1 /*****************************************************************************
3 *****************************************************************************
4 * Copyright (C) 2004-2005 VideoLAN
7 * Authors: Remi Denis-Courmont <rem # videolan.org>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.
22 *****************************************************************************/
30 /*****************************************************************************
32 *****************************************************************************/
37 #include <sys/types.h>
42 #ifdef HAVE_SYS_STAT_H
43 # include <sys/stat.h>
53 #include <gnutls/gnutls.h>
56 #define CACHE_EXPIRATION 3600
59 /*****************************************************************************
61 *****************************************************************************/
62 static int Open ( vlc_object_t * );
63 static void Close( vlc_object_t * );
65 #define DH_BITS_TEXT N_("Diffie-Hellman prime bits")
66 #define DH_BITS_LONGTEXT N_( \
67 "Allows you to modify the Diffie-Hellman prime's number of bits " \
68 "(used for TLS or SSL-based server-side encryption)." )
70 #define CACHE_EXPIRATION_TEXT N_("Expiration time for resumed TLS sessions")
71 #define CACHE_EXPIRATION_LONGTEXT N_( \
72 "Defines the delay before resumed TLS sessions will be expired " \
75 #define CACHE_SIZE_TEXT N_("Number of resumed TLS sessions")
76 #define CACHE_SIZE_LONGTEXT N_( \
77 "Allows you to modify the maximum number of resumed TLS sessions that " \
78 "the cache will hold." )
80 #define CHECK_CERT_TEXT N_("Check TLS/SSL server certificate validity")
81 #define CHECK_CERT_LONGTEXT N_( \
82 "Ensures that server certificate is valid " \
83 "(ie. signed by an approved Certificate Authority)." )
85 #define CHECK_HOSTNAME_TEXT N_("Check TLS/SSL server hostname in certificate")
86 #define CHECK_HOSTNAME_LONGTEXT N_( \
87 "Ensures that server hostname in certificate match requested host name." )
90 set_shortname( "GnuTLS" );
91 set_description( _("GnuTLS TLS encryption layer") );
92 set_capability( "tls", 1 );
93 set_callbacks( Open, Close );
94 set_category( CAT_ADVANCED );
95 set_subcategory( SUBCAT_ADVANCED_MISC );
97 add_bool( "tls-check-cert", VLC_FALSE, NULL, CHECK_CERT_TEXT,
98 CHECK_CERT_LONGTEXT, VLC_FALSE );
100 add_bool( "tls-check-hostname", VLC_FALSE, NULL, CHECK_HOSTNAME_TEXT,
101 CHECK_HOSTNAME_LONGTEXT, VLC_FALSE );
104 add_integer( "dh-bits", DH_BITS, NULL, DH_BITS_TEXT,
105 DH_BITS_LONGTEXT, VLC_TRUE );
106 add_integer( "tls-cache-expiration", CACHE_EXPIRATION, NULL,
107 CACHE_EXPIRATION_TEXT, CACHE_EXPIRATION_LONGTEXT, VLC_TRUE );
108 add_integer( "tls-cache-size", CACHE_SIZE, NULL, CACHE_SIZE_TEXT,
109 CACHE_SIZE_LONGTEXT, VLC_TRUE );
113 #define MAX_SESSION_ID 32
114 #define MAX_SESSION_DATA 1024
116 typedef struct saved_session_t
118 char id[MAX_SESSION_ID];
119 char data[MAX_SESSION_DATA];
126 typedef struct tls_server_sys_t
128 gnutls_certificate_credentials x509_cred;
129 gnutls_dh_params dh_params;
131 struct saved_session_t *p_cache;
132 struct saved_session_t *p_store;
134 vlc_mutex_t cache_lock;
136 int (*pf_handshake2)( tls_session_t * );
140 typedef struct tls_session_sys_t
142 gnutls_session session;
143 vlc_bool_t b_handshaked;
147 typedef struct tls_client_sys_t
149 struct tls_session_sys_t session;
150 gnutls_certificate_credentials x509_cred;
155 _get_Int( vlc_object_t *p_this, const char *var )
159 if( var_Get( p_this, var, &value ) != VLC_SUCCESS )
161 var_Create( p_this, var, VLC_VAR_INTEGER | VLC_VAR_DOINHERIT );
162 var_Get( p_this, var, &value );
169 _get_Bool( vlc_object_t *p_this, const char *var )
173 if( var_Get( p_this, var, &value ) != VLC_SUCCESS )
175 var_Create( p_this, var, VLC_VAR_BOOL | VLC_VAR_DOINHERIT );
176 var_Get( p_this, var, &value );
182 #define get_Int( a, b ) _get_Int( (vlc_object_t *)(a), (b) )
183 #define get_Bool( a, b ) _get_Bool( (vlc_object_t *)(a), (b) )
186 /*****************************************************************************
188 *****************************************************************************
189 * Sends data through a TLS session.
