1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-28 20:53:54 +02:00
Commit Graph

55 Commits

Author SHA1 Message Date
Moritz Barsnick
94b63e8ae8 avformat/http,tls: honor http_proxy command line variable for HTTPS
Add the "http_proxy" option and its handling to the "tls" protocol,
pass the option from the "https" protocol.

The "https" protocol already defines the "http_proxy" command line
option, like the "http" protocol does. The "http" protocol properly
honors that command line option in addition to the environment
variable. The "https" protocol doesn't, because the proxy is
evaluated in the underlying "tls" protocol, which doesn't have this
option, and thus only handles the environment variable, which it
has access to.

Fixes #7223.

Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
Signed-off-by: Marton Balint <cus@passwd.hu>
2021-03-19 22:43:02 +01:00
Derek Buitenhuis
f8e89d8a29 Merge commit 'fab8156b2f30666adabe227b3d7712fd193873b1'
* commit 'fab8156b2f30666adabe227b3d7712fd193873b1':
  avio: Copy URLContext generic options into child URLContexts

Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2016-04-21 15:55:09 +01:00
Martin Storsjö
fab8156b2f avio: Copy URLContext generic options into child URLContexts
Since all URLContexts have the same AVOptions, such AVOptions
will be applied on the outermost context only and removed from the
dict, while they probably make sense on all contexts.

This makes sure that rw_timeout gets propagated to the innermost
URLContext (to make sure it gets passed to the tcp protocol, when
opening a http connection for instance).

Alternatively, such matching options would be kept in the dict
and only removed after the ffurl_connect call.

Signed-off-by: Martin Storsjö <martin@martin.st>
2016-03-24 10:34:19 +02:00
Derek Buitenhuis
93629735d7 avformat: Add a protocol blacklisting API
Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2016-03-04 16:13:42 +00:00
Anton Khirnov
8c0ceafb0f urlprotocol: receive a list of protocols from the caller
This way, the decisions about which protocols are available for use in
any given situations can be delegated to the caller.
2016-02-22 11:45:31 +01:00
Michael Niedermayer
fe3fed0b14 Update demuxers and protocols for protocol whitelist support
Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-02-02 04:16:50 +01:00
Rodger Combs
6dd5371e34 lavf/tls: let the user specify what name to verify against
This can be useful for debugging, or in scenarios where the user
doesn't want to use the system's DNS settings for whatever reason.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-06-08 14:08:52 +02:00
wm4
4a006b9eb7 lavf: split tls.c
Move the OpenSSL and GnuTLS implementations to their own files. Other
than the connection code (including options) and some boilerplate, no
code is actually shared.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-27 21:48:47 +02:00
wm4
d8ffb2055f lavf: split tls.c
Move the OpenSSL and GnuTLS implementations to their own files. Other
than the connection code (including options) and some boilerplate, no
code is actually shared.

Signed-off-by: Martin Storsjö <martin@martin.st>
2015-05-26 21:48:32 +03:00
James Almer
29216d7fd1 tls: fix compilation when both gnutls and openssl are enabled
Signed-off-by: Martin Storsjö <martin@martin.st>
2015-05-22 12:21:38 +03:00
James Almer
e91fbfd9cf tls: fix compilation when both gnutls and openssl are enabled
Signed-off-by: James Almer <jamrial@gmail.com>
2015-05-22 00:33:33 -03:00
Michael Niedermayer
a0124b89e3 Merge commit '94599a6de3822b13c94096d764868128f388ba28'
* commit '94599a6de3822b13c94096d764868128f388ba28':
  tls: Remove all the local polling loops

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-22 02:49:38 +02:00
Michael Niedermayer
9221e362fd Merge commit 'd13b124eaf452b267480074b2e6946538ed03a6e'
* commit 'd13b124eaf452b267480074b2e6946538ed03a6e':
  tls: Remove the nonblocking code

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-22 02:38:11 +02:00
Michael Niedermayer
162644c833 Merge commit 'd15eec4d6bdfa3bd4c4b5b7dd2dbd699ba253d02'
* commit 'd15eec4d6bdfa3bd4c4b5b7dd2dbd699ba253d02':
  tls: Use custom IO to read from the URLContext

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2015-05-22 02:28:27 +02:00
Martin Storsjö
94599a6de3 tls: Remove all the local polling loops
These aren't necessary any longer.

