virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-10 06:10:52 +02:00
Code Issues Releases Activity

avformat/tls: switch on peer certificate verification by default

Browse Source
This commit is contained in:
Timo Rothenpieler
2025-08-05 01:19:07 +02:00
parent abf87f09cb
commit 5621eee672
3 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Changelog
View File

@@ -4,6 +4,7 @@ releases are sorted from youngest to oldest.
version <next>:
- Whisper filter
- Drop support for OpenSSL < 1.1.0
- Enable TLS peer certificate verification by default (on next major version bump)
- yasm support dropped, users need to use nasm
- VVC VAAPI decoder
- RealVideo 6.0 decoder

9
libavformat/tls.h
View File

@@ -25,6 +25,7 @@
#include "libavutil/bprint.h"
#include "libavutil/opt.h"
#include "version.h"
#include "url.h"
@@ -78,10 +79,16 @@ typedef struct TLSShared {
#define TLS_OPTFL (AV_OPT_FLAG_DECODING_PARAM | AV_OPT_FLAG_ENCODING_PARAM)
#if FF_API_NO_DEFAULT_TLS_VERIFY
#define TLS_VERIFY_DEFAULT 0
#else
#define TLS_VERIFY_DEFAULT 1
#endif
#define FF_TLS_CLIENT_OPTIONS(pstruct, options_field) \
{"ca_file", "Certificate Authority database file", offsetof(pstruct, options_field . ca_file), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
{"cafile", "Certificate Authority database file", offsetof(pstruct, options_field . ca_file), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
{"tls_verify", "Verify the peer certificate", offsetof(pstruct, options_field . verify), AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \
{"tls_verify", "Verify the peer certificate", offsetof(pstruct, options_field . verify), AV_OPT_TYPE_INT, { .i64 = TLS_VERIFY_DEFAULT }, 0, 1, .flags = TLS_OPTFL }, \
{"cert_file", "Certificate file", offsetof(pstruct, options_field . cert_file), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
{"key_file", "Private key file", offsetof(pstruct, options_field . key_file), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
{"verifyhost", "Verify against a specific hostname", offsetof(pstruct, options_field . host), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }

2
libavformat/version_major.h
View File

@@ -45,6 +45,8 @@
#define FF_API_INTERNAL_TIMING (LIBAVFORMAT_VERSION_MAJOR < 63)
#define FF_API_NO_DEFAULT_TLS_VERIFY (LIBAVFORMAT_VERSION_MAJOR < 63)
#define FF_API_R_FRAME_RATE 1
#endif /* AVFORMAT_VERSION_MAJOR_H */