190 *****************************************************************************/
192 gnutls_Send( void *p_session, const void *buf, int i_length )
195 tls_session_sys_t *p_sys;
197 p_sys = (tls_session_sys_t *)(((tls_session_t *)p_session)->p_sys);
199 val = gnutls_record_send( p_sys->session, buf, i_length );
200 /* TODO: handle fatal error */
201 return val < 0 ? -1 : val;
205 /*****************************************************************************
207 *****************************************************************************
208 * Receives data through a TLS session.
209 *****************************************************************************/
211 gnutls_Recv( void *p_session, void *buf, int i_length )
214 tls_session_sys_t *p_sys;
216 p_sys = (tls_session_sys_t *)(((tls_session_t *)p_session)->p_sys);
218 val = gnutls_record_recv( p_sys->session, buf, i_length );
219 /* TODO: handle fatal error */
220 return val < 0 ? -1 : val;
224 /*****************************************************************************
225 * tls_Session(Continue)?Handshake:
226 *****************************************************************************
227 * Establishes TLS session with a peer through socket <fd>.
228 * Returns -1 on error (you need not and must not call tls_SessionClose)
229 * 0 on succesful handshake completion, 1 if more would-be blocking recv is
230 * needed, 2 if more would-be blocking send is required.
231 *****************************************************************************/
233 gnutls_ContinueHandshake( tls_session_t *p_session)
235 tls_session_sys_t *p_sys;
238 p_sys = (tls_session_sys_t *)(p_session->p_sys);
240 /* TODO: handle fatal error */
241 val = gnutls_handshake( p_sys->session );
242 if( ( val == GNUTLS_E_AGAIN ) || ( val == GNUTLS_E_INTERRUPTED ) )
243 return 1 + gnutls_record_get_direction( p_sys->session );
247 msg_Err( p_session, "TLS handshake failed : %s",
248 gnutls_strerror( val ) );
249 p_session->pf_close( p_session );
253 p_sys->b_handshaked = VLC_TRUE;
258 gnutls_HandshakeAndValidate( tls_session_t *p_session )
262 val = gnutls_ContinueHandshake( p_session );
267 val = gnutls_certificate_verify_peers2( ((tls_session_sys_t *)
268 (p_session->p_sys))->session,
273 msg_Err( p_session, "TLS certificate verification failed : %s",
274 gnutls_strerror( val ) );
275 p_session->pf_close( p_session );
281 msg_Warn( p_session, "TLS session : access denied" );
282 if( status & GNUTLS_CERT_INVALID )
283 msg_Dbg( p_session, "certificate could not be verified" );
284 if( status & GNUTLS_CERT_REVOKED )
285 msg_Dbg( p_session, "certificate was revoked" );
286 if( status & GNUTLS_CERT_SIGNER_NOT_FOUND )
287 msg_Dbg( p_session, "certificate's signer was not found" );
288 if( status & GNUTLS_CERT_SIGNER_NOT_CA )
289 msg_Dbg( p_session, "certificate's signer is not a CA" );
290 p_session->pf_close( p_session );
294 msg_Dbg( p_session, "TLS certificate verified" );
302 gnutls_BeginHandshake( tls_session_t *p_session, int fd,
303 const char *psz_hostname )
305 tls_session_sys_t *p_sys;
307 p_sys = (tls_session_sys_t *)(p_session->p_sys);
309 gnutls_transport_set_ptr (p_sys->session, (gnutls_transport_ptr)fd);
310 if( psz_hostname != NULL )
311 gnutls_server_name_set( p_sys->session, GNUTLS_NAME_DNS, psz_hostname,
312 strlen( psz_hostname ) );
314 return p_session->pf_handshake2( p_session );
317 /*****************************************************************************
319 *****************************************************************************
320 * Terminates TLS session and releases session data.
321 *****************************************************************************/
323 gnutls_SessionClose( tls_session_t *p_session )
325 tls_session_sys_t *p_sys;
327 p_sys = (tls_session_sys_t *)(p_session->p_sys);
329 if( p_sys->b_handshaked == VLC_TRUE )
330 gnutls_bye( p_sys->session, GNUTLS_SHUT_WR );
331 gnutls_deinit( p_sys->session );
333 vlc_object_detach( p_session );
334 vlc_object_destroy( p_session );
340 gnutls_ClientDelete( tls_session_t *p_session )
342 /* On the client-side, credentials are re-allocated per session */
343 gnutls_certificate_credentials x509_cred =
344 ((tls_client_sys_t *)(p_session->p_sys))->x509_cred;
346 gnutls_SessionClose( p_session );
348 /* credentials must be free'd *after* gnutls_deinit() */
349 gnutls_certificate_free_credentials( x509_cred );
354 is_regular( const char *psz_filename )
356 #ifdef HAVE_SYS_STAT_H
359 return ( stat( psz_filename, &st ) == 0 )
360 && S_ISREG( st.st_mode );
368 gnutls_AddCADirectory( vlc_object_t *p_this,
369 gnutls_certificate_credentials cred,
370 const char *psz_dirname )
373 struct dirent *p_ent;
376 if( *psz_dirname == '\0' )
379 dir = opendir( psz_dirname );
382 msg_Warn( p_this, "Cannot open directory (%s) : %s", psz_dirname,
387 i_len = strlen( psz_dirname ) + 2;
389 while( ( p_ent = readdir( dir ) ) != NULL )
393 psz_filename = (char *)malloc( i_len + strlen( p_ent->d_name ) );
394 if( psz_filename == NULL )
397 sprintf( psz_filename, "%s/%s", psz_dirname, p_ent->d_name );
398 /* we neglect the race condition here - not security sensitive */
399 if( is_regular( psz_filename ) )
403 i = gnutls_certificate_set_x509_trust_file( cred, psz_filename,
404 GNUTLS_X509_FMT_PEM );
407 msg_Warn( p_this, "Cannot add trusted CA (%s) : %s",
408 psz_filename, gnutls_strerror( i ) );
411 free( psz_filename );
418 /*****************************************************************************
420 *****************************************************************************
421 * Initializes client-side TLS session data.
422 *****************************************************************************/
423 static tls_session_t *
424 gnutls_ClientCreate( tls_t *p_tls )
426 tls_session_t *p_session = NULL;
427 tls_client_sys_t *p_sys = NULL;
429 const int cert_type_priority[3] =
435 p_sys = (tls_client_sys_t *)malloc( sizeof(struct tls_client_sys_t) );
439 p_session = (struct tls_session_t *)vlc_object_create ( p_tls, sizeof(struct tls_session_t) );
440 if( p_session == NULL )
446 p_session->p_sys = p_sys;
447 p_session->sock.p_sys = p_session;
448 p_session->sock.pf_send = gnutls_Send;
449 p_session->sock.pf_recv = gnutls_Recv;
450 p_session->pf_handshake = gnutls_BeginHandshake;
451 p_session->pf_close = gnutls_ClientDelete;
453 p_sys->session.b_handshaked = VLC_FALSE;
455 vlc_object_attach( p_session, p_tls );
457 i_val = gnutls_certificate_allocate_credentials( &p_sys->x509_cred );
460 msg_Err( p_tls, "Cannot allocate X509 credentials : %s",
461 gnutls_strerror( i_val ) );
465 if( get_Bool( p_tls, "tls-check-cert" ) )
467 /* FIXME: support for changing path/using multiple paths */
469 const char *psz_homedir;
471 psz_homedir = p_tls->p_vlc->psz_homedir;
472 psz_path = (char *)malloc( strlen( psz_homedir )
473 + sizeof( CONFIG_DIR ) + 5 );
474 if( psz_path == NULL )
476 gnutls_certificate_free_credentials( p_sys->x509_cred );
480 sprintf( psz_path, "%s/"CONFIG_DIR"/ssl", psz_homedir );
481 gnutls_AddCADirectory( (vlc_object_t *)p_session, p_sys->x509_cred,
484 p_session->pf_handshake2 = gnutls_HandshakeAndValidate;
487 p_session->pf_handshake2 = gnutls_ContinueHandshake;
