Opened 5 years ago

Closed 20 months ago

#3036 closed defect (fixed)

HTTP isml output (ie: HTTP POST) with authentication is broken

Reported by: jakobsybren Owned by: jakobsybren
Priority: normal Component: avformat
Version: unspecified Keywords: http ismv
Cc: jakob@jet-stream.nl Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

We're using ffmpeg to push an isml stream to a server that runs the Unified Streaming Smooth module with Apache. For now we're testing with md4s as input, but later on we would like to try also to feed actual live streams.

On Apache we enabled HTTP Basic authentication. To be exact, we're trying something like the following:

ffmpeg -y -re -i input.mp4 -movflags isml+frag_keyframe -f ismv -threads 0 -c:a libfaac -ac 2 -b:a 64k -c:v libx264 -profile:v baseline -g 48 -keyint_min 48 -sc_threshold 0 -map 0:v -b:v:0 477k -s:v:0 368x152 -map 0:a:0 http://user:pass@apache-host.domain.com

(ffmpeg 162e22 on October 8th, 2013)

This user:pass should be combined into a Authentication-header. For Get-requests this works as expected (first a request -without- authentication is send, which will cause the server to respond with a 401, and a header that tells which type of authentication to use, after which ffmpeg will do the proper request including authentication headers)

For POST requests there is a bug: ffmpeg will already start POSTing data, before finishing the request, and subsequently receiving the 403 code from the server, allowing the proper command to be POSTed.

To be even more exact: the call to ff_auth_auth_create_response() in http_connect() in http.c (line 572 in 162e22) will only produce the proper authentication headers after an initial request without authentication, as it should according to HTTP specs. However, the call to post data on line 670 and line 688 which forces a 200 when posting, does not take this extra required step into account.

If more info is required for this bug (if necessary I do have Apache logs available) I could attach it. However, I already have a patch to fix this bug, simply introducing an additional check for posting data and setting the 200 code, so my proposal for now would be to leave this bug for future reference and proper referencing when submitting the patch.

Change History (6)

comment:1 Changed 5 years ago by jakobsybren

  • Owner set to jakobsybren
  • Status changed from new to open

comment:2 Changed 5 years ago by jakobsybren

  • Cc jakob@jet-stream.nl added

comment:3 in reply to: ↑ description Changed 5 years ago by cehoyos

  • Keywords http ismv added

Replying to jakobsybren:

If more info is required for this bug (if necessary I do have Apache logs available) I could attach it. However, I already have a patch to fix this bug

A lot more information is needed imo (and by setting the ticket to "open" you made it less likely that somebody else will fill it in) but if you have a patch please send it to the ffmpeg-devel mailing list where it will be reviewed.

comment:4 Changed 5 years ago by Krieger

Did you try using -headers option, forging necessary auth header?

comment:5 Changed 20 months ago by rasmusvhansen

The -headers option is not recognized in ffmpeg 3.2.2 on windows. Does it work on older versions? Has it been renamed?

comment:6 Changed 20 months ago by cehoyos

  • Resolution set to fixed
  • Status changed from open to closed
Note: See TracTickets for help on using tickets.