* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
*****************************************************************************/
-/*
- * TODO:
- * - fix FIXMEs
- */
-
-
/*****************************************************************************
* Preamble
*****************************************************************************/
+
+#include <vlc/vlc.h>
#include <stdlib.h>
#include <errno.h>
-#include <vlc/vlc.h>
+#include <time.h>
#include <sys/types.h>
#include <errno.h>
#include "vlc_tls.h"
-#include "charset.h"
+#include <vlc_charset.h>
#include <gcrypt.h>
#include <gnutls/gnutls.h>
} tls_client_sys_t;
-static int
-_get_Int( vlc_object_t *p_this, const char *var )
+static int gnutls_Error (vlc_object_t *obj, int val)
{
- vlc_value_t value;
-
- if( var_Get( p_this, var, &value ) != VLC_SUCCESS )
+ switch (val)
{
- var_Create( p_this, var, VLC_VAR_INTEGER | VLC_VAR_DOINHERIT );
- var_Get( p_this, var, &value );
- }
-
- return value.i_int;
-}
+ case GNUTLS_E_AGAIN:
+#if ! defined(WIN32)
+ errno = EAGAIN;
+ break;
+#endif
+ /* WinSock does not return EAGAIN, return EINTR instead */
-static int
-_get_Bool( vlc_object_t *p_this, const char *var )
-{
- vlc_value_t value;
+ case GNUTLS_E_INTERRUPTED:
+#if defined(WIN32)
+ WSASetLastError(WSAEINTR);
+#else
+ errno = EINTR;
+#endif
+ break;
- if( var_Get( p_this, var, &value ) != VLC_SUCCESS )
- {
- var_Create( p_this, var, VLC_VAR_BOOL | VLC_VAR_DOINHERIT );
- var_Get( p_this, var, &value );
+ default:
+ msg_Err (obj, "%s", gnutls_strerror (val));
+#ifdef DEBUG
+ if (!gnutls_error_is_fatal (val))
+ msg_Err (obj, "Error above should be handled");
+#endif
+#if defined(WIN32)
+ WSASetLastError(WSAECONNRESET);
+#else
+ errno = ECONNRESET;
+#endif
}
-
- return value.b_bool;
+ return -1;
}
-#define get_Int( a, b ) _get_Int( (vlc_object_t *)(a), (b) )
-#define get_Bool( a, b ) _get_Bool( (vlc_object_t *)(a), (b) )
-
/**
* Sends data through a TLS session.
p_sys = (tls_session_sys_t *)(((tls_session_t *)p_session)->p_sys);
val = gnutls_record_send( p_sys->session, buf, i_length );
- /* TODO: handle fatal error */
- return val < 0 ? -1 : val;
+ return (val < 0) ? gnutls_Error ((vlc_object_t *)p_session, val) : val;
}
p_sys = (tls_session_sys_t *)(((tls_session_t *)p_session)->p_sys);
val = gnutls_record_recv( p_sys->session, buf, i_length );
- /* TODO: handle fatal error */
- return val < 0 ? -1 : val;
+ return (val < 0) ? gnutls_Error ((vlc_object_t *)p_session, val) : val;
}
p_sys = (tls_session_sys_t *)(p_session->p_sys);
- /* TODO: handle fatal error */
#ifdef WIN32
WSASetLastError( 0 );
#endif
#ifdef WIN32
msg_Dbg( p_session, "Winsock error %d", WSAGetLastError( ) );
#endif
- msg_Err( p_session, "TLS handshake failed: %s",
+ msg_Err( p_session, "TLS handshake error: %s",
gnutls_strerror( val ) );
p_session->pf_close( p_session );
return -1;
return 0;
}
+
+typedef struct
+{
+ int flag;
+ const char *msg;
+} error_msg_t;
+
+static const error_msg_t cert_errors[] =
+{
+ { GNUTLS_CERT_INVALID,
+ "Certificate could not be verified" },
+ { GNUTLS_CERT_REVOKED,
+ "Certificate was revoked" },
+ { GNUTLS_CERT_SIGNER_NOT_FOUND,
+ "Certificate's signer was not found" },
+ { GNUTLS_CERT_SIGNER_NOT_CA,
