# include "config.h"
#endif
-#include <vlc/vlc.h>
+#include <vlc_common.h>
#include <vlc_plugin.h>
#include <errno.h>
#include <time.h>
# include <io.h>
#else
# include <unistd.h>
-# include <fcntl.h>
#endif
+# include <fcntl.h>
#include <vlc_tls.h>
#include "dhparams.h"
+#include <assert.h>
+
/*****************************************************************************
* Module descriptor
*****************************************************************************/
"This is the maximum number of resumed TLS sessions that " \
"the cache will hold." )
-vlc_module_begin();
- set_shortname( "GnuTLS" );
- set_description( _("GnuTLS transport layer security") );
- set_capability( "tls client", 1 );
- set_callbacks( OpenClient, CloseClient );
- set_category( CAT_ADVANCED );
- set_subcategory( SUBCAT_ADVANCED_MISC );
-
- add_obsolete_bool( "tls-check-cert" );
- add_obsolete_bool( "tls-check-hostname" );
-
- add_submodule();
- set_description( _("GnuTLS server") );
- set_capability( "tls server", 1 );
- set_category( CAT_ADVANCED );
- set_subcategory( SUBCAT_ADVANCED_MISC );
- set_callbacks( OpenServer, CloseServer );
-
- add_obsolete_integer( "gnutls-dh-bits" );
+vlc_module_begin ()
+ set_shortname( "GnuTLS" )
+ set_description( N_("GnuTLS transport layer security") )
+ set_capability( "tls client", 1 )
+ set_callbacks( OpenClient, CloseClient )
+ set_category( CAT_ADVANCED )
+ set_subcategory( SUBCAT_ADVANCED_MISC )
+
+ add_obsolete_bool( "tls-check-cert" )
+ add_obsolete_bool( "tls-check-hostname" )
+
+ add_submodule ()
+ set_description( N_("GnuTLS server") )
+ set_capability( "tls server", 1 )
+ set_category( CAT_ADVANCED )
+ set_subcategory( SUBCAT_ADVANCED_MISC )
+ set_callbacks( OpenServer, CloseServer )
+
+ add_obsolete_integer( "gnutls-dh-bits" )
add_integer( "gnutls-cache-timeout", CACHE_TIMEOUT, NULL,
- CACHE_TIMEOUT_TEXT, CACHE_TIMEOUT_LONGTEXT, true );
+ CACHE_TIMEOUT_TEXT, CACHE_TIMEOUT_LONGTEXT, true )
add_integer( "gnutls-cache-size", CACHE_SIZE, NULL, CACHE_SIZE_TEXT,
- CACHE_SIZE_LONGTEXT, true );
-vlc_module_end();
+ CACHE_SIZE_LONGTEXT, true )
+vlc_module_end ()
+
+static vlc_mutex_t gnutls_mutex = VLC_STATIC_MUTEX;
/**
* Initializes GnuTLS with proper locking.
vlc_gcrypt_init (); /* GnuTLS depends on gcrypt */
- vlc_mutex_t *lock = var_AcquireMutex ("gnutls_mutex");
+ vlc_mutex_lock (&gnutls_mutex);
if (gnutls_global_init ())
{
msg_Err (p_this, "cannot initialize GnuTLS");
ret = VLC_SUCCESS;
error:
- vlc_mutex_unlock (lock);
+ vlc_mutex_unlock (&gnutls_mutex);
return ret;
}
*/
static void gnutls_Deinit (vlc_object_t *p_this)
{
- vlc_mutex_t *lock = var_AcquireMutex( "gnutls_mutex" );
+ vlc_mutex_lock (&gnutls_mutex);
gnutls_global_deinit ();
msg_Dbg (p_this, "GnuTLS deinitialized");
- vlc_mutex_unlock (lock);
+ vlc_mutex_unlock (&gnutls_mutex);
}
/* Note that ordering matters (on the client side) */
static const int protos[] =
{
+ /*GNUTLS_TLS1_2, as of GnuTLS 2.6.5, still not ratified */
GNUTLS_TLS1_1,
GNUTLS_TLS1_0,
GNUTLS_SSL3,
};
static const int macs[] =
{
+ GNUTLS_MAC_SHA512,
+ GNUTLS_MAC_SHA384,
+ GNUTLS_MAC_SHA256,
GNUTLS_MAC_SHA1,
GNUTLS_MAC_RMD160, // RIPEMD
GNUTLS_MAC_MD5,
GNUTLS_CIPHER_AES_128_CBC,
GNUTLS_CIPHER_3DES_CBC,
GNUTLS_CIPHER_ARCFOUR_128,
+ // TODO? Camellia ciphers?
//GNUTLS_CIPHER_DES_CBC,
//GNUTLS_CIPHER_ARCFOUR_40,
//GNUTLS_CIPHER_RC2_40_CBC,
char *servername = var_GetNonEmptyString (p_session, "tls-server-name");
if (servername == NULL )
msg_Err (p_session, "server name missing for TLS session");
+ else
+ gnutls_server_name_set (p_sys->session.session, GNUTLS_NAME_DNS,
+ servername, strlen (servername));
p_sys->session.psz_hostname = servername;
- gnutls_server_name_set (p_sys->session.session, GNUTLS_NAME_DNS,
- servername, strlen (servername));
return VLC_SUCCESS;
/* Session resumption support */
i_val = config_GetInt (p_server, "gnutls-cache-timeout");
- gnutls_db_set_cache_expiration (session, i_val);
+ if (i_val >= 0)
+ gnutls_db_set_cache_expiration (session, i_val);
gnutls_db_set_retrieve_function( session, cb_fetch );
gnutls_db_set_remove_function( session, cb_delete );
gnutls_db_set_store_function( session, cb_store );
return VLC_ENOMEM;
p_sys->i_cache_size = config_GetInt (obj, "gnutls-cache-size");
+ if (p_sys->i_cache_size == -1) /* Duh, config subsystem exploded?! */
+ p_sys->i_cache_size = 0;
p_sys->p_cache = calloc (p_sys->i_cache_size,
sizeof (struct saved_session_t));
if (p_sys->p_cache == NULL)