Signed-off-by: Martin Storsjö <martin@martin.st>
2015-05-22 00:06:11 +03:00
Martin Storsjö
d13b124eaf tls: Remove the nonblocking code
Since the underlying URLContext read functions are used,
they handle interruption, without having to handle it at
this level.

Signed-off-by: Martin Storsjö <martin@martin.st>
2015-05-22 00:05:01 +03:00
Martin Storsjö
d15eec4d6b tls: Use custom IO to read from the URLContext
This avoids hijacking the fd, by reading using the normal
URLContext functions instead. This allowing reading data that has
been buffered in the underlying URLContext.

This avoids using the libraries own send functions that can
cause SIGPIPE.

The fd is still used for polling the lowlevel socket, for
waiting for retries.

Signed-off-by: Martin Storsjö <martin@martin.st>
2015-05-22 00:04:32 +03:00
Michael Niedermayer
ca6fee7606 Merge commit 'b9d2d6843a49f9df1d1ae1afe817d9b48c445919'
* commit 'b9d2d6843a49f9df1d1ae1afe817d9b48c445919':
  tls: Pass AVOptions dictionaries through to the chained protocol

Conflicts:
	libavformat/tls.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-28 23:32:33 +01:00
Martin Storsjö
b9d2d6843a tls: Pass AVOptions dictionaries through to the chained protocol
Signed-off-by: Martin Storsjö <martin@martin.st>
2015-02-28 22:08:19 +02:00
Michael Niedermayer
ced26a2c65 avformat/tls: add () to protect macro arguments
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-16 23:09:08 +01:00
Michael Niedermayer
a0fe1a25fa Merge commit 'daf8cf358a098a903d59adb6c0d0cc3262a8c93e'
* commit 'daf8cf358a098a903d59adb6c0d0cc3262a8c93e':
  avformat: Don't anonymously typedef structs

Conflicts:
	libavformat/adtsenc.c
	libavformat/aiffenc.c
	libavformat/avidec.c
	libavformat/gif.c
	libavformat/iff.c
	libavformat/img2dec.c
	libavformat/jvdec.c
	libavformat/matroskadec.c
	libavformat/udp.c
	libavformat/wtvdec.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-14 21:07:40 +01:00
Diego Biurrun
daf8cf358a avformat: Don't anonymously typedef structs 2015-02-14 10:13:47 -08:00
Michael Niedermayer
7620d48f2e avformat/network: Check for av_malloc* failures in ff_tls_init()
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2015-02-03 02:21:55 +01:00
Michael Niedermayer
d246397161 Merge commit 'cd9d6399fd00f5aeacaa90cdc0b74c3570024119'
* commit 'cd9d6399fd00f5aeacaa90cdc0b74c3570024119':
  tls: Support passing old-style tcp options

See: 4f4eb380f0
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-10-10 22:28:49 +02:00
Luca Barbato
cd9d6399fd tls: Support passing old-style tcp options
Make tcp and tls urls near-interchangeable.
2014-10-10 16:29:07 +02:00
Michael Niedermayer
60dbed6067 Merge commit '4b1f5e5090abed6c618c8ba380cd7d28d140f867'
* commit '4b1f5e5090abed6c618c8ba380cd7d28d140f867':
  cosmetics: Write NULL pointer inequality checks more compactly

Conflicts:
	libavcodec/dvdsubdec.c
	libavcodec/h263dec.c
	libavcodec/libxvid.c
	libavcodec/rv10.c
	libavcodec/utils.c
	libavformat/format.c
	libavformat/matroskadec.c
	libavformat/segment.c
	libavutil/opt.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2014-08-15 21:26:12 +02:00
Gabriel Dume
4b1f5e5090 cosmetics: Write NULL pointer inequality checks more compactly
Signed-off-by: Diego Biurrun <diego@biurrun.de>
2014-08-15 05:34:13 -07:00
Matt Oliver
306e1ac012 avformat/tls: Fix windows build with openSSL enabled.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2014-01-23 14:33:56 +01:00
Michael Niedermayer
df21537dfb avformat/tls: fix {} error for the GNUTLS case
Found-by:" Geek.Song" <ffmpeg@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2013-09-27 15:59:19 +02:00
Michael Niedermayer
f31c36e552 Merge commit '705b748e8d8612385c96428ae36ed0d42a170d93'
* commit '705b748e8d8612385c96428ae36ed0d42a170d93':
  tls: Add support for listen mode

Conflicts:
	doc/protocols.texi
	libavformat/tls.c
	libavformat/version.h

See: 4f4eb380f0
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-09-27 11:33:19 +02:00
Michael Niedermayer
e6e71fd7b5 Merge commit '8b09d917e7dc7d7f2ace31419f802d4ff518236c'
* commit '8b09d917e7dc7d7f2ace31419f802d4ff518236c':
  tls: Add options for verifying the peer certificate

Conflicts:
	doc/protocols.texi
	libavformat/tls.c
	libavformat/version.h

See: b2460858f6
See: 973a758f52
Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-09-27 09:33:28 +02:00
Martin Storsjö
705b748e8d tls: Add support for listen mode
Also add options for specifying a certificate and key, which can
be used both when operating as client and as server.

Partially based on a patch by Peter Ross.

Signed-off-by: Martin Storsjö <martin@martin.st>
2013-09-26 23:13:35 +03:00
Martin Storsjö
8b09d917e7 tls: Add options for verifying the peer certificate
A file containing the trusted CA certificates needs to be
supplied via the ca_file AVOption, unless the TLS library
has got a system default file/database set up.

This doesn't check the hostname of the peer certificate with
openssl, which requires a non-trivial piece of code for
manually matching the desired hostname to the string provided
by the certificate, not provided as a library function.

That is, with openssl, this only validates that the received
certificate is signed with the right CA, but not that it is
the actual server we think we're talking to.

Verification is still disabled by default since we can't count
on a proper CA database existing at all times.

Signed-off-by: Martin Storsjö <martin@martin.st>
2013-09-26 23:13:06 +03:00
Michael Niedermayer
03e9506aae Merge commit '5055035670bd1a1eaca64bd3bc71fb07de9df2c3'
* commit '5055035670bd1a1eaca64bd3bc71fb07de9df2c3':
  tls: Do not abort on non-fatal TLS alerts with gnutls

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-09-23 12:01:53 +02:00
Martin Storsjö
5055035670 tls: Do not abort on non-fatal TLS alerts with gnutls
Signed-off-by: Martin Storsjö <martin@martin.st>
2013-09-22 16:10:21 +03:00
Thilo Borgmann
d814a839ac Reinstate proper FFmpeg license for all files. 2013-08-30 15:47:38 +00:00
Michael Niedermayer
03678a32bc Merge remote-tracking branch 'qatar/master'
* qatar/master:
  lavf: Add a fate test for the noproxy pattern matching
  lavf: Handle the environment variable no_proxy more properly

Conflicts:
	libavformat/Makefile
	libavformat/internal.h
	libavformat/tls.c
	libavformat/utils.c
	libavformat/version.h

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2013-02-28 13:13:04 +01:00
Martin Storsjö
de9cd1b173 lavf: Handle the environment variable no_proxy more properly
The handling of the environment variable no_proxy, present since
one of the initial commits (de6d9b6404), is inconsistent with
how many other applications and libraries interpret this
variable. Its bare presence does not indicate that the use of
proxies should be skipped, but it is some sort of pattern for
hosts that does not need using a proxy (e.g. for a local network).

As investigated by Rudolf Polzer, different libraries handle this
in different ways, some supporting IP address masks, some supporting
arbitrary globbing using *, some just checking that the pattern matches
the end of the hostname without regard for whether it actually is
the right domain or a domain that ends in the same string.

This simple logic should be pretty similar to the logic used by
lynx and curl.