489 i_val = gnutls_init( &p_sys->session.session, GNUTLS_CLIENT );
492 msg_Err( p_tls, "Cannot initialize TLS session : %s",
493 gnutls_strerror( i_val ) );
494 gnutls_certificate_free_credentials( p_sys->x509_cred );
498 i_val = gnutls_set_default_priority( p_sys->session.session );
501 msg_Err( p_tls, "Cannot set ciphers priorities : %s",
502 gnutls_strerror( i_val ) );
503 gnutls_deinit( p_sys->session.session );
504 gnutls_certificate_free_credentials( p_sys->x509_cred );
508 i_val = gnutls_certificate_type_set_priority( p_sys->session.session,
509 cert_type_priority );
512 msg_Err( p_tls, "Cannot set certificate type priorities : %s",
513 gnutls_strerror( i_val ) );
514 gnutls_deinit( p_sys->session.session );
515 gnutls_certificate_free_credentials( p_sys->x509_cred );
519 i_val = gnutls_credentials_set( p_sys->session.session,
520 GNUTLS_CRD_CERTIFICATE,
524 msg_Err( p_tls, "Cannot set TLS session credentials : %s",
525 gnutls_strerror( i_val ) );
526 gnutls_deinit( p_sys->session.session );
527 gnutls_certificate_free_credentials( p_sys->x509_cred );
534 vlc_object_detach( p_session );
535 vlc_object_destroy( p_session );
542 /*****************************************************************************
543 * TLS session resumption callbacks
544 *****************************************************************************/
545 static int cb_store( void *p_server, gnutls_datum key, gnutls_datum data )
547 tls_server_sys_t *p_sys = ((tls_server_t *)p_server)->p_sys;
549 if( ( p_sys->i_cache_size == 0 )
550 || ( key.size > MAX_SESSION_ID )
551 || ( data.size > MAX_SESSION_DATA ) )
554 vlc_mutex_lock( &p_sys->cache_lock );
556 memcpy( p_sys->p_store->id, key.data, key.size);
557 memcpy( p_sys->p_store->data, data.data, data.size );
558 p_sys->p_store->i_idlen = key.size;
559 p_sys->p_store->i_datalen = data.size;
562 if( ( p_sys->p_store - p_sys->p_cache ) == p_sys->i_cache_size )
563 p_sys->p_store = p_sys->p_cache;
565 vlc_mutex_unlock( &p_sys->cache_lock );
571 static const gnutls_datum err_datum = { NULL, 0 };
573 static gnutls_datum cb_fetch( void *p_server, gnutls_datum key )
575 tls_server_sys_t *p_sys = ((tls_server_t *)p_server)->p_sys;
576 saved_session_t *p_session, *p_end;
578 p_session = p_sys->p_cache;
579 p_end = p_session + p_sys->i_cache_size;
581 vlc_mutex_lock( &p_sys->cache_lock );
583 while( p_session < p_end )
585 if( ( p_session->i_idlen == key.size )
586 && !memcmp( p_session->id, key.data, key.size ) )
590 data.size = p_session->i_datalen;
592 data.data = gnutls_malloc( data.size );
593 if( data.data == NULL )
595 vlc_mutex_unlock( &p_sys->cache_lock );
599 memcpy( data.data, p_session->data, data.size );
600 vlc_mutex_unlock( &p_sys->cache_lock );
606 vlc_mutex_unlock( &p_sys->cache_lock );
612 static int cb_delete( void *p_server, gnutls_datum key )
614 tls_server_sys_t *p_sys = ((tls_server_t *)p_server)->p_sys;
615 saved_session_t *p_session, *p_end;
617 p_session = p_sys->p_cache;
618 p_end = p_session + p_sys->i_cache_size;
620 vlc_mutex_lock( &p_sys->cache_lock );
622 while( p_session < p_end )
624 if( ( p_session->i_idlen == key.size )
625 && !memcmp( p_session->id, key.data, key.size ) )
627 p_session->i_datalen = p_session->i_idlen = 0;
628 vlc_mutex_unlock( &p_sys->cache_lock );
634 vlc_mutex_unlock( &p_sys->cache_lock );
640 /*****************************************************************************
641 * tls_ServerSessionPrepare:
642 *****************************************************************************
643 * Initializes server-side TLS session data.
