typedef struct vlc_tls_creds vlc_tls_creds_t;
typedef struct vlc_tls_creds_sys vlc_tls_creds_sys_t;
-
+/** TLS session */
struct vlc_tls
{
VLC_COMMON_MEMBERS
# define tls_Recv( a, b, c ) (((vlc_tls_t *)a)->sock.pf_recv (a, b, c))
-/** TLS (server-side) credentials */
+/** TLS credentials (certificate, private and trust settings) */
struct vlc_tls_creds
{
VLC_COMMON_MEMBERS
vlc_tls_creds_t *vlc_tls_ServerCreate (vlc_object_t *,
const char *cert, const char *key);
-void vlc_tls_ServerDelete (vlc_tls_creds_t *);
+void vlc_tls_Delete (vlc_tls_creds_t *);
+#define vlc_tls_ServerDelete vlc_tls_Delete
int vlc_tls_ServerAddCA (vlc_tls_creds_t *srv, const char *path);
int vlc_tls_ServerAddCRL (vlc_tls_creds_t *srv, const char *path);
*****************************************************************************/
static int OpenClient (vlc_tls_t *, int, const char *);
static void CloseClient (vlc_tls_t *);
-static int OpenServer (vlc_object_t *);
-static void CloseServer (vlc_object_t *);
+static int OpenServer (vlc_tls_creds_t *, const char *, const char *);
+static void CloseServer (vlc_tls_creds_t *);
#define PRIORITIES_TEXT N_("TLS cipher priorities")
#define PRIORITIES_LONGTEXT N_("Ciphers, key exchange methods, " \
/**
* Allocates a whole server's TLS credentials.
*/
-static int OpenServer (vlc_object_t *obj)
+static int OpenServer (vlc_tls_creds_t *crd, const char *cert, const char *key)
{
- vlc_tls_creds_t *server = (vlc_tls_creds_t *)obj;
int val;
- if (gnutls_Init (obj))
+ if (gnutls_Init (VLC_OBJECT(crd)))
return VLC_EGENERIC;
- msg_Dbg (obj, "creating TLS server");
-
vlc_tls_creds_sys_t *sys = malloc (sizeof (*sys));
if (unlikely(sys == NULL))
goto error;
- server->sys = sys;
- server->add_CA = gnutls_ServerAddCA;
- server->add_CRL = gnutls_ServerAddCRL;
- server->open = gnutls_SessionOpen;
- server->close = gnutls_SessionClose;
+ crd->sys = sys;
+ crd->add_CA = gnutls_ServerAddCA;
+ crd->add_CRL = gnutls_ServerAddCRL;
+ crd->open = gnutls_SessionOpen;
+ crd->close = gnutls_SessionClose;
/* No certificate validation by default */
sys->handshake = gnutls_ContinueHandshake;
val = gnutls_certificate_allocate_credentials (&sys->x509_cred);
if (val != 0)
{
- msg_Err (server, "cannot allocate credentials: %s",
+ msg_Err (crd, "cannot allocate credentials: %s",
gnutls_strerror (val));
goto error;
}
- char *cert_path = var_GetNonEmptyString (obj, "tls-x509-cert");
- char *key_path = var_GetNonEmptyString (obj, "tls-x509-key");
- const char *lcert = ToLocale (cert_path);
- const char *lkey = ToLocale (key_path);
- val = gnutls_certificate_set_x509_key_file (sys->x509_cred, lcert, lkey,
+ val = gnutls_certificate_set_x509_key_file (sys->x509_cred, cert, key,
GNUTLS_X509_FMT_PEM);
- LocaleFree (lkey);
- LocaleFree (lcert);
- free (key_path);
- free (cert_path);
-
if (val < 0)
{
- msg_Err (server, "cannot set certificate chain or private key: %s",
+ msg_Err (crd, "cannot set certificate chain or private key: %s",
gnutls_strerror (val));
gnutls_certificate_free_credentials (sys->x509_cred);
goto error;
}
if (val < 0)
{
- msg_Err (server, "cannot initialize DHE cipher suites: %s",
+ msg_Err (crd, "cannot initialize DHE cipher suites: %s",
gnutls_strerror (val));
}
error:
free (sys);
- gnutls_Deinit (obj);
+ gnutls_Deinit (VLC_OBJECT(crd));
return VLC_EGENERIC;
}
/**
* Destroys a TLS server object.
*/
-static void CloseServer (vlc_object_t *obj)
+static void CloseServer (vlc_tls_creds_t *crd)
{
- vlc_tls_creds_t *server = (vlc_tls_creds_t *)obj;
- vlc_tls_creds_sys_t *sys = server->sys;
+ vlc_tls_creds_sys_t *sys = crd->sys;
/* all sessions depending on the server are now deinitialized */
gnutls_certificate_free_credentials (sys->x509_cred);
gnutls_dh_params_deinit (sys->dh_params);
free (sys);
- gnutls_Deinit (obj);
+ gnutls_Deinit (VLC_OBJECT(crd));
}
#include <vlc_tls.h>
#include <vlc_modules.h>
+static int tls_server_load(void *func, va_list ap)
+{
+ int (*activate) (vlc_tls_creds_t *, const char *, const char *) = func;
+ vlc_tls_creds_t *crd = va_arg (ap, vlc_tls_creds_t *);
+ const char *cert = va_arg (ap, const char *);
+ const char *key = va_arg (ap, const char *);
+
+ return activate (crd, cert, key);
+}
+
+static void tls_unload(void *func, va_list ap)
+{
+ void (*deactivate) (vlc_tls_creds_t *) = func;
+ vlc_tls_creds_t *crd = va_arg (ap, vlc_tls_creds_t *);
+
+ deactivate (crd);
+}
+
/**
* Allocates a whole server's TLS credentials.
*
if (unlikely(srv == NULL))
return NULL;
- var_Create (srv, "tls-x509-cert", VLC_VAR_STRING);
- var_Create (srv, "tls-x509-key", VLC_VAR_STRING);
-
- if (cert_path != NULL)
- {
- var_SetString (srv, "tls-x509-cert", cert_path);
-
- if (key_path == NULL)
- key_path = cert_path;
- var_SetString (srv, "tls-x509-key", key_path);
- }
+ if (key_path == NULL)
+ key_path = cert_path;
- srv->module = module_need (srv, "tls server", NULL, false );
+ srv->module = vlc_module_load (srv, "tls server", NULL, false,
+ tls_server_load, srv, cert_path, key_path);
if (srv->module == NULL)
{
msg_Err (srv, "TLS server plugin not available");
* Releases data allocated with vlc_tls_ServerCreate().
* @param srv TLS server object to be destroyed, or NULL
*/
-void vlc_tls_ServerDelete (vlc_tls_creds_t *srv)
+void vlc_tls_Delete (vlc_tls_creds_t *crd)
{
- if (srv == NULL)
+ if (crd == NULL)
return;
- module_unneed (srv, srv->module);
- vlc_object_release (srv);
+ vlc_module_unload (crd->module, tls_unload, crd);
+ vlc_object_release (crd);
}