Signed-off-by: Martin Storsjö <martin@martin.st>
2013-02-27 21:32:13 +02:00
Michael Niedermayer
706bd8ea19 Merge remote-tracking branch 'qatar/master'
* qatar/master: (35 commits)
  h264_idct_10bit: port x86 assembly to cpuflags.
  x86inc: clip num_args to 7 on x86-32.
  x86inc: sync to latest version from x264.
  fft: rename "z" to "zc" to prevent name collision.
  wv: return meaningful error codes.
  wv: return AVERROR_EOF on EOF, not EIO.
  mp3dec: forward errors for av_get_packet().
  mp3dec: remove a pointless local variable.
  mp3dec: remove commented out cruft.
  lavfi: bump minor to mark stabilizing the ABI.
  FATE: add tests for yadif.
  FATE: add a test for delogo video filter.
  FATE: add a test for amix audio filter.
  audiogen: allow specifying random seed as a commandline parameter.
  vc1dec: Override invalid macroblock quantizer
  vc1: avoid reading beyond the last line in vc1_draw_sprites()
  vc1dec: check that coded slice positions and interlacing match.
  vc1dec: Do not ignore ff_vc1_parse_frame_header_adv return value
  configure: Move parts that should not be user-selectable to CONFIG_EXTRA
  lavf: remove commented out cruft in avformat_find_stream_info()
  ...

Conflicts:
	Makefile
	configure
	libavcodec/vc1dec.c
	libavcodec/x86/h264_deblock.asm
	libavcodec/x86/h264_deblock_10bit.asm
	libavcodec/x86/h264dsp_mmx.c
	libavfilter/version.h
	libavformat/mp3dec.c
	libavformat/utils.c
	libavformat/wv.c
	libavutil/x86/x86inc.asm

Merged-by: Michael Niedermayer <michaelni@gmx.at>
2012-07-29 02:16:26 +02:00
Martin Storsjö
41ecbbc7aa tls: Return AVERROR_EOF if the TLS_read/write functions return 0
OpenSSL returns 0 when the peer has closed the connection. GnuTLS
doesn't return that though, but returns
GNUTLS_E_UNEXPECTED_PACKET_LENGTH if the connection simply is closed
without a clean close notify packet.

Tested-by: Antti Seppälä <a.seppala@gmail.com>
Signed-off-by: Martin Storsjö <martin@martin.st>
2012-07-28 01:21:16 +03:00
Peter Ross
4f4eb380f0 tls: TLS/SSL server
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-07-22 19:12:15 +02:00
Peter Ross
d1146d67ca tls: parse uri path options to underlying tcp URLContext
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-07-22 19:12:15 +02:00
Peter Ross
b2460858f6 tls: verify option
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-07-22 19:12:15 +02:00
Peter Ross
973a758f52 tls: cafile, cert, key options
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2012-07-22 19:12:15 +02:00
Martin Storsjö
32b83aeec1 avio: Add an URLProtocol flag for indicating that a protocol uses network
This definition is in two files, since the definitions will move
to the private header at the next bump.

Signed-off-by: Martin Storsjö <martin@martin.st>
2012-01-05 23:56:52 +02:00
Diego Biurrun
c88ebdb42c Eliminate pointless 0/NULL initializers in AVCodec and similar declarations. 2011-11-28 10:01:50 +01:00
Martin Storsjö
2565dbeb3e tls: Handle connection via a http proxy
Signed-off-by: Martin Storsjö <martin@martin.st>
2011-11-18 10:59:53 +02:00
Martin Storsjö
92db95e9ca tls: Use TLSv1_client_method for OpenSSL
TLSv1 is compatible with SSLv3, so this doesn't change much
in terms of compatibility. By explicitly using TLSv1, OpenSSL
sends the server name indication (SNI) header, which we
already set using SSL_set_tlsext_host_name (earlier, this
didn't have any effect).

SNI allows servers to serve SSL content for different host
names with separate certificates on one single port (vhosts).

Signed-off-by: Martin Storsjö <martin@martin.st>
2011-11-17 15:11:38 +02:00
Anton Khirnov
ddffc2fdc3 avio: add support for passing options to protocols.
Not used anywhere yet, support for passing options from avio_open() will
follow.
2011-11-13 13:14:39 +01:00
Martin Storsjö
6f1b7b3944 avio: Add an AVIOInterruptCB parameter to ffurl_open/ffurl_alloc
Change all uses of these function to pass the relevant
callback on.
2011-11-13 13:12:17 +01:00