+ "Certificate's signer is not a CA" },
+ { GNUTLS_CERT_INSECURE_ALGORITHM,
+ "Insecure certificate signature algorithm" },
+ { 0, NULL }
+};
+
+
static int
-gnutls_VerifyHostname( vlc_object_t *p_this, gnutls_session session,
- const char *psz_hostname )
+gnutls_HandshakeAndValidate( tls_session_t *session )
{
- const gnutls_datum *p_data;
- gnutls_x509_crt cert;
+ int val = gnutls_ContinueHandshake( session );
+ if( val )
+ return val;
+
+ tls_session_sys_t *p_sys = (tls_session_sys_t *)(session->p_sys);
+
+ /* certificates chain verification */
unsigned status;
- int val;
+ val = gnutls_certificate_verify_peers2( p_sys->session, &status );
- /* certificate (host)name verification */
- p_data = gnutls_certificate_get_peers( session, &status );
- if( p_data == NULL )
+ if( val )
{
- msg_Err( p_this, "TLS peer certificate not available" );
- return -1;
+ msg_Err( session, "Certificate verification failed: %s",
+ gnutls_strerror( val ) );
+ goto error;
}
- val = gnutls_x509_crt_init( &cert );
- if( val )
+ if( status )
{
- msg_Err( p_this, "x509 fatal error: %s", gnutls_strerror( val ) );
- return -1;
+ msg_Err( session, "TLS session: access denied" );
+ for( const error_msg_t *e = cert_errors; e->flag; e++ )
+ {
+ if( status & e->flag )
+ {
+ msg_Err( session, "%s", e->msg );
+ status &= ~e->flag;
+ }
+ }
+
+ if( status )
+ msg_Err( session,
+ "unknown certificate error (you found a bug in VLC)" );
+
+ goto error;
+ }
+
+ /* certificate (host)name verification */
+ const gnutls_datum *data = gnutls_certificate_get_peers( p_sys->session,
+ &(size_t){ 0 } );
+ if( data == NULL )
+ {
+ msg_Err( session, "Peer certificate not available" );
+ goto error;
}
- val = gnutls_x509_crt_import( cert, p_data, GNUTLS_X509_FMT_DER );
+ gnutls_x509_crt cert;
+ val = gnutls_x509_crt_init( &cert );
if( val )
{
- msg_Err( p_this, "x509 certificate import error: %s",
- gnutls_strerror( val ) );
- gnutls_x509_crt_deinit( cert );
- return -1;
+ msg_Err( session, "x509 fatal error: %s", gnutls_strerror( val ) );
+ goto error;
}
- if( gnutls_x509_crt_check_hostname( cert, psz_hostname ) == 0 )
+ val = gnutls_x509_crt_import( cert, data, GNUTLS_X509_FMT_DER );
+ if( val )
{
- msg_Err( p_this, "x509 certificate does not match \"%s\"",
- psz_hostname );
+ msg_Err( session, "Certificate import error: %s",
+ gnutls_strerror( val ) );
gnutls_x509_crt_deinit( cert );
- return -1;
+ goto crt_error;
}
- gnutls_x509_crt_deinit( cert );
- msg_Dbg( p_this, "x509 hostname matches %s", psz_hostname );
- return 0;
-}
-
-static int
-gnutls_HandshakeAndValidate( tls_session_t *p_session )
-{
- int val;
-
- val = gnutls_ContinueHandshake( p_session );
- if( val == 0 )
+ if( p_sys->psz_hostname != NULL )
{
- unsigned status;
- tls_session_sys_t *p_sys;
-
- p_sys = (tls_session_sys_t *)(p_session->p_sys);
- /* certificates chain verification */
- val = gnutls_certificate_verify_peers2( p_sys->session, &status );
-
- if( val )
+ if ( !gnutls_x509_crt_check_hostname( cert, p_sys->psz_hostname ) )
{
- msg_Err( p_session, "TLS certificate verification failed: %s",
- gnutls_strerror( val ) );
- p_session->pf_close( p_session );
- return -1;
+ msg_Err( session, "Certificate does not match \"%s\"",
