Quoting sfan5 (2021-12-29 23:12:37) > On 29.12.2021 at 21:02 Anton Khirnov wrote: > > Quoting sfan5 (2021-12-13 21:55:41) > >> If ca_file was set, setting tls_verify=0 would not actually disable > >> verification. > >> > >> From 2677353187c4e3c20b50a3f9aab53130e3ead99b Mon Sep 17 00:00:00 2001 > >> From: sfan5 <sf...@live.de> > >> Date: Mon, 13 Dec 2021 21:35:40 +0100 > >> Subject: [PATCH] lavf/tls_mbedtls: fix handling of tls_verify=0 > >> > >> If ca_file was set, setting tls_verify=0 would not actually disable > >> verification. > >> --- > >> libavformat/tls_mbedtls.c | 2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > >> > >> diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c > >> index aadf17760d..5754d0d018 100644 > >> --- a/libavformat/tls_mbedtls.c > >> +++ b/libavformat/tls_mbedtls.c > >> @@ -223,7 +223,7 @@ static int tls_open(URLContext *h, const char *uri, > >> int flags, AVDictionary **op > >> } > >> > >> mbedtls_ssl_conf_authmode(&tls_ctx->ssl_config, > >> - shr->ca_file ? MBEDTLS_SSL_VERIFY_REQUIRED > >> : MBEDTLS_SSL_VERIFY_NONE); > >> + shr->verify ? MBEDTLS_SSL_VERIFY_REQUIRED : > >> MBEDTLS_SSL_VERIFY_NONE); > >> mbedtls_ssl_conf_rng(&tls_ctx->ssl_config, mbedtls_ctr_drbg_random, > >> &tls_ctx->ctr_drbg_context); > >> mbedtls_ssl_conf_ca_chain(&tls_ctx->ssl_config, &tls_ctx->ca_cert, > >> NULL); > >> > >> -- > >> 2.34.1 > > What will happen if verify=1, but ca_file is not set? > > > The verification fails as expected and mbedtls_ssl_handshake returns an > error, just tested.
Then patch looks good -- Anton Khirnov _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
