From: Rémi Denis-Courmont <rem@videolan.org>
Date: Sat, 6 Nov 2004 16:26:40 +0000 (+0000)
Subject: HTTP/SSL stream output
X-Git-Tag: 0.8.2~1768
X-Git-Url: https://git.sesse.net/?a=commitdiff_plain;h=5aa8d01f4893a235c45968c54ab122941abcb8ec;p=vlc

HTTP/SSL stream output
---

diff --git a/modules/access_output/http.c b/modules/access_output/http.c
index 6eac341a61..4aca57d8af 100644
--- a/modules/access_output/http.c
+++ b/modules/access_output/http.c
@@ -30,10 +30,12 @@
 #include <vlc/sout.h>
 
 #include "vlc_httpd.h"
+#include "vlc_tls.h"
 
 #define FREE( p ) if( p ) { free( p); (p) = NULL; }
 
-#define DEFAULT_PORT 8080
+#define DEFAULT_PORT        8080
+#define DEFAULT_SSL_PORT    8443
 
 /*****************************************************************************
  * Module descriptor
@@ -51,15 +53,28 @@ static void Close( vlc_object_t * );
                          "requested to access the stream." )
 #define MIME_TEXT N_("Mime")
 #define MIME_LONGTEXT N_("Allows you to give the mime returned by the server." )
+#define CERT_TEXT N_( "Certificate file" )
+#define CERT_LONGTEXT N_( "HTTP/SSL stream output x509 PEM certificate file" )
+#define KEY_TEXT N_( "Private key file" )
+#define KEY_LONGTEXT N_( "HTTP/SSL stream output x509 PEM private key file" )
+#define CA_TEXT N_( "Root CA file" )
+#define CA_LONGTEXT N_( "HTTP/SSL stream output x509 PEM trusted root CA certificates file" )
+#define CRL_TEXT N_( "CRL file" )
+#define CRL_LONGTEXT N_( "HTTP/SSL stream output Certificates Revocation List file" )
 
 vlc_module_begin();
     set_description( _("HTTP stream output") );
     set_capability( "sout access", 0 );
     add_shortcut( "http" );
+    add_shortcut( "https" );
     add_shortcut( "mmsh" );
     add_string( SOUT_CFG_PREFIX "user", "", NULL, USER_TEXT, USER_LONGTEXT, VLC_TRUE );
     add_string( SOUT_CFG_PREFIX "pwd", "", NULL, PASS_TEXT, PASS_LONGTEXT, VLC_TRUE );
     add_string( SOUT_CFG_PREFIX "mime", "", NULL, MIME_TEXT, MIME_LONGTEXT, VLC_TRUE );
+    add_string( SOUT_CFG_PREFIX "cert", "vlc.pem", NULL, CERT_TEXT, CERT_LONGTEXT, VLC_TRUE );
+    add_string( SOUT_CFG_PREFIX "key", NULL, NULL, KEY_TEXT, KEY_LONGTEXT, VLC_TRUE );
+    add_string( SOUT_CFG_PREFIX "ca", NULL, NULL, CA_TEXT, CA_LONGTEXT, VLC_TRUE );
+    add_string( SOUT_CFG_PREFIX "crl", NULL, NULL, CRL_TEXT, CRL_LONGTEXT, VLC_TRUE );
     set_callbacks( Open, Close );
 vlc_module_end();
 
@@ -96,6 +111,7 @@ static int Open( vlc_object_t *p_this )
 {
     sout_access_out_t       *p_access = (sout_access_out_t*)p_this;
     sout_access_out_sys_t   *p_sys;
+    tls_server_t            *p_tls;
 
     char                *psz_parser, *psz_name;
 
@@ -111,7 +127,7 @@ static int Open( vlc_object_t *p_this )
                 malloc( sizeof( sout_access_out_sys_t ) ) ) )
     {
         msg_Err( p_access, "Not enough memory" );
-        return( VLC_EGENERIC );
+        return VLC_ENOMEM ;
     }
 
     sout_CfgParse( p_access, SOUT_CFG_PREFIX, ppsz_sout_options, p_access->p_cfg );
@@ -145,11 +161,6 @@ static int Open( vlc_object_t *p_this )
         psz_file_name = psz_parser;
     }
 
-    if( i_bind_port <= 0 )
-    {
-        i_bind_port = DEFAULT_PORT;
-    }
-
     if( !*psz_file_name )
     {
         psz_file_name = strdup( "/" );
@@ -167,13 +178,65 @@ static int Open( vlc_object_t *p_this )
         psz_file_name = strdup( psz_file_name );
     }
 
-    p_sys->p_httpd_host = httpd_HostNew( VLC_OBJECT(p_access), psz_bind_addr,
-                                         i_bind_port );
+    /* SSL support */
+    if( p_access->psz_access && !strcmp( p_access->psz_access, "https" ) )
+    {
+        const char *psz_cert, *psz_key;
+        psz_cert = config_GetPsz( p_this, SOUT_CFG_PREFIX"cert" );
+        psz_key = config_GetPsz( p_this, SOUT_CFG_PREFIX"key" );
+
+        p_tls = tls_ServerCreate( p_this, psz_cert, psz_key );
+        if ( p_tls == NULL )
+        {
+            msg_Err( p_this, "TLS initialization error" );
+            free( psz_file_name );
+            free( psz_name );
+            free( p_sys );
+            return VLC_EGENERIC;
+        }
+
+        psz_cert = config_GetPsz( p_this, SOUT_CFG_PREFIX"ca" );
+        if ( ( psz_cert != NULL) && tls_ServerAddCA( p_tls, psz_cert ) )
+        {
+            msg_Err( p_this, "TLS CA error" );
+            tls_ServerDelete( p_tls );
+            free( psz_file_name );
+            free( psz_name );
+            free( p_sys );
+            return VLC_EGENERIC;
+        }
+
+        psz_cert = config_GetPsz( p_this, SOUT_CFG_PREFIX"crl" );
+        if ( ( psz_cert != NULL) && tls_ServerAddCRL( p_tls, psz_cert ) )
+        {
+            msg_Err( p_this, "TLS CRL error" );
+            tls_ServerDelete( p_tls );
+            free( psz_file_name );
+            free( psz_name );
+            free( p_sys );
+            return VLC_EGENERIC;
+        }
+
+        if( i_bind_port <= 0 )
+            i_bind_port = DEFAULT_SSL_PORT;
+    }
+    else
+    {
+        p_tls = NULL;
+        if( i_bind_port <= 0 )
+            i_bind_port = DEFAULT_PORT;
+    }
+
+    p_sys->p_httpd_host = httpd_TLSHostNew( VLC_OBJECT(p_access),
+                                            psz_bind_addr, i_bind_port,
+                                            p_tls );
     if( p_sys->p_httpd_host == NULL )
     {
         msg_Err( p_access, "cannot listen on %s:%d",
                  psz_bind_addr, i_bind_port );
 
+        if( p_tls != NULL )
+            tls_ServerDelete( p_tls );
         free( psz_name );
         free( psz_file_name );
         free( p_sys );