[FFmpeg-trac] #3036(avformat:new): HTTP isml output (ie: HTTP POST) with authentication is broken

FFmpeg trac at avcodec.org
Tue Oct 8 17:30:13 CEST 2013

#3036: HTTP isml output (ie: HTTP POST) with authentication is broken
             Reporter:  jakobsybren  |                     Type:  defect
               Status:  new          |                 Priority:  normal
            Component:  avformat     |                  Version:
             Keywords:               |  unspecified
             Blocking:               |               Blocked By:
Analyzed by developer:  0            |  Reproduced by developer:  0
 We're using ffmpeg to push an isml stream to a server that runs the
 Unified Streaming Smooth module with Apache. For now we're testing with
 md4s as input, but later on we would like to try also to feed actual live

 On Apache we enabled HTTP Basic authentication. To be exact, we're trying
 something like the following:

 ffmpeg -y -re -i input.mp4 -movflags isml+frag_keyframe -f ismv -threads 0
 -c:a libfaac -ac 2 -b:a 64k -c:v libx264 -profile:v baseline -g 48
 -keyint_min 48 -sc_threshold 0 -map 0:v -b:v:0 477k -s:v:0 368x152 -map
 0:a:0 http://user:pass@apache-host.domain.com

 (ffmpeg 162e22 on October 8th, 2013)

 This user:pass should be combined into a Authentication-header. For Get-
 requests this works as expected (first a request -without- authentication
 is send, which will cause the server to respond with a 401, and a header
 that tells which type of authentication to use, after which ffmpeg will do
 the proper request including authentication headers)

 For POST requests there is a bug: ffmpeg will already start POSTing data,
 before finishing the request, and subsequently receiving the 403 code from
 the server, allowing the proper command to be POSTed.

 To be even more exact: the call to ff_auth_auth_create_response() in
 http_connect() in http.c (line 572 in 162e22) will only produce the proper
 authentication headers after an initial request without authentication, as
 it should according to HTTP specs. However, the call to post data on line
 670 and line 688 which forces a 200 when posting, does not take this extra
 required step into account.

 If more info is required for this bug (if necessary I do have Apache logs
 available) I could attach it. However, I already have a patch to fix this
 bug, simply introducing an additional check for posting data and setting
 the 200 code, so my proposal for now would be to leave this bug for future
 reference and proper referencing when submitting the patch.

Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/3036>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list