644 *****************************************************************************/
645 static tls_session_t *
646 gnutls_ServerSessionPrepare( tls_server_t *p_server )
648 tls_session_t *p_session;
649 tls_server_sys_t *p_server_sys;
650 gnutls_session session;
653 p_session = vlc_object_create( p_server, sizeof (struct tls_session_t) );
654 if( p_session == NULL )
657 p_session->p_sys = malloc( sizeof(struct tls_session_sys_t) );
658 if( p_session->p_sys == NULL )
660 vlc_object_destroy( p_session );
664 vlc_object_attach( p_session, p_server );
666 p_server_sys = (tls_server_sys_t *)p_server->p_sys;
667 p_session->sock.p_sys = p_session;
668 p_session->sock.pf_send = gnutls_Send;
669 p_session->sock.pf_recv = gnutls_Recv;
670 p_session->pf_handshake = gnutls_BeginHandshake;
671 p_session->pf_handshake2 = p_server_sys->pf_handshake2;
672 p_session->pf_close = gnutls_SessionClose;
674 ((tls_session_sys_t *)p_session->p_sys)->b_handshaked = VLC_FALSE;
676 i_val = gnutls_init( &session, GNUTLS_SERVER );
679 msg_Err( p_server, "Cannot initialize TLS session : %s",
680 gnutls_strerror( i_val ) );
684 ((tls_session_sys_t *)p_session->p_sys)->session = session;
686 i_val = gnutls_set_default_priority( session );
689 msg_Err( p_server, "Cannot set ciphers priorities : %s",
690 gnutls_strerror( i_val ) );
691 gnutls_deinit( session );
695 i_val = gnutls_credentials_set( session, GNUTLS_CRD_CERTIFICATE,
696 p_server_sys->x509_cred );
699 msg_Err( p_server, "Cannot set TLS session credentials : %s",
700 gnutls_strerror( i_val ) );
701 gnutls_deinit( session );
705 if( p_session->pf_handshake2 == gnutls_HandshakeAndValidate )
706 gnutls_certificate_server_set_request( session, GNUTLS_CERT_REQUIRE );
708 gnutls_dh_set_prime_bits( session, get_Int( p_server, "dh-bits" ) );
710 /* Session resumption support */
711 gnutls_db_set_cache_expiration( session, get_Int( p_server,
712 "tls-cache-expiration" ) );
713 gnutls_db_set_retrieve_function( session, cb_fetch );
714 gnutls_db_set_remove_function( session, cb_delete );
715 gnutls_db_set_store_function( session, cb_store );
716 gnutls_db_set_ptr( session, p_server );
721 free( p_session->p_sys );
722 vlc_object_detach( p_session );
723 vlc_object_destroy( p_session );
728 /*****************************************************************************
730 *****************************************************************************
731 * Releases data allocated with tls_ServerCreate.
732 *****************************************************************************/
734 gnutls_ServerDelete( tls_server_t *p_server )
736 tls_server_sys_t *p_sys;
737 p_sys = (tls_server_sys_t *)p_server->p_sys;
739 vlc_mutex_destroy( &p_sys->cache_lock );
740 free( p_sys->p_cache );
742 vlc_object_detach( p_server );
743 vlc_object_destroy( p_server );
745 /* all sessions depending on the server are now deinitialized */
746 gnutls_certificate_free_credentials( p_sys->x509_cred );
747 gnutls_dh_params_deinit( p_sys->dh_params );
752 /*****************************************************************************
754 *****************************************************************************
755 * Adds one or more certificate authorities.
756 * Returns -1 on error, 0 on success.
