aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMoritz Barsnick <barsnick@gmx.net>2020-08-23 13:53:39 +0200
committerMarton Balint <cus@passwd.hu>2021-03-19 22:43:02 +0100
commit94b63e8ae8deb218339d93a3ec0732826dba7a54 (patch)
tree0889f8502a10eede24ba633a5f9025b8a56c1ea2
parent4892060f50cc91ae6b1b5a3c28346fb9a829c757 (diff)
downloadffmpeg-94b63e8ae8deb218339d93a3ec0732826dba7a54.tar.gz
avformat/http,tls: honor http_proxy command line variable for HTTPS
Add the "http_proxy" option and its handling to the "tls" protocol, pass the option from the "https" protocol. The "https" protocol already defines the "http_proxy" command line option, like the "http" protocol does. The "http" protocol properly honors that command line option in addition to the environment variable. The "https" protocol doesn't, because the proxy is evaluated in the underlying "tls" protocol, which doesn't have this option, and thus only handles the environment variable, which it has access to. Fixes #7223. Signed-off-by: Moritz Barsnick <barsnick@gmx.net> Signed-off-by: Marton Balint <cus@passwd.hu>
-rw-r--r--doc/protocols.texi4
-rw-r--r--libavformat/http.c6
-rw-r--r--libavformat/tls.c2
-rw-r--r--libavformat/tls.h4
4 files changed, 14 insertions, 2 deletions
diff --git a/doc/protocols.texi b/doc/protocols.texi
index 3644fe3dd6..78afe6ec8e 100644
--- a/doc/protocols.texi
+++ b/doc/protocols.texi
@@ -1772,6 +1772,10 @@ A file containing the private key for the certificate.
If enabled, listen for connections on the provided port, and assume
the server role in the handshake instead of the client role.
+@item http_proxy
+The HTTP proxy to tunnel through, e.g. @code{http://example.com:1234}.
+The proxy must support the CONNECT method.
+
@end table
Example command lines:
diff --git a/libavformat/http.c b/libavformat/http.c
index d44bc64f7b..fb2d9306bd 100644
--- a/libavformat/http.c
+++ b/libavformat/http.c
@@ -214,6 +214,12 @@ static int http_open_cnx_internal(URLContext *h, AVDictionary **options)
use_proxy = 0;
if (port < 0)
port = 443;
+ /* pass http_proxy to underlying protocol */
+ if (s->http_proxy) {
+ err = av_dict_set(options, "http_proxy", s->http_proxy, 0);
+ if (err < 0)
+ return err;
+ }
}
if (port < 0)
port = 80;
diff --git a/libavformat/tls.c b/libavformat/tls.c
index 10e0792e29..302c0f8d59 100644
--- a/libavformat/tls.c
+++ b/libavformat/tls.c
@@ -89,7 +89,7 @@ int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AV
if (!c->host && !(c->host = av_strdup(c->underlying_host)))
return AVERROR(ENOMEM);
- proxy_path = getenv("http_proxy");
+ proxy_path = c->http_proxy ? c->http_proxy : getenv("http_proxy");
use_proxy = !ff_http_match_no_proxy(getenv("no_proxy"), c->underlying_host) &&
proxy_path && av_strstart(proxy_path, "http://", NULL);
diff --git a/libavformat/tls.h b/libavformat/tls.h
index beb19d6d55..6c6aa01a9a 100644
--- a/libavformat/tls.h
+++ b/libavformat/tls.h
@@ -34,6 +34,7 @@ typedef struct TLSShared {
int listen;
char *host;
+ char *http_proxy;
char underlying_host[200];
int numerichost;
@@ -49,7 +50,8 @@ typedef struct TLSShared {
{"cert_file", "Certificate file", offsetof(pstruct, options_field . cert_file), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
{"key_file", "Private key file", offsetof(pstruct, options_field . key_file), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
{"listen", "Listen for incoming connections", offsetof(pstruct, options_field . listen), AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \
- {"verifyhost", "Verify against a specific hostname", offsetof(pstruct, options_field . host), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }
+ {"verifyhost", "Verify against a specific hostname", offsetof(pstruct, options_field . host), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
+ {"http_proxy", "Set proxy to tunnel through", offsetof(pstruct, options_field . http_proxy), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }
int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AVDictionary **options);