From patchwork Fri May 17 08:34:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: sfan5 X-Patchwork-Id: 48943 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a21:3a48:b0:1af:fc2d:ff5a with SMTP id zu8csp2735789pzb; Fri, 17 May 2024 01:36:05 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXwbMlyRWTaAOcPROfOYT1KuCErbpskfWCOj566Nor3cqAkUQHliUfYdqJUGWU5fX6a/qkL5NDuMyeL/YNJDjc1B2dHFFbmYVSGIg== X-Google-Smtp-Source: AGHT+IH44vAEu5syHoufyO/RdVpEE/rVGY0L9fULt41fA+TnTX0oWZJcCnh2A8A+gDuCykHl++wA X-Received: by 2002:a50:9e61:0:b0:566:d333:45e8 with SMTP id 4fb4d7f45d1cf-5734d5ce24fmr16409376a12.20.1715934965478; Fri, 17 May 2024 01:36:05 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 4fb4d7f45d1cf-5733c3273bdsi9780623a12.375.2024.05.17.01.36.04; Fri, 17 May 2024 01:36:05 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@LIVE.DE header.s=selector1 header.b=sn5LA0sL; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=live.de Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3D6AC68D352; Fri, 17 May 2024 11:36:01 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04olkn2105.outbound.protection.outlook.com [40.92.75.105]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id CB94868D233 for ; Fri, 17 May 2024 11:35:54 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hA+Vs4hRIQTd5Vqb9w18ReERaBxI8xXLbIYkBGN9ad7uiYa+qxgtfAeiq69DjqNN2sack+FVd1LoFXWbbnptk+VL+3uyoFex2uEeyIlRp7WC70eb2iuRRNQA3F8075uBjfsMkIEYwMRbPZ+cZZQ+PQUXvKwhj1kNkBo33STbZAFnF8+oJxT7P4E0WtKxhU4i2/RLonHd5sZg9qdA6OTH4Zg5LnBMs2O08LiVF6kHICGNJcm2affco2FUNe1tks9wa1d2HQL9rkOJRv6U8qJVTnNsPkIVZEMEfonqQvZvZRNBBwF9Hzfa9e1ZiJdnVqFx4DK3b7n4t1dcGfbqjWhmLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/Bkj5JAj3Dg8E0Ihi/J+/5PzBpY/x07gSURASeF30jM=; b=EhF8aR3mOXmiCRUTXV1BvvLklUNVFXGxFPVN4EOtMaSGZy3aiCHd0HjA2Z866c1VuayO5v6uC75zkv1XHYKTnJsmIgSySXO8qydTdfluSMpDdtnDYzZsnE9T/ZG+VH8TJU1r50XASblr3FWSFtF9FMXZ04sJz0h6q/qbOzkTxHKWEEIQJHTaXNnX0/SQbhTm4xZpbJl2aauRgojnslIr7DkiXJV+TdAXAb4Eqb4rzzsjKpu+vUPIPPdyN+JCJYAj8OF7uY7n/ntNndu73c6pZOMiidGoA/nMrRzjFrwgh3KuJrYFcq45ZYaNt8EeV183TuCejWypji5+CsZ78leCfw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=LIVE.DE; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/Bkj5JAj3Dg8E0Ihi/J+/5PzBpY/x07gSURASeF30jM=; b=sn5LA0sLx65M7VuCoLrpTBdd8h2HpKKdek3/OHn2kOUXFQChfHFbPYtVBRzUfOeIfugyNpNGPlIbIp0ntppr44UiKzpCwzjSQpB64GLmmN7knCyD8ML5gWLAH8fkmYubY6DzHqtmhn6iJtHjzCG1dqx2JkIh4xQBYbbyeaOWE5NwcXH6mIKVjjGmbXqTi+Ov4CmmfjjR5xMXv1Bqr+JM9PSUJpDEQ4tJVIa5hdBwfKMLqyQEB1Wz86aEYvc5qumWXOf/Fj15ls1mP2rjes10UJ8AFlQBwadjA0c5mSiO8IIG/+vy7dF3dX56JJ++7n78BVnAr4pFCpq7JDBVZ00LWg== Received: from DU0PR03MB9567.eurprd03.prod.outlook.com (2603:10a6:10:41f::20) by PR3PR03MB6442.eurprd03.prod.outlook.com (2603:10a6:102:70::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.12; Fri, 17 May 2024 08:35:53 +0000 Received: from DU0PR03MB9567.eurprd03.prod.outlook.com ([fe80::11d1:a48f:e0be:fc9f]) by DU0PR03MB9567.eurprd03.prod.outlook.com ([fe80::11d1:a48f:e0be:fc9f%5]) with mapi id 15.20.7544.041; Fri, 17 May 2024 08:35:53 +0000 Message-ID: Date: Fri, 17 May 2024 10:34:26 +0200 User-Agent: Mozilla Thunderbird From: Sfan5 To: ffmpeg-devel@ffmpeg.org Content-Language: en-US, de-DE X-TMN: [5BX5GkUzGczeip7TYNy2XE3OyXNWOZ3teud/MrTSDxkNWT/As6Yj6CzZ7+kNsFsmmJrFsQj9Og8=] X-ClientProxiedBy: FR0P281CA0247.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:af::16) To DU0PR03MB9567.eurprd03.prod.outlook.com (2603:10a6:10:41f::20) X-Microsoft-Original-Message-ID: <75743d8e-78ef-47c9-bab3-025e77cca4a1@live.de> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR03MB9567:EE_|PR3PR03MB6442:EE_ X-MS-Office365-Filtering-Correlation-Id: a76e742d-0d96-4335-6629-08dc764c5c0c X-Microsoft-Antispam: BCL:0; ARA:14566002|461199019|3430499023|3412199016|440099019; X-Microsoft-Antispam-Message-Info: VP5P3B5Fj25w2eeUTAurca+OqWhXBtwh7ghzZFjds49+hHhsxWN/b2UUoPDbiwY4FP4KKZzXQYWHUvZRX5fucQfZ707DK8BSPPg1VN+bsItWboAQUnlcv3kZvIX3xZPFjM+KLPKcOsYn1bMJpV5llK+p4n+WQez9rMC2RML9Xi9lup5D/MW2SlEl8Ri5iE2X7lQ+1P5DIEMXHyOeWm7iwmza5BZ2p87vPkMA09dWYIuIVblctxrU70/P53dt+XC/NCcm6aA+67ZId0eVQ7dwi7tduzh9U5BTh/uKKWYPyv2vDaPWHNEjWiVJbuMN1nlBRnya/GFG2NHJZKXeiySjqjy88nPq3G8MOXhB/5ltQji6OhwM5VVjFws33mi2lhAWtuvysxJ5vdP75xbhxw32s1SpwpWpDKDOFcYIDbcfv/k3FwuQOH+i954TYTiRi0XrU3VWOPZrmuFpDpdv5gPpBT27ZO05B76Y3n9AdaC3NFGJnGHWF5csuPo+WctvAMp2CHKsHW0S9MSeih5EFEm0j1znBAoccbGOWk3DJpUe8KwASlkLI0NuKF2tTKRCN99j X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?kp6vCFY0b1FBOeETZZbbpioNHVbL?= =?utf-8?q?Gzp/+47CwC2tLG/3hMSE72wwPKx4Y09oeRvcZb75HdD+ReftXYhjyz+Z6sev2H0Ij?= =?utf-8?q?IeNouvu3WpgyoXVWJwsLDKsd+lRrbbK87DeGG2KxQWvrN8oOTTj9zsYKIwy5SL0yD?= =?utf-8?q?9Yu1DwuyfIFNMWc5iDHpXW74z1jkaSVlvYC3OKO3QeYZguzY3FoOEGUvnSuZdo9Su?= =?utf-8?q?534CvEZday4XQi4sUqAC+yIlTYYDeVb+O0+zdY98pIDeY0RTva4cVqAdYlI7vLJs5?= =?utf-8?q?ChKezOirGr8ZgJ4iQtKVPbDPN50vHc7W/Wwfj5w6YClxKaN+MyboVPxbfHRt/8fOb?= =?utf-8?q?AplHA+smEmjzaaB53NAbIm5zGt5OxSo8joL2Yr98woLIEMMeXstqIg8S5fFrFg+jQ?= =?utf-8?q?YQqWo8QBZh3kFJIpHVtsihgJTJzREkvEarRNvRKVZuwBiWTaDawvAHTQPw4Js0Iv8?= =?utf-8?q?JdwHNzpM9NQKoYTmJqSN2dwsyyiYrCkKztIwv/rorURCl+ouoH2/9Sn6Q6Oki9PtY?= =?utf-8?q?hgmH3cclmFyqPEtLFs45Ewjq0TwjlkzfADREOvy8cV1SUV6K9KNmirMid/7Bo/QVN?= =?utf-8?q?SJmYAoknREgzPdPfGS0Rmd/mswrP4Q7VSqpxA1xV2XQKlFkfqvrqDMeyVE+IkNYaS?= =?utf-8?q?m/vJaLZyNPQRa15OKXGkWGF6dwax4TrUHvHxEmeINFQ9PbwawYplansIUN8g2yHbg?= =?utf-8?q?Yhp3QdEpdNWnomevRwLf7xXRXr6RnZy+qHm3O//a/Z69uyF+qjiZhKWQcaalshzjU?= =?utf-8?q?IuBR5FVO62dHAhcbKXYWtveH/Fm65cleOCGk6po8ORZdI4Ku3mxmHNQeN7gSOnvMX?= =?utf-8?q?1VxOcUksYZsSifXpFczxcxoVjGEnhXyMbnOgUTJj6JxZm9RmZNkZjQSiQx9D3iJUG?= =?utf-8?q?zQBOBiTvECDIKJPkrD4ZBRkXMTtAfPttk3DxF9yYO7nWuy02uDXfderIA6/opx9wj?= =?utf-8?q?i+SVYgCsg5heVxm70vyVhvJGxMXtOJKI+r0RTom+/znGz/diTMy4cFayjEoXnTBjA?= =?utf-8?q?xh2sJlaug44gzXyLvNGQSuz0MbTf8rv1ogROIsKnBlHsWGz3nswHwxDxEo3jANgbt?