From f81c62a6a42ac0192fa0634c225ee540ad73be5a Mon Sep 17 00:00:00 2001 From: xtkoba <69125751+xtkoba@users.noreply.github.com> Date: Fri, 21 Jan 2022 15:12:30 +0900 Subject: [PATCH] Add option --legacy-server-connect (#778) to allow HTTPS connection to servers that do not support RFC 5746 secure renegotiation Authored by: xtkoba --- yt_dlp/YoutubeDL.py | 2 ++ yt_dlp/__init__.py | 1 + yt_dlp/options.py | 4 ++++ yt_dlp/utils.py | 2 ++ 4 files changed, 9 insertions(+) diff --git a/yt_dlp/YoutubeDL.py b/yt_dlp/YoutubeDL.py index 21edfe339..27fcc2a81 100644 --- a/yt_dlp/YoutubeDL.py +++ b/yt_dlp/YoutubeDL.py @@ -323,6 +323,8 @@ class YoutubeDL(object): cookiesfrombrowser: A tuple containing the name of the browser, the profile name/pathfrom where cookies are loaded, and the name of the keyring. Eg: ('chrome', ) or ('vivaldi', 'default', 'BASICTEXT') + legacyserverconnect: Explicitly allow HTTPS connection to servers that do not + support RFC 5746 secure renegotiation nocheckcertificate: Do not verify SSL certificates prefer_insecure: Use HTTP instead of HTTPS to retrieve information. At the moment, this is only supported by YouTube. diff --git a/yt_dlp/__init__.py b/yt_dlp/__init__.py index f3faf0ce4..c5e647c23 100644 --- a/yt_dlp/__init__.py +++ b/yt_dlp/__init__.py @@ -756,6 +756,7 @@ def report_deprecation(val, old, new=None): 'skip_playlist_after_errors': opts.skip_playlist_after_errors, 'cookiefile': opts.cookiefile, 'cookiesfrombrowser': opts.cookiesfrombrowser, + 'legacyserverconnect': opts.legacy_server_connect, 'nocheckcertificate': opts.no_check_certificate, 'prefer_insecure': opts.prefer_insecure, 'proxy': opts.proxy, diff --git a/yt_dlp/options.py b/yt_dlp/options.py index cb6f01d4d..50a70c12c 100644 --- a/yt_dlp/options.py +++ b/yt_dlp/options.py @@ -827,6 +827,10 @@ def _dict_from_options_callback( '--encoding', dest='encoding', metavar='ENCODING', help='Force the specified encoding (experimental)') + workarounds.add_option( + '--legacy-server-connect', + action='store_true', dest='legacy_server_connect', default=False, + help='Explicitly allow HTTPS connection to servers that do not support RFC 5746 secure renegotiation') workarounds.add_option( '--no-check-certificates', action='store_true', dest='no_check_certificate', default=False, diff --git a/yt_dlp/utils.py b/yt_dlp/utils.py index 0defe83e8..cb44a9c51 100644 --- a/yt_dlp/utils.py +++ b/yt_dlp/utils.py @@ -997,6 +997,8 @@ def make_HTTPS_handler(params, **kwargs): opts_check_certificate = not params.get('nocheckcertificate') context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) context.check_hostname = opts_check_certificate + if params.get('legacyserverconnect'): + context.options |= 4 # SSL_OP_LEGACY_SERVER_CONNECT context.verify_mode = ssl.CERT_REQUIRED if opts_check_certificate else ssl.CERT_NONE if opts_check_certificate: try: