[FFmpeg-devel] [PATCH 1/3] avformat/tls_openssl: add host verification
Nicolas George
george at nsup.org
Tue Jul 8 21:16:22 EEST 2025
Marvin Scholz (HE12025-07-08):
> From: Daniel N Pettersson <danielnp at axis.com>
>
> Co-Authored-By: Marvin Scholz <epirat07 at gmail.com>
> ---
> libavformat/tls_openssl.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
> index a0fa3285d5..7614caf089 100644
> --- a/libavformat/tls_openssl.c
> +++ b/libavformat/tls_openssl.c
> @@ -921,8 +921,15 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op
> ret = init_bio_method(h);
> if (ret < 0)
> goto fail;
> - if (!c->listen && !c->numerichost)
> + if (!c->listen && !c->numerichost) {
> + if (!SSL_set1_host(p->ssl, c->host)) {
Must be optional.
> + av_log(h, AV_LOG_ERROR, "Failed to set hostname for TLS/SSL verification: %s\n",
> + openssl_get_error(p));
> + ret = AVERROR(EIO);
AVERROR_EXTERNAL
> + goto fail;
> + }
> SSL_set_tlsext_host_name(p->ssl, c->host);
> + }
> ret = c->listen ? SSL_accept(p->ssl) : SSL_connect(p->ssl);
> if (ret == 0) {
> av_log(h, AV_LOG_ERROR, "Unable to negotiate TLS/SSL session\n");
Regards,
--
Nicolas George
More information about the ffmpeg-devel
mailing list