Hi,
I gave $SUBJECT a shot. It's a bit of a weird situation, as "https" has
an underlying protocol "tls" which handles HTTPS specific stuff, but I
guess that's the layer cake the protocols give us.
So I needed to add an HTTPS specific option to the "tls" protocol, in
order to hand the option through. It's handling is then now identical
to the "http" implementation.
I tested this (before and after patch, with and without command line
option, with and without environment variable, with and without
reachable proxy server) against a local installation of tinyproxy.
Please review.
Thanks,
Moritz
From 095bb727b2400a75d6bf8c74ab90831aaefbc5aa Mon Sep 17 00:00:00 2001
From: Moritz Barsnick <barsn...@gmx.net>
Date: Thu, 20 Aug 2020 17:49:14 +0200
Subject: [PATCH] libavformat/http,tls: honor http_proxy command line variable
for HTTPS
Add the "http_proxy" option and its handling to the "tls" protocol,
pass the option from the "https" protocol.
The "https" protocol already defines the "http_proxy" command line
option, like the "http" protocol does. The "http" protocol properly
honors that command line option in addition to the environment
variable. The "https" protocol doesn't, because the proxy is
evaluated in the underlying "tls" protocol, which doesn't have this
option, and thus only handles the environment variable, which it
has access to.
Documentation for the "tls" protocol is not changed, as the new
option is basically only useful together with the "https" protocol.
Fixes #7223.
Signed-off-by: Moritz Barsnick <barsn...@gmx.net>
---
libavformat/http.c | 6 ++++++
libavformat/tls.c | 2 +-
libavformat/tls.h | 2 ++
3 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/libavformat/http.c b/libavformat/http.c
index 6c39da1a8b..21584bdce9 100644
--- a/libavformat/http.c
+++ b/libavformat/http.c
@@ -213,6 +213,12 @@ static int http_open_cnx_internal(URLContext *h,
AVDictionary **options)
use_proxy = 0;
if (port < 0)
port = 443;
+ /* pass http_proxy to underlying protocol */
+ if (s->http_proxy) {
+ err = av_dict_set(options, "http_proxy", s->http_proxy, 0);
+ if (err < 0)
+ return err;
+ }
}
if (port < 0)
port = 80;
diff --git a/libavformat/tls.c b/libavformat/tls.c
index 10e0792e29..302c0f8d59 100644
--- a/libavformat/tls.c
+++ b/libavformat/tls.c
@@ -89,7 +89,7 @@ int ff_tls_open_underlying(TLSShared *c, URLContext *parent,
const char *uri, AV
if (!c->host && !(c->host = av_strdup(c->underlying_host)))
return AVERROR(ENOMEM);
- proxy_path = getenv("http_proxy");
+ proxy_path = c->http_proxy ? c->http_proxy : getenv("http_proxy");
use_proxy = !ff_http_match_no_proxy(getenv("no_proxy"),
c->underlying_host) &&
proxy_path && av_strstart(proxy_path, "http://";, NULL);
diff --git a/libavformat/tls.h b/libavformat/tls.h
index beb19d6d55..0c52ff3be6 100644
--- a/libavformat/tls.h
+++ b/libavformat/tls.h
@@ -34,6 +34,7 @@ typedef struct TLSShared {
int listen;
char *host;
+ char *http_proxy;
char underlying_host[200];
int numerichost;
@@ -49,6 +50,7 @@ typedef struct TLSShared {
{"cert_file", "Certificate file", offsetof(pstruct,
options_field . cert_file), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
{"key_file", "Private key file", offsetof(pstruct,
options_field . key_file), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
{"listen", "Listen for incoming connections", offsetof(pstruct,
options_field . listen), AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags =
TLS_OPTFL }, \
+ {"http_proxy", "set proxy to tunnel through when using HTTPS",
offsetof(pstruct, options_field . http_proxy), AV_OPT_TYPE_STRING, .flags =
TLS_OPTFL }, \
{"verifyhost", "Verify against a specific hostname", offsetof(pstruct,
options_field . host), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }
int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri,
AVDictionary **options);
--
2.26.2
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
