From patchwork Wed Sep 4 16:55:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: sfan5 X-Patchwork-Id: 51350 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:612c:2543:b0:48e:c0f8:d0de with SMTP id hf3csp366359vqb; Wed, 4 Sep 2024 10:04:07 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVD3x6Pw+ahqerJAuBJ/DNn2X8nI8CiQxy9cNDQtPPnjHJS1V2qvmZZT18FJQDPfTI6UgRXIrXuY4VqDEkzdcj0@gmail.com X-Google-Smtp-Source: AGHT+IG1a6P5nWk/wlZc7LMVCbKDhEmP8tF/n1k0nm+KElPpR3HtGuI7mv+a6xGUGegbLYYjUz6y X-Received: by 2002:a17:907:7e91:b0:a80:f63e:159b with SMTP id a640c23a62f3a-a89a30b5b14mr792183766b.0.1725469447152; Wed, 04 Sep 2024 10:04:07 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id a640c23a62f3a-a8a623769d6si19147166b.426.2024.09.04.10.04.06; Wed, 04 Sep 2024 10:04:07 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@LIVE.DE header.s=selector1 header.b=G0tgPXHM; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=live.de Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 28D2568DC70; Wed, 4 Sep 2024 19:55:55 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR03-VI1-obe.outbound.protection.outlook.com (mail-vi1eur03olkn2042.outbound.protection.outlook.com [40.92.57.42]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 812C368DBC9 for ; Wed, 4 Sep 2024 19:55:48 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=EvPtMZ7XSefI2A8lVbuVyghzJN1paWPTc7aJTUUCcsr74cy/x9IMGqt5j0abNfenSqKZB6efKdK1HKKZA8zdHcoNl/bFFV3S2K6q3Y18AonSqIO9qaDXujtnoTctu8j2s2Mhl+g9B6/viLuKzbtO55U661UdqMGDqbD7F0bPYfgHWJL1uzmQhiwMlBVTd6UuQ89zd5wn8RhuQtVbF+l+u//t2/V4Yeak05oZUprp7IT3QLCgduBb5LW9kFghonebfazfEihZl6QO6YEFiTD/MZ7bnXYqid2Y69lVH+3gtFnOgRJUOsUU6s9LmqJZbBOWngUonkG3kLLJfGbo1ksfEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=awifhFHZTvkSCQweVmKBuEARRcaveupV2XdxP0wIIQ0=; b=lP6mb5dLSNIcRcab0RLTWWxT9IBTpI18TgFefHdbbXXvXR/FA5TmNv4V9G/Z8Ou+XwRxcpRdSlIg99z1CQ1g8gPX373TQ/gUEsqnDwqG5JWsEb5phOXHv9UEiDH68sYFyFaqNf1ICUkYWWfy9ONmWwLwuFi3hHSZA/J+EpjnQWncN2itGfV4vAUYQbqbWfIeVkdHLq3D1PLJuWgwZP7cmhXs4DKTCI5XHrOJ4GyzQKHkjSCdaZiE143oOyXn/knrn2FoqS4WtKSNFJyeaQEwUTr/36ppV7Zo6jVrHylCF7LnizEP6+kduVT5VHLYK/HL7AdtfMJzbWCYF0v2ZGsyBw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=LIVE.DE; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=awifhFHZTvkSCQweVmKBuEARRcaveupV2XdxP0wIIQ0=; b=G0tgPXHMzzW69bhMsfHvZ9INC1Y11hAM9KOx2l2IjuMxcyqG2Y0fqrrPOZkldfyYRC6IG3Ohum5pALHHioXisMgugPeQPObSuiTDVmlZbi3bX0wp4gwP9ieZQ1XGGjkPw5+uyaCZivz3Z3j8FFbldxfXjsfhs5FPpfJeRbX9Z4BEkn50qtGQzniNPbuNEK8jMF9zQthYunS+t9MYkFdeCgicBdoFaWiQycXSMTqkgYLWmT/wPi3c+qqVDKFz2gasR6tvnhOGARXD0f/HsUW/AUoHOjpbIfQ5L2lyJT1MYOtPQ9IoTMqwo4gwasPHkgGt2w4Wg5z6cPBNHxfzehJTkw== Received: