summaryrefslogtreecommitdiff
path: root/libavformat/tls.c
Commit message (Collapse)AuthorAge
* avformat/http,tls: honor http_proxy command line variable for HTTPSMoritz Barsnick2021-03-19
| | | | | | | | | | | | | | | | | | Add the "http_proxy" option and its handling to the "tls" protocol, pass the option from the "https" protocol. The "https" protocol already defines the "http_proxy" command line option, like the "http" protocol does. The "http" protocol properly honors that command line option in addition to the environment variable. The "https" protocol doesn't, because the proxy is evaluated in the underlying "tls" protocol, which doesn't have this option, and thus only handles the environment variable, which it has access to. Fixes #7223. Signed-off-by: Moritz Barsnick <barsnick@gmx.net> Signed-off-by: Marton Balint <cus@passwd.hu>
* Merge commit 'fab8156b2f30666adabe227b3d7712fd193873b1'Derek Buitenhuis2016-04-21
|\ | | | | | | | | | | | | * commit 'fab8156b2f30666adabe227b3d7712fd193873b1': avio: Copy URLContext generic options into child URLContexts Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
| * avio: Copy URLContext generic options into child URLContextsMartin Storsjö2016-03-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since all URLContexts have the same AVOptions, such AVOptions will be applied on the outermost context only and removed from the dict, while they probably make sense on all contexts. This makes sure that rw_timeout gets propagated to the innermost URLContext (to make sure it gets passed to the tcp protocol, when opening a http connection for instance). Alternatively, such matching options would be kept in the dict and only removed after the ffurl_connect call. Signed-off-by: Martin Storsjö <martin@martin.st>
| * urlprotocol: receive a list of protocols from the callerAnton Khirnov2016-02-22
| | | | | | | | | | This way, the decisions about which protocols are available for use in any given situations can be delegated to the caller.
| * lavf: split tls.cwm42015-05-26
| | | | | | | | | | | | | | | | Move the OpenSSL and GnuTLS implementations to their own files. Other than the connection code (including options) and some boilerplate, no code is actually shared. Signed-off-by: Martin Storsjö <martin@martin.st>
| * tls: fix compilation when both gnutls and openssl are enabledJames Almer2015-05-22
| | | | | | | | Signed-off-by: Martin Storsjö <martin@martin.st>
* | avformat: Add a protocol blacklisting APIDerek Buitenhuis2016-03-04
| | | | | | | | Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
* | Update demuxers and protocols for protocol whitelist supportMichael Niedermayer2016-02-02
| | | | | | | | | | Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
* | lavf/tls: let the user specify what name to verify againstRodger Combs2015-06-08
| | | | | | | | | | | | | | This can be useful for debugging, or in scenarios where the user doesn't want to use the system's DNS settings for whatever reason. Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | lavf: split tls.cwm42015-05-27
| | | | | | | | | | | | | | | | Move the OpenSSL and GnuTLS implementations to their own files. Other than the connection code (including options) and some boilerplate, no code is actually shared. Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | tls: fix compilation when both gnutls and openssl are enabledJames Almer2015-05-22
| | | | | | | | Signed-off-by: James Almer <jamrial@gmail.com>
* | Merge commit '94599a6de3822b13c94096d764868128f388ba28'Michael Niedermayer2015-05-22
|\| | | | | | | | | | | | | * commit '94599a6de3822b13c94096d764868128f388ba28': tls: Remove all the local polling loops Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * tls: Remove all the local polling loopsMartin Storsjö2015-05-22
| | | | | | | | | | | | These aren't necessary any longer. Signed-off-by: Martin Storsjö <martin@martin.st>
* | Merge commit 'd13b124eaf452b267480074b2e6946538ed03a6e'Michael Niedermayer2015-05-22
|\| | | | | | | | | | | | | * commit 'd13b124eaf452b267480074b2e6946538ed03a6e': tls: Remove the nonblocking code Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * tls: Remove the nonblocking codeMartin Storsjö2015-05-22
| | | | | | | | | | | | | | | | Since the underlying URLContext read functions are used, they handle interruption, without having to handle it at this level. Signed-off-by: Martin Storsjö <martin@martin.st>
* | Merge commit 'd15eec4d6bdfa3bd4c4b5b7dd2dbd699ba253d02'Michael Niedermayer2015-05-22
|\| | | | | | | | | | | | | * commit 'd15eec4d6bdfa3bd4c4b5b7dd2dbd699ba253d02': tls: Use custom IO to read from the URLContext Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * tls: Use custom IO to read from the URLContextMartin Storsjö2015-05-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This avoids hijacking the fd, by reading using the normal URLContext functions instead. This allowing reading data that has been buffered in the underlying URLContext. This avoids using the libraries own send functions that can cause SIGPIPE. The fd is still used for polling the lowlevel socket, for waiting for retries. Signed-off-by: Martin Storsjö <martin@martin.st>