= =?utf-8?q?fIiBpDhX+8gYuwvdpIbDBZIqt/Mwh9JXkTVcLXrAS+g45YncL/ElC0PkOIHlBJoek?= =?utf-8?q?I4eu4Nm30LNazcjtXFjIzsv6yGOpisn/xWTkdA89T08xIXsj/gkTT8c8g7bct0e3p?= =?utf-8?q?ZZMdYCbNzKTDdSDAmYv7vnefF78qXvB1KaR/tBImJL4DSHUohPv69RV0nFgU=3D?= X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-76d7b.templateTenant X-MS-Exchange-CrossTenant-Network-Message-Id: a76e742d-0d96-4335-6629-08dc764c5c0c X-MS-Exchange-CrossTenant-AuthSource: DU0PR03MB9567.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 May 2024 08:35:52.7419 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR03MB6442 Subject: [FFmpeg-devel] [PATCH 1/6] lavf/tls_mbedtls: handle more error codes for human-readable message X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: 9cykHO9mSHCb Signed-off-by: sfan5 --- libavformat/tls_mbedtls.c | 6 ++++++ 1 file changed, 6 insertions(+) av_log(h, AV_LOG_ERROR, "A fatal alert message was received from the peer, has the peer a correct certificate?\n"); @@ -145,6 +148,9 @@ static void handle_handshake_error(URLContext *h, int ret) case MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED: av_log(h, AV_LOG_ERROR, "No CA chain is set, but required to operate. Was the CA correctly set?\n"); break; + case MBEDTLS_ERR_SSL_INTERNAL_ERROR: + av_log(h, AV_LOG_ERROR, "Internal error encountered.\n"); + break; case MBEDTLS_ERR_NET_CONN_RESET: av_log(h, AV_LOG_ERROR, "TLS handshake was aborted by peer.\n"); break; diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index 1a182e735e..fd6ba0b1f5 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -138,6 +138,9 @@ static void handle_handshake_error(URLContext *h, int ret) case MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE: av_log(h, AV_LOG_ERROR, "TLS handshake failed.\n"); break; + case MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION: + av_log(h, AV_LOG_ERROR, "TLS protocol version mismatches.\n"); + break; #endif case MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE: From patchwork Fri May 17 08:34:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: sfan5 X-Patchwork-Id: 48944 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a21:3a48:b0:1af:fc2d:ff5a with SMTP id zu8csp2735855pzb; Fri, 17 May 2024 01:36:16 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVIAGmq8P9HUbQWBOpsAodDPA3MkycCWgYgicwCjRzGIERMgMqzjqQdr3Q+Hk2bhiW6t6b7B2NzHW/IPiCz7FeDIj/0CE09zWL+Pg== X-Google-Smtp-Source: AGHT+IFusblmdfSkNmGm4dhhKfQWoFoujmazGRtLzIHVxwgPV0ad5iJlIFNStt03TX+dsGTNcExP X-Received: by 2002:a50:ab02:0:b0:572:a06e:e406 with SMTP id 4fb4d7f45d1cf-5734d6f6e3cmr14866866a12.33.1715934975967; Fri, 17 May 2024 01:36:15 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 4fb4d7f45d1cf-5733beacff4si9468037a12.21.2024.05.17.01.36.15; Fri, 17 May 2024 01:36:15 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@LIVE.DE header.s=selector1 header.b=pEwZdedc; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=live.de Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 50B4F68D38E; Fri, 17 May 2024 11:36:06 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04olkn2105.outbound.protection.outlook.com [40.92.75.105]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id E4E1C68D36D for ; Fri, 17 May 2024 11:35:59 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Bu0BOGYXl84OqYWXeJKWVi+twxQJ6Kq3XD0/mSP+qdAZHOuqYfFfdmlJQv6aBGhp8HLAyHxf1OjAl2eby2oyXn7423Fu1AO4YrFIAveJByzoGoDJzI4YIyQqis4yC6jnNJloRGe6JJKfZkpGPKojp0AZ3g8OmmmaYbwD2Qx1U9JJU7vDe33Rv8bbd79k44j/Hz2Qc5HHC8YwDxBYgoPj0Hll8GxmTOUMnGTxZyFWRbDpOti/yiF1FJlIwGREwhbDPzbQgJBn3h3eI4C5MsuEF3PqXr/zIxTYeJJG8l6hIyFbMo3ErehdyyeCZOQ6KgcQLbR+LAX1RmVjWR9MqtCudQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PMNI7aF0/QPBE+ZZKfzcM3ti6BaqHq59MKmQU2IqaRE=; b=UVTCXE7ubKiuyS1T2a76ClN5ai5/9mwWJWPlaGVFiSki8B3pbG6oUVYJp8a2zsgNBAfa1B+NnitemsnWN9stiRJjS/KzzmbVWmf3xoGBjrl7Mc1NDKzW3GqFjkoiwYmn+MdC/1xBxxgucFvvA57pPkoMPE6mGChkrbSxIW76tf4hXwbOa0KwehzvL+41qOKDeYXvUG9TtZQkS2/5eLHPMW5+ZtTC8CcXITMusTnbItzr2xwPxJ7+8zuPTBk2vUu8tFfs7b/nq63N7X8zRP8Z/FYWv59uL1e2f7iOXYB9IvMlIXRToIF4x4z+blqYj3NnrscL1Q1FN43mgqkMVEEGfA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=LIVE.DE; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PMNI7aF0/QPBE+ZZKfzcM3ti6BaqHq59MKmQU2IqaRE=; b=pEwZdedclDhcmtEh7DTc27smC1pEtXIkT2YI0upqQZ4UNuxGQVGUp7h+BTSivcgaE/6mj4h4XdDI2BgnEszzdYFYmDZC3b7ZVzj1Y62JRdeb8yitwhuhvJZAArw+a/lqB19aTysp6DcYVSfkrzVUiGuxYWSQVSA9yIhFvr3eJe1blGhHnYLgOcdOf4ibS+MQKAgVWTIXmwJLMn4XIP3uXiypT3Sr4f6tkR+I/na2uudDT0jQw/gh9vL7dhU4OCk3K7k7hSMunUOXONIhzXXJoEMPQWnMCxCaUPb1lXDvvrDxXc7F/acskweNfnSaGPFk+kLfrMrWBSviTDaDXCJQuw== Received: from DU0PR03MB9567.eurprd03.prod.outlook.com (2603:10a6:10:41f::20) by PR3PR03MB6442.eurprd03.prod.outlook.com (2603:10a6:102:70::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.12; Fri, 17 May 2024 08:35:54 +0000 Received: from DU0PR03MB9567.eurprd03.prod.outlook.com ([fe80::11d1:a48f:e0be:fc9f]) by DU0PR03MB9567.eurprd03.prod.outlook.com ([fe80::11d1:a48f:e0be:fc9f%5]) with mapi id 15.20.7544.041; Fri, 17 May 2024 08:35:54 +0000 Message-ID: Date: Fri, 17 May 2024 10:34:30 +0200 User-Agent: Mozilla Thunderbird From: Sfan5 To: ffmpeg-devel@ffmpeg.org Content-Language: en-US, de-DE X-TMN: [esAukPqkkurNs7bS4kX4xjOuQTK5PkSkZLZRRKrIUVRkyVo2uzdbnjY1wQJQ26ZML/MvvEKruQs=] X-ClientProxiedBy: FR0P281CA0247.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:af::16) To DU0PR03MB9567.eurprd03.prod.outlook.com (2603:10a6:10:41f::20) X-Microsoft-Original-Message-ID: <951125ce-b902-469e-9457-5045f7314e74@live.de> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR03MB9567:EE_|PR3PR03MB6442:EE_ X-MS-Office365-Filtering-Correlation-Id: d8643663-75c1-49c7-ddb2-08dc764c5d13 X-Microsoft-Antispam: BCL:0; ARA:14566002|461199019|3430499023|3412199016|440099019; X-Microsoft-Antispam-Message-Info: 7A9vuof7t/6q4OYo6lj0TFucee7uxTh1Itc+Cqbr3mwUe5xCis5Z78TC72DuJQrQDI8oLke1nJo66DXHWRzxsL4KCSNqjOCIFrMY4wopjQwNvI8M6T56lgFDXTIUsEo39D8n0io4+oeEil2DijgZDAwuSO5wwpZHSuW/8L0LdnrlM8cXNjVi+F9cg7tM93WFNJJT3QAeS6WY/+zdIGhXqwMFXf9dcGzG01zQjKWhFl8g+vl79LSm4yEs2nExDzo43uBzwZpWsApTiYoVdERo7gksAoVSuKtjlURzcKTJrLkVaKnnkhNU+LmMYUSf3P7mrUpbR9TSo9TuSA5WcZpa3KpjoDM/O/N1Us7tY8cA1+quid4TGuwlnOP4/eEF1nrbBud1V5RI2OpR3MOUv/s1798MEaD0rlx4OaSaA+z1q8NsPlQ6N5wCdRJNXXBmXqBY3tifbPHFPdB38SNUhmRi1YPN5r5r6vC14l6DElHRDOnxEMTDxU3UAJsv5/p4vZ8HSU7Qp2eNxI7cR7y8A3Mdh7uUsvK9d+ouPhlTyi7HTy3ywnQfQvSxa9MxzTX4Wk1+ X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?cYe3oY98JWqoRHJG+8QDbTTiCL5g?