+ p_sys->psz_hostname );
+ goto crt_error;
}
+ }
+ else
+ msg_Warn( session, "Certificate and hostname were not verified" );
- if( status )
- {
- msg_Err( p_session, "TLS session: access denied" );
- if( status & GNUTLS_CERT_INVALID )
- msg_Warn( p_session, "certificate could not be verified" );
- if( status & GNUTLS_CERT_REVOKED )
- msg_Warn( p_session, "certificate was revoked" );
- if( status & GNUTLS_CERT_SIGNER_NOT_FOUND )
- msg_Warn( p_session, "certificate's signer was not found" );
- if( status & GNUTLS_CERT_SIGNER_NOT_CA )
- msg_Warn( p_session, "certificate's signer is not a CA" );
- if( status & GNUTLS_CERT_INSECURE_ALGORITHM )
- msg_Warn( p_session, "insecure certificate signature algorithm" );
- p_session->pf_close( p_session );
- return -1;
- }
+ if( gnutls_x509_crt_get_expiration_time( cert ) < time( NULL ) )
+ {
+ msg_Err( session, "Certificate expired" );
+ goto crt_error;
+ }
- msg_Dbg( p_session, "TLS certificate verified" );
- if( ( p_sys->psz_hostname != NULL )
- && gnutls_VerifyHostname( (vlc_object_t *)p_session, p_sys->session,
- p_sys->psz_hostname ) )
- {
- p_session->pf_close( p_session );
- return -1;
- }
- return 0;
+ if( gnutls_x509_crt_get_activation_time( cert ) > time ( NULL ) )
+ {
+ msg_Err( session, "Certificate not yet valid" );
+ goto crt_error;
}
- return val;
+ gnutls_x509_crt_deinit( cert );
+ msg_Dbg( session, "TLS/x509 certificate verified" );
+ return 0;
+
+crt_error:
+ gnutls_x509_crt_deinit( cert );
+error:
+ session->pf_close( session );
+ return -1;
}
/**
{
gnutls_server_name_set( p_sys->session, GNUTLS_NAME_DNS, psz_hostname,
strlen( psz_hostname ) );
- if( get_Bool( p_session, "tls-check-hostname" ) )
+ if (var_CreateGetBool (p_session, "tls-check-hostname"))
{
p_sys->psz_hostname = strdup( psz_hostname );
if( p_sys->psz_hostname == NULL )
free( p_sys );
}
+
+typedef int (*tls_prio_func) (gnutls_session_t, const int *);
+
+static int
+gnutls_SetPriority (vlc_object_t *restrict obj, const char *restrict name,
+ tls_prio_func func, gnutls_session_t session,
+ const int *restrict values)
+{
+ int val = func (session, values);
+ if (val < 0)
+ {
+ msg_Err (obj, "cannot set %s priorities: %s", name,
+ gnutls_strerror (val));
+ return VLC_EGENERIC;
+ }
+ return VLC_SUCCESS;
+}
+
+
+static int
+gnutls_SessionPrioritize (vlc_object_t *obj, gnutls_session_t session)
+{
+ /* Note that ordering matters (on the client side) */
+ static const int protos[] =
+ {
+ GNUTLS_TLS1_1,
+ GNUTLS_TLS1_0,
+ GNUTLS_SSL3,
+ 0
+ };
+ static const int comps[] =
+ {
+ GNUTLS_COMP_DEFLATE,
+ GNUTLS_COMP_NULL,
+ 0
+ };
+ static const int macs[] =
+ {
+ GNUTLS_MAC_SHA1,
+ GNUTLS_MAC_RMD160, // RIPEMD
+ GNUTLS_MAC_MD5,
+ //GNUTLS_MAC_MD2,
+ //GNUTLS_MAC_NULL,
+ 0
+ };
+ static const int ciphers[] =
+ {
+ GNUTLS_CIPHER_AES_256_CBC,
+ GNUTLS_CIPHER_AES_128_CBC,
+ GNUTLS_CIPHER_3DES_CBC,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ //GNUTLS_CIPHER_DES_CBC,
+ //GNUTLS_CIPHER_ARCFOUR_40,
+ //GNUTLS_CIPHER_RC2_40_CBC,
+ //GNUTLS_CIPHER_NULL,
+ 0
+ };
+ static const int kx[] =
+ {
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_KX_DHE_DSS,
+ GNUTLS_KX_RSA,
+ //GNUTLS_KX_RSA_EXPORT,
+ //GNUTLS_KX_DHE_PSK, TODO
+ //GNUTLS_KX_PSK, TODO
