From patchwork Thu Aug 20 16:50:50 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Moritz Barsnick X-Patchwork-Id: 21776 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 0423D44A842 for ; Thu, 20 Aug 2020 19:50:57 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id D880768B6B2; Thu, 20 Aug 2020 19:50:56 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 655B668A584 for ; Thu, 20 Aug 2020 19:50:50 +0300 (EEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1597942249; bh=nS59L5AwiqyvNKEXBR5VpG3vhxGMhqeyT0Ik+EFVUDM=; h=X-UI-Sender-Class:Date:From:To:Subject; b=MoeikNy0PVMeWZkYpL3rrsWv0b+4fSK6mvSSYsHGOBveaxpDtc8S5+iv4AMhoOsc2 GA1bhXX/vDs5xe8PaNtiQCNxUH7ICczFITL3hiMZpCgMu7R/+pagiKx+JQIGgDdmaQ IvniBIwtqcWTo8FQNyFIb8/6bmft/IFvgd2OF3uk= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from sunshine.barsnick.net ([89.182.225.213]) by mail.gmx.com (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MtwUw-1kwDzx2iPU-00uMTF; Thu, 20 Aug 2020 18:50:49 +0200 Date: Thu, 20 Aug 2020 18:50:50 +0200 From: Moritz Barsnick To: FFmpeg development discussions and patches Message-ID: <20200820165050.GI4729@sunshine.barsnick.net> MIME-Version: 1.0 Content-Disposition: inline X-Provags-ID: V03:K1:SWFnJZ0r2FB4wgmmFE7xfwBjDZImL6hdji9WMmpqL3lXiRFS4+q p2NjLoGJbrnB5oAR0cacHnXNxCYD4DpJZBBGRAVS6N2YyuGhghPEyUCouhj7bd19TDOSb8E Ctl9MgQujV+cUUJKuKmC5cFVoRqSgjf6+0y/4hfFdPjRhphY76U8WbujQX4W88hBD9/p1Xu ylGiNJeUHwLNpItCVD/3A== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:KjEAWVDa054=:+7pqxWAHjWi/WaBS+wH/We aT3ieoeFrn9LF0/FtElt94I4wLm3ipgpF0Cfro9u0EjGxodW8Oy9ch2F3Jq9kmpwP8SWBEVcT MYS8+YwXQ3xjE2hP2dUlptiyqzk8zkOpQJphuXzLOppPKt/axNSaYiLEORVklB45/fhvoT3cG 1+eAlrV1UY30pNXN/mlNoO/fEigrtfH96HBNJIrZVlZm4sZQA0rLZ7E2nVw8tt65FHFO0G7RL gEF4q2RaiEPOSXHn4aTIcvozWPjbUyJzBv3RpHUOcu8zmcM2U4MeRUCaVNbUQnjbQ1BxY9SgD kOOWBbWe/MsH5a2Vy36GMj7ooBxIPa1Qu5grrjnoPAXVTJGyq0wLLxLdah5/tTqS/ODwe13QM yWaDU81MvR+O7Gb3tlj9OSpx6XjB3EVV0TADB2DNVfgZ+cARkS0lvxA1+Lg/Q7CY7lzee3m9w aeLGIil+QjlWdPcMkVcQ0VhkGtftUOLbN6boMRgEwYp21fBQcBuHALCU+Sem0ge5MS4tkyrFo eai1qgg0Kdj4r1Tm0nyZu/kvYKasxq/xJYWjz0Q4IX6bXeUYWuyMky9YHGVdZ6RJoiFs5Ro0P V8dlC2ub2KR2BhvYg5IM9BVfXIzDJq/CN/A6GJdztzLOi0pFWilZRLynpeh9xtDqdb4nizhG+ 73cgUzboL7VmuMGiJTLjgSXHdVU6T9ZWAEFeNK34iPwqNwx2bucCeDGFNaRq4KvdiFxKaX5Y+ cBwMtvmjCpcRDDLTa8a3UOrHW8IE636av5gKYGSLwXoxxK3oASvWTKaIRS9y5W8hfubTBjGIo kVXAv7V2Dfya9qLMvsCEUTh6a1PGhMoUQECP/M7KtsRC+RvxR+55tQq+bGz/kR1WxrUu9qhau q3WTbxwIsFKuT149z/jiy8zeQIInqA0mPntC8WCxMYTzKEKnPFcqdVEviAcxw0NWCcqT2Ez+k /tyvFWa2BvjpHlADrNAtLRdObnBnHF55PaZi+tUmnZ8XMfeEpBpOE9Q8/hGjD2cu6szw8raCF 3tGcGnYOBXGUAa6Jhi8FFsrafjVtiomrwXFV78MpoiS7FtmnvbEnVqTGe5HvEk3Ej57W9Wrcv 2rGupEm15B/B5evDeZm10FQFsP98FDcoDyrgRrxqTHW46NUaqKDj2CXFi0HliCYQLF/gLuMUH 5al7WKjdFBuQwvLkN4mm8Po2FgTp1oayOR47jisSKLvekPPDNViSzJKqN/qIkIsBx8ZXxkfsp 2fj3e3ilBBeM6dpEV Subject: [FFmpeg-devel] [PATCH] libavformat/http, tls: honor http_proxy command line variable for HTTPS X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Hi, I gave $SUBJECT a shot. It's a bit of a weird situation, as "https" has an underlying protocol "tls" which handles HTTPS specific stuff, but I guess that's the layer cake the protocols give us. So I needed to add an HTTPS specific option to the "tls" protocol, in order to hand the option through. It's handling is then now identical to the "http" implementation. I tested this (before and after patch, with and without command line option, with and without environment variable, with and without reachable proxy server) against a local installation of tinyproxy. Please review. Thanks, Moritz From 095bb727b2400a75d6bf8c74ab90831aaefbc5aa Mon Sep 17 00:00:00 2001 From: Moritz Barsnick Date: Thu, 20 Aug 2020 17:49:14 +0200 Subject: [PATCH] libavformat/http,tls: honor http_proxy command line variable for HTTPS Add the "http_proxy" option and its handling to the "tls" protocol, pass the option from the "https" protocol. The "https" protocol already defines the "http_proxy" command line option, like the "http" protocol does. The "http" protocol properly honors that command line option in addition to the environment variable. The "https" protocol doesn't, because the proxy is evaluated in the underlying "tls" protocol, which doesn't have this option, and thus only handles the environment variable, which it has access to. Documentation for the "tls" protocol is not changed, as the new option is basically only useful together with the "https" protocol. Fixes #7223. Signed-off-by: Moritz Barsnick --- libavformat/http.c | 6 ++++++ libavformat/tls.c | 2 +- libavformat/tls.h | 2 ++ 3 files changed, 9 insertions(+), 1 deletion(-) -- 2.26.2 diff --git a/libavformat/http.c b/libavformat/http.c index 6c39da1a8b..21584bdce9 100644 --- a/libavformat/http.c +++ b/libavformat/http.c @@ -213,6 +213,12 @@ static int http_open_cnx_internal(URLContext *h, AVDictionary **options) use_proxy = 0; if (port < 0) port = 443; + /* pass http_proxy to underlying protocol */ + if (s->http_proxy) { + err = av_dict_set(options, "http_proxy", s->http_proxy, 0); + if (err < 0) + return err; + } } if (port < 0) port = 80; diff --git a/libavformat/tls.c b/libavformat/tls.c index 10e0792e29..302c0f8d59 100644 --- a/libavformat/tls.c +++ b/libavformat/tls.c @@ -89,7 +89,7 @@ int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AV if (!c->host && !(c->host = av_strdup(c->underlying_host))) return AVERROR(ENOMEM); - proxy_path = getenv("http_proxy"); + proxy_path = c->http_proxy ? c->http_proxy : getenv("http_proxy"); use_proxy = !ff_http_match_no_proxy(getenv("no_proxy"), c->underlying_host) && proxy_path && av_strstart(proxy_path, "http://", NULL); diff --git a/libavformat/tls.h b/libavformat/tls.h index beb19d6d55..0c52ff3be6 100644 --- a/libavformat/tls.h +++ b/libavformat/tls.h @@ -34,6 +34,7 @@ typedef struct TLSShared { int listen; char *host; + char *http_proxy; char underlying_host[200]; int numerichost; @@ -49,6 +50,7 @@ typedef struct TLSShared { {"cert_file", "Certificate file", offsetof(pstruct, options_field . cert_file), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \ {"key_file", "Private key file", offsetof(pstruct, options_field . key_file), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \ {"listen", "Listen for incoming connections", offsetof(pstruct, options_field . listen), AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \ + {"http_proxy", "set proxy to tunnel through when using HTTPS", offsetof(pstruct, options_field . http_proxy), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \ {"verifyhost", "Verify against a specific hostname", offsetof(pstruct, options_field . host), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL } int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AVDictionary **options);