I am unsure whether this is a bug with ffmpeg or openssl, but they behave as expected on other Linux distributions (Arch/Mint). Attempting to read a file from an https server with ffmpeg flag `-tls_verify 1` yields the following output from openssl. [tls @ 0x5651a71e5540] error:0A000086:SSL routines::certificate verify failed The command I tested with: ffmpeg -tls_verify 1 -i 'url to tenor gif' output.mp4 Current software versions dev-libs/openssl-3.1.4 asm tls-compression media-video/ffmpeg-6.0.1 X openssl gnutls network gcrypt gmp threads vaapi (and many many more)
Could you give some example URL to test with? This also sounds familiar but I can't think of what the other bug is right now (leio?)
(In reply to Sam James from comment #1) > Could you give some example URL to test with? > > This also sounds familiar but I can't think of what the other bug is right > now (leio?) Any https url with tls_verify 1 will suffice, I abstained from providing a URL because my account is too new to post links, but I can work around that filter. URL="$(echo 'media tenor com/_LrkimwtigUAAAAC/oh-yeah-oh-yeah-gif gif' | tr ' ' '.' | cat <(echo -n 'https://') -)" ffmpeg -tls_verify 1 -i "${URL}" output.mp4 I discovered this bug because it breaks playback on media-video/jellyfin-media-player. Accessing the server is fine, but playback fails, I traced it back to ffmpeg. I am able to get around this issue in media-video/jellyfin-media-player by enabling the autodetectCertBundle option which invokes the code at: URL="$(echo 'github com/jellyfin/jellyfin-media-player/blob/master/src/player/PlayerComponent cpp#L138' | tr ' ' '.')" This leads me to believe that certificate bundles are not being loaded correctly. Whether or not this is the responsibility of ffmpeg or openssl/gnutls I don't know, but this bug doesn't happen on the version of Linux Mint or Arch Linux that I've tried. I ended up enabling a many of the ffmpeg USE flags hoping it would resolve the issue, but to no avail. Here is what I have for that: +X -abi_x86_32 +alsa -amf -amr -amrenc -bluray -bs2b +bzip2 -cdio -chromaprint +chromium -codec2 -cpu_flags_x86_3dnow -cpu_flags_x86_3dnowext +cpu_flags_x86_aes +cpu_flags_x86_avx +cpu_flags_x86_avx2 +cpu_flags_x86_fma3 -cpu_flags_x86_fma4 +cpu_flags_x86_mmx +cpu_flags_x86_mmxext +cpu_flags_x86_sse +cpu_flags_x86_sse2 +cpu_flags_x86_sse3 +cpu_flags_x86_sse4_1 +cpu_flags_x86_sse4_2 +cpu_flags_x86_ssse3 -cpu_flags_x86_xop -cpudetection -cuda +dav1d -debug -doc +encode -fdk +fftools_aviocat +fftools_cws2fws +fftools_ffescape +fftools_ffeval +fftools_ffhash +fftools_fourcc2pixfmt +fftools_graph2dot +fftools_ismindex +fftools_pktdumper +fftools_qt-faststart +fftools_sidxindex +fftools_trasher -flite +fontconfig -frei0r -fribidi -gcrypt -gme -gmp +gnutls +gpl -gsm -hardcoded-tables +iconv -iec61883 -ieee1394 -jack -jpeg2k +jpegxl -kvazaar -ladspa -lcms +libaom +libaribb24 +libass +libcaca +libdrm -libilbc -libplacebo -librtmp +libsoxr +libtesseract +libv4l +libxml2 +lv2 +lzma -modplug +mp3 +network -nvenc +openal +opencl +opengl +openh264 +openssl +opus +oss -pic +postproc +pulseaudio -qsv -rav1e -rubberband -samba +sdl -snappy -sndio -speex -srt -ssh -static-libs +svg -svt-av1 -test +theora +threads +truetype -twolame +v4l +vaapi -vdpau -verify-sig +vidstab +vmaf +vorbis +vpx -vulkan +webp +x264 +x265 +xvid -zeromq +zimg +zlib +zvbi Use flags for openssl: -abi_x86_32 +asm -fips -ktls -rfc3779 -sctp -static-libs -test +tls-compression -vanilla -verify-sig -weak-ssl-ciphers Use flags for gnutls: -abi_x86_32 -brotli +cxx -dane -doc -examples +idn +nls +openssl +pkcs11 +seccomp -static-libs -test -test-full +tls-heartbeat +tools -verify-sig +zlib +zstd