+ //GNUTLS_KX_SRP_RSA, TODO
+ //GNUTLS_KX_SRP_DSS, TODO
+ //GNUTLS_KX_SRP, TODO
+ //GNUTLS_KX_ANON_DH,
+ 0
+ };
+ static const int cert_types[] =
+ {
+ GNUTLS_CRT_X509,
+ //GNUTLS_CRT_OPENPGP, TODO
+ 0
+ };
+
+ int val = gnutls_set_default_priority (session);
+ if (val < 0)
+ {
+ msg_Err (obj, "cannot set default TLS priorities: %s",
+ gnutls_strerror (val));
+ return VLC_EGENERIC;
+ }
+
+ if (gnutls_SetPriority (obj, "protocols",
+ gnutls_protocol_set_priority, session, protos)
+ || gnutls_SetPriority (obj, "compression algorithms",
+ gnutls_compression_set_priority, session, comps)
+ || gnutls_SetPriority (obj, "MAC algorithms",
+ gnutls_mac_set_priority, session, macs)
+ || gnutls_SetPriority (obj, "ciphers",
+ gnutls_cipher_set_priority, session, ciphers)
+ || gnutls_SetPriority (obj, "key exchange algorithms",
+ gnutls_kx_set_priority, session, kx)
+ || gnutls_SetPriority (obj, "certificate types",
+ gnutls_certificate_type_set_priority, session,
+ cert_types))
+ return VLC_EGENERIC;
+
+ return VLC_SUCCESS;
+}
+
+
static void
gnutls_ClientDelete( tls_session_t *p_session )
{
vlc_bool_t b_priv )
{
DIR* dir;
- const char *psz_dirent;
if( *psz_dirname == '\0' )
psz_dirname = ".";
}
#endif
- while( ( psz_dirent = utf8_readdir( dir ) ) != NULL )
+ for (;;)
{
- char *psz_filename;
- int check;
+ char *ent = utf8_readdir (dir);
+ if (ent == NULL)
+ break;
- if( ( strcmp( ".", psz_dirent ) == 0 )
- || ( strcmp( "..", psz_dirent ) == 0 ) )
+ if ((strcmp (ent, ".") == 0) || (strcmp (ent, "..") == 0))
continue;
- check = asprintf( &psz_filename, "%s/%s", psz_dirname,
- psz_dirent );
- LocaleFree( psz_dirent );
- if( check == -1 )
- continue;
+ char path[strlen (psz_dirname) + strlen (ent) + 2];
+ sprintf (path, "%s"DIR_SEP"%s", psz_dirname, ent);
+ free (ent);
- gnutls_Addx509File( p_this, cred, psz_filename, b_priv );
- free( psz_filename );
+ gnutls_Addx509File( p_this, cred, path, b_priv );
}
closedir( dir );
tls_session_t *p_session = NULL;
tls_client_sys_t *p_sys = NULL;
int i_val;
- const int cert_type_priority[3] =
- {
- GNUTLS_CRT_X509,
- 0
- };
p_sys = (tls_client_sys_t *)malloc( sizeof(struct tls_client_sys_t) );
if( p_sys == NULL )
vlc_object_attach( p_session, p_tls );
+ const char *homedir = p_tls->p_libvlc->psz_homedir,
+ *datadir = config_GetDataDir ((vlc_object_t *)p_session);
+ size_t l1 = strlen (homedir), l2 = strlen (datadir);
+ char path[((l1 > l2) ? l1 : l2) + sizeof ("/"CONFIG_DIR"/ssl/private")];
+ // > sizeof ("/"CONFIG_DIR"/ssl/certs")
+ // > sizeof ("/ca-certificates.crt")
+
i_val = gnutls_certificate_allocate_credentials( &p_sys->x509_cred );
if( i_val != 0 )
{
goto error;
}
- if( get_Bool( p_tls, "tls-check-cert" ) )
+ if (var_CreateGetBool (p_tls, "tls-check-cert"))
{
- char *psz_path;
-
- if( asprintf( &psz_path, "%s/"CONFIG_DIR"/ssl/certs",
- p_tls->p_vlc->psz_homedir ) != -1 )
- {
- gnutls_Addx509Directory( (vlc_object_t *)p_session,
- p_sys->x509_cred, psz_path, VLC_FALSE );
- free( psz_path );
- }
+ sprintf (path, "%s/"CONFIG_DIR"/ssl/certs", homedir);
+ gnutls_Addx509Directory ((vlc_object_t *)p_session,
+ p_sys->x509_cred, path, VLC_FALSE);
- if( asprintf( &psz_path, "%s/ca-certificates.crt",
