Commit 89119e54 authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont

https: add support for HTTPS proxies

parent 16847983
...@@ -82,23 +82,43 @@ static struct vlc_http_msg *vlc_http_tunnel_open(struct vlc_http_conn *conn, ...@@ -82,23 +82,43 @@ static struct vlc_http_msg *vlc_http_tunnel_open(struct vlc_http_conn *conn,
} }
return resp; return resp;
} }
/* So far, this will only work with HTTP 1.1 over plain TCP as the TLS protocol
* module can only use a socket file descriptor as I/O back-end. Consequently
* neither TLS over TLS nor TLS over HTTP/2 framing are possible. */
#define TLS_OVER_TLS 0
#if !TLS_OVER_TLS static int vlc_tls_ProxyGetFD(vlc_tls_t *tls)
static int vlc_http_tls_shutdown_ignore(vlc_tls_t *session, bool duplex)
{ {
(void) session; (void) duplex; struct vlc_tls *sock = tls->sys;
return 0;
return vlc_tls_GetFD(sock);
} }
static void vlc_http_tls_close_ignore(vlc_tls_t *session) static ssize_t vlc_tls_ProxyRead(vlc_tls_t *tls, struct iovec *iov,
unsigned count)
{ {
(void) session; struct vlc_tls *sock = tls->sys;
return sock->readv(sock, iov, count);
}
static ssize_t vlc_tls_ProxyWrite(vlc_tls_t *tls, const struct iovec *iov,
unsigned count)
{
struct vlc_tls *sock = tls->sys;
return sock->writev(sock, iov, count);
}
static int vlc_tls_ProxyShutdown(vlc_tls_t *tls, bool duplex)
{
struct vlc_tls *sock = tls->sys;
return vlc_tls_Shutdown(sock, duplex);
}
static void vlc_tls_ProxyClose(vlc_tls_t *tls)
{
struct vlc_http_msg *msg = tls->p;
vlc_http_msg_destroy(msg); /* <- sock is destroyed there too */
} }
#endif
vlc_tls_t *vlc_https_connect_proxy(vlc_tls_creds_t *creds, vlc_tls_t *vlc_https_connect_proxy(vlc_tls_creds_t *creds,
const char *hostname, unsigned port, const char *hostname, unsigned port,
...@@ -122,29 +142,29 @@ vlc_tls_t *vlc_https_connect_proxy(vlc_tls_creds_t *creds, ...@@ -122,29 +142,29 @@ vlc_tls_t *vlc_https_connect_proxy(vlc_tls_creds_t *creds,
return NULL; return NULL;
} }
vlc_tls_t *session = NULL; vlc_tls_t *sock = NULL;
bool ptwo = false; bool ptwo = false;
#if TLS_OVER_TLS
if (!strcasecmp(url.psz_protocol, "https")) if (!strcasecmp(url.psz_protocol, "https"))
session = vlc_https_connect(creds, url.psz_host, url.i_port, &ptwo); sock = vlc_https_connect(creds, url.psz_host, url.i_port, &ptwo);
else else
#endif
if (!strcasecmp(url.psz_protocol, "http")) if (!strcasecmp(url.psz_protocol, "http"))
session = vlc_http_connect(creds ? creds->p_parent : NULL, sock = vlc_http_connect(creds ? creds->p_parent : NULL,
url.psz_host, url.i_port); url.psz_host, url.i_port);
else else
session = NULL; sock = NULL;
vlc_UrlClean(&url); vlc_UrlClean(&url);
if (session == NULL) if (sock == NULL)
return NULL; return NULL;
struct vlc_http_conn *conn = ptwo ? vlc_h2_conn_create(session) assert(!ptwo); /* HTTP/2 proxy not supported yet */
: vlc_h1_conn_create(session, false);
struct vlc_http_conn *conn = /*ptwo ? vlc_h2_conn_create(sock)
:*/ vlc_h1_conn_create(sock, false);
if (unlikely(conn == NULL)) if (unlikely(conn == NULL))
{ {
vlc_tls_Close(session); vlc_tls_Close(sock);
return NULL; return NULL;
} }
...@@ -156,28 +176,35 @@ vlc_tls_t *vlc_https_connect_proxy(vlc_tls_creds_t *creds, ...@@ -156,28 +176,35 @@ vlc_tls_t *vlc_https_connect_proxy(vlc_tls_creds_t *creds,
if (resp == NULL) if (resp == NULL)
return NULL; return NULL;
struct vlc_tls *psock = malloc(sizeof (*proxy));
if (unlikely(psock == NULL))
{
vlc_http_msg_destroy(resp); /* <- sock is destroyed there too */
return NULL;
}
psock->obj = VLC_OBJECT(creds);
psock->sys = sock;
psock->get_fd = vlc_tls_ProxyGetFD;
psock->readv = vlc_tls_ProxyRead;
psock->writev = vlc_tls_ProxyWrite;
psock->shutdown = vlc_tls_ProxyShutdown;
psock->close = vlc_tls_ProxyClose;
psock->p = resp;
vlc_tls_t *tls;
const char *alpn[] = { "h2", "http/1.1", NULL }; const char *alpn[] = { "h2", "http/1.1", NULL };
char *alp; char *alp;
#if TLS_OVER_TLS
# error ENOSYS
/* TODO: create a vlc_tls_t * from a struct vlc_http_msg *. */
#else
int fd = vlc_tls_GetFD(session);
session->shutdown = vlc_http_tls_shutdown_ignore;
session->close = vlc_http_tls_close_ignore;
vlc_http_msg_destroy(resp); /* <- session is destroyed here */
session = vlc_tls_ClientSessionCreateFD(creds, fd, hostname, "https", tls = vlc_tls_ClientSessionCreate(creds, psock, hostname, "https",
alpn + !*two, &alp); alpn + !*two, &alp);
#endif if (tls == NULL)
if (session == NULL)
{ {
net_Close(fd); vlc_tls_Close(psock);
return NULL; return NULL;
} }
*two = (alp != NULL) && !strcmp(alp, "h2"); *two = (alp != NULL) && !strcmp(alp, "h2");
free(alp); free(alp);
return session; return tls;
} }
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment