[FFmpeg-devel] [PATCH 1/3] avformat/tls_openssl: add host verification
Marvin Scholz
epirat07 at gmail.com
Tue Jul 8 21:50:34 EEST 2025
On 8 Jul 2025, at 20:33, Nicolas George wrote:
> Marvin Scholz (HE12025-07-08):
>> That's already possible with `-tls_verify 0`
>
> Then the commit message inadequately explains what the patch does.
> Please clarify.
Sure, I will add a more verbose message.
However note that verification was already done before
my patch, when enabled, just not taking the host into account
but all other aspects of the cert.
>
>> (which is actually the default, arguably shouldn't be IMHO but
>> thats a different topic)
>
> A transition period where only a warning is printed would be necessary.
How could that work though? Warn for every tls use
in ffmpeg unless the user explicitly specifies
-tls_verify 1 or -tls_verify 0?
I think a lot of people would complain about that?
But I agree we probably can't just change the behavior without making
people aware of it before…
>
> Regards,
>
> --
> Nicolas George
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
More information about the ffmpeg-devel
mailing list