- config_GetDataDir ( (vlc_object_t *)p_session) ) != -1 )
- {
- gnutls_Addx509File( (vlc_object_t *)p_session,
- p_sys->x509_cred, psz_path, VLC_FALSE );
- free( psz_path );
- }
+ sprintf (path, "%s/ca-certificates.crt", datadir);
+ gnutls_Addx509File ((vlc_object_t *)p_session,
+ p_sys->x509_cred, path, VLC_FALSE);
p_session->pf_handshake2 = gnutls_HandshakeAndValidate;
}
else
p_session->pf_handshake2 = gnutls_ContinueHandshake;
- {
- char *psz_path;
-
- if( asprintf( &psz_path, "%s/"CONFIG_DIR"/ssl/private",
- p_tls->p_vlc->psz_homedir ) == -1 )
- {
- gnutls_certificate_free_credentials( p_sys->x509_cred );
- goto error;
- }
-
- gnutls_Addx509Directory( (vlc_object_t *)p_session, p_sys->x509_cred,
- psz_path, VLC_TRUE );
-
- free( psz_path );
- }
+ sprintf (path, "%s/"CONFIG_DIR"/ssl/private", homedir);
+ gnutls_Addx509Directory ((vlc_object_t *)p_session, p_sys->x509_cred,
+ path, VLC_TRUE);
i_val = gnutls_init( &p_sys->session.session, GNUTLS_CLIENT );
if( i_val != 0 )
goto error;
}
- i_val = gnutls_set_default_priority( p_sys->session.session );
- if( i_val < 0 )
- {
- msg_Err( p_tls, "cannot set ciphers priorities: %s",
- gnutls_strerror( i_val ) );
- gnutls_deinit( p_sys->session.session );
- gnutls_certificate_free_credentials( p_sys->x509_cred );
- goto error;
- }
-
- i_val = gnutls_certificate_type_set_priority( p_sys->session.session,
- cert_type_priority );
- if( i_val < 0 )
- {
- msg_Err( p_tls, "cannot set certificate type priorities: %s",
- gnutls_strerror( i_val ) );
- gnutls_deinit( p_sys->session.session );
- gnutls_certificate_free_credentials( p_sys->x509_cred );
- goto error;
- }
+ if (gnutls_SessionPrioritize (VLC_OBJECT (p_session),
+ p_sys->session.session))
+ goto s_error;
i_val = gnutls_credentials_set( p_sys->session.session,
GNUTLS_CRD_CERTIFICATE,
{
msg_Err( p_tls, "cannot set TLS session credentials: %s",
gnutls_strerror( i_val ) );
- gnutls_deinit( p_sys->session.session );
- gnutls_certificate_free_credentials( p_sys->x509_cred );
- goto error;
+ goto s_error;
}
return p_session;
+s_error:
+ gnutls_deinit( p_sys->session.session );
+ gnutls_certificate_free_credentials( p_sys->x509_cred );
+
error:
vlc_object_detach( p_session );
vlc_object_destroy( p_session );
((tls_session_sys_t *)p_session->p_sys)->session = session;
- i_val = gnutls_set_default_priority( session );
- if( i_val < 0 )
+ if (gnutls_SessionPrioritize (VLC_OBJECT (p_session), session))
{
- msg_Err( p_server, "cannot set ciphers priorities: %s",
- gnutls_strerror( i_val ) );
gnutls_deinit( session );
goto error;
}
if( p_session->pf_handshake2 == gnutls_HandshakeAndValidate )
gnutls_certificate_server_set_request( session, GNUTLS_CERT_REQUIRE );
- gnutls_dh_set_prime_bits( session, get_Int( p_server, "gnutls-dh-bits" ) );
+ i_val = config_GetInt (p_server, "gnutls-dh-bits");
+ gnutls_dh_set_prime_bits (session, i_val);
/* Session resumption support */
- gnutls_db_set_cache_expiration( session, get_Int( p_server,
- "gnutls-cache-expiration" ) );
+ i_val = config_GetInt (p_server, "gnutls-cache-expiration");
+ gnutls_db_set_cache_expiration (session, i_val);
gnutls_db_set_retrieve_function( session, cb_fetch );
gnutls_db_set_remove_function( session, cb_delete );
