[FFmpeg-devel] [PATCH 2/3] avformat/tls_openssl: verify setting hostname for SNI
Nicolas George
george at nsup.org
Tue Jul 8 21:16:40 EEST 2025
Marvin Scholz (HE12025-07-08):
> ---
> libavformat/tls_openssl.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
> index 7614caf089..e65914f11a 100644
> --- a/libavformat/tls_openssl.c
> +++ b/libavformat/tls_openssl.c
> @@ -928,7 +928,11 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op
> ret = AVERROR(EIO);
> goto fail;
> }
> - SSL_set_tlsext_host_name(p->ssl, c->host);
> + if (!SSL_set_tlsext_host_name(p->ssl, c->host)) {
> + av_log(h, AV_LOG_ERROR, "Failed to set hostname for SNI: %s\n", openssl_get_error(p));
> + ret = AVERROR(EIO);
AVERROR_EXTERNAL
> + goto fail;
> + }
> }
> ret = c->listen ? SSL_accept(p->ssl) : SSL_connect(p->ssl);
> if (ret == 0) {
> --
> 2.39.5 (Apple Git-154)
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
--
“I dont see why” isnt an argument. Proposing better is.
More information about the ffmpeg-devel
mailing list