= =?utf-8?q?eYN2QaDIXN/MjioVpVCNNwXBuf/zUWZjYx0xYxOnjh5zsf0barlUcS3DUj3dJPXXD?= =?utf-8?q?IoPATzOqX+wBXyDjRCy7XML3f+H7hVR0uMjzVZk49d8YdQGRKyveeLL12To7UpZXK?= =?utf-8?q?oT/4DRjlcTdMMwVKplCGyNWrnz2OPKjaHofEMXS7kaK5jNADRbGPU9EEDNEVQCEF4?= =?utf-8?q?Xt2vTAmlRqb951KRYVGb3+AMKvrcBQWTru3XhSp0hlfbBzwCXu1Vs7klKDXurJ1t9?= =?utf-8?q?LBfBU/atyFzjUYeE5U3ZUbO6QVD2u6BBLL4QahbN/jZ0QmAlmM/SnrtaJSewlrFh5?= =?utf-8?q?3I/P/joRLGHHsir8Lyo4nK+4kBIwldBmD6wuIUIYXDBqh/K7mdiS6CwJ3CZAXVzcj?= =?utf-8?q?86DzvMysJZO+74A60ZBBhehIOPzydaihPj8MGLh1tqWRpzBAXu1iievN0zhBv8tzP?= =?utf-8?q?Aj8u6aGt7zrUxBu6TCH4HpnOvWERrOkjX0Pq5tOxFDIdeq9m676FunDCs1QNAhDXU?= =?utf-8?q?/WPD/L5Rb8TBsZlG0nAZLdOk9gK5DzaG2/S1jnfVdckglg2eG8gqyngBVpQ8IKBQU?= =?utf-8?q?S8AXmfQ7nk117rPSt/o+d9S5kky68WgsBO9YotovtgzLZSY01P/pV/6slpH43vInm?= =?utf-8?q?yrRwkCxMPTvGnuwOzjVz6tmlsPtIvZnUL3UkYfYuFzpZCbznMZNGyg9iwyvA8E54S?= =?utf-8?q?yPBVLQ+IcmJ+QvnO5OQ+SVP8FZbt6VEWSkLosR/aLNiYTcA/SJH8TpRriuZv0udf8?= =?utf-8?q?MY8C0C/B7V3RUXzeHUIvUE4vVikDYREoc8bOI7kY0Tlrtch4z1xVPoum8vQ6ntQvz?= =?utf-8?q?hF7gQwGkHAqbZxX8W8jjWp+cb+iwvW7oFWBH7SAb8AL0Nf4Y0CuULQwNy1qFKJu7v?= =?utf-8?q?6xCFYh7BzL5jbt9sYfYV1HLZUoH3h8PsYFkhXr0udNfFWmfvvJi9DOkh2cfjsDq2u?= =?utf-8?q?ASUc6eOZ/MUbXsyNc0OFbv8y54HdWLSGRlaS/pPOm06UMEtvxwe9RIovq6Jjw8CHL?= =?utf-8?q?BqM/bj57y6GDjF+at8PJ7NJlD5eKg8E/+UK6B0BFpjU/rChgafJ2i/XxHOf60o9TR?= =?utf-8?q?j/lVCqv32kMJnwn5VVCaJHmVlDaO7Riic8NQ1abykQs+Y62u44+kdG38xLyOsInY5?= =?utf-8?q?ftRv8tFPRqelK04VtkCUdHVH215KNfZNGImT2u+vbS8Fq/bHaJ1aGKxejSBkJFFbS?= =?utf-8?q?O7nFzwoaipdCsgq2ZgNaGhZxKPuEx3ERw6jqiZLHD3nuT9kYR+M6GRq9AXY4=3D?= X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-76d7b.templateTenant X-MS-Exchange-CrossTenant-Network-Message-Id: d8643663-75c1-49c7-ddb2-08dc764c5d13 X-MS-Exchange-CrossTenant-AuthSource: DU0PR03MB9567.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 May 2024 08:35:53.2921 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR03MB6442 Subject: [FFmpeg-devel] [PATCH 2/6] lavf/tls_mbedtls: add missing call to psa_crypto_init X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: z85X9oEbJeUP This is mandatory depending on configuration or at least with mbedTLS 3.6.0. Signed-off-by: sfan5 --- libavformat/tls_mbedtls.c | 10 ++++++++++ 1 file changed, 10 insertions(+) int flags, AVDictionary **op if ((ret = ff_tls_open_underlying(shr, h, uri, options)) < 0) goto fail; +#ifdef MBEDTLS_PSA_CRYPTO_C + if ((ret = psa_crypto_init()) != PSA_SUCCESS) { + av_log(h, AV_LOG_ERROR, "psa_crypto_init returned %d\n", ret); + goto fail; + } +#endif + mbedtls_ssl_init(&tls_ctx->ssl_context); mbedtls_ssl_config_init(&tls_ctx->ssl_config); mbedtls_entropy_init(&tls_ctx->entropy_context); diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index fd6ba0b1f5..24c3afd94c 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -26,6 +26,9 @@ #include #include #include +#ifdef MBEDTLS_PSA_CRYPTO_C +#include +#endif #include "avformat.h" #include "internal.h" @@ -184,6 +187,13 @@ static int tls_open(URLContext *h, const char *uri, From patchwork Fri May 17 08:34:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: sfan5 X-Patchwork-Id: 48945 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a21:3a48:b0:1af:fc2d:ff5a with SMTP id zu8csp2735915pzb; Fri, 17 May 2024 01:36:25 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCX9aI9f1LxnQxsGwo+bavcpAgKZgDkTiLe5lk/c0dirgy1TMXsLYshg4zISp6MG0tBXV1yfOamh6JKKC7d9y8n0+iYYpo07VEy6pw== X-Google-Smtp-Source: AGHT+IFJXxSUlp3x6hoqI1q8GrOG4I64CNybd4SAD5jifSsf2DAmCJSEYekTHNJnGFzkBNwAQ3Tc X-Received: by 2002:a05:6512:401a:b0:522:2990:a034 with SMTP id 2adb3069b0e04-5222990a0dbmr12364103e87.0.1715934985267; Fri, 17 May 2024 01:36:25 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 4fb4d7f45d1cf-5733c36e460si10052244a12.555.2024.05.17.01.36.24; Fri, 17 May 2024 01:36:25 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@LIVE.DE header.s=selector1 header.b="mAEX0qx/"; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=live.de Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id D2E6868D3A1; Fri, 17 May 2024 11:36:11 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04olkn2105.outbound.protection.outlook.com [40.92.75.105]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 07FDF68D390 for ; Fri, 17 May 2024 11:36:05 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EX3KBLiUm1kk7cB/8t10QUMXg9lZNYIdOOMigcOb5sGb6GqekMOvpe910y8GQyJGhJ5JNFaKgQfiazGNnk5PLi5XBIesyCkuSXTGlOOkDfqEd4pn6DNTC0fu3DVB0YRKSzXXOcDBHImg15Cvm8ZwrgTBWiAv5xY5SSIGmesPomXcLe6ZmvS56V1seiERJvbQ+MDmcpUhBwQ5SR4aIqOWAnctfLaRONyBzVfthEls1+uVCOi8qVkIQ1RHnl5ddsdrMc4EoXrQxaXK7opS9RSh4lUheQ6vEXYs/aeMVF0QITK63F6Yzno1GdjcG+OgFm60wHhRRh3+5NKnNtPu9zZ72w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SaahL0qL88rtQY+wZcX9rxkTZYTj3/EqwBsj9Be6QnU=; b=QwiFsLCMJtAgCUe8FW4bopM/sW4zZW8DOhe8RHNcc0Cb86bNIWpU01rNLcjyk5R6dDN6JRcdZHHmO2H+2s2LwVhsRyQOfQbmMu88poo1aUCFVLJ/fa/R6HelRko4+9Nbk1UC1tdA/ZzbUZ9+CGNN4lajliptq1948qPGmrumgudjE5IuS/qVD10EncbivFra7qDfhFg0zrS+U7xv9HDBKYh/QxTB6BwI66+d7B7TxUZNYB7VBHHJQ9T/mdg1odpfceWqiDcegLF+0W+qIqoocoub7D+qxA2GhCg+7bmDbcL3e/a43mWLOkPyPmDSRVejwM0AE2I/huufAjp7D+Cn7Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=LIVE.DE; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SaahL0qL88rtQY+wZcX9rxkTZYTj3/EqwBsj9Be6QnU=; b=mAEX0qx/xloZQxqiPmSHWxBbDcUte9qnje0c/825xaokCffHLJtsbnWDR8Yvew+eM1dNKRppe7RtjyN4OTb0aVhOuWI4ZTLRC5m7HR68oCYdgEUoP8PiV3mFXRaWcaetpvEB5dF8+L8CeQ6xmBfWiQ6FU+q58S6bAIDIQwsBhM7iF46JjXkQ3LegHNADQ7A6dR1qjFktn1F6zCTJNHb6i7yuJVL7OqK4pmmNmlRgDWaeCBuIMbP5nOwrOLBZ16cwjZGH+UXc1Fxvkb0F7pgB9AsHZJxXoPFw8Y8Er7YkgkQjl2BCriLq2KbP/o2e3uT8IBJpzQ2Ub/pBqwyRxsrxIg== Received: from DU0PR03MB9567.eurprd03.prod.outlook.com (2603:10a6:10:41f::20) by PR3PR03MB6442.eurprd03.prod.outlook.com (2603:10a6:102:70::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.12; Fri, 17 May 2024 08:35:54 +0000 Received: from DU0PR03MB9567.eurprd03.prod.outlook.com ([fe80::11d1:a48f:e0be:fc9f]) by DU0PR03MB9567.eurprd03.prod.outlook.com ([fe80::11d1:a48f:e0be:fc9f%5]) with mapi id 15.20.7544.041; Fri, 17 May 2024 08:35:54 +0000 Message-ID: Date: Fri, 17 May 2024 10:34:35 +0200 User-Agent: Mozilla Thunderbird From: Sfan5 To: ffmpeg-devel@ffmpeg.org Content-Language: en-US, de-DE X-TMN: [cg0lfVVMki5KDzFCK5r+fSqMHE8QC4dn07DAflcfT9py/tWpcGAe/XrAVlr8PgA2z74I0I4Mv4Q=] X-ClientProxiedBy: FR0P281CA0247.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:af::16) To DU0PR03MB9567.eurprd03.prod.outlook.com (2603:10a6:10:41f::20) X-Microsoft-Original-Message-ID: <4799ed8d-b108-49b5-abb6-8a75deb959c1@live.de> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR03MB9567:EE_|PR3PR03MB6442:EE_ X-MS-Office365-Filtering-Correlation-Id: 8406ee05-53fa-454f-e64d-08dc764c5d5c X-Microsoft-Antispam: BCL:0; ARA:14566002|461199019|3430499023|3412199016|440099019; X-Microsoft-Antispam-Message-Info: wHQ0A1HFswK9KBfXzNCIa2cKyyO//dGag98Es+eyItpwqUmILDK4SMoNP6us2XM8OxXrymGQXTfPdKaK+YfaxbWuXVsVytTSfI9x03VT5IlbpXLCwvnZN1P5QcrK/EHegxf+FkjbcmQEDPMPYeERPfzhwBjgcCt8JLpsdhbnjljr95nSRMKYRqU0/EkQN3HlldC9ZzB6x3Ip3j3PsJnbQQCfg7gQPHhiN5pYaUgZTO2XaFhHVjZCafISHo1RBDXlGBRF4zBWhtI2RZD2G2KcNNSsJJWAjW+rc0psCn3V17N18NMzc8uqO9NuZfgr8B1Xy1aghd9VkMYcx5x3QBkQKoth2mlXMiC/jBJJG4D1wKYzzHhRQmQsoqQBYR0fVSO1goaU5Cc89Oco9Qspd0iMUjIrRgDBnr/i7sZkJZ/m2Vw38AwOb6AbilAawd5tKSlH/9wEem+m3gv+lTV3X77L0c5Hw6dW76f9OIM1a63VczFDXfBeCOVwUUkcLDTRcu4Eoroj/nL18b1jENKZ4DydvwmeicMV2msLYZj+fa2XFCGp+ftVHi+HMr9G8DkcmikT X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?63l4RO30RZQvdZq+46cQFz5JrBIB?= =?utf-8?q?WfZO3mlf6MzZPr0g0Soqa9UbkgZhBZMS7amSCI0dtgv7OUvLsGFaZBE05jyQNiYJY?= =?utf-8?q?CYNfhR2W0DO/7Hkt8iKTSTj3wZ3c7M4UTOIgMTR2zd6HVr4S9r0Cks+nBibZMiKVB?= =?utf-8?q?T21GO6/A7Pai9pJpqIWD80aVhae4Hq0dk5CE13anOr4mZokil0yN65M1Vi/uFUyvX?= =?utf-8?q?c7WSKRUX3fJiVSWx8Qr9eR0VBxvNqF7cSALlROgkUVm56t1Yjr8ebg+wfFli35Ny6?= =?utf-8?q?zpfEtH34Cb/ps+ZPIzxT5Uz3DohZT4a/M88mG7rvn8N8iFDk3wBSB30IcJ1YGRU5k?= =?utf-8?q?cA88wWy4p7z2AJIH5l/Rd58IRkbXgFWBHtR7nFqZXldc3ARTz2XW/O2rh+P5lOBhp?= =?utf-8?q?+DnW75Hbtq1LM9ahATolaZ/Zxr5SrPee/TPE3DBEQKZ6/6CzaQ84qhZhRJnoj8D7h?= =?utf-8?q?oj9fXcy6lzaiTjJZT45xA+esDXkoPavdEJPAg6pYmbJV3hVMnl7WXfSyrT7b6H4St?= =?utf-8?q?hO5bm0aCCA4TYv1TEUvkS8KrGYXqM+E/Sb3NdmNG/ZsrGS3fdyvIHoQ4NbggwOz9J?= =?utf-8?q?u/EdGGT2s8LPXXVuqvxMKPEdF0R9r3+Lv6fW1XOZpdTiQgjY8ti4OSYkDMCkf3wK9?= =?utf-8?q?abwRiCfb17Yw11CADjxc4gg1fthR9NrW4K9pmlzQr3LltskJrhR48LFynHTtvFB4S?= =?utf-8?q?oFjInMglj18TPL2Yma+ezsgFVyeHn+hol7qY7YthCjKLiM0B0ClNYHEolYdjXwmM4?= =?utf-8?q?fIHi/D8LG/X9AsxjgNmH33o84Ses2m/PQbh8uVSfRAcbeiW5yEcFnJTgoE1rYHmvs?= =?utf-8?q?pSm6NdqwaWFx6EQ3Ec1Ya8ljL4b2MeL19sbqpyMnRbc8vRFnD4SDBf67kYSqYaeM6?= =?utf-8?q?JgdaR3FAjZO3sUMTV2cDPrA939Umu4+e1N0aquVJyrf2TFtYm3COKKcNXBmxqClSW?= =?utf-8?q?0BTMxlxGzvK5ALinxfDqp0dthr6SJ1Zoj2k0O0+PMeqneGxdjsbx3tHgrCHgFtnA5?= =?utf-8?q?nqjECMK13/m8tuJXK/WMChk+v8PcuBj4oHpDOszLPdKzIEGFKj04tqhT7VSdwrdZ4?= =?utf-8?q?UluyP3p9Of7i4YDo55Xo72pr9OI1S/SnSPpAFNNT96F+Ggvx7QbSUmayjbmYprkQa?= =?utf-8?q?+6wPb1cNQUWKAslE9d1FlFHLSfNQjRt7BPW1sHY7f0NxbmNKj5+6a/hmlRFj+szQc?= =?utf-8?q?lM53DDpE0qDQr+y7BgTpiEgmZDnHpc0YXrsHmT4Tcu8DJ+SaLtYMaoM5X2Dc=3D?= X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-76d7b.templateTenant X-MS-Exchange-CrossTenant-Network-Message-Id: 8406ee05-53fa-454f-e64d-08dc764c5d5c X-MS-Exchange-CrossTenant-AuthSource: DU0PR03MB9567.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 May 2024 08:35:53.8363 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR03MB6442 Subject: [FFmpeg-devel] [PATCH 3/6] lavf/tls_mbedtls: hook up debug message callback X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: MYmi1owK3gmS Signed-off-by: sfan5 --- libavformat/tls_mbedtls.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) *buf, size_t len) return handle_transport_error(h, "ffurl_read", MBEDTLS_ERR_SSL_WANT_READ, ret); } +static void mbedtls_debug(void *ctx, int lvl, const char *file, int line, const char *msg) +{ + URLContext *h = (URLContext*) ctx; + int av_lvl = lvl >= 4 ? AV_LOG_TRACE : AV_LOG_DEBUG; + av_log(h, av_lvl, "%s:%d: %s", av_basename(file), line, msg); +} + static void handle_pk_parse_error(URLContext *h, int ret) { switch (ret) { @@ -201,6 +210,11 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op mbedtls_x509_crt_init(&tls_ctx->ca_cert); mbedtls_pk_init(&tls_ctx->priv_key); + if (av_log_get_level() >= AV_LOG_DEBUG) { + mbedtls_ssl_conf_dbg(&tls_ctx->ssl_config, mbedtls_debug, shr->tcp); + mbedtls_debug_set_threshold(4); // maximum + } + // load trusted CA if (shr->ca_file) { if ((ret = mbedtls_x509_crt_parse_file(&tls_ctx->ca_cert, shr->ca_file)) != 0) { diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index 24c3afd94c..9508fe3436 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -26,6 +26,7 @@ #include #include #include +#include #ifdef MBEDTLS_PSA_CRYPTO_C #include #endif @@ -36,6 +37,7 @@ #include "tls.h" #include "libavutil/mem.h" #include "libavutil/parseutils.h" +#include "libavutil/avstring.h" typedef struct TLSContext { const AVClass *class; @@ -112,6 +114,13 @@ static int mbedtls_recv(void *ctx, unsigned char From patchwork Fri May 17 08:34:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: sfan5 X-Patchwork-Id: 