[FFmpeg-cvslog] lavf/tls_mbedtls: hook up debug message callback

sfan5 git at videolan.org
Tue Jun 11 18:12:07 EEST 2024


ffmpeg | branch: master | sfan5 <sfan5 at live.de> | Mon May 13 20:26:16 2024 +0200| [827578ca761e326fa4df7b6ed0b87421b5775fbd] | committer: Anton Khirnov

lavf/tls_mbedtls: hook up debug message callback

Unfortunately this won't work out-of-the-box because mbedTLS
only provides a global (not per-context) debug toggle.

Signed-off-by: Anton Khirnov <anton at khirnov.net>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=827578ca761e326fa4df7b6ed0b87421b5775fbd
---

 libavformat/tls_mbedtls.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c
index 0d14e9f814..ba94ab3a70 100644
--- a/libavformat/tls_mbedtls.c
+++ b/libavformat/tls_mbedtls.c
@@ -26,6 +26,7 @@
 #include <mbedtls/platform.h>
 #include <mbedtls/ssl.h>
 #include <mbedtls/x509_crt.h>
+#include <mbedtls/debug.h>
 #ifdef MBEDTLS_PSA_CRYPTO_C
 #include <psa/crypto.h>
 #endif
@@ -36,6 +37,7 @@
 #include "tls.h"
 #include "libavutil/mem.h"
 #include "libavutil/parseutils.h"
+#include "libavutil/avstring.h"
 
 typedef struct TLSContext {
     const AVClass *class;
@@ -112,6 +114,13 @@ static int mbedtls_recv(void *ctx, unsigned char *buf, size_t len)
     return handle_transport_error(h, "ffurl_read", MBEDTLS_ERR_SSL_WANT_READ, ret);
 }
 
+static void mbedtls_debug(void *ctx, int lvl, const char *file, int line, const char *msg)
+{
+    URLContext *h = (URLContext*) ctx;
+    int av_lvl = lvl >= 4 ? AV_LOG_TRACE : AV_LOG_DEBUG;
+    av_log(h, av_lvl, "%s:%d: %s", av_basename(file), line, msg);
+}
+
 static void handle_pk_parse_error(URLContext *h, int ret)
 {
     switch (ret) {
@@ -204,6 +213,14 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op
     mbedtls_x509_crt_init(&tls_ctx->ca_cert);
     mbedtls_pk_init(&tls_ctx->priv_key);
 
+    if (av_log_get_level() >= AV_LOG_DEBUG) {
+        mbedtls_ssl_conf_dbg(&tls_ctx->ssl_config, mbedtls_debug, shr->tcp);
+        /*
+         * Note: we can't call mbedtls_debug_set_threshold() here because
+         * it's global state. The user is thus expected to manage this.
+         */
+    }
+
     // load trusted CA
     if (shr->ca_file) {
         if ((ret = mbedtls_x509_crt_parse_file(&tls_ctx->ca_cert, shr->ca_file)) != 0) {



More information about the ffmpeg-cvslog mailing list