from DU0PR03MB9567.eurprd03.prod.outlook.com (2603:10a6:10:41f::20) by DU0PR03MB8503.eurprd03.prod.outlook.com (2603:10a6:10:3cb::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.25; Wed, 4 Sep 2024 16:55:46 +0000 Received: from DU0PR03MB9567.eurprd03.prod.outlook.com ([fe80::e356:c67a:e5bb:cc8a]) by DU0PR03MB9567.eurprd03.prod.outlook.com ([fe80::e356:c67a:e5bb:cc8a%7]) with mapi id 15.20.7918.024; Wed, 4 Sep 2024 16:55:39 +0000 Message-ID: Date: Wed, 4 Sep 2024 18:55:37 +0200 User-Agent: Mozilla Thunderbird Content-Language: en-US, de-DE To: FFmpeg development discussions and patches From: sfan5 X-TMN: [XDeCfL16L8UIdwrsejf3OL+bSOXnOWyRqomQ8jUzcYMLqXXYoErSlNuLyqPcNx2awvi3x1pU30M=] X-ClientProxiedBy: FR0P281CA0057.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:49::14) To DU0PR03MB9567.eurprd03.prod.outlook.com (2603:10a6:10:41f::20) X-Microsoft-Original-Message-ID: <2b5db7c6-39cb-4da9-8b44-1c2b0ab63338@live.de> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR03MB9567:EE_|DU0PR03MB8503:EE_ X-MS-Office365-Filtering-Correlation-Id: ad534e26-5694-46d3-fd02-08dccd02676b X-Microsoft-Antispam: BCL:0; ARA:14566002|15080799006|5072599009|6092099012|461199028|19110799003|3412199025|440099028; X-Microsoft-Antispam-Message-Info: FF7h7duLuc0Y8RUJBdi/g+eEAgktvp5KA55UyPOjlAj6E1vWBEi+9KhSU9dA9WrF6Z84v82jE+6n3JRxo2gdiuxo16h2zlmZflgEUFR8Jpzw5cSUtJdZLzFnjy2CCXLKhjoBZ8VNkcX05yMCp8sf062o0v38uNzah9eizQGS017fmMWsS/I5c5S7fLhElqg52GNPHZsw3rGSBWwITTcIy+umg+zRnBWvsXNDrS2+drsQVpO9WL40qZs3HcjZx7fa6hcXqEO2Jl1g8jRXTgBtn9rWU8w5rZQzPM7NogWlMlPqMp2GFxliWm2nzlLXpWGdveZCmNFtUjXatawTciKJZ6Pc/MmUIbIbUnUJCcYjlSRCxrNJCYdmPuuUxIro8/YdDJqZE1j2LAquxm5npwEaGhAPLneceql9cncnlqXqSSxNrQxcwOZSIOVHKx4nE548eWwvCw+gO3Ew5PPFwImHXA== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?pbVV3kRaDo7brXJinisvC8MFlrHo?= =?utf-8?q?tftzSVA0xyal8Sszqll63Jl2bjJNib7LlClGBkwBMiIb6m5dg1W9xZ6V7zagKcRmd?= =?utf-8?q?1p1amwvaVeQbuCNQD5BepK5ZGC/BQK1/JdPcEmb9tHmzkGpUNnnSYWmHtHVrk13LF?= =?utf-8?q?/2FU5i6glVpLyYxGjhAsjoBztteeJfhBvAIkeVzz+UdQ6hciBGZ9PtFbj7007cEBY?= =?utf-8?q?5cyy7ehmDXXybiZN9HDsOVaFW/3J+idQTFJWZzBKsISaEdAGCcRO/UceBqmmckMsQ?= =?utf-8?q?zCPYtXrQRnLqqoqwlcXy4XpHfRg1Y3Gdvtv+VIrbWv0g1bJ41btLuAakeXXalY1O+?= =?utf-8?q?r5Dbr56i6HXNL/XM2kWFau+mZaMdSIICp+16U9QYY22rT/BXdURnw0Ch3F98wkdRF?= =?utf-8?q?VxqiI2IRxmTcmeQXpEMgJ35GcWSNq4LljB0PFWpiseLhA2+Lq/3mF5j5tf14W4h90?= =?utf-8?q?9k41g0YlKzE4VJB2Q+dfyIVuwBcS8p89XycPCv+euGno5MeZOeWUXQ24q8WzY4zec?= =?utf-8?q?fhv6z1C1v/WAv03lM3xBjKt/aLkNHjs2GeI5qK6oofHeBC64sbbnESzaOYo6UU6MM?= =?utf-8?q?lZlHD+0AGxAcfRS2jnJZpHZu1ICXagnICAG3OQNxBWe4U4CCZwVmC56tNrpTqQ0P7?= =?utf-8?q?8Lux2hjBSitjqlrWadwcZotL6BZQ+jp1MlxWNdrD8yzly8H0iC8MikzGk5OSPltq7?= =?utf-8?q?fvGLRGF9Fwu1Y9ZSsTlNYyPXrzqT4/WuTRUFWEFaKI5ThW/Gq/Kg7RjEMGadqpP1r?= =?utf-8?q?VQoMtirg88Qu/QUZcUvoCqM6pxWqvtlPDeNQTiPRUzsMZBvZdE74sc/SMr8PhSFrz?= =?utf-8?q?6i/0VT4Zu2ZDY6YJpdZ/dloLC+De+ZnEwa9EQYuG+2SeUk1PdwJulEUpPg67O5gOV?= =?utf-8?q?k008HbU5by2wcuX2px00vQqQbl7nIF48KVuGTQtCeUPSoir+W1iA+5QsDgH5WKEjN?= =?utf-8?q?A8F8scqiDm834jhosLGiH5HEHaKJWKxjVN2i8VQ5uLZuaBsEaeRYuny1z8alUld7A?= =?utf-8?q?s/joDdMJgsvLz3PEmMrtkHOKkFbdW/tibFqxCULIXoHCgE2U7uNzH9GCPrtbJ9+Vh?= =?utf-8?q?t0aom8xTchYbyQTGaJy6IA7LqV+c7ACS7kcDvDMnxLV5yWaCHRehvIyO3ZS2JgAxc?= =?utf-8?q?pGBZV2WN5wV5asv9HzFNi2+prF9uWNtIkOZZJDq0XqpcMgp3lpi56hddj1gAONZjz?= =?utf-8?q?nVQYrPN1ExEqOvYf5rXhil5lgA+rAlWOifVOwe8Ott/nFyChaikPJh2BP8dg=3D?= X-OriginatorOrg: sct-15-20-7762-17-msonline-outlook-fa1c0.templateTenant X-MS-Exchange-CrossTenant-Network-Message-Id: ad534e26-5694-46d3-fd02-08dccd02676b X-MS-Exchange-CrossTenant-AuthSource: DU0PR03MB9567.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Sep 2024 16:55:39.5159 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR03MB8503 X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: [FFmpeg-devel] [PATCH] lavf/tls_mbedtls: restrict TLSv1.3 verification workaround to affected version X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: Na9aZzsYTiuL From 57b37df52c7d528a1ce926cd7a7d75f62f6b46c6 Mon Sep 17 00:00:00 2001 From: sfan5 Date: Wed, 4 Sep 2024 17:56:05 +0200 Subject: [PATCH] lavf/tls_mbedtls: restrict TLSv1.3 verification workaround to affected version Now that mbedTLS 3.6.1 is released we know that only 3.6.0 contains this regression. ref: c28e5b597ecc34188427347ad8d773bf9a0176cd Signed-off-by: sfan5 --- libavformat/tls_mbedtls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index 567b95b129..6dd807d5b6 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -269,8 +269,8 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op goto fail; } -#ifdef MBEDTLS_SSL_PROTO_TLS1_3 - // mbedTLS does not allow disabling certificate verification with TLSv1.3 (yes, really). +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && MBEDTLS_VERSION_NUMBER == 0x03060000 + // this version does not allow disabling certificate verification with TLSv1.3 (yes, really). if (!shr->verify) { av_log(h, AV_LOG_INFO, "Forcing TLSv1.2 because certificate verification is disabled\n"); mbedtls_ssl_conf_max_tls_version(&tls_ctx->ssl_config, MBEDTLS_SSL_VERSION_TLS1_2); -- 2.46.0