#include <sys/types.h>
#include <errno.h>
-#ifdef HAVE_DIRENT_H
-# include <dirent.h>
-#endif
#ifdef HAVE_SYS_STAT_H
# include <sys/stat.h>
#endif
#include <vlc_tls.h>
#include <vlc_charset.h>
+#include <vlc_fs.h>
#include <vlc_block.h>
#include <gcrypt.h>
set_category( CAT_ADVANCED )
set_subcategory( SUBCAT_ADVANCED_MISC )
- add_obsolete_bool( "tls-check-cert" )
- add_obsolete_bool( "tls-check-hostname" )
-
add_submodule ()
set_description( N_("GnuTLS server") )
set_capability( "tls server", 1 )
set_subcategory( SUBCAT_ADVANCED_MISC )
set_callbacks( OpenServer, CloseServer )
- add_obsolete_integer( "gnutls-dh-bits" )
- add_integer( "gnutls-cache-timeout", CACHE_TIMEOUT, NULL,
+ add_integer( "gnutls-cache-timeout", CACHE_TIMEOUT,
CACHE_TIMEOUT_TEXT, CACHE_TIMEOUT_LONGTEXT, true )
- add_integer( "gnutls-cache-size", CACHE_SIZE, NULL, CACHE_SIZE_TEXT,
+ add_integer( "gnutls-cache-size", CACHE_SIZE, CACHE_SIZE_TEXT,
CACHE_SIZE_LONGTEXT, true )
vlc_module_end ()
switch (val)
{
case GNUTLS_E_AGAIN:
-#ifndef WIN32
+#ifdef WIN32
+ WSASetLastError (WSAEWOULDBLOCK);
+#else
errno = EAGAIN;
- break;
#endif
- /* WinSock does not return EAGAIN, return EINTR instead */
+ break;
case GNUTLS_E_INTERRUPTED:
#ifdef WIN32
/**
* Starts or continues the TLS handshake.
*
- * @return -1 on fatal error, 0 on succesful handshake completion,
+ * @return -1 on fatal error, 0 on successful handshake completion,
* 1 if more would-be blocking recv is needed,
* 2 if more would-be blocking send is required.
*/
/* Note that ordering matters (on the client side) */
static const int protos[] =
{
+ /*GNUTLS_TLS1_2, as of GnuTLS 2.6.5, still not ratified */
GNUTLS_TLS1_1,
GNUTLS_TLS1_0,
GNUTLS_SSL3,
};
static const int macs[] =
{
+ GNUTLS_MAC_SHA512,
+ GNUTLS_MAC_SHA384,
+ GNUTLS_MAC_SHA256,
GNUTLS_MAC_SHA1,
GNUTLS_MAC_RMD160, // RIPEMD
GNUTLS_MAC_MD5,
GNUTLS_CIPHER_AES_128_CBC,
GNUTLS_CIPHER_3DES_CBC,
GNUTLS_CIPHER_ARCFOUR_128,
+ // TODO? Camellia ciphers?
//GNUTLS_CIPHER_DES_CBC,
//GNUTLS_CIPHER_ARCFOUR_40,
//GNUTLS_CIPHER_RC2_40_CBC,
if( *psz_dirname == '\0' )
psz_dirname = ".";
- dir = utf8_opendir( psz_dirname );
+ dir = vlc_opendir( psz_dirname );
if( dir == NULL )
{
if (errno != ENOENT)
msg_Dbg (p_this, "creating empty certificate directory: %s",
psz_dirname);
- utf8_mkdir (psz_dirname, b_priv ? 0700 : 0755);
+ vlc_mkdir (psz_dirname, b_priv ? 0700 : 0755);
return VLC_SUCCESS;
}
#ifdef S_ISLNK
* that the inode is still the same, to avoid TOCTOU race condition.
*/
if( ( fd == -1)
- || fstat( fd, &st1 ) || utf8_lstat( psz_dirname, &st2 )
+ || fstat( fd, &st1 ) || vlc_lstat( psz_dirname, &st2 )
|| S_ISLNK( st2.st_mode ) || ( st1.st_ino != st2.st_ino ) )
{
closedir( dir );
for (;;)
{
- char *ent = utf8_readdir (dir);
+ char *ent = vlc_readdir (dir);
if (ent == NULL)
break;
if ((strcmp (ent, ".") == 0) || (strcmp (ent, "..") == 0))
+ {
+ free( ent );
continue;
+ }
char path[strlen (psz_dirname) + strlen (ent) + 2];
sprintf (path, "%s"DIR_SEP"%s", psz_dirname, ent);
{
struct stat st;
- int fd = utf8_open (psz_path, O_RDONLY, 0);
+ int fd = vlc_open (psz_path, O_RDONLY);
if (fd == -1)
goto error;
goto error;
}
- char *userdir = config_GetUserDataDir ();
+ char *userdir = config_GetUserDir ( VLC_DATA_DIR );
if (userdir != NULL)
{
char path[strlen (userdir) + sizeof ("/ssl/private")];
sprintf (path, "%s/ssl", userdir);
- utf8_mkdir (path, 0755);
+ vlc_mkdir (path, 0755);
sprintf (path, "%s/ssl/certs", userdir);
gnutls_Addx509Directory (VLC_OBJECT (p_session),
tls_session_t *client = (tls_session_t *)obj;
tls_client_sys_t *p_sys = (tls_client_sys_t *)(client->p_sys);
- if (p_sys->session.b_handshaked == true)
+ if (p_sys->session.b_handshaked)
gnutls_bye (p_sys->session.session, GNUTLS_SHUT_WR);
gnutls_deinit (p_sys->session.session);
/* credentials must be free'd *after* gnutls_deinit() */
tls_session_sys_t *p_sys = p_session->p_sys;
(void)p_server;
- if( p_sys->b_handshaked == true )
+ if( p_sys->b_handshaked )
gnutls_bye( p_sys->session, GNUTLS_SHUT_WR );
gnutls_deinit( p_sys->session );
- vlc_object_detach( p_session );
vlc_object_release( p_session );
free( p_sys );
gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUIRE);
/* Session resumption support */
- i_val = config_GetInt (p_server, "gnutls-cache-timeout");
+ i_val = var_InheritInteger (p_server, "gnutls-cache-timeout");
if (i_val >= 0)
gnutls_db_set_cache_expiration (session, i_val);
gnutls_db_set_retrieve_function( session, cb_fetch );
error:
free( p_session->p_sys );
- vlc_object_detach( p_session );
vlc_object_release( p_session );
return NULL;
}
if( p_sys == NULL )
return VLC_ENOMEM;
- p_sys->i_cache_size = config_GetInt (obj, "gnutls-cache-size");
+ p_sys->i_cache_size = var_InheritInteger (obj, "gnutls-cache-size");
if (p_sys->i_cache_size == -1) /* Duh, config subsystem exploded?! */
p_sys->i_cache_size = 0;
p_sys->p_cache = calloc (p_sys->i_cache_size,