diff mbox series

[FFmpeg-devel,2/4] lavf/tls_openssl: use the system cert store by default

Message ID 20200530035753.30241-2-rcombs@rcombs.me
State New
Headers show
Series [FFmpeg-devel,1/4] lavf/tls_openssl: add support for verifying the server hostname on >=1.1.0
Related show

Checks

Context Check Description
andriy/default pending
andriy/make success Make finished
andriy/make_fate success Make fate finished

Commit Message

Ridley Combs May 30, 2020, 3:57 a.m. UTC
---
 libavformat/tls_openssl.c | 3 +++
 1 file changed, 3 insertions(+)
diff mbox series

Patch

diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index d66845cf48..b44dd3136d 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -259,6 +259,9 @@  static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op
     if (c->ca_file) {
         if (!SSL_CTX_load_verify_locations(p->ctx, c->ca_file, NULL))
             av_log(h, AV_LOG_ERROR, "SSL_CTX_load_verify_locations %s\n", ERR_error_string(ERR_get_error(), NULL));
+    } else {
+        if (!SSL_CTX_set_default_verify_paths(p->ctx))
+            av_log(h, AV_LOG_ERROR, "SSL_CTX_set_default_verify_paths %s\n", ERR_error_string(ERR_get_error(), NULL));
     }
     if (c->cert_file && !SSL_CTX_use_certificate_chain_file(p->ctx, c->cert_file)) {
         av_log(h, AV_LOG_ERROR, "Unable to load cert file %s: %s\n",