Quoting sfan5 (2024-09-04 18:55:37) > From 57b37df52c7d528a1ce926cd7a7d75f62f6b46c6 Mon Sep 17 00:00:00 2001 > From: sfan5 <sf...@live.de> > Date: Wed, 4 Sep 2024 17:56:05 +0200 > Subject: [PATCH] lavf/tls_mbedtls: restrict TLSv1.3 verification workaround to > affected version > > Now that mbedTLS 3.6.1 is released we know that only 3.6.0 contains this > regression. > > ref: c28e5b597ecc34188427347ad8d773bf9a0176cd > Signed-off-by: sfan5 <sf...@live.de> > --- > libavformat/tls_mbedtls.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c > index 567b95b129..6dd807d5b6 100644 > --- a/libavformat/tls_mbedtls.c > +++ b/libavformat/tls_mbedtls.c > @@ -269,8 +269,8 @@ static int tls_open(URLContext *h, const char *uri, int > flags, AVDictionary **op > goto fail; > } > > -#ifdef MBEDTLS_SSL_PROTO_TLS1_3 > - // mbedTLS does not allow disabling certificate verification with > TLSv1.3 (yes, really). > +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && MBEDTLS_VERSION_NUMBER == 0x03060000
Should this not be a runtime check, or is 3.6.1 ABI-incompatible with 3.6.0? -- Anton Khirnov _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
