[vlc-devel] [PATCH 1/8] Add library functions for HTTP client authentication

Rémi Denis-Courmont rem at videolan.org
Sat Jan 10 16:49:12 CET 2009

Le samedi 10 janvier 2009 17:26:23 Antoine Cellerier, vous avez écrit :
> On Sat, Jan 10, 2009, Michael Hanselmann wrote:
> > Most of the code is taken from modules/access/http.c, although it
> > includes modifications to make it work as library functions and to
> > fix some issues. The HTTP access module can be converted at a
> > later point, but there's still some stuff needing cleanup first.
> I'd really like to have the HTTP access module converted to use this so
> that we don't have duplicate code. If it's not done now I doubt that it
> will ever get done. (On a side note, would it be possible to merge this
> with the server side http authentication code already present in the
> core?)

The server side HTTP code only supports plain, which is trivial. I am very 
reluctant to cluttering it with digest support. If you don't want to leak 
your VLC admin password in clear, use TLS.

In any case, I very much doubt the code could be merged, as HTTP 
authentication is completely asymetric: client authenticates to server, and 
_not_ vice-versa (another reason why TLS is better).

Rémi Denis-Courmont

More information about the vlc-devel mailing list