48946 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a21:3a48:b0:1af:fc2d:ff5a with SMTP id zu8csp2735975pzb; Fri, 17 May 2024 01:36:34 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVpLrDBFrI/LJp32Tz/Vz40lDzRh8g83kfLptEukos+C5vPEiUFXIsYEpRow6CaOf0k5kr8yzTjy65r9Vfy6BFH+gVwRKEtA0cJ6A== X-Google-Smtp-Source: AGHT+IEqamxY7g22huqNfC+7DulaP4ssuothXv8WvNaFrPTUrKU8dDTzyVpicsXQ3NjzjHLrjChc X-Received: by 2002:a17:907:170d:b0:a5d:112d:11ef with SMTP id a640c23a62f3a-a5d112d12c2mr31849666b.28.1715934994411; Fri, 17 May 2024 01:36:34 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id a640c23a62f3a-a5a17945cddsi937693266b.161.2024.05.17.01.36.34; Fri, 17 May 2024 01:36:34 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@LIVE.DE header.s=selector1 header.b="daIRKSE/"; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=live.de Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6DB7968C80B; Fri, 17 May 2024 11:36:16 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04olkn2105.outbound.protection.outlook.com [40.92.75.105]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 1FBB668D39C for ; Fri, 17 May 2024 11:36:10 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=J5er0RG9hvWrbn/ZzA/B1oWWLkyLkOvzoxsUvTcYOm264Qpsamym47umoxw5j5dlv6tYhJCmsoWiasnVi0yzptxCWKAHXg1I0mmQL/DDmxYRZep39Zh4XrXglG3zPFewp/flz0vHhcdxPbazDqAKaicbK7skhJqOoJQ+zqpfv0bvcZf74hTK2R1pP5FGJjNCDTIlNdpV9mC8V35WebvtMDS/+wsjD8uNin2kkC3ENr5poHVjqOZpSv12A4F9479Yh9j5/c3tm6CY0zsOGA3wXOPBWwsEJVNRMegGCuk573Jx9rI+STMxT8cFQ/n4b/QCtHuMYSdAlgQPN8eznZC2uw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=x2rvQiM03EFeaosMAVURg+nzzrrXukq+5I0H4HbU2lg=; b=mmVrI82G6t39BJweBDH563HMH+W2pSuQzJBRs8Ais4acoos2/dhcJubw7hxtxFxZ+ch/NYtKn0AWDatmCspvI4cwa/NWQJzBf6YEL+JWgsTDLs9zNcdBhK3lzYPOkiQJjOxMX6zuRM+RtVBWN52hcwFTJaA1J5oOhjeAVoU2GRXDiSy9bukykagARXA0rhLloKjGTzKklvaH/RqLT1fCn0kXt+w3cbZK5GpuE239B3XfaDB/e0Q8huMqvT/cWyc4Qo1vJB6OGigxbWZQFTecIursGaCRSKuC85xZKJCZmhsjhhv9+iQiNftypW4W6ZYjRj+BudhR5kMy2yJ5zzNtPw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=LIVE.DE; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=x2rvQiM03EFeaosMAVURg+nzzrrXukq+5I0H4HbU2lg=; b=daIRKSE/xJGFbXp4zF0doKgtMhiD3IA+KdDLu8VKp4at9p5MGk2q2lUygzKfQ4iGoR1orYEHFOV7s7HzrRVPRsXI/EJ8w4+c9VzlvDaWyTUzg2Ok8IE6br6nnw7dZzYLfgxVu0zh7AWVc711HUfAizFSytH6x5twCCmsNK1UeesnFwtLRiv+PNLyXcb99okmLd85EhOGZRSQ1ucHCkIhOaOpbDzbiXYa9Rgjt5I/5RiyysfS6gPM4nGKUd5r2raPpF/mO6rcUhOp5UlNo+TfFGpHSlfjmBzHuRyxAHbGN8c0hlQbfqCWqSo840SXb9h1Le0xHnvOwWL9nSfG5ZXX8A== Received: from DU0PR03MB9567.eurprd03.prod.outlook.com (2603:10a6:10:41f::20) by PR3PR03MB6442.eurprd03.prod.outlook.com (2603:10a6:102:70::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.12; Fri, 17 May 2024 08:35:54 +0000 Received: from DU0PR03MB9567.eurprd03.prod.outlook.com ([fe80::11d1:a48f:e0be:fc9f]) by DU0PR03MB9567.eurprd03.prod.outlook.com ([fe80::11d1:a48f:e0be:fc9f%5]) with mapi id 15.20.7544.041; Fri, 17 May 2024 08:35:54 +0000 Message-ID: Date: Fri, 17 May 2024 10:34:41 +0200 User-Agent: Mozilla Thunderbird From: Sfan5 To: ffmpeg-devel@ffmpeg.org Content-Language: en-US, de-DE X-TMN: [9o33SJAYqmcBd7Yvz6WNtpVZ40HNVaP2nK/rX3KRSOSBCqGbP5QI0shyjX/I1UAH6sArgqxvbsc=] X-ClientProxiedBy: FR0P281CA0247.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:af::16) To DU0PR03MB9567.eurprd03.prod.outlook.com (2603:10a6:10:41f::20) X-Microsoft-Original-Message-ID: <0b298aed-96c0-44a8-af22-9119300d2dd6@live.de> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR03MB9567:EE_|PR3PR03MB6442:EE_ X-MS-Office365-Filtering-Correlation-Id: d35ac119-eb6d-4e8a-fa70-08dc764c5db3 X-Microsoft-Antispam: BCL:0;ARA:14566002|461199019|3412199016|440099019; X-Microsoft-Antispam-Message-Info: ekjhYEVW4y1xeFnrNlOq55znxj/QXhYSYivvgPa9UxKHgiLCWYF7XifJ1Byz9oM6s9+Zqay4rgaq2y1OEZW6K3cVb6WRB4hBCkgW15KHM0CtI1q6wgnek1PT8AOmLEqriQrp62aL1h4rCKzFpRhQMoWuX7CFUU9VKTjo13eyXb93HmOhIrjJMvrXjVK6E710ChpWQXPu1JKWzCdKK4jmECfLmP4k4iAJ3wZ7w5rKg8VfW0DvdkZatrW4TqSlWv9B5vwjvlre2HTXSQbW80RHE1oIKnBiWmhyz79Wc16D/hUgZw2HFY2n0Hqu6PxRFi9EgpXSU5McNSBViMjyotj6EbaYnB0m1Zj+OJDNIdmYqtGnmrLlFoWfLA4eZgwaLC0doLsvgI/3Xuq+2QyR1zLqFv2FxuyvYwN7ydT4w4S2db8rPZ3zNlYHnSlN0qtEYeiPzqL4W+9/RJR//ebc/N42ThaF35fS7f2X3DzxP0soo6SDXhMNzFmC00F3bYqnWqphNJvNC7XPycgp5h/kFLIKr+u26FQv0Hyh3NG29PFxKTR9FeDG6wnJsuDPoqkFHQ7+ X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?p1WqnZiSgS37pDYAjU6qIbonwtl9?= =?utf-8?q?EwPuTKMK0SB+Rhq+UlTt9JKcM9tmLL/rIU9qo26CLj9vOFcCHWsJ+fIJJXAQgXl1Z?= =?utf-8?q?v/CkgouTsrd9f/BD/5wCnDjwPwXC+pQKpChNOedt+OUVVUMUN2ER6dWuJQk7LE6vV?= =?utf-8?q?fodnUDv99vzDHr0PjQs/6sAzVr2RIHVCP1qh4Yq9+wx6uPHxp8GZrPj95bPzaC6eZ?= =?utf-8?q?fx9+QOgeqHkqWKTfyilRbs6eyRXLtTkWjtfRRJJQx9fFplCUbQAcx6QSTXScfxPm6?= =?utf-8?q?piL0+raJIz10M/1RmaZrEmLyEI1b1NZtRmBihf2fM5tU+rWP3kvxXPhL1/colXvd/?= =?utf-8?q?oVDLbA3ZOGWr71y1MEjmNIzgSG6i8ut/1e0+P/y+yGlTyg6qV6BHg6qpJ9pYJWaCy?= =?utf-8?q?agrSx8U+UnRDq38rSH/oMwTclCifS/jjm7xe+pQT5zylhwh3+mtZMTffjKC+8BC/5?= =?utf-8?q?IV2i0EH7/J0qB1dMc2WJsJMQNlNFTr+ToownIZvV531kD/WYn6dpsM1G8R8BHc4Vb?= =?utf-8?q?Doz+ePs3iQRlKSmohigi80zyKQz7cqTvEHbuiBPYRxjYuj4OOQLH+RclPBB02x6H8?= =?utf-8?q?z/cq0PdSlWrvCXzjhV4HIpCTUtGmL0Ddb9/8sw8z8lCb4FeF0NDW8neYvsA93BX0f?= =?utf-8?q?Nduq4phr/y5pO9GwBV3G++VxpqkctQBbEEy/4QS5fdLdJwFuQGm4hkZ/sO92EqJOL?= =?utf-8?q?VeKC1Gfn0d0QmOjtbAoZYKbpdSOz4xU0OxWrIBFr0i+MKAII1gfTbN5BZfLWOqz68?= =?utf-8?q?AbFO4Gs9X5DvKXnb5pcLTYYCRI/+w0XAvlJEkyibZiM+b80yczlwTTwKxEgnF952A?= =?utf-8?q?al/Ci+1uTKb1YppWEHY69gLFcCewOYutNSAjyusJAwOyh/OMzcs1ejAHW70K4a17U?= =?utf-8?q?EofkL/gzwiNhW1zYGpDS+BQQnNrpYKoq8SxfxIzWBMYKjFBItl+9MfClmU7zWXZjX?= =?utf-8?q?It3cDf8i1XRUdecRzbdmgrO0KOXRo4s1z/Hl8Ltw1wZzzBkmT47Myxr+gbT4tWPnk?= =?utf-8?q?msVawh9ZHgmAZrTDLmcVHH763cGlw5ZkEF0Jy9VMfcOiDCHeIUgFN+2na48g5eCEL?= =?utf-8?q?B+w8KvMmj6YwICOb16g3r2qQRvH+S4h7CcTAfE8H9fc5Gpxkvor8KXukeLdzSkrZE?= =?utf-8?q?31m0xdX6tnR9HUj6h55YO3Im10eNQrsb1ahtotRK8nBVQO2/R//reorpZpGqPNtI5?