mirror of
https://git.ffmpeg.org/ffmpeg.git
synced 2024-12-24 00:02:52 +00:00
lavf/tls_mbedtls: restrict TLSv1.3 verification workaround to affected version
Now that mbedTLS 3.6.1 is released we know that only 3.6.0 contains this regression.
ref: c28e5b597e
Signed-off-by: sfan5 <sfan5@live.de>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This commit is contained in:
parent
5c66a3ab51
commit
e66f977494
@ -270,8 +270,8 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op
|
||||
}
|
||||
|
||||
#ifdef MBEDTLS_SSL_PROTO_TLS1_3
|
||||
// mbedTLS does not allow disabling certificate verification with TLSv1.3 (yes, really).
|
||||
if (!shr->verify) {
|
||||
// this version does not allow disabling certificate verification with TLSv1.3 (yes, really).
|
||||
if (mbedtls_version_get_number() == 0x03060000 && !shr->verify) {
|
||||
av_log(h, AV_LOG_INFO, "Forcing TLSv1.2 because certificate verification is disabled\n");
|
||||
mbedtls_ssl_conf_max_tls_version(&tls_ctx->ssl_config, MBEDTLS_SSL_VERSION_TLS1_2);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user