Is a way to process ssl/proxy url images?

Questions and postings pertaining to the development of ImageMagick, feature enhancements, and ImageMagick internals. ImageMagick source code and algorithms are discussed here. Usage questions which are too arcane for the normal user list should also be posted here.
Post Reply
y4rk4s
Posts: 6
Joined: 2018-03-22T00:52:48-07:00
Authentication code: 1152

Is a way to process ssl/proxy url images?

Post by y4rk4s »

Currently im working with ImageMagick-7.0.7-27-Q16-x86-dll & mageMagick-7.0.7-27-portable-Q16-x86 & Magick.NET-Q8-AnyCPU reference

I tried to manipulate png with proxy url(https,tls1.2), but i get an exception: MagickFileOpenErrorException was unhandled (unable to open file .... @ error/url.c/ReadURLImage/183)

Is there a way to work with directly this type of image urls?

Thank you
Last edited by y4rk4s on 2018-03-22T05:17:45-07:00, edited 1 time in total.
Bonzo
Posts: 2971
Joined: 2006-05-20T08:08:19-07:00
Location: Cambridge, England

Re: Is a way to process proxy url images?

Post by Bonzo »

I do not know about proxy URL's but I would say https,tls1.2 is not a valid URL. If you can convert that to a normal URL before sending it to Imagemagick it should work.
y4rk4s
Posts: 6
Joined: 2018-03-22T00:52:48-07:00
Authentication code: 1152

Re: Is a way to process proxy url images?

Post by y4rk4s »

https is a protocoll, within TLS is a Transport Layer Security , those only details ( i cannot paste the url, but its security proterties )

My current workaround is a self-signed certificate, and downloading the image, then call functions from class ( in C#)
But in win32 application tools i cannot find a solution

Im tried with (example with google):

https://www.google.hu/images/branding/g ... 2x92dp.png
http://www.google.hu/images/branding/go ... 2x92dp.png

https://www.google.hu:123/images/brandi ... 2x92dp.png
http://www.google.hu:123/images/brandin ... 2x92dp.png
Bonzo
Posts: 2971
Joined: 2006-05-20T08:08:19-07:00
Location: Cambridge, England

Re: Is a way to process proxy url images?

Post by Bonzo »

Hopefully somebody may come along who knows about that sort of thing.

I wonder if as it is not directly an Imagemagick problem it may be worth posting on Stackoverflow as they have a broad base of users specialising in lots of different code?
y4rk4s
Posts: 6
Joined: 2018-03-22T00:52:48-07:00
Authentication code: 1152

Re: Is a way to process proxy url images?

Post by y4rk4s »

Im just tried with different versions/builds from ImageMagick, problem was same everywhere:

convert https://www.google.hu/images/branding/g ... 2x92dp.png logo.jpg

result: this command should convert png to jpg

Case, when yout try with an url with a certificate, the conversion will fail:

convert https://expired.badssl.com/icons/icon-red.png test.jpg

result: error message, unable to open file
Bonzo
Posts: 2971
Joined: 2006-05-20T08:08:19-07:00
Location: Cambridge, England

Re: Is a way to process ssl/proxy url images?

Post by Bonzo »

The last error could be a https restriction on the website and might work on a http image?

Have you tried including your path in " "
y4rk4s
Posts: 6
Joined: 2018-03-22T00:52:48-07:00
Authentication code: 1152

Re: Is a way to process ssl/proxy url images?

Post by y4rk4s »

Website is SSL protected, is ImageMagick able to access SSL images?

Im tried with following - CMD:

Command {url} {output}
Command {"url"} {output}
Command {"url"} {"output"}

d:\comp_project>convert "https://expired.badssl.com/icons/icon-red.png" outer
jpg
convert: unable to open file 'https://expired.badssl.com/icons/icon-red.png':
such file or directory @ error/url.c/ReadURLImage/183.
convert: no images defined `outerrr.jpg' @ error/convert.c/ConvertImageComman
275.

d:\comp_project>convert "https://expired.badssl.com/icons/icon-red.png" "outerrr
.jpg"
convert: unable to open file 'https://expired.badssl.com/icons/icon-red.png': No
such file or directory @ error/url.c/ReadURLImage/183.
convert: no images defined `outerrr.jpg' @ error/convert.c/ConvertImageCommand/3
275.
User avatar
fmw42
Posts: 25562
Joined: 2007-07-02T17:14:51-07:00
Authentication code: 1152
Location: Sunnyvale, California, USA

Re: Is a way to process ssl/proxy url images?

Post by fmw42 »

Check your policy.xml file to see if HTTPS has been restricted.

Code: Select all

convert -list policy
will show you what you have
snibgo
Posts: 12159
Joined: 2010-01-23T23:01:33-07:00
Authentication code: 1151
Location: England, UK

Re: Is a way to process ssl/proxy url images?

Post by snibgo »

wrote:d:\comp_project>convert "https://expired.badssl.com/icons/icon-red.png" outer.jpg
When I try to access that image from a web browser, I get "There is a problem with this website’s security certificate."
I expect IM ecounters the equivalent.
snibgo's IM pages: im.snibgo.com
y4rk4s
Posts: 6
Joined: 2018-03-22T00:52:48-07:00
Authentication code: 1152

Re: Is a way to process ssl/proxy url images?

