[FFmpeg-devel] [PATCH v2] libavformat/tls_mbedtls: Changes the return code handling of mbedtls_x509_crt_parse_file

Mohit Gupta Wed, 24 Jul 2024 17:32:59 -0700

mbedtls_x509_crt_parse_file returns an error with negative numbers, and positive numbers indicate the number of failed certificates to load from certificate specific issues, such as critical extensions.


This would fix ticket #11079.


Signed-off-by: Mohit Gupta <g...@skybound.link>
---
 libavformat/tls_mbedtls.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c
index 567b95b129..ccf5ee38ad 100644
--- a/libavformat/tls_mbedtls.c
+++ b/libavformat/tls_mbedtls.c

@@ -223,9 +223,11 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op

      // load trusted CA
     if (shr->ca_file) {

- if ((ret = mbedtls_x509_crt_parse_file(&tls_ctx->ca_cert, shr->ca_file)) != 0) { + if ((ret = mbedtls_x509_crt_parse_file(&tls_ctx->ca_cert, shr->ca_file)) < 0) { av_log(h, AV_LOG_ERROR, "mbedtls_x509_crt_parse_file for CA cert returned %d\n", ret);

             goto fail;
+        } else if (ret > 0) {

+ av_log(h, AV_LOG_WARNING, "Failed to process %d certificate(s) from the CA bundle, ignoring these certificates\n", ret);

         }
     }
 -- 2.45.2

OpenPGP_signature.asc
Description: OpenPGP digital signature

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH v2] libavformat/tls_mbedtls: Changes the return code handling of mbedtls_x509_crt_parse_file

Reply via email to