[FFmpeg-devel] [PATCH] Add support for digest auth in the http and rtsp protocols
Martin Storsjö
martin
Wed Mar 24 20:32:51 CET 2010
On Wed, 24 Mar 2010, Ronald S. Bultje wrote:
> On Tue, Mar 23, 2010 at 12:36 PM, Martin Storsj? <martin at martin.st> wrote:
> > Also, I fixed the av_stristart usage, checking for "Basic " or "Digest ",
> > to fix cases if new methods start with the same string. Is this ok, or
> > should I be even more pedantic and just check that the following char is
> > whitespace? The RFC doesn't seem to specify any particular delimiter at
> > all here.
>
> "Basic " is fine.
Ok, good.
> > + } else if (!strcmp(key, "Authentication-Info")) {
>
> unused, so I'd remove this line (at least from this patch).
Done.
> > +typedef struct {
> > + HTTPAuthType auth_type;
> > + HTTPAuthType best_seen_auth_type;
> > +} HTTPAuthState;
>
> what's the difference between these two? Right now you're only using
> one of them so it might be possible to remove one of the two.
auth_type contains the currently chosen one - when starting to parse a set
of http headers, best_seen_auth_type should be reset to none, so that we
can choose the best one of the currently proposed alternatives. We can't
use auth_type for this, since a successfully authenticated reply doesn't
caontain any new WWW-Auth headers, and thus we'd lose the previous
selection. And if we don't reset it to none before parsing, we wouldn't
pick up a case where a server later would suggest a weaker one than the
currently selected one.
> Also, a feature request, if possible I'd like you to parse the "realm"
> in both Basic and Digest, for error messages related to 40x. e.g.
> http.c could emit "permission denied, missing username/password in
> realm %s" in certain cases, that'd be helpful in making ffmpeg a bit
> more userfriendly.
Good point, will do.
// Martin
More information about the ffmpeg-devel
mailing list