From patchwork Thu Jul 25 00:32:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mohit Gupta X-Patchwork-Id: 50723 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a59:cc0a:0:b0:482:c625:d099 with SMTP id h10csp233490vqv; Wed, 24 Jul 2024 17:32:55 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXwKEhBTWmfbhF/3EmH0CUGeASP88ekhT2JbIyrZY0im6bh8tOigfz3u38/25MBv5Q4orHVQ5jxqB+7j6TLBkcvaGIEO3qvI4RoVw== X-Google-Smtp-Source: AGHT+IHgBYJYzhFCZlbP2C0oTCVfOKs+kaXwSa5CccPW9egwe+f7WLzGYBd/VImZfoQnbyz80STm X-Received: by 2002:a2e:b94d:0:b0:2f0:1a36:1d79 with SMTP id 38308e7fff4ca-2f03dbf225fmr1513041fa.45.1721867575331; Wed, 24 Jul 2024 17:32:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1721867575; cv=none; d=google.com; s=arc-20160816; b=qL+TbysmAXa4lnoIBaKZPrGV5vDlA1gVn7Vkd++97NH/F9kiiEFFvvkeVDZlN6Mzsx EHzd1n9dm/pjoRI/0DFXduAdeRVX1QPvpBSkgO5+KWSoIajw+W2vo+HnRugHvcaL26Dl zUPK8OylpJF7HR0IFLhCQgIxC7IbqY7Tt4N5I7sKryRrKLPIQHbTU7BHH/8bX5kImL4z t3pKLAVi66ZLrGf697eHXB/3HrVvvAok1J4CrDAtA/QceM59Ey6yk2IJhQFZBpQnyi3F Q2sCv1uLrshr/3LSFEdhvyFEdmNA+/3lLK3pJ89kitqfd7LOXRafKFXR3zW3wDnoSax8 0yfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject :in-reply-to:content-language:references:to:from:user-agent :mime-version:date:message-id:delivered-to; bh=w6dypbzm2DtzPR0DaiHeRt864G416icTGwabmubODlM=; fh=YOA8vD9MJZuwZ71F/05pj6KdCjf6jQRmzLS+CATXUQk=; b=CgfI/JJN80sQUK9wnBLWhSEf016ryYFhuFzP0D7L3xE+Pk6VvvmTbDpqIbOMW2NAQ0 ZieVmCKGvjkyBbPGWVx7W7+O5aH5fRcLTBs/tUHxX3VxigmFhNuUzbYJU+0tmUa7jXIC WoV0cvQUdmDchEq6dcHCHHph8oz/8j6KIVuEFIZvXDvYnd811LLtyHn5BWFu/jhExyEr 4NJ9HRNA9XFOtx7GcBSWTKV1c+yu6xwjZ143lC1ZnOAX4peq+l1EkDwwJiYDlKEBBTAA hbV8eRsYdTMfo6FjKqKT16VpPHHmFqDiaVFWZ/eBnWCziHPPFoLawXPzoiKqda67Atvm 9u0Q==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=skybound.link Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 38308e7fff4ca-2f03d151ff6si1077551fa.381.2024.07.24.17.32.54; Wed, 24 Jul 2024 17:32:55 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=skybound.link Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 0B30A68D41F; Thu, 25 Jul 2024 03:32:50 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com [209.85.128.48]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 5BC8268CA80 for ; Thu, 25 Jul 2024 03:32:43 +0300 (EEST) Received: by mail-wm1-f48.google.com with SMTP id 5b1f17b1804b1-427fc9216f7so2693765e9.2 for ; Wed, 24 Jul 2024 17:32:43 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721867562; x=1722472362; h=in-reply-to:content-language:references:to:subject:from:user-agent :mime-version:date:message-id:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=CkK4F5VBefwxS2Z4y33f+arGvpyPnMnezjN1oBWQ7Do=; b=g6thNWNW6mk6fyJ/GVJCMh1H/94aEnoJcVWqGMp5JoJg+XpHDl3sM0T9HVaEhu4yJU WYpMjoFQyyLv1XzOkDmNwBwXSHQP9nbzdh+moxkfSmGUGwC71D58JraTLW4xZ+6V26HL z/wkuCOS/GmNmRmlZ92+iBydsoX5pK+zUbWCSOmSwe+MbULKHYB+CI8f/l4d5PYy+UOY ZoDP1LJGPOAQczQ7k/39bBvXZtp8oGYiygnmko9K7nHUOFOfbeyhvbmqUzPnh7m62ofQ usZbpnQasmkJUtciDOEAIt4nbdoiJmW0A0BGNWKF1DDwf0h2704E3XMettYXUBDEbQup WLJw== X-Gm-Message-State: AOJu0Ywjk3zX3SCIwCHATaH49D/TM4+/4n59KhXM3AjXy9bg6Ffidzp8 Izt1bt7UMIpjtu5S2uXxCDOJEr1QY503eq04IgYVOf9xGRxOePUiDtKkcO9f/9RvrW/fPxijYIk 4LI8= X-Received: by 2002:a05:600c:3ca4:b0:426:6a84:2087 with SMTP id 5b1f17b1804b1-42806be9539mr2232305e9.34.1721867562251; Wed, 24 Jul 2024 17:32:42 -0700 (PDT) Received: from ?IPV6:2a01:4b00:9e28:1e00:cfd9:92a0:185:2585? ([2a01:4b00:9e28:1e00:cfd9:92a0:185:2585]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-428057a6368sm8059125e9.38.2024.07.24.17.32.41 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 24 Jul 2024 17:32:41 -0700 (PDT) Message-ID: <69b8a7a5-3826-4aef-88e1-2984d61a58bb@skybound.link> Date: Thu, 25 Jul 2024 01:32:40 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Mohit Gupta To: ffmpeg-devel@ffmpeg.org References: Content-Language: en-US In-Reply-To: Subject: [FFmpeg-devel] [PATCH v2] libavformat/tls_mbedtls: Changes the return code handling of mbedtls_x509_crt_parse_file X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: Aq0x5uoDEE5S mbedtls_x509_crt_parse_file returns an error with negative numbers, and positive numbers indicate the number of failed certificates to load from certificate specific issues, such as critical extensions. This would fix ticket #11079. Signed-off-by: Mohit Gupta --- libavformat/tls_mbedtls.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) certificate(s) from the CA bundle, ignoring these certificates\n", ret); } } -- 2.45.2 diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index 567b95b129..ccf5ee38ad 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -223,9 +223,11 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op // load trusted CA if (shr->ca_file) { - if ((ret = mbedtls_x509_crt_parse_file(&tls_ctx->ca_cert, shr->ca_file)) != 0) { + if ((ret = mbedtls_x509_crt_parse_file(&tls_ctx->ca_cert, shr->ca_file)) < 0) { av_log(h, AV_LOG_ERROR, "mbedtls_x509_crt_parse_file for CA cert returned %d\n", ret); goto fail; + } else if (ret > 0) { + av_log(h, AV_LOG_WARNING, "Failed to process %d