[FFmpeg-devel] [PATCH] lavf/tls: let the user specify what name to verify against

Rodger Combs rodger.combs at gmail.com
Mon Jun 8 11:50:48 CEST 2015


This can be useful for debugging, or in scenarios where the user
doesn't want to use the system's DNS settings for whatever reason.
---
 libavformat/tls.c | 13 ++++++++-----
 libavformat/tls.h |  7 +++++--
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/libavformat/tls.c b/libavformat/tls.c
index adbd7db..9802a70 100644
--- a/libavformat/tls.c
+++ b/libavformat/tls.c
@@ -67,7 +67,7 @@ int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AV
     if (c->listen)
         snprintf(opts, sizeof(opts), "?listen=1");
 
-    av_url_split(NULL, 0, NULL, 0, c->host, sizeof(c->host), &port, NULL, 0, uri);
+    av_url_split(NULL, 0, NULL, 0, c->underlying_host, sizeof(c->underlying_host), &port, NULL, 0, uri);
 
     p = strchr(uri, '?');
 
@@ -78,16 +78,19 @@ int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AV
             c->listen = 1;
     }
 
-    ff_url_join(buf, sizeof(buf), "tcp", NULL, c->host, port, "%s", p);
+    ff_url_join(buf, sizeof(buf), "tcp", NULL, c->underlying_host, port, "%s", p);
 
     hints.ai_flags = AI_NUMERICHOST;
-    if (!getaddrinfo(c->host, NULL, &hints, &ai)) {
+    if (!getaddrinfo(c->underlying_host, NULL, &hints, &ai)) {
         c->numerichost = 1;
         freeaddrinfo(ai);
     }
 
+    if (!c->host && !(c->host = av_strdup(c->underlying_host)))
+        return AVERROR(ENOMEM);
+
     proxy_path = getenv("http_proxy");
-    use_proxy = !ff_http_match_no_proxy(getenv("no_proxy"), c->host) &&
+    use_proxy = !ff_http_match_no_proxy(getenv("no_proxy"), c->underlying_host) &&
                 proxy_path && av_strstart(proxy_path, "http://", NULL);
 
     if (use_proxy) {
@@ -96,7 +99,7 @@ int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AV
         av_url_split(NULL, 0, proxy_auth, sizeof(proxy_auth),
                      proxy_host, sizeof(proxy_host), &proxy_port, NULL, 0,
                      proxy_path);
-        ff_url_join(dest, sizeof(dest), NULL, NULL, c->host, port, NULL);
+        ff_url_join(dest, sizeof(dest), NULL, NULL, c->underlying_host, port, NULL);
         ff_url_join(buf, sizeof(buf), "httpproxy", proxy_auth, proxy_host,
                     proxy_port, "/%s", dest);
     }
diff --git a/libavformat/tls.h b/libavformat/tls.h
index 959bada..2a36f34 100644
--- a/libavformat/tls.h
+++ b/libavformat/tls.h
@@ -35,7 +35,9 @@ typedef struct TLSShared {
     char *key_file;
     int listen;
 
-    char host[200];
+    char *host;
+
+    char underlying_host[200];
     int numerichost;
 
     URLContext *tcp;
@@ -48,7 +50,8 @@ typedef struct TLSShared {
     {"tls_verify", "Verify the peer certificate",         offsetof(pstruct, options_field . verify),    AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \
     {"cert_file",  "Certificate file",                    offsetof(pstruct, options_field . cert_file), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
     {"key_file",   "Private key file",                    offsetof(pstruct, options_field . key_file),  AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
-    {"listen",     "Listen for incoming connections",     offsetof(pstruct, options_field . listen),    AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }
+    {"listen",     "Listen for incoming connections",     offsetof(pstruct, options_field . listen),    AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \
+    {"verifyhost", "Verify against a specific hostname",  offsetof(pstruct, options_field . host),      AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }
 
 int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AVDictionary **options);
 
-- 
2.4.1



More information about the ffmpeg-devel mailing list