Post by y4rk4s »

After you accept certificate in browser you can access the image. - In Browser

But is there a solution for ImageMagick api to accept certificate? - in Command line

Im uncommented/commented policy.xml https related properties, result same:

Code: Select all

  <!-- <policy domain="resource" name="temporary-path" value="/tmp"/> -->
  <!-- <policy domain="resource" name="memory" value="2GiB"/> -->
  <!-- <policy domain="resource" name="map" value="4GiB"/> -->
  <!-- <policy domain="resource" name="width" value="10MP"/> -->
  <!-- <policy domain="resource" name="height" value="10MP"/> -->
  <!-- <policy domain="resource" name="area" value="1GB"/> -->
  <!-- <policy domain="resource" name="disk" value="16EB"/> -->
  <!-- <policy domain="resource" name="file" value="768"/> -->
  <!-- <policy domain="resource" name="thread" value="4"/> -->
  <!-- <policy domain="resource" name="throttle" value="0"/> -->
  <!-- <policy domain="resource" name="time" value="3600"/> -->
  <!-- <policy domain="system" name="precision" value="6"/> -->
  <!-- <policy domain="coder" rights="none" pattern="MVG" /> -->
  <policy domain="delegate" rights="none" pattern="HTTPS" /> 
  <!-- <policy domain="path" rights="none" pattern="@*" /> -->
  <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/>
With replaced the following i get not authorized error:

Code: Select all

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policymap [
<!ELEMENT policymap (policy)+>
<!ELEMENT policy (#PCDATA)>
<!ATTLIST policy domain (delegate|coder|filter|path|resource) #IMPLIED>
<!ATTLIST policy name CDATA #IMPLIED>
<!ATTLIST policy rights CDATA #IMPLIED>
<!ATTLIST policy pattern CDATA #IMPLIED>
<!ATTLIST policy value CDATA #IMPLIED>
]>
<!--
  Configure ImageMagick policies.

  Domains include system, delegate, coder, filter, path, or resource.

  Rights include none, read, write, and execute.  Use | to combine them,
  for example: "read | write" to permit read from, or write to, a path.

  Use a glob expression as a pattern.

  Suppose we do not want users to process MPEG video images:

    <policy domain="delegate" rights="none" pattern="mpeg:decode" />

  Here we do not want users reading images from HTTP:

    <policy domain="coder" rights="none" pattern="HTTP" />

  Lets prevent users from executing any image filters:

    <policy domain="filter" rights="none" pattern="*" />

  The /repository file system is restricted to read only.  We use a glob
  expression to match all paths that start with /repository:
  
    <policy domain="path" rights="read" pattern="/repository/*" />

  Any large image is cached to disk rather than memory:

    <policy domain="resource" name="area" value="1GB"/>

  Define arguments for the memory, map, area, and disk resources with
  SI prefixes (.e.g 100MB).  In addition, resource policies are maximums for
  each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB
  exceeds policy maximum so memory limit is 1GB).
-->
<policymap>
  <!-- <policy domain="resource" name="temporary-path" value="/tmp"/> -->
  <!-- <policy domain="resource" name="memory" value="2GiB"/> -->
  <!-- <policy domain="resource" name="map" value="4GiB"/> -->
  <!-- <policy domain="resource" name="area" value="1GB"/> -->
  <!-- <policy domain="resource" name="disk" value="16EB"/> -->
  <!-- <policy domain="resource" name="file" value="768"/> -->
  <!-- <policy domain="resource" name="thread" value="4"/> -->
  <!-- <policy domain="resource" name="throttle" value="0"/> -->
  <!-- <policy domain="resource" name="time" value="3600"/> -->
  <!-- <policy domain="system" name="precision" value="6"/> -->
  <policy domain="cache" name="shared-secret" value="passphrase"/>
  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
  <policy domain="coder" rights="none" pattern="URL" />
  <policy domain="coder" rights="none" pattern="HTTPS" />
  <!-- <policy domain="coder" rights="none" pattern="MVG" /> -->
  <policy domain="coder" rights="none" pattern="MSL" />
  <!-- <policy domain="coder" rights="none" pattern="TEXT" /> -->
  <policy domain="coder" rights="none" pattern="SHOW" />
  <policy domain="coder" rights="none" pattern="WIN" />
  <policy domain="coder" rights="none" pattern="PLT" />
</policymap>
Last edited by y4rk4s on 2018-03-23T01:51:20-07:00, edited 1 time in total.
snibgo
Posts: 12159
Joined: 2010-01-23T23:01:33-07:00
Authentication code: 1151
Location: England, UK

Re: Is a way to process ssl/proxy url images?

Post by snibgo »

y4rk4s wrote:But is there a solution for ImageMagick api to accept certificate? - in Command line
I don't think IM can do that. If it could, there would be security implications.

You can stage with wget, eg:

Code: Select all

wget --no-check-certificate https://expired.badssl.com/icons/icon-red.png
... and then operate on the local file.
snibgo's IM pages: im.snibgo.com
y4rk4s
Posts: 6
Joined: 2018-03-22T00:52:48-07:00
Authentication code: 1152

Re: Is a way to process ssl/proxy url images?

Post by y4rk4s »

Currently in C# MI reference im using Self-Signed certification method, call URL within method, download image, after that MI can proccess image local
y4rk4s wrote:
But is there a solution for ImageMagick api to accept certificate? - in Command line
I mean ignore Cerificate , or identify by with properly cert / user/pwd / anything
Post Reply