Add option --legacy-server-connect (#778)

to allow HTTPS connection to servers that do not support RFC 5746 secure renegotiation

Authored by: xtkoba
This commit is contained in:
xtkoba 2022-01-21 15:12:30 +09:00 committed by GitHub
parent 6c73052c0a
commit f81c62a6a4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 9 additions and 0 deletions

View File

@ -323,6 +323,8 @@ class YoutubeDL(object):
cookiesfrombrowser: A tuple containing the name of the browser, the profile cookiesfrombrowser: A tuple containing the name of the browser, the profile
name/pathfrom where cookies are loaded, and the name of the name/pathfrom where cookies are loaded, and the name of the
keyring. Eg: ('chrome', ) or ('vivaldi', 'default', 'BASICTEXT') keyring. Eg: ('chrome', ) or ('vivaldi', 'default', 'BASICTEXT')
legacyserverconnect: Explicitly allow HTTPS connection to servers that do not
support RFC 5746 secure renegotiation
nocheckcertificate: Do not verify SSL certificates nocheckcertificate: Do not verify SSL certificates
prefer_insecure: Use HTTP instead of HTTPS to retrieve information. prefer_insecure: Use HTTP instead of HTTPS to retrieve information.
At the moment, this is only supported by YouTube. At the moment, this is only supported by YouTube.

View File

@ -756,6 +756,7 @@ def report_deprecation(val, old, new=None):
'skip_playlist_after_errors': opts.skip_playlist_after_errors, 'skip_playlist_after_errors': opts.skip_playlist_after_errors,
'cookiefile': opts.cookiefile, 'cookiefile': opts.cookiefile,
'cookiesfrombrowser': opts.cookiesfrombrowser, 'cookiesfrombrowser': opts.cookiesfrombrowser,
'legacyserverconnect': opts.legacy_server_connect,
'nocheckcertificate': opts.no_check_certificate, 'nocheckcertificate': opts.no_check_certificate,
'prefer_insecure': opts.prefer_insecure, 'prefer_insecure': opts.prefer_insecure,
'proxy': opts.proxy, 'proxy': opts.proxy,

View File

@ -827,6 +827,10 @@ def _dict_from_options_callback(
'--encoding', '--encoding',
dest='encoding', metavar='ENCODING', dest='encoding', metavar='ENCODING',
help='Force the specified encoding (experimental)') help='Force the specified encoding (experimental)')
workarounds.add_option(
'--legacy-server-connect',
action='store_true', dest='legacy_server_connect', default=False,
help='Explicitly allow HTTPS connection to servers that do not support RFC 5746 secure renegotiation')
workarounds.add_option( workarounds.add_option(
'--no-check-certificates', '--no-check-certificates',
action='store_true', dest='no_check_certificate', default=False, action='store_true', dest='no_check_certificate', default=False,

View File

@ -997,6 +997,8 @@ def make_HTTPS_handler(params, **kwargs):
opts_check_certificate = not params.get('nocheckcertificate') opts_check_certificate = not params.get('nocheckcertificate')
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
context.check_hostname = opts_check_certificate context.check_hostname = opts_check_certificate
if params.get('legacyserverconnect'):
context.options |= 4 # SSL_OP_LEGACY_SERVER_CONNECT
context.verify_mode = ssl.CERT_REQUIRED if opts_check_certificate else ssl.CERT_NONE context.verify_mode = ssl.CERT_REQUIRED if opts_check_certificate else ssl.CERT_NONE
if opts_check_certificate: if opts_check_certificate:
try: try: