From patchwork Thu Aug 1 17:34:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mohit Gupta X-Patchwork-Id: 50863 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a59:12d6:0:b0:489:2eb3:e4c4 with SMTP id 205csp1318279vqs; Thu, 1 Aug 2024 10:35:01 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWjF8CFpOuZYZJDoZom1VDhyjssHiKGH9KmPC1HTsJSI9lA4GnNaN0jgwAsXsl8kxEeJ9SQ4CNKRUwnPypT9SOlpslTOzZHacoUvQ== X-Google-Smtp-Source: AGHT+IFZjmDQrP/A95qQXldzohFKhlzSEQsDqMcaDbb3yJZx+qlNXEoHVFjbsT9so9bJjDS8gvIo X-Received: by 2002:ac2:4e0b:0:b0:52c:db76:2a7a with SMTP id 2adb3069b0e04-530bb393e72mr541698e87.34.1722533701311; Thu, 01 Aug 2024 10:35:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1722533701; cv=none; d=google.com; s=arc-20160816; b=JeEDQTtQGPMpIodSRNatdmPLd5Pt3ljpCXUx5md1zuSS0L48fHbqdb58TUs74JyXA3 +It8dnVSFkZnwwJZiSJNdjasiD9yJkZjygkduvoxEOszQtFO3hsAupbuWMxtehJc/npB am/UIh+uJLtqCNbMSsYw41e0+2J6j4hb0x1wqlLjUXu38KyKRuUUUjJUrQmgYYA3ZZWI UmvAv8KfCSjtJjIofkw1jYBgbNChYrsb9HLGRzhi5DjOerRTxL0mHGxtoOdpXCCLct4t 6jkmfO/LFaO3BZda1sbi/8O1OLagb8bzUgsQAslotyn75qI9yBdiZ/OtF/ItXe+degs5 D9og== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:delivered-to; bh=UZo4I9Fh0FnMIUl4HQh5PwUjGYWbS9zhkgn6rt5KRJw=; fh=YOA8vD9MJZuwZ71F/05pj6KdCjf6jQRmzLS+CATXUQk=; b=Hd43ZEBk2Gk4muxhkeeEPxsZ6RL0BAiIzBUFLUw29VguviNuvSmtP7onyUEZmihaOM SwPfxMILcn4PSki/94LmGi32juuWlAjD/4K/I9e2xfm5Bd3jqyE96OVn5xuBoE/qWQp3 m1FchCShtvZv88phCZo7TdoGsfwd6/Ni2CPfpmBk1tIDtwxxmDJOXkrejcmWr2QHHfD6 PSUivnBPf5QTIMVxGwIOGu1Ggo+NxAiVjRrBbMsKe5T6RjUr1whcWkhxRA1LI5WGu2D+ pXg0KMutVSGDoAd0bQvIg7/PUdN6vlXCeLOJELEcEH8EqkmUpMdwx9sa09jZni4WX0Tu fcUg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=skybound.link Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id a640c23a62f3a-a7dc9d67bf0si4704666b.458.2024.08.01.10.35.00; Thu, 01 Aug 2024 10:35:01 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=skybound.link Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 0903D68D877; Thu, 1 Aug 2024 20:34:58 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7B81668D726 for ; Thu, 1 Aug 2024 20:34:51 +0300 (EEST) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-4281d812d3eso51401155e9.3 for ; Thu, 01 Aug 2024 10:34:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722533689; x=1723138489; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=oZrIlFPp7qi6wwMNWvfnXGlsv/01Qcf2QKkraw25c9s=; b=ubnZlK0SF9zYYwHr/RHXJ97rR3FLWklA7FnQPOlIcemNMkvAeENek9Erj4RwXNzRtN jGo1pcRQjMJFE+XHuG3VgqgwPqghjyRg3CvQuqTM8lL00fHkafApXlRYbwkIm4tuUwXf tlesXv9vtsv7UTq8viEqfNsFuMNtw+ZgyRrXgLBQ5HfKpMp+Nfj/OSW4C+3ACinCj816 p0CJxF3VSZIC+Q1qLJep58tUJis0hvYaMQSYxmJOJo20uKuJ6QiGsAq7Yrg82yKdwzU3 pg6d2mHvZEu9mBSFDGR3gSs4631+g3EYpoPw+5xmlh0hPknXQWwcA+6We1Lkp71qoyQV LgCA== X-Gm-Message-State: AOJu0YyIWCyj3Recbimotp2BKnbVHEe1WMahR4HZA4OLmTF3ONHj+5KX pOcxK9hnOAL6CSqqhtznvrKMzDDDlcHmWyARcuWhykB4DqOD/9gotQuZ7oDLKJXQpRx5VvAkzF3 IAZ6y6w== X-Received: by 2002:a05:600c:5489:b0:426:6b14:1839 with SMTP id 5b1f17b1804b1-428e6a5f361mr6596585e9.0.1722533689019; Thu, 01 Aug 2024 10:34:49 -0700 (PDT) Received: from laputa.barge.lan ([2a01:4b00:9e28:1e00:cfd9:92a0:185:2585]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4282bb64b84sm64526535e9.32.2024.08.01.10.34.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Aug 2024 10:34:48 -0700 (PDT) From: Mohit Gupta To: ffmpeg-devel@ffmpeg.org Date: Thu, 1 Aug 2024 18:34:37 +0100 Message-ID: <20240801173439.18646-2-ffmpeg@skybound.link> X-Mailer: git-send-email 2.45.2 In-Reply-To: References: MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH v3] libavformat/tls_mbedtls: Changes the return code handling of mbedtls_x509_crt_parse_file X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: ceX6Q5WPwPAy mbedtls_x509_crt_parse_file returns an error with negative numbers, and positive numbers indicate the number of failed certificates to load from certificate specific issues, such as critical extensions. This would fix ticket #11079. Signed-off-by: Mohit Gupta --- libavformat/tls_mbedtls.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index 567b95b129..ccf5ee38ad 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -223,9 +223,11 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op // load trusted CA if (shr->ca_file) { - if ((ret = mbedtls_x509_crt_parse_file(&tls_ctx->ca_cert, shr->ca_file)) != 0) { + if ((ret = mbedtls_x509_crt_parse_file(&tls_ctx->ca_cert, shr->ca_file)) < 0) { av_log(h, AV_LOG_ERROR, "mbedtls_x509_crt_parse_file for CA cert returned %d\n", ret); goto fail; + } else if (ret > 0) { + av_log(h, AV_LOG_WARNING, "Failed to process %d certificate(s) from the CA bundle, ignoring these certificates\n", ret); } }