/*
* TODO:
- * - libgcrypt thread-safety !!!
* - fix FIXMEs,
- * - gnutls version check,
* - client side stuff,
* - server-side client cert validation,
* - client-side server cert validation (?).
} tls_server_sys_t;
+/* client-side session private data */
+typedef struct tls_client_sys_t
+{
+ gnutls_session session;
+ gnutls_certificate_credentials x509_cred;
+} tls_client_sys_t;
+
+
/*****************************************************************************
* tls_Send:
*****************************************************************************
* Sends data through a TLS session.
*****************************************************************************/
static int
-gnutls_Send( tls_session_t *p_session, const char *buf, int i_length )
+gnutls_Send( void *p_session, const void *buf, int i_length )
{
int val;
- val = gnutls_record_send( *(gnutls_session *)(p_session->p_sys),
- buf, i_length );
+ val = gnutls_record_send( *(gnutls_session *)(((tls_session_t *)p_session)
+ ->p_sys), buf, i_length );
return val < 0 ? -1 : val;
}
/*****************************************************************************
* tls_Recv:
*****************************************************************************
- * Receives data through a TLS session
+ * Receives data through a TLS session.
*****************************************************************************/
static int
-gnutls_Recv( tls_session_t *p_session, char *buf, int i_length )
+gnutls_Recv( void *p_session, void *buf, int i_length )
{
int val;
- val = gnutls_record_recv( *(gnutls_session *)(p_session->p_sys),
- buf, i_length );
+ val = gnutls_record_recv( *(gnutls_session *)(((tls_session_t *)p_session)
+ ->p_sys), buf, i_length );
return val < 0 ? -1 : val;
}
/*****************************************************************************
- * tls_ServerCreate:
+ * tls_SessionClose:
*****************************************************************************
- * Terminates a TLS session and releases session data.
+ * Terminates TLS session and releases session data.
*****************************************************************************/
static void
gnutls_SessionClose( tls_session_t *p_session )
p_sys = (gnutls_session *)(p_session->p_sys);
+ /* On the client-side, credentials are re-allocated per session */
+ if( p_session->p_server == NULL )
+ gnutls_certificate_free_credentials( ((tls_client_sys_t *)p_sys)
+ ->x509_cred );
+
gnutls_bye( *p_sys, GNUTLS_SHUT_WR );
- gnutls_deinit ( *p_sys );
+ gnutls_deinit( *p_sys );
free( p_sys );
free( p_session );
}
+/*****************************************************************************
+ * tls_ClientCreate:
+ *****************************************************************************
+ * Initializes client-side TLS session data.
+ *****************************************************************************/
+static tls_session_t *
+gnutls_ClientCreate( tls_t *p_tls, const char *psz_ca_path )
+{
+ tls_session_t *p_session;
+ tls_client_sys_t *p_sys;
+ int i_val;
+ const int cert_type_priority[3] =
+ {
+ GNUTLS_CRT_X509,
+ 0
+ };
+
+ p_sys = (tls_client_sys_t *)malloc( sizeof(struct tls_client_sys_t) );
+ if( p_sys == NULL )
+ return NULL;
+
+ i_val = gnutls_certificate_allocate_credentials( &p_sys->x509_cred );
+ if( i_val != 0 )
+ {
+ msg_Err( p_tls, "Cannot allocate X509 credentials : %s",
+ gnutls_strerror( i_val ) );
+ free( p_sys );
+ return NULL;
+ }
+
+ if( psz_ca_path != NULL )
+ {
+ i_val = gnutls_certificate_set_x509_trust_file( p_sys->x509_cred,
+ psz_ca_path,
+ GNUTLS_X509_FMT_PEM );
+ if( i_val != 0 )
+ {
+ msg_Err( p_tls, "Cannot add trusted CA (%s) : %s", psz_ca_path,
+ gnutls_strerror( i_val ) );
+ gnutls_certificate_free_credentials( p_sys->x509_cred );
+ free( p_sys );
+ return NULL;
+ }
+ }
+
+ i_val = gnutls_init( &p_sys->session, GNUTLS_CLIENT );
+ if( i_val != 0 )
+ {
+ msg_Err( p_tls, "Cannot initialize TLS session : %s",
+ gnutls_strerror( i_val ) );
+ gnutls_certificate_free_credentials( p_sys->x509_cred );
