This reverts commits fd55c4b5f7
(for tls_openssl.c) and c74181a04b
(for tls_gnutls.c).
It is impossible for a pointer to a member of a structure
to be NULL: If the containing structure exists, the member
exists and can't have a NULL address; if the containing
structure does not exist, then getting a pointer to the
substructure via &c->tls_shared would already be undefined
behavior.
Reviewed-by: Kacper Michajłow <kasper93@gmail.com>
Reviewed-by: Steven Liu <lingjiujianke@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
This patch aims to simplify the dtls handshake process
since dtls handshake use force block mode
We can just use the return code instead of DTLSState enum
Signed-off-by: Jack Lau <jacklau1222@qq.com>
It was unnecessary convoluted, remove not needed memory allocations,
snprintf.
Also fixes posibility to call snprinft with NULL as %s input.
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
The SRTP profile string "SRTP_AES128_CM_SHA1_80" is only used when
use_srtp is enabled. Move its declaration inside the "if (s->use_srtp)"
block to limit scope
Signed-off-by: Jack Lau <jacklau1222@qq.com>
Pure cleanup, no functional changes
Unify local pointer names to `TLSContext *c` and `TLSShared *s` to
reduce confusion from inconsistent names (e.g. p, ctx, s, c)
Signed-off-by: Jack Lau <jacklau1222@qq.com>
BIO_get_new_index() is static counter meant to get index for custom bio
type definition. As we can read in the documentation:
> Note that BIO_get_new_index() can only be used 127 times before it
> returns an error.
We cannot call it repeatedly, because it will fail eventually.
To my understanding the index is not needed in our use and we could
safely use BIO_TYPE_NONE. Documentation states:
> type can be set to either BIO_TYPE_NONE or via BIO_get_new_index() if
> a unique type is required for searching (See BIO_find_type(3))
We don't use any search related functions.
This reverts commit 816dad231f.
Fixes: https://github.com/mpv-player/mpv/issues/16589
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
When no explicit CAs file is set, load the default locations,
else there is no way for verification to succeed.
This matches the behavior of other TLS backends.
When verification is enabled (using -tls_verify 1) now
the hostname will be verified properly too, while before
only other aspects of the certificate were checked.
Co-Authored-By: Marvin Scholz <epirat07@gmail.com>
Using SSL_CTX_set_options to disallow specific versions is
discouraged by the documentation, which recommends to use
SSL_CTX_set_min_proto_version instead.
As noted in the OpenSSL documentation, BIO_get_new_index must be
used to get a new BIO index. This is ORd with the proper type flag
BIO_TYPE_SOURCE_SINK.