gnutls_db_set_store_function( session, cb_store );
if( p_sys == NULL )
return NULL;
- p_sys->i_cache_size = get_Int( p_tls, "gnutls-cache-size" );
+ p_sys->i_cache_size = config_GetInt (p_tls, "gnutls-cache-size");
p_sys->p_cache = (struct saved_session_t *)calloc( p_sys->i_cache_size,
sizeof( struct saved_session_t ) );
if( p_sys->p_cache == NULL )
/* No certificate validation by default */
p_sys->pf_handshake2 = gnutls_ContinueHandshake;
- /* FIXME: check for errors */
vlc_mutex_init( p_server, &p_sys->cache_lock );
/* Sets server's credentials */
{
msg_Dbg( p_server, "computing Diffie Hellman ciphers parameters" );
val = gnutls_dh_params_generate2( p_sys->dh_params,
- get_Int( p_tls, "gnutls-dh-bits" ) );
+ config_GetInt( p_tls, "gnutls-dh-bits" ) );
}
if( val < 0 )
{
}
+#ifdef LIBVLC_USE_PTHREAD
+GCRY_THREAD_OPTION_PTHREAD_IMPL;
+# define gcry_threads_vlc gcry_threads_pthread
+#else
/**
* gcrypt thread option VLC implementation
*/
-vlc_object_t *__p_gcry_data;
+
+# define NEED_THREAD_CONTEXT 1
+static vlc_object_t *__p_gcry_data;
static int gcry_vlc_mutex_init( void **p_sys )
{
gcry_vlc_mutex_lock,
gcry_vlc_mutex_unlock
};
+#endif
/*****************************************************************************
vlc_value_t lock, count;
- var_Create( p_this->p_libvlc, "gnutls_mutex", VLC_VAR_MUTEX );
- var_Get( p_this->p_libvlc, "gnutls_mutex", &lock );
+ var_Create( p_this->p_libvlc_global, "gnutls_mutex", VLC_VAR_MUTEX );
+ var_Get( p_this->p_libvlc_global, "gnutls_mutex", &lock );
vlc_mutex_lock( lock.p_address );
/* Initialize GnuTLS only once */
- var_Create( p_this->p_libvlc, "gnutls_count", VLC_VAR_INTEGER );
- var_Get( p_this->p_libvlc, "gnutls_count", &count);
+ var_Create( p_this->p_libvlc_global, "gnutls_count", VLC_VAR_INTEGER );
+ var_Get( p_this->p_libvlc_global, "gnutls_count", &count);
if( count.i_int == 0)
{
- const char *psz_version;
-
- __p_gcry_data = VLC_OBJECT( p_this->p_vlc );
+#ifdef NEED_THREAD_CONTEXT
+ __p_gcry_data = VLC_OBJECT( p_this->p_libvlc );
+#endif
gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_vlc);
if( gnutls_global_init( ) )
return VLC_EGENERIC;
}
- psz_version = gnutls_check_version( "1.2.9" );
+ const char *psz_version = gnutls_check_version( "1.2.9" );
if( psz_version == NULL )
{
gnutls_global_deinit( );
}
count.i_int++;
- var_Set( p_this->p_libvlc, "gnutls_count", count);
+ var_Set( p_this->p_libvlc_global, "gnutls_count", count);
vlc_mutex_unlock( lock.p_address );
p_tls->pf_server_create = gnutls_ServerCreate;
vlc_value_t lock, count;
- var_Create( p_this->p_libvlc, "gnutls_mutex", VLC_VAR_MUTEX );
- var_Get( p_this->p_libvlc, "gnutls_mutex", &lock );
+ var_Create( p_this->p_libvlc_global, "gnutls_mutex", VLC_VAR_MUTEX );
+ var_Get( p_this->p_libvlc_global, "gnutls_mutex", &lock );
vlc_mutex_lock( lock.p_address );
- var_Create( p_this->p_libvlc, "gnutls_count", VLC_VAR_INTEGER );
- var_Get( p_this->p_libvlc, "gnutls_count", &count);
+ var_Create( p_this->p_libvlc_global, "gnutls_count", VLC_VAR_INTEGER );
+ var_Get( p_this->p_libvlc_global, "gnutls_count", &count);
count.i_int--;
- var_Set( p_this->p_libvlc, "gnutls_count", count);
+ var_Set( p_this->p_libvlc_global, "gnutls_count", count);
if( count.i_int == 0 )
{