From patchwork Tue Sep 10 15:47:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: sfan5 X-Patchwork-Id: 51494 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:612c:41b1:b0:48e:c0f8:d0de with SMTP id le49csp506148vqb; Tue, 10 Sep 2024 08:47:57 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXUVaOY1JQyZx0KAJ9bBBXrtEAur4rywscm4NJcBy/rdfvadByj5bHYegYCvhqzZWOgzCU0suj3Dy1Mk922SWPu@gmail.com X-Google-Smtp-Source: AGHT+IFZMtEKov04U7bdzhQcCgqu/YYsCfJSjS9EUBzF/0aVJQEtoIiv6KAiBxSa5L9XFKQcIv+S X-Received: by 2002:a05:6000:4029:b0:374:b6f5:89aa with SMTP id ffacd0b85a97d-378895ca6ffmr4930870f8f.3.1725983277139; Tue, 10 Sep 2024 08:47:57 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 4fb4d7f45d1cf-5c3ebdab7dfsi5501105a12.604.2024.09.10.08.47.56; Tue, 10 Sep 2024 08:47:57 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@LIVE.DE header.s=selector1 header.b=ciUtWOhb; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=live.de Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 06AFD68E14F; Tue, 10 Sep 2024 18:47:53 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from DUZPR83CU001.outbound.protection.outlook.com (mail-northeuropeazolkn19013070.outbound.protection.outlook.com [52.103.32.70]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 49B4168DB8F for ; Tue, 10 Sep 2024 18:47:45 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=fp1exbow/B6P56uQ98neSlqXfAoYAtz9mkJ8YcdZa86QI+wyqLhDbugUxq97nY2wTyMrAoRbF4AOkrR4GENX9NsxxSW/BibMw/Tse6K3VX/9gk+6ZoX+/+9skpqvdg+Q/6+4zmntfpfCLEINY5RN5+fKP4iyRTdRiMFJjqOZC7G7OKIUlj7szucosbQk1ZT7QMg5kkrNQJWObruUs7zLA2Yt0ziWwa9GXUxPvb81qubMEXS9uwe1XObRXvnhOomYZPF+dkOAyBbGAfgyq5KM8X3tnx9XKxjWeJS7xiRDljwN5Xu4aRNqIj367jgTHGn+ikkDThCmhmviDTQvm4PwJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5RvVYcy8DpprwnI8XYes/vuF+88j6z43yJ11hyGG0Ws=; b=GAMmVbw8Ghbr/qqJ4nuOibG9BysBmaz2k9zELTQP9PMHfDWMZ8ixgL6WCWnMfFPPEXoQRGGsCOXfMGHxQILhpVJLi8lkkaz0TCyWEC40eJ8MiC1iGpDthX0pTjaWYxvlDBVdiAqp7j2zfqDz7A9Mllvd8q0mrW+GY2foR9OoOXJdkV6F4zNmuh5ZHZ7ZyRiLa0D0sKEdhdzMUdhuRaHnYVHkjQHrP76u9TQjbVLMIlhherWKorVBXjxh3KmQEAjEi/ttgOqvGUMzW4Z5phIJr+kwVMQ/wLzRNsg54IMUDWwWCqu8j3shsO1t6ihi1E/7tjWZ3A8n6NikFc47qD1/HA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=LIVE.DE; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5RvVYcy8DpprwnI8XYes/vuF+88j6z43yJ11hyGG0Ws=; b=ciUtWOhbWblRTQrpC8qPMezp/vLi/o0nJ7DosuThB9DDp7RhdR0HwWICBpBYMeX/s2UZMeogdbMJDAa7ExzSxEJwmlEHjoUZ/ag3YFQf6H/TMEKHwkI/fcmgTbBOEGKl8ViIAzUbFFkuHuHr6jNzfRZOLIl0splac69BaLbt4PJJzX6f3k0hqw4lTWyCfUeYMXLqw8id3+pk3l2SbI1TCRRy99tEADrQ5fhZdOmEv8HtKQtoZGzBYUcm0d64LaO3lJ5U784vZsbyRs7vjvPPQeu4hqMjBWiOoQDiENNkGxtYl53uWBrFejhAY/yUlp6/dTt5qKnYuXfHp2+k1lyOyA== Received: from DU0PR03MB9567.eurprd03.prod.outlook.com (2603:10a6:10:41f::20) by AS8PR03MB7686.eurprd03.prod.outlook.com (2603:10a6:20b:401::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24; Tue, 10 Sep 2024 15:47:42 +0000 Received: from DU0PR03MB9567.eurprd03.prod.outlook.com ([fe80::e356:c67a:e5bb:cc8a]) by DU0PR03MB9567.eurprd03.prod.outlook.com ([fe80::e356:c67a:e5bb:cc8a%7]) with mapi id 15.20.7939.022; Tue, 10 Sep 2024 15:47:42 +0000 Message-ID: Date: Tue, 10 Sep 2024 17:47:41 +0200 User-Agent: Mozilla Thunderbird Content-Language: en-US, de-DE To: FFmpeg development discussions and patches From: sfan5 X-TMN: [QiUsWYInuu+YhwQtG4jM5H3iwiVxVqoCiIFKkhd6F+D+UrW5q+Vwl3hBczoJ5I1vQ8hwkfvP42c=] X-ClientProxiedBy: FR3P281CA0017.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:1d::20) To DU0PR03MB9567.eurprd03.prod.outlook.com (2603:10a6:10:41f::20) X-Microsoft-Original-Message-ID: <018f7729-e6cf-4d64-8e61-0a2455b62875@live.de> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR03MB9567:EE_|AS8PR03MB7686:EE_ X-MS-Office365-Filtering-Correlation-Id: 47ef735a-c996-44e6-5369-08dcd1afe820 X-Microsoft-Antispam: BCL:0; ARA:14566002|19110799003|461199028|5072599009|6092099012|15080799006|3412199025|440099028; X-Microsoft-Antispam-Message-Info: bmTgMqF3YPPdlXNARjvnihV/0w3wxcy50GrbmSZdnO5TYGyvRLEY+dEyTkwDaDXFPZoQN8qAa5dTjbmB6SMJTbA/f27XDs9ImCZU8vMvdtYnS7IFMQ7pm/VnM3e8N+Lt8TCoHt93i3FJqghPb8/icDDlx+m2FpmoAtu2TlUhmw+vemG0ConTCJqOwqh29rr1H/M0D12rpyPibKZhxxsRQE35o1KZhc1Fmp+TV1sOiQmz7dki00BxiDEerhnFT0pywxXSkk5idDLC7szqK7XHHJVktbxdlOeMdiWYPsdR/g5uCWualasY4gEJsWmFeR6mra0dsf/6thRMJ7hv024jPuI4OcdSLHAN2rqpszf3Z4hg3x6+LK1PdLIWZO4CD7tDI5bzOyrCWx7c6eJuRLllAR0/Cgb0Q6Rlxw0ucat+OIAGuoJz1NAKohqYhBhfnHKdoqTyZIlh1dvjL7W/e/qGhQ== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?lSafJVsKMN/ynyjfG0SEDLoOW6jw?= =?utf-8?q?wB1UICg9812gnpzuRwN3KMWy3Vx73/onIbOPgDTKVafy5Hpnc6hI1SFToVjFaQFPA?= =?utf-8?q?mUzP9XyNR33Wy33o2vtcbxQ95Kywzk6OYpuOpGyE4Heay5GB6POc9Ppao4HBwNfmt?= =?utf-8?q?NNnxZpjQN9HJpGGp4lcbbX02H47KmbaLHz2OMJeJdXVqTYeTlKJaGRSMOt2+DHvjp?= =?utf-8?q?Le4V/+Pc4URh5iH+wB0V/VYziu6d5DM+7u6Y6Ene/r5x4bhnlyV72laL1mifD6vmd?= =?utf-8?q?K9dZcBFXprhclJZmIboIKX+yf0cBuTXE/ZVS2018TWdfk/Rlo+x2sDNmZKWYlj2CV?= =?utf-8?q?7lehR66qZH4aq0XS/WtMma/n5HzeCN263eud+bFr9nxB7lH/z7exZex2gdiZfFE9R?= =?utf-8?q?b4v1DEiXu/14/0jhrRwQ/5DeA+AiAEdEYvQE9G6N/nVn41rTV1Ki1Om9gnfjixypL?= =?utf-8?q?jDHI/YRaRL7ewrQwCYs154jbYHTaVc3/i8e5Cb5u5M7HK5c2X4k+NZo0h40tyvEzN?= =?utf-8?q?dwMb4J2R57xBWiZWedIjYjehJk1fIKStPqsOBVX4CDyVrOh8DK9gVPO2RIsST99qD?= =?utf-8?q?Me85OgZnSGXMcohVuNv9xQQnYX0CKGfUhmPkZSmrd7Nmytw+u7kece8Zsp3qZUhXd?= =?utf-8?q?RCUppYGMwev2S8P/mURZm5+23GQ4oVq9/hA9TSr40r0vuYh9AcjLlGeaQ9w9GH+E/?= =?utf-8?q?MJE5ZrRfb2Eht3/IdiBJdjYfAJkg1qnsE8QDCHxR+GBe5rnuyc/u7CwjWl/Zzcerj?= =?utf-8?q?5XIIcjb4/44TO5dBfYBtmMc7T6IhMpHN4cskge7UBAxBdkhjog1jeeOzsEgE8dWGJ?= =?utf-8?q?zTlF2f6r+3PIdCN3LZSKQ2IRu2pCG1O6LJE8gP9Lz7U2WPYdcP8BT7z9dmrGGGamm?= =?utf-8?q?jn9BHeW0MBbmd1XnPeeeI8UvrYzmZhr9P2djUooHpmWu2NVIQpbXXgg002CJwOUjD?= =?utf-8?q?69RChjt7vkt6kTlNLKkPpey2F76FcMI6cxaGXW9+LnvLAfI5EgJH6t3bM3S3VLsfm?= =?utf-8?q?s/MCvQAgKdhjg6DZOLRyRjgODqhJ3tiMr3muXXY6b20kDFX22nZ5Osk5B5xfkYGIm?= =?utf-8?q?cAl7OHy+jT7afZHFEhtXmkIvPYcub8aAEaROZuZ9w8Hnz5RwW9FGBwO+FDtk0RTpC?= =?utf-8?q?e7J41joVdxyDrKRMsK+W/fqqokQgDcTps10XtJyDa/z3KQZtv+mqT12vLdfvn8q40?= =?utf-8?q?9K5fS8poHneJvjqg/oHWjDjxz23doVGc9Bj0X3hk9LkicJS7XbpWLn/V4wWE=3D?= X-OriginatorOrg: sct-15-20-7762-17-msonline-outlook-fa1c0.templateTenant X-MS-Exchange-CrossTenant-Network-Message-Id: 47ef735a-c996-44e6-5369-08dcd1afe820 X-MS-Exchange-CrossTenant-AuthSource: DU0PR03MB9567.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Sep 2024 15:47:42.6812 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR03MB7686 X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: [FFmpeg-devel] [PATCH v2] lavf/tls_mbedtls: restrict TLSv1.3 verification workaround to affected version X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: dDww7JJyXMf7 From 2db025b18be995afea46dea6c15a3caf1d985a82 Mon Sep 17 00:00:00 2001 From: sfan5 Date: Wed, 4 Sep 2024 17:56:05 +0200 Subject: [PATCH v2] lavf/tls_mbedtls: restrict TLSv1.3 verification workaround to affected version Now that mbedTLS 3.6.1 is released we know that only 3.6.0 contains this regression. ref: c28e5b597ecc34188427347ad8d773bf9a0176cd Signed-off-by: sfan5 --- libavformat/tls_mbedtls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index 567b95b129..e802c6b872 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -270,8 +270,8 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op } #ifdef MBEDTLS_SSL_PROTO_TLS1_3 - // mbedTLS does not allow disabling certificate verification with TLSv1.3 (yes, really). - if (!shr->verify) { + // this version does not allow disabling certificate verification with TLSv1.3 (yes, really). + if (mbedtls_version_get_number() == 0x03060000 && !shr->verify) { av_log(h, AV_LOG_INFO, "Forcing TLSv1.2 because certificate verification is disabled\n"); mbedtls_ssl_conf_max_tls_version(&tls_ctx->ssl_config, MBEDTLS_SSL_VERSION_TLS1_2); } -- 2.46.0