avformat/http,tls: honor http_proxy command line variable for HTTPS

Add the "http_proxy" option and its handling to the "tls" protocol,
pass the option from the "https" protocol.

The "https" protocol already defines the "http_proxy" command line
option, like the "http" protocol does. The "http" protocol properly
honors that command line option in addition to the environment
variable. The "https" protocol doesn't, because the proxy is
evaluated in the underlying "tls" protocol, which doesn't have this
option, and thus only handles the environment variable, which it
has access to.

Fixes #7223.

Signed-off-by: Moritz Barsnick <barsnick@gmx.net>
Signed-off-by: Marton Balint <cus@passwd.hu>

diff --git a/doc/protocols.texi b/doc/protocols.texi
index 3644fe3dd69486c3b371c35fcf5ad7e15c05fdb8..78afe6ec8ead656f777f34407b7399813987c7f8 100644 (file)
--- a/doc/protocols.texi
+++ b/doc/protocols.texi
@@ -1772,6 +1772,10 @@ A file containing the private key for the certificate.
 If enabled, listen for connections on the provided port, and assume
 the server role in the handshake instead of the client role.
 
+@item http_proxy
+The HTTP proxy to tunnel through, e.g. @code{http://example.com:1234}.
+The proxy must support the CONNECT method.
+
 @end table
 
 Example command lines:

diff --git a/libavformat/http.c b/libavformat/http.c
index d44bc64f7b168f3ccc5ea54b9994473e0637f0fb..fb2d9306bd2f71bd4e2741d2e7595f3ed5ad294b 100644 (file)
--- a/libavformat/http.c
+++ b/libavformat/http.c
@@ -214,6 +214,12 @@ static int http_open_cnx_internal(URLContext *h, AVDictionary **options)
         use_proxy   = 0;
         if (port < 0)
             port = 443;
+        /* pass http_proxy to underlying protocol */
+        if (s->http_proxy) {
+            err = av_dict_set(options, "http_proxy", s->http_proxy, 0);
+            if (err < 0)
+                return err;
+        }
     }
     if (port < 0)
         port = 80;

diff --git a/libavformat/tls.c b/libavformat/tls.c
index 10e0792e292c3276c0283744879f632642ed3961..302c0f8d593cc516ea201c50730cd53d1ef11cbd 100644 (file)
--- a/libavformat/tls.c
+++ b/libavformat/tls.c
@@ -89,7 +89,7 @@ int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AV
     if (!c->host && !(c->host = av_strdup(c->underlying_host)))
         return AVERROR(ENOMEM);
 
-    proxy_path = getenv("http_proxy");
+    proxy_path = c->http_proxy ? c->http_proxy : getenv("http_proxy");
     use_proxy = !ff_http_match_no_proxy(getenv("no_proxy"), c->underlying_host) &&
                 proxy_path && av_strstart(proxy_path, "http://", NULL);
 

diff --git a/libavformat/tls.h b/libavformat/tls.h
index beb19d6d5571634a6d35bf19ed4e303093d054a8..6c6aa01a9a928d940bb7a0042118805d6efb449a 100644 (file)
--- a/libavformat/tls.h
+++ b/libavformat/tls.h
@@ -34,6 +34,7 @@ typedef struct TLSShared {
     int listen;
 
     char *host;
+    char *http_proxy;
 
     char underlying_host[200];
     int numerichost;
@@ -49,7 +50,8 @@ typedef struct TLSShared {
     {"cert_file",  "Certificate file",                    offsetof(pstruct, options_field . cert_file), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
     {"key_file",   "Private key file",                    offsetof(pstruct, options_field . key_file),  AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
     {"listen",     "Listen for incoming connections",     offsetof(pstruct, options_field . listen),    AV_OPT_TYPE_INT, { .i64 = 0 }, 0, 1, .flags = TLS_OPTFL }, \
-    {"verifyhost", "Verify against a specific hostname",  offsetof(pstruct, options_field . host),      AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }
+    {"verifyhost", "Verify against a specific hostname",  offsetof(pstruct, options_field . host),      AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }, \
+    {"http_proxy", "Set proxy to tunnel through",         offsetof(pstruct, options_field . http_proxy), AV_OPT_TYPE_STRING, .flags = TLS_OPTFL }
 
 int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AVDictionary **options);