[FFmpeg-devel] [PATCH 2/3] avformat/tls_openssl: verify setting hostname for SNI
Marvin Scholz
epirat07 at gmail.com
Tue Jul 8 21:26:21 EEST 2025
On 8 Jul 2025, at 20:16, Nicolas George wrote:
> Marvin Scholz (HE12025-07-08):
>> ---
>> libavformat/tls_openssl.c | 6 +++++-
>> 1 file changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
>> index 7614caf089..e65914f11a 100644
>> --- a/libavformat/tls_openssl.c
>> +++ b/libavformat/tls_openssl.c
>> @@ -928,7 +928,11 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op
>> ret = AVERROR(EIO);
>> goto fail;
>> }
>> - SSL_set_tlsext_host_name(p->ssl, c->host);
>> + if (!SSL_set_tlsext_host_name(p->ssl, c->host)) {
>> + av_log(h, AV_LOG_ERROR, "Failed to set hostname for SNI: %s\n", openssl_get_error(p));
>
>> + ret = AVERROR(EIO);
>
> AVERROR_EXTERNAL
>
Indeed, will send a new set with the error code changed.
We should probably eventually change most of the other ones to that
as well, as right now nearly all are AVERROR(EIO) even if its not an
IO error at all.
>> + goto fail;
>> + }
>> }
>> ret = c->listen ? SSL_accept(p->ssl) : SSL_connect(p->ssl);
>> if (ret == 0) {
>> --
>> 2.39.5 (Apple Git-154)
>>
>> _______________________________________________
>> ffmpeg-devel mailing list
>> ffmpeg-devel at ffmpeg.org
>> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>>
>> To unsubscribe, visit link above, or email
>> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
>
> --
> “I dont see why” isnt an argument. Proposing better is.
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
More information about the ffmpeg-devel
mailing list