= =?utf-8?q?3qSyC9m6gb3wwohkdT0VeDN2uHejjRMvLljjgaON103L1yiMnxkdguUkamwE=3D?= X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-76d7b.templateTenant X-MS-Exchange-CrossTenant-Network-Message-Id: d35ac119-eb6d-4e8a-fa70-08dc764c5db3 X-MS-Exchange-CrossTenant-AuthSource: DU0PR03MB9567.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 May 2024 08:35:54.3595 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR03MB6442 Subject: [FFmpeg-devel] [PATCH 4/6] lavf/tls_mbedtls: fix handling of certification validation failures X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: CwzLjV9unhGg We manually check the verification status after the handshake has completed using mbedtls_ssl_get_verify_result(). However with VERIFY_REQUIRED mbedtls_ssl_handshake() already returns an error, so this code is never reached. Fix that by using VERIFY_OPTIONAL, which performs the verification but does not abort the handshake. Signed-off-by: sfan5 --- libavformat/tls_mbedtls.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) mbedtls_ctr_drbg_random, &tls_ctx->ctr_drbg_context); mbedtls_ssl_conf_ca_chain(&tls_ctx->ssl_config, &tls_ctx->ca_cert, NULL); -- 2.45.1 diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index 9508fe3436..67d5c568b9 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -263,8 +263,9 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op goto fail; } + // not VERIFY_REQUIRED because we manually check after handshake mbedtls_ssl_conf_authmode(&tls_ctx->ssl_config, - shr->verify ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE); + shr->verify ? MBEDTLS_SSL_VERIFY_OPTIONAL : MBEDTLS_SSL_VERIFY_NONE); mbedtls_ssl_conf_rng(&tls_ctx->ssl_config, From patchwork Fri May 17 08:34:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: sfan5 X-Patchwork-Id: 48947 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a21:3a48:b0:1af:fc2d:ff5a with SMTP id zu8csp2736014pzb; Fri, 17 May 2024 01:36:43 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWF9lx3CZ1daxnQv5Q8uB2ytXlUohY+yYj3vMyr1rFxqdzirYp6OEDuLdXEIfMYxhPdqy4R4euzg/+uI/Q7e0gH7Wj0GyVdNj0vLA== X-Google-Smtp-Source: AGHT+IGHllMd7Qf2b46+GqMcb5NOCIxyfliAghUn1gN/nUyKksHcGdgXEqxMmDYBIa1BkwR34W9A X-Received: by 2002:a50:871c:0:b0:574:eb43:3864 with SMTP id 4fb4d7f45d1cf-574eb433912mr6223655a12.4.1715935003624; Fri, 17 May 2024 01:36:43 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 4fb4d7f45d1cf-574ecaba0fdsi3386335a12.309.2024.05.17.01.36.43; Fri, 17 May 2024 01:36:43 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@LIVE.DE header.s=selector1 header.b=HzwMEGbM; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=live.de Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B3FF668CA9C; Fri, 17 May 2024 11:36:21 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04olkn2105.outbound.protection.outlook.com [40.92.75.105]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 358A868CA9C for ; Fri, 17 May 2024 11:36:15 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eiW9OZU6S9C9tOvFhVS1LDYGKEfh3ern2nRk6QmjEE/DFl+iS3Vli0doyVRv6tdZRx5Xd1j0dPlg68Z9Zri3LRtXOlvVtjpwR9u4zTY+udZhvHFGAB4HVXFOt3Zdxu33SVipqN5yoPVjzujEMt1NwXYhnDq0qck8lcIRf0Sld78DW7TmYAp3G9c0h1VJdQjuOst7MvONNrEZ9UzG9pm58e08kONSA1XbbzVUpykFFHo2MJABOO/tw8HtaFCwSX+v+xFRMaoObL/vukX2VsfeNXhyBax7o+NAtPytsSBrzmiPkNC/lzOTiPVIoWQThUsR1YE8BV5KP95ZP0Dpjn0jwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qA5ryjWvsJwTYdEGhIgl5e9BC/sSKoHrYUXIrGHo8o0=; b=lTnWZ2AxKk7Awfuutx6rM91+SO+c10kNvEDHRLaaHtvBaimEPALnQHUYl8PWrtGfS7bmytrDJhspzGUzpbGs2bdNg8LeBAeTzg6tYJTry5/vQdiMv6SI7X1BGkqi7K3waTO6+8cqYLVFwTUzSnpurYVt0hVx127NYe7aBYheIojLm7V0/r25m/XDpFeY23jsaF2cL0gm93F/+5hYEo9hD6//EAMvK0kuqZjC4oVZmdOxzel2VsJ5U1PCjshNs8yB0PtHTD/6m1GkBCu8DWPHwcUpbOxMxdkTneYx4Q8uWsonSTnGofLCQoduYdgC2JVUj09UVC1RJxbyUyR9kkbZUQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=LIVE.DE; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qA5ryjWvsJwTYdEGhIgl5e9BC/sSKoHrYUXIrGHo8o0=; b=HzwMEGbMDRxgNxRGQsCBBJAny1PO+tu7g2m9YO9Wd1817l96tFGnEIQkd+H5PdxhZWTx2AJplEBMDFXThD2zkAuCYQcKm0DQhk/cC3ZObWf2tlVPp5G8KKefgy6HHfdDPIaCoqUK849a7LviJ1rtSqvJi4OC3f8Jy8NQWbbpYdZc1tJ4Od3JeO7zIdCXRjEJsttn5GjOMml3DHKf9fMsk7YJY7YF3BMfqvsFeXeYl9E5ea6dndRFZIQyY1GbDEJw8d6LXtT61xG8lNbDZUhrJath1BUkuBXqxihfPObnRZ3yPZj0QnNh/mE08l/0u0KJGFvgvJjQxKhOTYTx2jx45Q== Received: from DU0PR03MB9567.eurprd03.prod.outlook.com (2603:10a6:10:41f::20) by PR3PR03MB6442.eurprd03.prod.outlook.com (2603:10a6:102:70::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.12; Fri, 17 May 2024 08:35:55 +0000 Received: from DU0PR03MB9567.eurprd03.prod.outlook.com ([fe80::11d1:a48f:e0be:fc9f]) by DU0PR03MB9567.eurprd03.prod.outlook.com ([fe80::11d1:a48f:e0be:fc9f%5]) with mapi id 15.20.7544.041; Fri, 17 May 2024 08:35:55 +0000 Message-ID: Date: Fri, 17 May 2024 10:34:46 +0200 User-Agent: Mozilla Thunderbird From: Sfan5 To: ffmpeg-devel@ffmpeg.org Content-Language: en-US, de-DE X-TMN: [G65EfhgccqooZBWgteQ6CQVk9YTd70tnJyydGKponGlkOu+t6ibBKlabRbRiEboI75lW3kULx5I=] X-ClientProxiedBy: FR0P281CA0247.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:af::16) To DU0PR03MB9567.eurprd03.prod.outlook.com (2603:10a6:10:41f::20) X-Microsoft-Original-Message-ID: <7391f771-531b-4eb0-b8c7-ab4cf27ef6c7@live.de> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR03MB9567:EE_|PR3PR03MB6442:EE_ X-MS-Office365-Filtering-Correlation-Id: 9d2c9846-043c-41c5-79b6-08dc764c5dfb X-Microsoft-Antispam: BCL:0; ARA:14566002|461199019|3412199016|440099019|1602099003; X-Microsoft-Antispam-Message-Info: lCwBVaMqDrdQXXuqg9lGJanJUzXlnTHDOxOoSeqEEHk98DDRZLF6KaerQ02HEbctHxds2YiQNEXuXbbqCH3MP3rBzZYCdzsQ0yILU8fliFEUxZz8kLuoYtHLaeNv3WFO4QHGRXZ2nkrt+puA3fAgViEymV+xupm40HE+s3xdJ++UVKKS8HT5zE93KxmJsXFrHMQElTbRm4p9CgnviR6T8lL22m1X9hEBI/+5np9iZlt8OaJStki29uXqqridqEvXfjsUjLPL+kqyCnORbScVGdST7qLov+FNWUZ13KrQBK7l8yd0xgwkRAn+flcdhkBhyjjje8f4wsKUGKBd/BBQMUmcT5tbyMmfwivya+Huwv0sO5RXKVgYe9/P+mW+Wl90qjoOqjUOhRYi42vILSS/s+/2GgJXz/R3zltVVH1h7dSsclNfWmyW8IlR7+0y/Igo4R74X7KjPirWGlL2GwkAaVD6g/ZYCp0MgjRmLksLy45oqt9UfVNUwq4vA3gpxaJxc00cAEcYjzL7QUMdkL3jUngEG4orEQ2CCjc2TP24m7l5nu8t1JvRCiHpyKCclLioqxLnTTYvnYOVUT4Y+92dnUI7mFtqH1UnrN81Gh8cgUqdqcu4WZe3Iuxruvd8sa+D+88PZ+g543/prCODIsHw0gz9U2GWgDrPTRswPVQsQG4= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?TnXZoasZEmfmUMARE6yFpvecXPOD?