00:58:12 -0800 (PST) From: Rodger Combs To: ffmpeg-devel@ffmpeg.org Date: Thu, 17 Jan 2019 02:57:15 -0600 Message-Id: <20190117085715.44726-4-rodger.combs@gmail.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190117085715.44726-1-rodger.combs@gmail.com> References: <20190117085715.44726-1-rodger.combs@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 4/4] lavf/tls: enable server verification by default when not on mbedtls X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" All other TLS wrappers now have a mechanism to load a system trust store by default, without setting the cafile option. For Secure Transport and Secure Channel, it's the OS. For OpenSSL and libtls, it's a path set at compile-time. For GNUTLS, it's either a path set at compile-time, or the OS trust store (if on macOS, iOS, or Windows). It's possible to configure OpenSSL, GNUTLS, and libtls without a working trust store, but these are broken configurations and I don't have a problem with requiring users with that kind of install to either fix it, or explicitly opt in to insecure behavior. mbedtls doesn't have a default trust store (it's assumed that the application will provide one), so it continues to require the user to pass in a path and enable verification manually. --- libavformat/tls.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/tls.h b/libavformat/tls.h index beb19d6d55..988085173e 100644 --- a/libavformat/tls.h +++ b/libavformat/tls.h @@ -45,7 +45,7 @@ typedef struct TLSShared { #define TLS_COMMON_OPTIONS(pstruct, options_field) \ {"ca_file", "Certificate Authority database file", offsetof(pstruct, options_field . ca_file), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \ {"cafile", "Certificate Authority database file", offsetof(pstruct, options_field . ca_file), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \ - {"tls_verify", "Verify the peer certificate", offsetof(pstruct, options_field . verify), AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \ + {"tls_verify", "Verify the peer certificate", offsetof(pstruct, options_field . verify), AV_OPT_TYPE_INT, { .i64 = !CONFIG_MBEDTLS }, 0, 1, .flags = TLS_OPTFL }, \ {"cert_file", "Certificate file", offsetof(pstruct, options_field . cert_file), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \ {"key_file", "Private key file", offsetof(pstruct, options_field . key_file), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \ {"listen", "Listen for incoming connections", offsetof(pstruct, options_field . listen), AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \