From patchwork Sun Aug 23 12:14:59 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Moritz Barsnick <barsnick@gmx.net>
X-Patchwork-Id: 21837
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id DF00E44B762
	for <patchwork@ffaux-bg.ffmpeg.org>; Sun, 23 Aug 2020 15:20:15 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C00DB68827C;
	Sun, 23 Aug 2020 15:20:15 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mout.gmx.net (mout.gmx.net [212.227.17.22])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id B7AE868813F
 for <ffmpeg-devel@ffmpeg.org>; Sun, 23 Aug 2020 15:20:09 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net;
 s=badeba3b8450; t=1598185209;
 bh=CVoQ4AhraerM+zWGBPFdIB6nPgbQAMaCMw4Vt7QNcZQ=;
 h=X-UI-Sender-Class:Date:From:To:Subject:References:In-Reply-To;
 b=dTsWFCmB9HYjUoF9QxVkkRNQ63jm9/X9mQTs7ejza4Ak/cYdsmWoNVlAIwrpfJSY3
 WyJ2vnNE1eDUnigATLoPmRMyJYHaSToGXn9OLqVR0aFy8anphPdsdQt43Kp243Jn7V
 dE+FkRKOrcOzB0T80/4dBD+HWEPLFW2IMG1pxwzs=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from sunshine.barsnick.net ([89.182.224.240]) by mail.gmx.com
 (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id
 1Mnpnm-1ky0yM0Wsc-00pPFf; Sun, 23 Aug 2020 14:15:00 +0200
Date: Sun, 23 Aug 2020 14:14:59 +0200
From: Moritz Barsnick <barsnick@gmx.net>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Message-ID: <20200823121459.GT4729@sunshine.barsnick.net>
References: <20200820165050.GI4729@sunshine.barsnick.net>
 <alpine.DEB.2.23.453.2008202155200.12587@cone.martin.st>
 <20200820194831.GL4729@sunshine.barsnick.net>
 <alpine.DEB.2.23.453.2008202249370.12587@cone.martin.st>
 <20200821082925.GP4729@sunshine.barsnick.net>
 <alpine.DEB.2.23.453.2008211216030.12587@cone.martin.st>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <alpine.DEB.2.23.453.2008211216030.12587@cone.martin.st>
X-Provags-ID: V03:K1:9o6A+H83e5FrIAowEBhtosU2szk9SbAZr+MRLCwyTvCVs6WKq6Y
 PAa59FlvUc905Sj80fIVvwKQi7ypHIHq5LffnWc3Mi1Md6bNPbaZO1tzdX5dJpx+GNKcnCJ
 ZM48St9LuniykkxKAv31uhoLUGNY6Q8dJLIQH3ZDcF53b+RefLScLE45DCYSr+aG47h3DEu
 b5bP6EmYUVpenr0LZahNg==
X-Spam-Flag: NO
X-UI-Out-Filterresults: notjunk:1;V03:K0:/VlvT1OEkeA=:rQsAqrYHiyxnK53zmKzk6g
 4xJBqrs5XljVlMjhG1MWinnFowC5cZA1lpyV3+ApUDb4/1x7dD53yMvDqd8nS/V1ARwU4oy1d
 wAVHxK3LLOqA7nsA+oNqvdNZRm/8OCj1YrFtrIobYqwK28Xh55C6Uzb9dMWH2wFvATa1n2Xmc
 aQGdLFdzYA2+arqVlbfD4/Og1JqwlFFGfniiHzSDSx7iiQDEjToweHWjVVB6IK09u28P2Gfmt
 dfJEdGZxiSeQzmGwvGJjkRrG5Qe4BbbSniv1ed9DZuBGJ9n+hIWVGk6Icbnw9kssVb+Jva22m
 bUtQNL0kg+Bj9IXIsheJIz4mImMTbKF1aFpaHyh3uFZ33Vs+fnuJexCq4pGFf5Anhkx3P6js+
 Uy3gWSUCAjTXGIh1P0xpYAPc8ShKfFMMfkllcjzPVbdhxdzKKoch0VKB+4K2PJ9fDqtvfnRql
 8zwUbjnyC+1euRpWg779/TSp+E7pt4sZ7kfjMm3wGW7fnArWMaPwhtjsS7RJ3+/gNFso5MP97
 9IoIDIrIroZXV+hzL9RoPP6C6iYhMk2O/ynRXEkBUxpOrT6L3F4vQ6elfo1YrnOMp6eFmyEtq
 gaTru8M+Q/MCrcJ34TPiUQ1b1hx2nv167BnRNUzXFR97tyGV7wwXbYFu8TObkvLBxJdY7WjI6
 553+qe9/evrTszwWQw97n9B4LiGJzC/vfkeLLmwMuB9LNbBMHoumZs1rMNmbQ1Kb2itRAyNx7
 D3C9F7+oETxzDmUQFmGJgbyPJ5zNyfg54H/HDQcgC82Y8Bf8jNDzM7ICDQX9uDFCBOEVHXkuM
 FKwQrB8+I6v3lPiuJLGC5PJHeehGORRVJ7djmyVoHkHRLmgBS8a+69Ha1063rGw8dVEkdwGSX
 KT7aMLbUoNpAJqyidcOYGzlF3gGQro4+CJykmzfL4O2jRTw/wGw++Sk+zH/xMwUM29cKgJ7D3
 gICChfbkAsOS5VSE1Vl6RakcJQ1A83oDDfyJHJ5Sc0ulO9Lun8ilPQpxJVfEkY5TIP27UDmDw
 ZIvTRyXKA81jY2sujFTC9a6Q4eF5SlTJ/vm8BfnJGfI6Epp6XVdd2RMiFkSY0adfaJY0yM6VC
 KnZEhE6TIPYH24HGC5nDx6mqs6dv0Gr4Fp/w02m21iID/ymkBFJRx+UksgoQzKmWuheyjvO4t
 Opgv1fMziB7uTPdYzSKSMMHBzgNCjj/M4P44tCa9bXVxPSHl8jjtK/3SdyzWJjqGSpf5wkqtG
 ldCnas/tRrIdNuZtQi4UIRs2qqGu1iKGEE5ankg==
Subject: [FFmpeg-devel] [PATCH v3] avformat/http,
 tls: honor http_proxy command line variable for HTTPS
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Hej igen,

