HTTP isml output (ie: HTTP POST) with authentication is broken
|Reported by:||Jakob van Bethlehem||Owned by:||Jakob van Bethlehem|
|Blocking:||Reproduced by developer:||no|
|Analyzed by developer:||no|
We're using ffmpeg to push an isml stream to a server that runs the Unified Streaming Smooth module with Apache. For now we're testing with md4s as input, but later on we would like to try also to feed actual live streams.
On Apache we enabled HTTP Basic authentication. To be exact, we're trying something like the following:
ffmpeg -y -re -i input.mp4 -movflags isml+frag_keyframe -f ismv -threads 0 -c:a libfaac -ac 2 -b:a 64k -c:v libx264 -profile:v baseline -g 48 -keyint_min 48 -sc_threshold 0 -map 0:v -b:v:0 477k -s:v:0 368x152 -map 0:a:0 http://user:email@example.com
(ffmpeg 162e22 on October 8th, 2013)
This user:pass should be combined into a Authentication-header. For Get-requests this works as expected (first a request -without- authentication is send, which will cause the server to respond with a 401, and a header that tells which type of authentication to use, after which ffmpeg will do the proper request including authentication headers)
For POST requests there is a bug: ffmpeg will already start POSTing data, before finishing the request, and subsequently receiving the 403 code from the server, allowing the proper command to be POSTed.
To be even more exact: the call to ff_auth_auth_create_response() in http_connect() in http.c (line 572 in 162e22) will only produce the proper authentication headers after an initial request without authentication, as it should according to HTTP specs. However, the call to post data on line 670 and line 688 which forces a 200 when posting, does not take this extra required step into account.
If more info is required for this bug (if necessary I do have Apache logs available) I could attach it. However, I already have a patch to fix this bug, simply introducing an additional check for posting data and setting the 200 code, so my proposal for now would be to leave this bug for future reference and proper referencing when submitting the patch.