Quoting sfan5 (2024-06-11 18:17:00) > Am 11.06.24 um 17:02 schrieb Anton Khirnov: > > Quoting Sfan5 (2024-05-17 10:34:50) > >> As of mbedTLS 3.6.0 TLSv1.3 is enabled by default and certificate > >> verification > >> is now mandatory. Our default configuration does not do verification, so > >> downgrade to 1.2 in these situations to avoid breaking it. > >> > >> ref: https://github.com/Mbed-TLS/mbedtls/issues/7075 > >> Signed-off-by: sfan5 <sf...@live.de> > >> --- > > Would it not be simpler to simply set authmode to > > MBEDTLS_SSL_VERIFY_OPTIONAL unconditionally, then just disregard the > > verification result? > > > That's the thing and it's exactly as stupid as it sounds: When using > TLSv1.3 it will ignore the MBEDTLS_SSL_VERIFY mode entirely. > > If the verification doesn't pass the handshake fails and you don't get > an usable connection. I'm hoping the mbedTLS devs realize at some point > how nonviable this is and fix it but as of right now this is the only > way to not have ffmpeg "randomly" (depending on if the server speaks > TLSv1.3) fail with mbedTLS 3.6.0.
uh...that sure is...special Patch pushed then. -- Anton Khirnov _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