On Fri, Aug 21, 2020 at 12:19:06 +0300, Martin Storsjö wrote:
> LGTM, with one small nit:
[...]
> >      {"listen",     "Listen for incoming connections",     offsetof(pstruct, options_field . listen),    AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \
> > +    {"http_proxy", "set proxy to tunnel through when using HTTPS", offsetof(pstruct, options_field . http_proxy), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
> >      {"verifyhost", "Verify against a specific hostname",  offsetof(pstruct, options_field . host),      AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }
>
> I'd remove the "when using HTTPS" bit here.

Done. I also chose to make the capitalization consistent, and move the
option down, as "verifyhost" is related to the certificate options (and
should thus perhaps even be above "listen").

I have come to realize that the httpproxy protocol could apply to any
protocol with underlying tcp, but that's a different story.

Thanks,
Moritz
From e2d93c4f5ad186a5277c8ae346948c588f2998ca Mon Sep 17 00:00:00 2001
From: Moritz Barsnick <barsnick@gmx.net>
Date: Sun, 23 Aug 2020 13:53:39 +0200
Subject: [PATCH] avformat/http,tls: honor http_proxy command line variable for
 HTTPS

Add the "http_proxy" option and its handling to the "tls" protocol,
pass the option from the "https" protocol.

The "https" protocol already defines the "http_proxy" command line
option, like the "http" protocol does. The "http" protocol properly
honors that command line option in addition to the environment
variable. The "https" protocol doesn't, because the proxy is
evaluated in the underlying "tls" protocol, which doesn't have this
option, and thus only handles the environment variable, which it
has access to.

Fixes #7223.

Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
---
 doc/protocols.texi | 4 ++++
 libavformat/http.c | 6 ++++++
 libavformat/tls.c  | 2 +-
 libavformat/tls.h  | 4 +++-
 4 files changed, 14 insertions(+), 2 deletions(-)

--
2.26.2

diff --git a/doc/protocols.texi b/doc/protocols.texi
index 7b3df96fda..603943023c 100644
--- a/doc/protocols.texi
+++ b/doc/protocols.texi
@@ -1708,6 +1708,10 @@ A file containing the private key for the certificate.
 If enabled, listen for connections on the provided port, and assume
 the server role in the handshake instead of the client role.

+@item http_proxy
+The HTTP proxy to tunnel through, e.g. @code{http://example.com:1234}.
+The proxy must support the CONNECT method.
+
 @end table

 Example command lines:
diff --git a/libavformat/http.c b/libavformat/http.c
index 6c39da1a8b..21584bdce9 100644
--- a/libavformat/http.c
+++ b/libavformat/http.c
@@ -213,6 +213,12 @@ static int http_open_cnx_internal(URLContext *h, AVDictionary **options)
         use_proxy   = 0;
         if (port < 0)
             port = 443;
+        /* pass http_proxy to underlying protocol */
+        if (s->http_proxy) {
+            err = av_dict_set(options, "http_proxy", s->http_proxy, 0);
+            if (err < 0)
+                return err;
+        }
     }
     if (port < 0)
         port = 80;
diff --git a/libavformat/tls.c b/libavformat/tls.c
index 10e0792e29..302c0f8d59 100644
--- a/libavformat/tls.c
+++ b/libavformat/tls.c
@@ -89,7 +89,7 @@ int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AV
     if (!c->host && !(c->host = av_strdup(c->underlying_host)))
         return AVERROR(ENOMEM);

-    proxy_path = getenv("http_proxy");
+    proxy_path = c->http_proxy ? c->http_proxy : getenv("http_proxy");
     use_proxy = !ff_http_match_no_proxy(getenv("no_proxy"), c->underlying_host) &&
                 proxy_path && av_strstart(proxy_path, "http://", NULL);

diff --git a/libavformat/tls.h b/libavformat/tls.h
index beb19d6d55..6c6aa01a9a 100644
--- a/libavformat/tls.h
+++ b/libavformat/tls.h
@@ -34,6 +34,7 @@ typedef struct TLSShared {
     int listen;

     char *host;
+    char *http_proxy;

     char underlying_host[200];
     int numerichost;
@@ -49,7 +50,8 @@ typedef struct TLSShared {
     {"cert_file",  "Certificate file",                    offsetof(pstruct, options_field . cert_file), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
     {"key_file",   "Private key file",                    offsetof(pstruct, options_field . key_file),  AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
     {"listen",     "Listen for incoming connections",     offsetof(pstruct, options_field . listen),    AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \
-    {"verifyhost", "Verify against a specific hostname",  offsetof(pstruct, options_field . host),      AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }
+    {"verifyhost", "Verify against a specific hostname",  offsetof(pstruct, options_field . host),      AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
+    {"http_proxy", "Set proxy to tunnel through",         offsetof(pstruct, options_field . http_proxy), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }

 int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AVDictionary **options);