[FFmpeg-devel] [PATCH 6/6] lavf/tls_mbedtls: add workaround for TLSv1.3 vs. verify=0

Anton Khirnov anton at khirnov.net
Tue Jun 11 18:02:51 EEST 2024


Quoting Sfan5 (2024-05-17 10:34:50)
> As of mbedTLS 3.6.0 TLSv1.3 is enabled by default and certificate 
> verification
> is now mandatory. Our default configuration does not do verification, so
> downgrade to 1.2 in these situations to avoid breaking it.
> 
> ref: https://github.com/Mbed-TLS/mbedtls/issues/7075
> Signed-off-by: sfan5 <sfan5 at live.de>
> ---

Would it not be simpler to simply set authmode to
MBEDTLS_SSL_VERIFY_OPTIONAL unconditionally, then just disregard the
verification result?

-- 
Anton Khirnov


More information about the ffmpeg-devel mailing list