Am 11.06.24 um 17:02 schrieb Anton Khirnov:
Quoting Sfan5 (2024-05-17 10:34:50)
As of mbedTLS 3.6.0 TLSv1.3 is enabled by default and certificate
verification
is now mandatory. Our default configuration does not do verification, so
downgrade to 1.2 in these situations to avoid breaking it.
ref: https://github.com/Mbed-TLS/mbedtls/issues/7075
Signed-off-by: sfan5 <sf...@live.de>
---
Would it not be simpler to simply set authmode to
MBEDTLS_SSL_VERIFY_OPTIONAL unconditionally, then just disregard the
verification result?
That's the thing and it's exactly as stupid as it sounds: When using
TLSv1.3 it will ignore the MBEDTLS_SSL_VERIFY mode entirely.
If the verification doesn't pass the handshake fails and you don't get
an usable connection. I'm hoping the mbedTLS devs realize at some point
how nonviable this is and fix it but as of right now this is the only
way to not have ffmpeg "randomly" (depending on if the server speaks
TLSv1.3) fail with mbedTLS 3.6.0.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
