From 951013e6030cd6008ee629df97296b549bb62d97 Mon Sep 17 00:00:00 2001 From: Timo Rothenpieler Date: Sat, 12 Jul 2025 22:06:33 +0200 Subject: [PATCH] avformat/tls_openssl: force dtls handshake to be blocking There is no sensible way to handle this otherwise anyway, one just has to loop over this function until it succeeds. --- libavformat/tls_openssl.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c index f6826222f9..54213c4090 100644 --- a/libavformat/tls_openssl.c +++ b/libavformat/tls_openssl.c @@ -685,27 +685,33 @@ static int openssl_dtls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx) static int dtls_handshake(URLContext *h) { - int ret = 0, r0, r1; + int ret = 1, r0, r1; TLSContext *p = h->priv_data; + int was_nonblock = h->flags & AVIO_FLAG_NONBLOCK; + h->flags &= ~AVIO_FLAG_NONBLOCK; + r0 = SSL_do_handshake(p->ssl); - r1 = SSL_get_error(p->ssl, r0); if (r0 <= 0) { + r1 = SSL_get_error(p->ssl, r0); + if (r1 != SSL_ERROR_WANT_READ && r1 != SSL_ERROR_WANT_WRITE && r1 != SSL_ERROR_ZERO_RETURN) { - av_log(p, AV_LOG_ERROR, "TLS: Read failed, r0=%d, r1=%d %s\n", r0, r1, openssl_get_error(p)); - ret = AVERROR(EIO); + av_log(p, AV_LOG_ERROR, "Handshake failed, r0=%d, r1=%d\n", r0, r1); + ret = print_ssl_error(h, r0); goto end; } } else { - av_log(p, AV_LOG_TRACE, "TLS: Read %d bytes, r0=%d, r1=%d\n", r0, r0, r1); + av_log(p, AV_LOG_TRACE, "Handshake success, r0=%d\n", r0); } - /* Check whether the DTLS is completed. */ if (SSL_is_init_finished(p->ssl) != 1) goto end; + ret = 0; p->tls_shared.state = DTLS_STATE_FINISHED; end: + if (was_nonblock) + h->flags |= AVIO_FLAG_NONBLOCK; return ret; }