RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

lavf/tls_mbedtls: restrict TLSv1.3 verification workaround to affected version 

Now that mbedTLS 3.6.1 is released we know that only 3.6.0 contains this regression.

ref: c28e5b597e
Signed-off-by: sfan5 <sfan5@live.de>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This commit is contained in:
sfan5 2024-09-04 17:56:05 +02:00 committed by Anton Khirnov
parent 5c66a3ab51
commit e66f977494
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libavformat/tls_mbedtls.c
View File

@ -270,8 +270,8 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op
} }
#ifdef MBEDTLS_SSL_PROTO_TLS1_3 #ifdef MBEDTLS_SSL_PROTO_TLS1_3
// mbedTLS does not allow disabling certificate verification with TLSv1.3 (yes, really). // this version does not allow disabling certificate verification with TLSv1.3 (yes, really).
if (!shr->verify) { if (mbedtls_version_get_number() == 0x03060000 && !shr->verify) {
av_log(h, AV_LOG_INFO, "Forcing TLSv1.2 because certificate verification is disabled\n"); av_log(h, AV_LOG_INFO, "Forcing TLSv1.2 because certificate verification is disabled\n");
mbedtls_ssl_conf_max_tls_version(&tls_ctx->ssl_config, MBEDTLS_SSL_VERSION_TLS1_2); mbedtls_ssl_conf_max_tls_version(&tls_ctx->ssl_config, MBEDTLS_SSL_VERSION_TLS1_2);
} }