[FFmpeg-devel] [PATCH] lavf/tls_mbedtls: restrict TLSv1.3 verification workaround to affected version
sfan5
sfan5 at live.de
Tue Sep 10 17:29:17 EEST 2024
Am 09.09.24 um 12:21 schrieb Anton Khirnov:
> Quoting sfan5 (2024-09-04 18:55:37)
>> From 57b37df52c7d528a1ce926cd7a7d75f62f6b46c6 Mon Sep 17 00:00:00 2001
>> From: sfan5 <sfan5 at live.de>
>> Date: Wed, 4 Sep 2024 17:56:05 +0200
>> Subject: [PATCH] lavf/tls_mbedtls: restrict TLSv1.3 verification workaround to
>> affected version
>>
>> Now that mbedTLS 3.6.1 is released we know that only 3.6.0 contains this regression.
>>
>> ref: c28e5b597ecc34188427347ad8d773bf9a0176cd
>> Signed-off-by: sfan5 <sfan5 at live.de>
>> ---
>> libavformat/tls_mbedtls.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c
>> index 567b95b129..6dd807d5b6 100644
>> --- a/libavformat/tls_mbedtls.c
>> +++ b/libavformat/tls_mbedtls.c
>> @@ -269,8 +269,8 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op
>> goto fail;
>> }
>>
>> -#ifdef MBEDTLS_SSL_PROTO_TLS1_3
>> - // mbedTLS does not allow disabling certificate verification with TLSv1.3 (yes, really).
>> +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && MBEDTLS_VERSION_NUMBER == 0x03060000
> Should this not be a runtime check, or is 3.6.1 ABI-incompatible with
> 3.6.0?
>
Good point. Should be, so I'll move it to runtime.
More information about the ffmpeg-devel
mailing list