search

mpv-player / mpv

🎥 Command line video player
https://mpv.io
Other
28.72k stars 2.93k forks source link

Cannot play encrpyted HLS streams #9912

Open cdgriffith opened 2 years ago

cdgriffith commented 2 years ago

Important Information

Provide following Information:

Reproduction steps

Trying to play an HLS file with encryption using HTTPS or FILE as their URI do not work.

HTTPS

[ffmpeg] https: Protocol 'https' not on whitelist 'file,crypto,data'!
[ffmpeg/demuxer] hls: Unable to open key file https://localhost:8000/point.key

To solve with ffplay requires: 

ffplay.exe point.m3u8 -protocol_whitelist file,https,tcp,crypto,tls

m3u8 would include URI like: 

#EXT-X-KEY:METHOD=AES-128,URI="https://localhost:8000/point.key",IV=0x...

FILE

[ffmpeg/demuxer] hls: Filename extension of 'file:enc.key' is not a common multimedia extension, blocked for security reasons.
[ffmpeg/demuxer] If you wish to override this adjust allowed_extensions, you can set it to 'ALL' to allow all
[ffmpeg/demuxer] hls: Unable to open key file file:enc.key

To solve with ffplay requires: 

ffplay point.m3u8 -allowed_extensions ALL

m3u8 would include URI like:

#EXT-X-KEY:METHOD=AES-128,URI="file:enc.key",IV=0x...

Expected behavior

The video to play

Actual behavior

The video does not play

Log file

Detailed log file for the HTTPS example out.txt

Sample files

Possible to generate everything you need (apart from the mp4 file), attaching as well: sample files.zip

openssl rand 16 > point.key

echo "https://localhost:8000/point.key" > point.key_info
echo "point.key" >> point.key_info
openssl rand -hex 16 >> point.key_info

ffmpeg -i point.mp4 -c copy -hls_key_info_file point.key_info -hls_flags single_file -hls_list_size 0 point.m3u8

# Start local https server, can also change to `http` both in the echo above and whitelist below for easier testing
# can run `python -m http.server` in directory key is in to easily serve it

ffplay.exe point.m3u8 -protocol_whitelist file,https,tcp,crypto,tls
cdgriffith commented 2 years ago

https://github.com/mpv-player/mpv/issues?q=is%3Aissue+sort%3Aupdated-desc+decryption_key

This is specifically reading details from an m3u8 stream file, not a key that can be provided by command line.

cdgriffith commented 2 years ago

I guess a better way to phrase this would be "is there a reason these protocols are not enabled by default"?

I understand not allowing unencrypted http but might be more user friendly to have https / tls enabled by default. 

demuxer-lavf-o=protocol_whitelist=[file,tcp,tls,https,crypto,data]