= =?utf-8?q?RB+CIoKLnqGL+9dDDrTlOWoCVJoCrWoXDlCyCQd6juc7q6IkvLUVon3O1WikPOQU8?= =?utf-8?q?9uZCod6aqSyUOQt5lI/JFlA3LumHGhJuDegunP3wAiJvHHESjdC3fwr+BfRaniNly?= =?utf-8?q?fTwisvUi8c+79V1Ymo4axxb3PmP+6BhRoYO+5+sue8EtqMKOQeOrhIz5ADTexV1fL?= =?utf-8?q?7V2RAjt4LNCnIylAuC10d/dLMx/8m+KFdcZXGXeKdqK72AKjppkUZmQizG7BARO6A?= =?utf-8?q?Uxs/FgMRCPuF8vNEETk5A5nuhr405yGb1unWAVTGXIgfmY0JmrxcafAO8jkAJNf0k?= =?utf-8?q?7h1GWwT4QaVIr0HTPf+2Gc363G4chKPGWP4rfaNUVY48a1O0HaCOmuogS9HLNIGEj?= =?utf-8?q?YTLJIzYgu1P3/XXvkUM69Pgqr6USgJuWD9ehz0XIcRzm24Vf6VninwsBNc5NiZujV?= =?utf-8?q?zYV5Ex8juyc6dMBIjTKMWqw9q/XAf7ybtoqwv9Jn18AD5IYTS372Q3F/BIi0LMJMF?= =?utf-8?q?XTBuaxA2P+LLNV/Idnvhk4DNfY9+D/MW39vH3+JMBlSPw3R7uhYobHL4yFAtwd8dw?= =?utf-8?q?0CHhBd5j0PUqLQ6X4gf/2bpOuR4lpB8Tr37Au1C1+a1Svy+qWtdU0eFFjlau+qCUm?= =?utf-8?q?CV/k49zbcGUp+qM4EsG/QZbAxAcInvyV1g8Tl5NRs7GcrzRWYkEgl+CcOCJlQr+Hp?= =?utf-8?q?DBgHBrCSyuGKfhAePLEtfdTUNNbBLPLXkD4WuumhrO6EcZWJ2IagZFw9wlnVltbgU?= =?utf-8?q?l0c1APVMs76E9KTauwEsfY+UH2e8h5I9caPuvlitvEKAm8uqqyt5FMSSO/QrZvSJ/?= =?utf-8?q?kXjF27n1UA1dCY1SwQb/Qa/BjAKiCF0SOajoMLIEEXQf41zOxIHpxSTprnfKfEX9Q?= =?utf-8?q?G8fDvzUoQjOh8e7bxJ0oOzeuxcoFryrEipoyy2ASGo94NH542LE43kSm97DycyJoQ?= =?utf-8?q?fHlBRJ7x7rvbsLqu7fWPzOxg9+wlm4vC4ZVcNr13kKzd31avksurt37omo6vAEwoA?= =?utf-8?q?AfqdmTheCreaP4bRDE7QZtvy8b8kgjgia7HjyrtvrktV7ZFh0pgyM/hTLnJ9ci9Ox?= =?utf-8?q?rJ4mGcFQxVVGZkoMThcvIy4O4KDl3qELN0IPNkAKbfv54LOlyC2N8jy/KDFvMqGTE?= =?utf-8?q?2B3H2MZVqkUz1b/pBEeLRXNPTN+rRPW60BB5yhiqmsOb6Fxv6kUdG1fjotOh/T6yW?= =?utf-8?q?wqGVVzHuS6IUnIEz593FzvheeFs3fjlGDtM6AkqI0+WNAMv8UCxSxFqSfg88=3D?= X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-76d7b.templateTenant X-MS-Exchange-CrossTenant-Network-Message-Id: 9d2c9846-043c-41c5-79b6-08dc764c5dfb X-MS-Exchange-CrossTenant-AuthSource: DU0PR03MB9567.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 May 2024 08:35:54.8768 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR03MB6442 Subject: [FFmpeg-devel] [PATCH 5/6] lavf/tls_mbedtls: handle session ticket error code as no-op X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: 1Ph+DkqnSZCx When TLSv1.3 and session tickets are enabled mbedtls_ssl_read() will return an error code to inform about a received session ticket. This can simply be handled like EAGAIN instead of errornously aborting the connection. ref: https://github.com/Mbed-TLS/mbedtls/issues/8749 Signed-off-by: sfan5 --- libavformat/tls_mbedtls.c | 3 +++ 1 file changed, 3 insertions(+) case MBEDTLS_ERR_NET_RECV_FAILED: diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index 67d5c568b9..8268e74638 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -322,6 +322,9 @@ static int handle_tls_error(URLContext *h, const char* func_name, int ret) switch (ret) { case MBEDTLS_ERR_SSL_WANT_READ: case MBEDTLS_ERR_SSL_WANT_WRITE: +#ifdef MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET + case MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET: +#endif return AVERROR(EAGAIN); case MBEDTLS_ERR_NET_SEND_FAILED: From patchwork Fri May 17 08:34:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: sfan5 X-Patchwork-Id: 48948 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a21:3a48:b0:1af:fc2d:ff5a with SMTP id zu8csp2736083pzb; Fri, 17 May 2024 01:36:52 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVb+MjcjlGxPhU9ZyNiIXhTujBqpLqWcDVKx4yk56mYvt+A0JXIABnPpLum8AHtcDNDCJWaPfRWX4jc0p+rP9OHitl/V4VhTDKAcg== X-Google-Smtp-Source: AGHT+IGX/qIKgaveBP4QUylSHyEMT6B68S2MAKEmQ5/u6zzROgqSuaA9QOcT5E8nRdcTp4ffgHlb X-Received: by 2002:a50:cddc:0:b0:572:67ee:d3d9 with SMTP id 4fb4d7f45d1cf-5734d5ce8e7mr14448740a12.17.1715935012351; Fri, 17 May 2024 01:36:52 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 4fb4d7f45d1cf-574f50048c7si3241205a12.199.2024.05.17.01.36.52; Fri, 17 May 2024 01:36:52 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@LIVE.DE header.s=selector1 header.b=jC12H43q; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=live.de Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id D409B68D3DD; Fri, 17 May 2024 11:36:22 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04olkn2105.outbound.protection.outlook.com [40.92.75.105]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 5241468D3C9 for ; Fri, 17 May 2024 11:36:20 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=c2ZpuMUEemaVwHbl7JjfRGKRKdeNCTq8ob3IlwE6JDb/iP0IpkqJi1VWz+a4SgzeRRXuRb3znVlCHKF9DbWnTRvcCgkIMnEe2AJAIIs5dhsQBXaCHojGKycSfmIbXVop49MFm/tAZ2OeVE+pMMKXKvP96Shn33KJSXIgsjNhItYK9uQxduiSl0cdDYU6Z5GH8BclSk2l6i6C9DD7hq6GzcFOyQWp201LtBuGn+0ddW+HryXZbmreyyj4isTo4gAlyZ4mIGXC2OtAVYHBJU09H44ETE6VG0A08U3MJoUvTq2IgoSb9vdB+nhMhQ1XVkt6rlhGB7OJSbz4TPZoaXtm2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nZdvDxelLKeyQRoIHaYrBtY6wTBcQMpoK6K0pbhbTRI=; b=DX/3sqrnup4lWH9nHl2YAv/1ScW3aSKyzSUfia/ct+m6dviuNJKtjXGBfWNxtontgBiq9rJvMGikUlWv1eVVxTTrYZJFGA9e9cAEDspj0SSJII79HSMoOSlhk+ALmErJwmAwMnogCnl3qQnto27dwIem/h8hQXbhUhQjHWGp200oMvLrbLmfndavJgza5pWT7Jn5TIMbG3Uw2FHnkwFXWt3vnBoFFrGieNJS2YCFUZYHKnAM9f8Aa7KalJJf7PQQNfLgU6u5pW+Xyf8o6nb/GRDbocZZSyp+f28DBmkP/AYzNoNYrDsv44wkJUuCBOxWnJWLQBpfoX5ptXO7ZyPBww== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=LIVE.DE; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nZdvDxelLKeyQRoIHaYrBtY6wTBcQMpoK6K0pbhbTRI=; b=jC12H43qOAfD/S/2DEAJxl+je9YSc0jk5WpdJg729/lRsV0yZhSVVjrskW/tbPpSnElPai/scKzgdx/btvwrHMUVXt8ooiXOLOQapGgijCd7nJKcR1kXnGeKDmvYwUMo29xEgN1JAleXKgfXe2m2s6s/p2o1SoH4ygyqH1H3L6BQFrZdpubrzuDHePtak/zeduw7cDALC4ITBSBvm26ByFcp1Y8w03aO45GAs11S8EJwxQcXv3mPPqkUjkcQ8fLA8UnrDssjXWiP34IfipHFDe/mnYGKkgHnkoUUJjDmV8dSB1kwdmtR7Xw9MAs5qL/0i1eJk+zKR7vCjraqWGlk/w== Received: from DU0PR03MB9567.eurprd03.prod.outlook.com (2603:10a6:10:41f::20) by PR3PR03MB6442.eurprd03.prod.outlook.com (2603:10a6:102:70::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.12; Fri, 17 May 2024 08:35:55 +0000 Received: from DU0PR03MB9567.eurprd03.prod.outlook.com ([fe80::11d1:a48f:e0be:fc9f]) by DU0PR03MB9567.eurprd03.prod.outlook.com ([fe80::11d1:a48f:e0be:fc9f%5]) with mapi id 15.20.7544.041; Fri, 17 May 2024 08:35:55 +0000 Message-ID: Date: Fri, 17 May 2024 10:34:50 +0200 User-Agent: Mozilla Thunderbird From: Sfan5 To: ffmpeg-devel@ffmpeg.org Content-Language: en-US, de-DE X-TMN: [USXN4nlt+04OhZ68K2KdiCt/OUpgWZG0/4zfXTdSZSdg/6iL2eQtqhffgTxAYsLeIjPpBxpWkIQ=] X-ClientProxiedBy: FR0P281CA0247.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:af::16) To DU0PR03MB9567.eurprd03.prod.outlook.com (2603:10a6:10:41f::20) X-Microsoft-Original-Message-ID: <0905a0e7-bdf9-4598-94ee-40173a9131b9@live.de> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR03MB9567:EE_|PR3PR03MB6442:EE_ X-MS-Office365-Filtering-Correlation-Id: 56b0b30d-65e3-4394-918b-08dc764c5e6f X-Microsoft-Antispam: BCL:0; ARA:14566002|461199019|3412199016|440099019|1602099003; X-Microsoft-Antispam-Message-Info: sRrQJOChCXAS6wpjfH3/DYeCKH24THT20frn6qy3b+OhvmIHU+rqpi5oMuBVq3XzGZhVl94k1hrEaqoi3Ow19NsxiRgwA3+pA2rFSsk48v6P6aplKNNCKQqApwiVa5c70ycLC7r8kG9+PbQIGI5QfUE3/yF0GhNdYfxuZ6K2oG/ry7QuWqtiWPRTJxGtU6vq8qzscUCaaYxRgpkWECN+gfMvqPeDVogCYTtzX+oQKyLsyqbEL2x6ik3wZRK3Q09hdWJVx5Jq6fskQ75hpie2+o/Z18QdZnT02wjQHBxvolAv3s1Xttvzmsj+PTzILtun+OfZWOmIe11n8WAJibkFS9xgCWgWqQemOTqzLiwLHmVk2Eb66PoWGxvNpXEq9bhWDw5u2Gm70YDBiRvOva8LS73SCP9hsVRp7YUKefg/Sv+FD39YUPXdd2N/7rgaDJhO1nY4MweLdH1EZ6CB2XtDX6lwNeJv4+8vINRwoqSb3xWLLHrtAVDFzkOyAKbcKhyw4H9s1OyKAW4ARnzrhRIZaGkv0j67CeLHCKDnItU7E79JNXx9lmIiAgEgBj1H3P/aX44zs64JKj1MiXG8XFtVJ5uim4QJg55IDc/sJPcAXKCFblnXo1b9E4c1SzYH1Ept01L3OtLRoRflwgLoz0J0g0jQXZ6VWByUbrBQBROBHQY= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?FGdbs4lis/zIceBxaMeSlRxDg3Wi?= =?utf-8?q?TAyCnRW/62ZWacOaVg+Cq8WtAKJ6Op6KuT4lLmp1ncY31Kmbo4edTf0Jz/itOBwUf?= =?utf-8?q?BkvWq7EZe79cnR5pG42E8+stXtQJ32h8sI4P8FtmgB+PyqNjaqT39wceB56VdB02x?= =?utf-8?q?pSe7APAYmYJVZwntfDoQav+F2nk6mIpp8hdQWbLgckCugsGN8xJISZpWY1flM/x0N?= =?utf-8?q?bSpRZt5JdAbV6UW8WAgJzf/bTNs678/XGkcK/dAOfb+De8bTahUOqqbXmaJvvspBI?= =?utf-8?q?efDi/Fhyg0EEl8UKlMbhAUKs3w4ryKlAnW6W+Vazz2hhuVbmcAlbt13iNIT6GnXVw?= =?utf-8?q?gmUqPlpUzLK4wVTmBZoYNApGKxYJOxLgx13iert0adKJE86atNW4keir1geAlUR2F?= =?utf-8?q?q7/jZDYZES8aMAWPnjfjx4LAyPgKXDzmvAPFFXG8GXBMS9/sByts+OMpyRS4Qwj7R?= =?utf-8?q?nBDzaOTsh8yj1oLfaas4R+sWs5qmbXAdpNUBc4qiM/q1qVEysDSBrSMe0l0l4eKIU?= =?utf-8?q?I06q3CtIqUTSItpBr33pQRjAbhRaUd4nuubLQRRxal9rbZGXUw7uwCv5xvEBuD5KI?= =?utf-8?q?My0Ix1Xog/7Jea4Y2BsmCibQ4LPKA2hPrz2ybEG53+5jU9fScKxtRMhDMsdrG96pm?= =?utf-8?q?gIY9PbPymwrjBwTkw0AuJ+oNYbps0hd8AsYFRlMsUP4BIok6uwlJbh3nxB4W0/QFK?= =?utf-8?q?2YN21tPKDnqh6GE61jIOW408VHuiOMNue4ptIa33Eyl19B0AxtdDyDJo5c3sQE2ux?= =?utf-8?q?259WsbWTLSo1VfOORk3BzjRGCgfQiWGLLwYJeB3+csTnJL5ovmMRa/37MBAdmLUS5?= =?utf-8?q?COLmmIrtCkm/U0JcZTFTyW8Lj1TOrR1rkwszEdV8qJk+lkhf2iVyuaVmQh3LOc4VQ?= =?utf-8?q?JQmC6hV+eMbMd14k4YlUgcb2pgLQFxRlSjLCq18tI9XV0MK97ZaUsV8yd/XwkxyC0?= =?utf-8?q?Gv2PP2YOKdoJV0XcG/bJgwIVD671lImrHEsrs8m7kJF7n+maeVuTI97AHT9nGt3wq?= =?utf-8?q?p3rPwLG8M+ZDIti6GLTBazGh8CKCULcvJtZzhb+RWsZLwFvXyWOyWEACqs8QI4H/8?= =?utf-8?q?TbYc/SzAHnw6D2kP4e/qhiGj0EGGHkXSl0WYV6oledUrSsUOtnKM6NEdxziJ44buG?= =?utf-8?q?ZMery3pb8+oHayrk6Cs/0jgqj/IrHCJqNyVHc/isHDh6IC+GQV+QBsfLdxiD3h/ue?= =?utf-8?q?Z2SXMcCNhTzvGNadYa8/zPDSAlD/22og0udMHfmfZVx9Kq0zQpoIPeuknx3U=3D?= X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-76d7b.templateTenant X-MS-Exchange-CrossTenant-Network-Message-Id: 56b0b30d-65e3-4394-918b-08dc764c5e6f X-MS-Exchange-CrossTenant-AuthSource: DU0PR03MB9567.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 May 2024 08:35:55.5406 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR03MB6442 Subject: [FFmpeg-devel] [PATCH 6/6] lavf/tls_mbedtls: add workaround for TLSv1.3 vs. verify=0 X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: +aM3cF5mi+NZ As of mbedTLS 3.6.0 TLSv1.3 is enabled by default and certificate verification is now mandatory. Our default configuration does not do verification, so downgrade to 1.2 in these situations to avoid breaking it. ref: https://github.com/Mbed-TLS/mbedtls/issues/7075 Signed-off-by: sfan5 --- libavformat/tls_mbedtls.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) av_log(h, AV_LOG_ERROR, "TLS handshake was aborted by peer.\n"); break; @@ -263,6 +267,14 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op goto fail; } +#ifdef MBEDTLS_SSL_PROTO_TLS1_3 + // mbedTLS does not allow disabling certificate verification with TLSv1.3 (yes, really). + if (!shr->verify) { + av_log(h, AV_LOG_INFO, "Forcing TLSv1.2 because certificate verification is disabled\n"); + mbedtls_ssl_conf_max_tls_version(&tls_ctx->ssl_config, MBEDTLS_SSL_VERSION_TLS1_2); + } +#endif + // not VERIFY_REQUIRED because we manually check after handshake mbedtls_ssl_conf_authmode(&tls_ctx->ssl_config, shr->verify ? MBEDTLS_SSL_VERIFY_OPTIONAL : MBEDTLS_SSL_VERIFY_NONE); diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index 8268e74638..5d5c7bfb25 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -163,6 +163,10 @@ static void handle_handshake_error(URLContext *h, int ret) case MBEDTLS_ERR_SSL_INTERNAL_ERROR: av_log(h, AV_LOG_ERROR, "Internal error encountered.\n"); break; + case MBEDTLS_ERR_X509_CERT_VERIFY_FAILED: + // This error only happens with TLSv1.3, we normally use mbedtls_ssl_get_verify_result(). + av_log(h, AV_LOG_ERROR, "Certificate verification failed.\n"); + break; case MBEDTLS_ERR_NET_CONN_RESET: