This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch master in repository ffmpeg.
commit e2eee22f16744a2f60b9c0b46077478c2592bb70 Author: Jack Lau <[email protected]> AuthorDate: Wed Jun 10 13:14:54 2026 +0800 Commit: Jack Lau <[email protected]> CommitDate: Tue Jun 23 22:44:20 2026 +0800 avformat/tls_openssl: refactor dtls_start() to use common code Removing the dtls_start() and create a simple dtls_open() wrapper that just set s->is_dtls and call tls_open() to use common code. Signed-off-by: Jack Lau <[email protected]> --- libavformat/tls_openssl.c | 104 ++++------------------------------------------ 1 file changed, 9 insertions(+), 95 deletions(-) diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c index 220711fb69..7596a1a405 100644 --- a/libavformat/tls_openssl.c +++ b/libavformat/tls_openssl.c @@ -774,100 +774,6 @@ fail: return ret; } -/** - * Once the DTLS role has been negotiated - active for the DTLS client or passive for the - * DTLS server - we proceed to set up the DTLS state and initiate the handshake. - */ -static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **options) -{ - TLSContext *c = h->priv_data; - TLSShared *s = &c->tls_shared; - int ret = 0; - s->is_dtls = 1; - - if (!c->tls_shared.external_sock) { - if ((ret = ff_tls_open_underlying(&c->tls_shared, h, url, options)) < 0) { - av_log(c, AV_LOG_ERROR, "Failed to connect %s\n", url); - return ret; - } - } - - c->ctx = SSL_CTX_new(s->listen ? DTLS_server_method() : DTLS_client_method()); - if (!c->ctx) { - ret = AVERROR(ENOMEM); - goto fail; - } - - ret = openssl_init_ca_key_cert(h); - if (ret < 0) goto fail; - - /* Note, this doesn't check that the peer certificate actually matches the requested hostname. */ - if (s->verify) - SSL_CTX_set_verify(c->ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); - - if (s->use_srtp) { - /** - * The profile for OpenSSL's SRTP is SRTP_AES128_CM_SHA1_80, see ssl/d1_srtp.c. - * The profile for FFmpeg's SRTP is SRTP_AES128_CM_HMAC_SHA1_80, see libavformat/srtp.c. - */ - const char* profiles = "SRTP_AES128_CM_SHA1_80"; - if (SSL_CTX_set_tlsext_use_srtp(c->ctx, profiles)) { - av_log(c, AV_LOG_ERROR, "Init SSL_CTX_set_tlsext_use_srtp failed, profiles=%s, %s\n", - profiles, openssl_get_error(c)); - ret = AVERROR(EINVAL); - goto fail; - } - } - - /* The ssl should not be created unless the ctx has been initialized. */ - c->ssl = SSL_new(c->ctx); - if (!c->ssl) { - ret = AVERROR(ENOMEM); - goto fail; - } - - if (!s->listen && !s->numerichost) - SSL_set_tlsext_host_name(c->ssl, s->host); - - /* Setup the callback for logging. */ - SSL_set_ex_data(c->ssl, 0, c); - SSL_CTX_set_info_callback(c->ctx, openssl_info_callback); - - /** - * We have set the MTU to fragment the DTLS packet. It is important to note that the - * packet is split to ensure that each handshake packet is smaller than the MTU. - */ - if (s->mtu <= 0) - s->mtu = 1096; - SSL_set_options(c->ssl, SSL_OP_NO_QUERY_MTU); - SSL_set_mtu(c->ssl, s->mtu); - DTLS_set_link_mtu(c->ssl, s->mtu); - init_bio_method(h); - - /* This seems to be necessary despite explicitly setting client/server method above. */ - if (s->listen) - SSL_set_accept_state(c->ssl); - else - SSL_set_connect_state(c->ssl); - - /* The SSL_do_handshake can't be called if DTLS hasn't prepare for udp. */ - if (!c->tls_shared.external_sock) { - ret = dtls_handshake(h); - // Fatal SSL error, for example, no available suite when peer is DTLS 1.0 while we are DTLS 1.2. - if (ret < 0) { - av_log(c, AV_LOG_ERROR, "Failed to drive SSL context, ret=%d\n", ret); - return AVERROR(EIO); - } - } - - av_log(c, AV_LOG_VERBOSE, "Setup ok, MTU=%d\n", c->tls_shared.mtu); - - return 0; -fail: - tls_close(h); - return ret; -} - static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options) { TLSContext *c = h->priv_data; @@ -992,6 +898,14 @@ fail: return ret; } +static int dtls_open(URLContext *h, const char *uri, int flags, AVDictionary **options) +{ + TLSContext *c = h->priv_data; + TLSShared *s = &c->tls_shared; + s->is_dtls = 1; + return tls_open(h, uri, flags, options); +} + static int tls_read(URLContext *h, uint8_t *buf, int size) { TLSContext *c = h->priv_data; @@ -1081,7 +995,7 @@ static const AVClass dtls_class = { const URLProtocol ff_dtls_protocol = { .name = "dtls", - .url_open2 = dtls_start, + .url_open2 = dtls_open, .url_handshake = dtls_handshake, .url_close = tls_close, .url_read = tls_read, _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
