ffmpeg | branch: master | Marvin Scholz <epira...@gmail.com> | Tue Jul 8 20:05:47 2025 +0200| [080dc4cf5479d000b8ac66bbb93e72c70ec4dda8] | committer: Marvin Scholz
avformat/tls_openssl: load default verify locations When no explicit CAs file is set, load the default locations, else there is no way for verification to succeed. This matches the behavior of other TLS backends. > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=080dc4cf5479d000b8ac66bbb93e72c70ec4dda8 --- libavformat/tls_openssl.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c index 49f26860b1..0a7998210f 100644 --- a/libavformat/tls_openssl.c +++ b/libavformat/tls_openssl.c @@ -740,6 +740,12 @@ static av_cold int openssl_init_ca_key_cert(URLContext *h) if (c->ca_file) { if (!SSL_CTX_load_verify_locations(p->ctx, c->ca_file, NULL)) av_log(h, AV_LOG_ERROR, "SSL_CTX_load_verify_locations %s\n", openssl_get_error(p)); + } else { + if (!SSL_CTX_set_default_verify_paths(p->ctx)) { + // Only log the failure but do not error out, as this is not fatal + av_log(h, AV_LOG_WARNING, "Failure setting default verify locations: %s\n", + openssl_get_error(p)); + } } if (c->cert_file) { _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