* | Merge commit 'b9d2d6843a49f9df1d1ae1afe817d9b48c445919'Michael Niedermayer2015-02-28
|\| | | | | | | | | | | | | | | | | | | * commit 'b9d2d6843a49f9df1d1ae1afe817d9b48c445919': tls: Pass AVOptions dictionaries through to the chained protocol Conflicts: libavformat/tls.c Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * tls: Pass AVOptions dictionaries through to the chained protocolMartin Storsjö2015-02-28
| | | | | | | | Signed-off-by: Martin Storsjö <martin@martin.st>
* | avformat/tls: add () to protect macro argumentsMichael Niedermayer2015-02-16
| | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | Merge commit 'daf8cf358a098a903d59adb6c0d0cc3262a8c93e'Michael Niedermayer2015-02-14
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit 'daf8cf358a098a903d59adb6c0d0cc3262a8c93e': avformat: Don't anonymously typedef structs Conflicts: libavformat/adtsenc.c libavformat/aiffenc.c libavformat/avidec.c libavformat/gif.c libavformat/iff.c libavformat/img2dec.c libavformat/jvdec.c libavformat/matroskadec.c libavformat/udp.c libavformat/wtvdec.c Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * avformat: Don't anonymously typedef structsDiego Biurrun2015-02-14
| |
* | avformat/network: Check for av_malloc* failures in ff_tls_init()Michael Niedermayer2015-02-03
| | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | Merge commit 'cd9d6399fd00f5aeacaa90cdc0b74c3570024119'Michael Niedermayer2014-10-10
|\| | | | | | | | | | | | | | | * commit 'cd9d6399fd00f5aeacaa90cdc0b74c3570024119': tls: Support passing old-style tcp options See: 4f4eb380f0f96dbb7cdd2b812fa92b8b47a0f27c Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * tls: Support passing old-style tcp optionsLuca Barbato2014-10-10
| | | | | | | | Make tcp and tls urls near-interchangeable.
* | Merge commit '4b1f5e5090abed6c618c8ba380cd7d28d140f867'Michael Niedermayer2014-08-15
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit '4b1f5e5090abed6c618c8ba380cd7d28d140f867': cosmetics: Write NULL pointer inequality checks more compactly Conflicts: libavcodec/dvdsubdec.c libavcodec/h263dec.c libavcodec/libxvid.c libavcodec/rv10.c libavcodec/utils.c libavformat/format.c libavformat/matroskadec.c libavformat/segment.c libavutil/opt.c Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * cosmetics: Write NULL pointer inequality checks more compactlyGabriel Dume2014-08-15
| | | | | | | | Signed-off-by: Diego Biurrun <diego@biurrun.de>
* | avformat/tls: Fix windows build with openSSL enabled.Matt Oliver2014-01-23
| | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | avformat/tls: fix {} error for the GNUTLS caseMichael Niedermayer2013-09-27
| | | | | | | | | | Found-by:" Geek.Song" <ffmpeg@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | Merge commit '705b748e8d8612385c96428ae36ed0d42a170d93'Michael Niedermayer2013-09-27
|\| | | | | | | | | | | | | | | | | | | | | | | | | * commit '705b748e8d8612385c96428ae36ed0d42a170d93': tls: Add support for listen mode Conflicts: doc/protocols.texi libavformat/tls.c libavformat/version.h See: 4f4eb380f0f96dbb7cdd2b812fa92b8b47a0f27c Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * tls: Add support for listen modeMartin Storsjö2013-09-26
| | | | | | | | | | | | | | | | | | Also add options for specifying a certificate and key, which can be used both when operating as client and as server. Partially based on a patch by Peter Ross. Signed-off-by: Martin Storsjö <martin@martin.st>
* | Merge commit '8b09d917e7dc7d7f2ace31419f802d4ff518236c'Michael Niedermayer2013-09-27
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | * commit '8b09d917e7dc7d7f2ace31419f802d4ff518236c': tls: Add options for verifying the peer certificate Conflicts: doc/protocols.texi libavformat/tls.c libavformat/version.h See: b2460858f64b2070d84dd861d4bbd16acfb9b0e9 See: 973a758f52a4e5fe63bd88806a4b2db034a032de Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * tls: Add options for verifying the peer certificateMartin Storsjö2013-09-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A file containing the trusted CA certificates needs to be supplied via the ca_file AVOption, unless the TLS library has got a system default file/database set up. This doesn't check the hostname of the peer certificate with openssl, which requires a non-trivial piece of code for manually matching the desired hostname to the string provided by the certificate, not provided as a library function. That is, with openssl, this only validates that the received certificate is signed with the right CA, but not that it is the actual server we think we're talking to. Verification is still disabled by default since we can't count on a proper CA database existing at all times. Signed-off-by: Martin Storsjö <martin@martin.st>
* | Merge commit '5055035670bd1a1eaca64bd3bc71fb07de9df2c3'Michael Niedermayer2013-09-23
|\| | | | | | | | | | | | | * commit '5055035670bd1a1eaca64bd3bc71fb07de9df2c3': tls: Do not abort on non-fatal TLS alerts with gnutls Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * tls: Do not abort on non-fatal TLS alerts with gnutlsMartin Storsjö2013-09-22
| | | | | | | | Signed-off-by: Martin Storsjö <martin@martin.st>
