[FFmpeg-cvslog] lavf/tls: let the user specify what name to verify against

Rodger Combs git at videolan.org
Mon Jun 8 14:39:35 CEST 2015


ffmpeg | branch: master | Rodger Combs <rodger.combs at gmail.com> | Mon Jun  8 04:50:48 2015 -0500| [6dd5371e34c6602591766f73aa647b369d77853b] | committer: Michael Niedermayer

lavf/tls: let the user specify what name to verify against

This can be useful for debugging, or in scenarios where the user
doesn't want to use the system's DNS settings for whatever reason.

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6dd5371e34c6602591766f73aa647b369d77853b
---

 libavformat/tls.c |   13 ++++++++-----
 libavformat/tls.h |    7 +++++--
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/libavformat/tls.c b/libavformat/tls.c
index adbd7db..9802a70 100644
--- a/libavformat/tls.c
+++ b/libavformat/tls.c
@@ -67,7 +67,7 @@ int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AV
     if (c->listen)
         snprintf(opts, sizeof(opts), "?listen=1");
 
-    av_url_split(NULL, 0, NULL, 0, c->host, sizeof(c->host), &port, NULL, 0, uri);
+    av_url_split(NULL, 0, NULL, 0, c->underlying_host, sizeof(c->underlying_host), &port, NULL, 0, uri);
 
     p = strchr(uri, '?');
 
@@ -78,16 +78,19 @@ int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AV
             c->listen = 1;
     }
 
-    ff_url_join(buf, sizeof(buf), "tcp", NULL, c->host, port, "%s", p);
+    ff_url_join(buf, sizeof(buf), "tcp", NULL, c->underlying_host, port, "%s", p);
 
     hints.ai_flags = AI_NUMERICHOST;
-    if (!getaddrinfo(c->host, NULL, &hints, &ai)) {
+    if (!getaddrinfo(c->underlying_host, NULL, &hints, &ai)) {
         c->numerichost = 1;
         freeaddrinfo(ai);
     }
 
+    if (!c->host && !(c->host = av_strdup(c->underlying_host)))
+        return AVERROR(ENOMEM);
+
     proxy_path = getenv("http_proxy");
-    use_proxy = !ff_http_match_no_proxy(getenv("no_proxy"), c->host) &&
+    use_proxy = !ff_http_match_no_proxy(getenv("no_proxy"), c->underlying_host) &&
                 proxy_path && av_strstart(proxy_path, "http://", NULL);
 
     if (use_proxy) {
@@ -96,7 +99,7 @@ int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AV
         av_url_split(NULL, 0, proxy_auth, sizeof(proxy_auth),
                      proxy_host, sizeof(proxy_host), &proxy_port, NULL, 0,
                      proxy_path);
-        ff_url_join(dest, sizeof(dest), NULL, NULL, c->host, port, NULL);
+        ff_url_join(dest, sizeof(dest), NULL, NULL, c->underlying_host, port, NULL);
         ff_url_join(buf, sizeof(buf), "httpproxy", proxy_auth, proxy_host,
                     proxy_port, "/%s", dest);
     }
diff --git a/libavformat/tls.h b/libavformat/tls.h
index 959bada..2a36f34 100644
--- a/libavformat/tls.h
+++ b/libavformat/tls.h
@@ -35,7 +35,9 @@ typedef struct TLSShared {
     char *key_file;
     int listen;
 
-    char host[200];
+    char *host;
+
+    char underlying_host[200];
     int numerichost;
 
     URLContext *tcp;
@@ -48,7 +50,8 @@ typedef struct TLSShared {
     {"tls_verify", "Verify the peer certificate",         offsetof(pstruct, options_field . verify),    AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \
     {"cert_file",  "Certificate file",                    offsetof(pstruct, options_field . cert_file), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
     {"key_file",   "Private key file",                    offsetof(pstruct, options_field . key_file),  AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
-    {"listen",     "Listen for incoming connections",     offsetof(pstruct, options_field . listen),    AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }
+    {"listen",     "Listen for incoming connections",     offsetof(pstruct, options_field . listen),    AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \
+    {"verifyhost", "Verify against a specific hostname",  offsetof(pstruct, options_field . host),      AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }
 
 int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AVDictionary **options);
 



More information about the ffmpeg-cvslog mailing list