| Message ID | DU0PR03MB956714B66537A5F9A660223FECF22@DU0PR03MB9567.eurprd03.prod.outlook.com |
|---|---|
| State | New |
| Headers | show |
| Series | [FFmpeg-devel,v2,1/6] lavf/tls_mbedtls: handle more error codes for | expand |
| Context | Check | Description |
|---|---|---|
| yinshiyou/make_loongarch64 | success | Make finished |
| yinshiyou/make_fate_loongarch64 | success | Make fate finished |
| andriy/make_x86 | success | Make finished |
| andriy/make_fate_x86 | success | Make fate finished |
On Wed, May 29, 2024 at 2:05 PM sfan5 <sfan5@live.de> wrote:
>
Did an initial tired look at the set, and in general it looks alright
and the wrapper still builds with Fedora's mbedtls 2.28.8.
(Of course then it fails to link due to unchecked usage of
`mbedtls_x509_crt_{init,free,parse_file}` in tls_mbedtls, as well as
`mbedtls_mpi_copy` in rtmpdh. But this breakage is unrelated to this
patch, as current master does exactly the same)
I'd just probably move the MBEDTLS_ERR_X509_CERT_VERIFY_FAILED logging
diff into the first commit that adds error codes (also probably
"messages" in the commit message there?), as adding that error's
logging really doesn't have anything to do with the verify=0 + TLS 1.3
workaround.
Jan
Am 03.06.24 um 22:08 schrieb Jan Ekström: > On Wed, May 29, 2024 at 2:05 PM sfan5<sfan5@live.de> wrote: > Did an initial tired look at the set, and in general it looks alright > and the wrapper still builds with Fedora's mbedtls 2.28.8. > > (Of course then it fails to link due to unchecked usage of > `mbedtls_x509_crt_{init,free,parse_file}` in tls_mbedtls, as well as > `mbedtls_mpi_copy` in rtmpdh. But this breakage is unrelated to this > patch, as current master does exactly the same) > > I'd just probably move the MBEDTLS_ERR_X509_CERT_VERIFY_FAILED logging > diff into the first commit that adds error codes (also probably > "messages" in the commit message there?), as adding that error's > logging really doesn't have anything to do with the verify=0 + TLS 1.3 > workaround. > > Jan > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". I will move that change to the first commit for v3 as discussed on IRC.
From e8b5b6dee2d29690d1ae18090659120399b84e7c Mon Sep 17 00:00:00 2001 From: sfan5 <sfan5@live.de> Date: Mon, 13 May 2024 20:22:44 +0200 Subject: [PATCH v2 1/6] lavf/tls_mbedtls: handle more error codes for human-readable message Signed-off-by: sfan5 <sfan5@live.de> --- libavformat/tls_mbedtls.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index 1a182e735e..1226e3780b 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -138,6 +138,9 @@ static void handle_handshake_error(URLContext *h, int ret) case MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE: av_log(h, AV_LOG_ERROR, "TLS handshake failed.\n"); break; + case MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION: + av_log(h, AV_LOG_ERROR, "TLS protocol version mismatch.\n"); + break; #endif case MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE: av_log(h, AV_LOG_ERROR, "A fatal alert message was received from the peer, has the peer a correct certificate?\n"); @@ -145,6 +148,9 @@ static void handle_handshake_error(URLContext *h, int ret) case MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED: av_log(h, AV_LOG_ERROR, "No CA chain is set, but required to operate. Was the CA correctly set?\n"); break; + case MBEDTLS_ERR_SSL_INTERNAL_ERROR: + av_log(h, AV_LOG_ERROR, "Internal error encountered.\n"); + break; case MBEDTLS_ERR_NET_CONN_RESET: av_log(h, AV_LOG_ERROR, "TLS handshake was aborted by peer.\n"); break; -- 2.45.1