* | Reinstate proper FFmpeg license for all files.Thilo Borgmann2013-08-30
| |
* | Merge remote-tracking branch 'qatar/master'Michael Niedermayer2013-02-28
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * qatar/master: lavf: Add a fate test for the noproxy pattern matching lavf: Handle the environment variable no_proxy more properly Conflicts: libavformat/Makefile libavformat/internal.h libavformat/tls.c libavformat/utils.c libavformat/version.h Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * lavf: Handle the environment variable no_proxy more properlyMartin Storsjö2013-02-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The handling of the environment variable no_proxy, present since one of the initial commits (de6d9b6404), is inconsistent with how many other applications and libraries interpret this variable. Its bare presence does not indicate that the use of proxies should be skipped, but it is some sort of pattern for hosts that does not need using a proxy (e.g. for a local network). As investigated by Rudolf Polzer, different libraries handle this in different ways, some supporting IP address masks, some supporting arbitrary globbing using *, some just checking that the pattern matches the end of the hostname without regard for whether it actually is the right domain or a domain that ends in the same string. This simple logic should be pretty similar to the logic used by lynx and curl. Signed-off-by: Martin Storsjö <martin@martin.st>
* | Merge remote-tracking branch 'qatar/master'Michael Niedermayer2012-07-29
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * qatar/master: (35 commits) h264_idct_10bit: port x86 assembly to cpuflags. x86inc: clip num_args to 7 on x86-32. x86inc: sync to latest version from x264. fft: rename "z" to "zc" to prevent name collision. wv: return meaningful error codes. wv: return AVERROR_EOF on EOF, not EIO. mp3dec: forward errors for av_get_packet(). mp3dec: remove a pointless local variable. mp3dec: remove commented out cruft. lavfi: bump minor to mark stabilizing the ABI. FATE: add tests for yadif. FATE: add a test for delogo video filter. FATE: add a test for amix audio filter. audiogen: allow specifying random seed as a commandline parameter. vc1dec: Override invalid macroblock quantizer vc1: avoid reading beyond the last line in vc1_draw_sprites() vc1dec: check that coded slice positions and interlacing match. vc1dec: Do not ignore ff_vc1_parse_frame_header_adv return value configure: Move parts that should not be user-selectable to CONFIG_EXTRA lavf: remove commented out cruft in avformat_find_stream_info() ... Conflicts: Makefile configure libavcodec/vc1dec.c libavcodec/x86/h264_deblock.asm libavcodec/x86/h264_deblock_10bit.asm libavcodec/x86/h264dsp_mmx.c libavfilter/version.h libavformat/mp3dec.c libavformat/utils.c libavformat/wv.c libavutil/x86/x86inc.asm Merged-by: Michael Niedermayer <michaelni@gmx.at>
| * tls: Return AVERROR_EOF if the TLS_read/write functions return 0Martin Storsjö2012-07-28
| | | | | | | | | | | | | | | | | | | | OpenSSL returns 0 when the peer has closed the connection. GnuTLS doesn't return that though, but returns GNUTLS_E_UNEXPECTED_PACKET_LENGTH if the connection simply is closed without a clean close notify packet. Tested-by: Antti Seppälä <a.seppala@gmail.com> Signed-off-by: Martin Storsjö <martin@martin.st>
* | tls: TLS/SSL serverPeter Ross2012-07-22
| | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | tls: parse uri path options to underlying tcp URLContextPeter Ross2012-07-22
| | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | tls: verify optionPeter Ross2012-07-22
| | | | | | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* | tls: cafile, cert, key optionsPeter Ross2012-07-22
|/ | | | Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
* avio: Add an URLProtocol flag for indicating that a protocol uses networkMartin Storsjö2012-01-05
| | | | | | | This definition is in two files, since the definitions will move to the private header at the next bump. Signed-off-by: Martin Storsjö <martin@martin.st>
* Eliminate pointless 0/NULL initializers in AVCodec and similar declarations.Diego Biurrun2011-11-28
|
* tls: Handle connection via a http proxyMartin Storsjö2011-11-18
| | | | Signed-off-by: Martin Storsjö <martin@martin.st>
* tls: Use TLSv1_client_method for OpenSSLMartin Storsjö2011-11-17
| | | | | | | | | | | | | TLSv1 is compatible with SSLv3, so this doesn't change much in terms of compatibility. By explicitly using TLSv1, OpenSSL sends the server name indication (SNI) header, which we already set using SSL_set_tlsext_host_name (earlier, this didn't have any effect). SNI allows servers to serve SSL content for different host names with separate certificates on one single port (vhosts). Signed-off-by: Martin Storsjö <martin@martin.st>
* avio: add support for passing options to protocols.Anton Khirnov2011-11-13
| | | | | Not used anywhere yet, support for passing options from avio_open() will follow.
* avio: Add an AVIOInterruptCB parameter to ffurl_open/ffurl_allocMartin Storsjö2011-11-13
| | | | | Change all uses of these function to pass the relevant callback on.
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-16 12:15:22 +0000