+ free( p_sys );
+ return NULL;
+ }
+
+ i_val = gnutls_set_default_priority( p_sys->session );
+ if( i_val < 0 )
+ {
+ msg_Err( p_tls, "Cannot set ciphers priorities : %s",
+ gnutls_strerror( i_val ) );
+ gnutls_deinit( p_sys->session );
+ gnutls_certificate_free_credentials( p_sys->x509_cred );
+ free( p_sys );
+ return NULL;
+ }
+
+ i_val = gnutls_certificate_type_set_priority( p_sys->session, cert_type_priority );
+ if( i_val < 0 )
+ {
+ msg_Err( p_tls, "Cannot set certificate type priorities : %s",
+ gnutls_strerror( i_val ) );
+ gnutls_deinit( p_sys->session );
+ gnutls_certificate_free_credentials( p_sys->x509_cred );
+ free( p_sys );
+ return NULL;
+ }
+
+ i_val = gnutls_credentials_set( p_sys->session, GNUTLS_CRD_CERTIFICATE,
+ p_sys->x509_cred );
+ if( i_val < 0 )
+ {
+ msg_Err( p_tls, "Cannot set TLS session credentials : %s",
+ gnutls_strerror( i_val ) );
+ gnutls_deinit( p_sys->session );
+ gnutls_certificate_free_credentials( p_sys->x509_cred );
+ free( p_sys );
+ return NULL;
+ }
+
+ p_session = malloc( sizeof (struct tls_session_t) );
+ if( p_session == NULL )
+ {
+ gnutls_deinit( p_sys->session );
+ gnutls_certificate_free_credentials( p_sys->x509_cred );
+ free( p_sys );
+ return NULL;
+ }
+
+ p_session->p_tls = p_tls;
+ p_session->p_server = NULL;
+ p_session->p_sys = p_sys;
+ p_session->sock.p_sys = p_session;
+ p_session->sock.pf_send = gnutls_Send;
+ p_session->sock.pf_recv = gnutls_Recv;
+ p_session->pf_handshake = gnutls_SessionHandshake;
+ p_session->pf_close = gnutls_SessionClose;
+
+ return p_session;
+}
+
+
/*****************************************************************************
* tls_ServerSessionPrepare:
*****************************************************************************
- * Initializes a server-side TLS session data
+ * Initializes server-side TLS session data.
*****************************************************************************/
static tls_session_t *
gnutls_ServerSessionPrepare( tls_server_t *p_server )
int val;
vlc_value_t bits;
- p_sys = (gnutls_session *)malloc( sizeof(gnutls_session *) );
+ p_sys = (gnutls_session *)malloc( sizeof(gnutls_session) );
if( p_sys == NULL )
return NULL;
p_session->p_tls = p_server->p_tls;
p_session->p_server = p_server;
p_session->p_sys = p_sys;
- p_session->pf_handshake =gnutls_SessionHandshake;
+ p_session->sock.p_sys = p_session;
+ p_session->sock.pf_send = gnutls_Send;
+ p_session->sock.pf_recv = gnutls_Recv;
+ p_session->pf_handshake = gnutls_SessionHandshake;
p_session->pf_close = gnutls_SessionClose;
- p_session->pf_send = gnutls_Send;
- p_session->pf_recv = gnutls_Recv;
return p_session;
}
/*****************************************************************************
* tls_ServerDelete:
*****************************************************************************
- * Releases data allocated with tls_ServerCreate
+ * Releases data allocated with tls_ServerCreate.
*****************************************************************************/
static void
gnutls_ServerDelete( tls_server_t *p_server )
}
-/*
- * gcrypt thread option VLC implementation
- */
+/*****************************************************************************
+ * gcrypt thread option VLC implementation:
+ *****************************************************************************/
vlc_object_t *__p_gcry_data;
static int gcry_vlc_mutex_init (void **p_sys)
};
+/*****************************************************************************
+ * Module initialization
+ *****************************************************************************/
static int
Open( vlc_object_t *p_this )
{
vlc_mutex_unlock( lock.p_address );
p_tls->pf_server_create = gnutls_ServerCreate;
+ p_tls->pf_client_create = gnutls_ClientCreate;
return VLC_SUCCESS;
}
+/*****************************************************************************
+ * Module deinitialization
+ *****************************************************************************/
static void
Close( vlc_object_t *p_this )
{
projects / vlc / blobdiff