} tls_client_sys_t;
+static int gnutls_Error (vlc_object_t *obj, int val)
+{
+ switch (val)
+ {
+ case GNUTLS_E_AGAIN:
+#if ! defined(WIN32)
+ errno = EAGAIN;
+ break;
+#endif
+ /* WinSock does not return EAGAIN, return EINTR instead */
+
+ case GNUTLS_E_INTERRUPTED:
+#if defined(WIN32)
+ WSASetLastError(WSAEINTR);
+#else
+ errno = EINTR;
+#endif
+ break;
+
+ default:
+ msg_Err (obj, "%s", gnutls_strerror (val));
+#ifdef DEBUG
+ if (!gnutls_error_is_fatal (val))
+ msg_Err (obj, "Error above should be handled");
+#endif
+#if defined(WIN32)
+ WSASetLastError(WSAECONNRESET);
+#else
+ errno = ECONNRESET;
+#endif
+ }
+ return -1;
+}
+
+
/**
* Sends data through a TLS session.
*/
p_sys = (tls_session_sys_t *)(((tls_session_t *)p_session)->p_sys);
val = gnutls_record_send( p_sys->session, buf, i_length );
- /* TODO: handle fatal error */
- return val < 0 ? -1 : val;
+ return (val < 0) ? gnutls_Error ((vlc_object_t *)p_session, val) : val;
}
p_sys = (tls_session_sys_t *)(((tls_session_t *)p_session)->p_sys);
val = gnutls_record_recv( p_sys->session, buf, i_length );
- /* TODO: handle fatal error */
- return val < 0 ? -1 : val;
+ return (val < 0) ? gnutls_Error ((vlc_object_t *)p_session, val) : val;
}
p_sys = (tls_session_sys_t *)(p_session->p_sys);
- /* TODO: handle fatal error */
#ifdef WIN32
WSASetLastError( 0 );
#endif
#ifdef WIN32
msg_Dbg( p_session, "Winsock error %d", WSAGetLastError( ) );
#endif
- msg_Err( p_session, "TLS handshake failed: %s",
+ msg_Err( p_session, "TLS handshake error: %s",
gnutls_strerror( val ) );
p_session->pf_close( p_session );
return -1;
{
if( status & e->flag )
{
- msg_Err( session, e->msg );
+ msg_Err( session, "%s", e->msg );
status &= ~e->flag;
}
}
static int
gnutls_SessionPrioritize (vlc_object_t *obj, gnutls_session_t session)
{
+ /* Note that ordering matters (on the client side) */
static const int protos[] =
{
GNUTLS_TLS1_1,
};
static const int comps[] =
{
- GNUTLS_COMP_ZLIB,
+ GNUTLS_COMP_DEFLATE,
GNUTLS_COMP_NULL,
0
};
+ static const int macs[] =
+ {
+ GNUTLS_MAC_SHA1,
+ GNUTLS_MAC_RMD160, // RIPEMD
+ GNUTLS_MAC_MD5,
+ //GNUTLS_MAC_MD2,
+ //GNUTLS_MAC_NULL,
+ 0
+ };
+ static const int ciphers[] =
+ {
+ GNUTLS_CIPHER_AES_256_CBC,
+ GNUTLS_CIPHER_AES_128_CBC,
+ GNUTLS_CIPHER_3DES_CBC,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ //GNUTLS_CIPHER_DES_CBC,
+ //GNUTLS_CIPHER_ARCFOUR_40,
+ //GNUTLS_CIPHER_RC2_40_CBC,
+ //GNUTLS_CIPHER_NULL,
+ 0
+ };
+ static const int kx[] =
+ {
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_KX_DHE_DSS,
+ GNUTLS_KX_RSA,
+ //GNUTLS_KX_RSA_EXPORT,
+ //GNUTLS_KX_DHE_PSK, TODO
+ //GNUTLS_KX_PSK, TODO
+ //GNUTLS_KX_SRP_RSA, TODO
+ //GNUTLS_KX_SRP_DSS, TODO
+ //GNUTLS_KX_SRP, TODO
+ //GNUTLS_KX_ANON_DH,
+ 0
+ };
static const int cert_types[] =
{
GNUTLS_CRT_X509,
if (gnutls_SetPriority (obj, "protocols",
gnutls_protocol_set_priority, session, protos)
- || gnutls_SetPriority (obj, "compressions",
+ || gnutls_SetPriority (obj, "compression algorithms",
gnutls_compression_set_priority, session, comps)
+ || gnutls_SetPriority (obj, "MAC algorithms",
+ gnutls_mac_set_priority, session, macs)
+ || gnutls_SetPriority (obj, "ciphers",
+ gnutls_cipher_set_priority, session, ciphers)
+ || gnutls_SetPriority (obj, "key exchange algorithms",
+ gnutls_kx_set_priority, session, kx)
|| gnutls_SetPriority (obj, "certificate types",
gnutls_certificate_type_set_priority, session,
cert_types))
((tls_session_sys_t *)p_session->p_sys)->session = session;
- i_val = gnutls_set_default_priority( session );
if (gnutls_SessionPrioritize (VLC_OBJECT (p_session), session))
{
gnutls_deinit( session );