Opened 8 years ago

Closed 5 years ago

#3036 closed defect (fixed)

HTTP isml output (ie: HTTP POST) with authentication is broken

Reported by: Jakob van Bethlehem Owned by: Jakob van Bethlehem
Priority: normal Component: avformat
Version: unspecified Keywords: http ismv
Cc: jakob@jet-stream.nl Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

We're using ffmpeg to push an isml stream to a server that runs the Unified Streaming Smooth module with Apache. For now we're testing with md4s as input, but later on we would like to try also to feed actual live streams.

On Apache we enabled HTTP Basic authentication. To be exact, we're trying something like the following:

ffmpeg -y -re -i input.mp4 -movflags isml+frag_keyframe -f ismv -threads 0 -c:a libfaac -ac 2 -b:a 64k -c:v libx264 -profile:v baseline -g 48 -keyint_min 48 -sc_threshold 0 -map 0:v -b:v:0 477k -s:v:0 368x152 -map 0:a:0 http://user:pass@apache-host.domain.com

(ffmpeg 162e22 on October 8th, 2013)

This user:pass should be combined into a Authentication-header. For Get-requests this works as expected (first a request -without- authentication is send, which will cause the server to respond with a 401, and a header that tells which type of authentication to use, after which ffmpeg will do the proper request including authentication headers)

For POST requests there is a bug: ffmpeg will already start POSTing data, before finishing the request, and subsequently receiving the 403 code from the server, allowing the proper command to be POSTed.

To be even more exact: the call to ff_auth_auth_create_response() in http_connect() in http.c (line 572 in 162e22) will only produce the proper authentication headers after an initial request without authentication, as it should according to HTTP specs. However, the call to post data on line 670 and line 688 which forces a 200 when posting, does not take this extra required step into account.

If more info is required for this bug (if necessary I do have Apache logs available) I could attach it. However, I already have a patch to fix this bug, simply introducing an additional check for posting data and setting the 200 code, so my proposal for now would be to leave this bug for future reference and proper referencing when submitting the patch.

Change History (6)

comment:1 by Jakob van Bethlehem, 8 years ago

Owner: set to Jakob van Bethlehem
Status: newopen

comment:2 by Jakob van Bethlehem, 8 years ago

Cc: jakob@jet-stream.nl added

in reply to:  description comment:3 by Carl Eugen Hoyos, 8 years ago

Keywords: http ismv added

Replying to jakobsybren:

If more info is required for this bug (if necessary I do have Apache logs available) I could attach it. However, I already have a patch to fix this bug

A lot more information is needed imo (and by setting the ticket to "open" you made it less likely that somebody else will fill it in) but if you have a patch please send it to the ffmpeg-devel mailing list where it will be reviewed.

comment:4 by Andrey Utkin, 8 years ago

Did you try using -headers option, forging necessary auth header?

comment:5 by Rasmus Hansen, 5 years ago

The -headers option is not recognized in ffmpeg 3.2.2 on windows. Does it work on older versions? Has it been renamed?

comment:6 by Carl Eugen Hoyos, 5 years ago

Resolution: fixed
Status: openclosed
Note: See TracTickets for help on using tickets.