757 *****************************************************************************/
759 gnutls_ServerAddCA( tls_server_t *p_server, const char *psz_ca_path )
762 tls_server_sys_t *p_sys;
764 p_sys = (tls_server_sys_t *)(p_server->p_sys);
766 val = gnutls_certificate_set_x509_trust_file( p_sys->x509_cred,
768 GNUTLS_X509_FMT_PEM );
771 msg_Err( p_server, "Cannot add trusted CA (%s) : %s", psz_ca_path,
772 gnutls_strerror( val ) );
775 msg_Dbg( p_server, " %d trusted CA added (%s)", val, psz_ca_path );
777 /* enables peer's certificate verification */
778 p_sys->pf_handshake2 = gnutls_HandshakeAndValidate;
784 /*****************************************************************************
786 *****************************************************************************
787 * Adds a certificates revocation list to be sent to TLS clients.
788 * Returns -1 on error, 0 on success.
789 *****************************************************************************/
791 gnutls_ServerAddCRL( tls_server_t *p_server, const char *psz_crl_path )
795 val = gnutls_certificate_set_x509_crl_file( ((tls_server_sys_t *)
796 (p_server->p_sys))->x509_cred,
798 GNUTLS_X509_FMT_PEM );
801 msg_Err( p_server, "Cannot add CRL (%s) : %s", psz_crl_path,
802 gnutls_strerror( val ) );
805 msg_Dbg( p_server, "%d CRL added (%s)", val, psz_crl_path );
810 /*****************************************************************************
812 *****************************************************************************
813 * Allocates a whole server's TLS credentials.
814 * Returns NULL on error.
815 *****************************************************************************/
816 static tls_server_t *
817 gnutls_ServerCreate( tls_t *p_tls, const char *psz_cert_path,
818 const char *psz_key_path )
820 tls_server_t *p_server;
821 tls_server_sys_t *p_sys;
824 msg_Dbg( p_tls, "Creating TLS server" );
826 p_sys = (tls_server_sys_t *)malloc( sizeof(struct tls_server_sys_t) );
830 p_sys->i_cache_size = get_Int( p_tls, "tls-cache-size" );
831 p_sys->p_cache = (struct saved_session_t *)calloc( p_sys->i_cache_size,
832 sizeof( struct saved_session_t ) );
833 if( p_sys->p_cache == NULL )
838 p_sys->p_store = p_sys->p_cache;
840 p_server = vlc_object_create( p_tls, sizeof(struct tls_server_t) );
841 if( p_server == NULL )
843 free( p_sys->p_cache );
848 vlc_object_attach( p_server, p_tls );
850 p_server->p_sys = p_sys;
851 p_server->pf_delete = gnutls_ServerDelete;
852 p_server->pf_add_CA = gnutls_ServerAddCA;
853 p_server->pf_add_CRL = gnutls_ServerAddCRL;
854 p_server->pf_session_prepare = gnutls_ServerSessionPrepare;
856 /* No certificate validation by default */
857 p_sys->pf_handshake2 = gnutls_ContinueHandshake;
859 /* FIXME: check for errors */
860 vlc_mutex_init( p_server, &p_sys->cache_lock );
862 /* Sets server's credentials */
863 val = gnutls_certificate_allocate_credentials( &p_sys->x509_cred );
866 msg_Err( p_server, "Cannot allocate X509 credentials : %s",
867 gnutls_strerror( val ) );
871 val = gnutls_certificate_set_x509_key_file( p_sys->x509_cred,
872 psz_cert_path, psz_key_path,
873 GNUTLS_X509_FMT_PEM );
876 msg_Err( p_server, "Cannot set certificate chain or private key : %s",
877 gnutls_strerror( val ) );
878 gnutls_certificate_free_credentials( p_sys->x509_cred );
883 * - regenerate these regularly
884 * - support other ciper suites
886 val = gnutls_dh_params_init( &p_sys->dh_params );
889 msg_Dbg( p_server, "Computing Diffie Hellman ciphers parameters" );
890 val = gnutls_dh_params_generate2( p_sys->dh_params,
891 get_Int( p_tls, "dh-bits" ) );
895 msg_Err( p_server, "Cannot initialize DH cipher suites : %s",
896 gnutls_strerror( val ) );
897 gnutls_certificate_free_credentials( p_sys->x509_cred );
900 msg_Dbg( p_server, "Ciphers parameters computed" );
902 gnutls_certificate_set_dh_params( p_sys->x509_cred, p_sys->dh_params);
907 vlc_mutex_destroy( &p_sys->cache_lock );
908 vlc_object_detach( p_server );
909 vlc_object_destroy( p_server );
915 /*****************************************************************************
916 * gcrypt thread option VLC implementation:
917 *****************************************************************************/
918 vlc_object_t *__p_gcry_data;
920 static int gcry_vlc_mutex_init( void **p_sys )
923 vlc_mutex_t *p_lock = (vlc_mutex_t *)malloc( sizeof( vlc_mutex_t ) );
928 i_val = vlc_mutex_init( __p_gcry_data, p_lock );
936 static int gcry_vlc_mutex_destroy( void **p_sys )
939 vlc_mutex_t *p_lock = (vlc_mutex_t *)*p_sys;
941 i_val = vlc_mutex_destroy( p_lock );
946 static int gcry_vlc_mutex_lock( void **p_sys )
948 return vlc_mutex_lock( (vlc_mutex_t *)*p_sys );
951 static int gcry_vlc_mutex_unlock( void **lock )
953 return vlc_mutex_unlock( (vlc_mutex_t *)*lock );
956 static struct gcry_thread_cbs gcry_threads_vlc =
958 GCRY_THREAD_OPTION_USER,
961 gcry_vlc_mutex_destroy,
963 gcry_vlc_mutex_unlock
967 /*****************************************************************************
968 * Module initialization
969 *****************************************************************************/
971 Open( vlc_object_t *p_this )
973 tls_t *p_tls = (tls_t *)p_this;
975 vlc_value_t lock, count;
977 var_Create( p_this->p_libvlc, "gnutls_mutex", VLC_VAR_MUTEX );
978 var_Get( p_this->p_libvlc, "gnutls_mutex", &lock );
979 vlc_mutex_lock( lock.p_address );
981 /* Initialize GnuTLS only once */
982 var_Create( p_this->p_libvlc, "gnutls_count", VLC_VAR_INTEGER );
983 var_Get( p_this->p_libvlc, "gnutls_count", &count);
985 if( count.i_int == 0)
987 const char *psz_version;
989 __p_gcry_data = VLC_OBJECT( p_this->p_vlc );
991 gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_vlc);
992 if( gnutls_global_init( ) )
994 msg_Warn( p_this, "cannot initialize GnuTLS" );
995 vlc_mutex_unlock( lock.p_address );
999 * FIXME: in fact, we currently depends on 1.0.17, but it breaks on
1000 * Debian which as a patched 1.0.16 (which we can use).
1002 psz_version = gnutls_check_version( "1.0.16" );
1003 if( psz_version == NULL )
1005 gnutls_global_deinit( );
1006 vlc_mutex_unlock( lock.p_address );
1007 msg_Err( p_this, "unsupported GnuTLS version" );
1008 return VLC_EGENERIC;
1010 msg_Dbg( p_this, "GnuTLS v%s initialized", psz_version );
1014 var_Set( p_this->p_libvlc, "gnutls_count", count);
1015 vlc_mutex_unlock( lock.p_address );
1017 p_tls->pf_server_create = gnutls_ServerCreate;
1018 p_tls->pf_client_create = gnutls_ClientCreate;
1023 /*****************************************************************************
1024 * Module deinitialization
1025 *****************************************************************************/
1027 Close( vlc_object_t *p_this )
1029 /*tls_t *p_tls = (tls_t *)p_this;
1030 tls_sys_t *p_sys = (tls_sys_t *)(p_this->p_sys);*/
1032 vlc_value_t lock, count;
1034 var_Create( p_this->p_libvlc, "gnutls_mutex", VLC_VAR_MUTEX );
1035 var_Get( p_this->p_libvlc, "gnutls_mutex", &lock );
1036 vlc_mutex_lock( lock.p_address );
1038 var_Create( p_this->p_libvlc, "gnutls_count", VLC_VAR_INTEGER );
1039 var_Get( p_this->p_libvlc, "gnutls_count", &count);
1041 var_Set( p_this->p_libvlc, "gnutls_count", count);
1043 if( count.i_int == 0 )
1045 gnutls_global_deinit( );
1046 msg_Dbg( p_this, "GnuTLS deinitialized" );
1049 vlc_mutex_unlock( lock.p_address );
projects / vlc / blob