* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
*****************************************************************************/
-/*
- * TODO:
- * - fix FIXMEs
- */
-
-
/*****************************************************************************
* Preamble
*****************************************************************************/
+
+#include <vlc/vlc.h>
#include <stdlib.h>
#include <errno.h>
-#include <vlc/vlc.h>
+#include <time.h>
#include <sys/types.h>
#include <errno.h>
#include "vlc_tls.h"
-#include "charset.h"
+#include <vlc_charset.h>
#include <gcrypt.h>
#include <gnutls/gnutls.h>
#define DH_BITS_TEXT N_("Diffie-Hellman prime bits")
#define DH_BITS_LONGTEXT N_( \
- "Allows you to modify the Diffie-Hellman prime's number of bits " \
- "(used for TLS or SSL-based server-side encryption)." )
+ "This allows you to modify the Diffie-Hellman prime's number of bits, " \
+ "used for TLS or SSL-based server-side encryption. This is generally " \
+ "not needed." )
#define CACHE_EXPIRATION_TEXT N_("Expiration time for resumed TLS sessions")
#define CACHE_EXPIRATION_LONGTEXT N_( \
- "Defines the delay before resumed TLS sessions will be expired " \
- "(in seconds)." )
+ "It is possible to cache the resumed TLS sessions. This is the expiration "\
+ "time of the sessions stored in this cache, in seconds." )
#define CACHE_SIZE_TEXT N_("Number of resumed TLS sessions")
#define CACHE_SIZE_LONGTEXT N_( \
- "Allows you to modify the maximum number of resumed TLS sessions that " \
+ "This is the maximum number of resumed TLS sessions that " \
"the cache will hold." )
#define CHECK_CERT_TEXT N_("Check TLS/SSL server certificate validity")
#define CHECK_CERT_LONGTEXT N_( \
- "Ensures that server certificate is valid " \
- "(i.e. signed by an approved Certificate Authority)." )
+ "This ensures that the server certificate is valid " \
+ "(i.e. signed by an approved Certification Authority)." )
#define CHECK_HOSTNAME_TEXT N_("Check TLS/SSL server hostname in certificate")
#define CHECK_HOSTNAME_LONGTEXT N_( \
- "Ensures that server hostname in certificate match requested host name." )
-
-#if defined (WIN32) || defined (UNDER_CE)
-# undef HOST_CA_PATH
-#else
-# define HOST_CA_PATH "/etc/ssl/certs"
-#endif
+ "This ensures that the server hostname in certificate matches the " \
+ "requested host name." )
vlc_module_begin();
set_shortname( "GnuTLS" );
#define get_Bool( a, b ) _get_Bool( (vlc_object_t *)(a), (b) )
-/*****************************************************************************
- * tls_Send:
- *****************************************************************************
+/**
* Sends data through a TLS session.
- *****************************************************************************/
+ */
static int
gnutls_Send( void *p_session, const void *buf, int i_length )
{
}
-/*****************************************************************************
- * tls_Recv:
- *****************************************************************************
+/**
* Receives data through a TLS session.
- *****************************************************************************/
+ */
static int
gnutls_Recv( void *p_session, void *buf, int i_length )
{
p_sys = (tls_session_sys_t *)(p_session->p_sys);
/* TODO: handle fatal error */
+#ifdef WIN32
+ WSASetLastError( 0 );
+#endif
val = gnutls_handshake( p_sys->session );
if( ( val == GNUTLS_E_AGAIN ) || ( val == GNUTLS_E_INTERRUPTED ) )
return 1 + gnutls_record_get_direction( p_sys->session );
if( val < 0 )
{
+#ifdef WIN32
+ msg_Dbg( p_session, "Winsock error %d", WSAGetLastError( ) );
+#endif
msg_Err( p_session, "TLS handshake failed: %s",
gnutls_strerror( val ) );
p_session->pf_close( p_session );
return 0;
}
+
+typedef struct
+{
+ int flag;
+ const char *msg;
+} error_msg_t;
+
+static const error_msg_t cert_errors[] =
+{
+ { GNUTLS_CERT_INVALID,
+ "Certificate could not be verified" },
+ { GNUTLS_CERT_REVOKED,
+ "Certificate was revoked" },
+ { GNUTLS_CERT_SIGNER_NOT_FOUND,
+ "Certificate's signer was not found" },
+ { GNUTLS_CERT_SIGNER_NOT_CA,
+ "Certificate's signer is not a CA" },
+ { GNUTLS_CERT_INSECURE_ALGORITHM,
+ "Insecure certificate signature algorithm" },
+ { 0, NULL }
+};
+
+
static int
-gnutls_HandshakeAndValidate( tls_session_t *p_session )
+gnutls_HandshakeAndValidate( tls_session_t *session )
{
- int val;
+ int val = gnutls_ContinueHandshake( session );
+ if( val )
+ return val;
- val = gnutls_ContinueHandshake( p_session );
- if( val == 0 )
- {
- unsigned status;
- gnutls_x509_crt cert;
- const gnutls_datum *p_data;
- tls_session_sys_t *p_sys;
+ tls_session_sys_t *p_sys = (tls_session_sys_t *)(session->p_sys);
- p_sys = (tls_session_sys_t *)(p_session->p_sys);
- /* certificates chain verification */
- val = gnutls_certificate_verify_peers2( p_sys->session, &status );
+ /* certificates chain verification */
+ unsigned status;
+ val = gnutls_certificate_verify_peers2( p_sys->session, &status );
- if( val )
+ if( val )
+ {
+ msg_Err( session, "Certificate verification failed: %s",
+ gnutls_strerror( val ) );
+ goto error;
+ }
+
+ if( status )
+ {
+ msg_Err( session, "TLS session: access denied" );
+ for( const error_msg_t *e = cert_errors; e->flag; e++ )
{
- msg_Err( p_session, "TLS certificate verification failed: %s",
- gnutls_strerror( val ) );
- p_session->pf_close( p_session );
- return -1;
+ if( status & e->flag )
+ {
+ msg_Err( session, e->msg );
+ status &= ~e->flag;
+ }
}
if( status )
- {
- msg_Warn( p_session, "TLS session: access denied" );
- if( status & GNUTLS_CERT_INVALID )
- msg_Dbg( p_session, "certificate could not be verified" );
- if( status & GNUTLS_CERT_REVOKED )
- msg_Dbg( p_session, "certificate was revoked" );
- if( status & GNUTLS_CERT_SIGNER_NOT_FOUND )
- msg_Dbg( p_session, "certificate's signer was not found" );
- if( status & GNUTLS_CERT_SIGNER_NOT_CA )
- msg_Dbg( p_session, "certificate's signer is not a CA" );
- p_session->pf_close( p_session );
- return -1;
- }
+ msg_Err( session,
+ "unknown certificate error (you found a bug in VLC)" );
- msg_Dbg( p_session, "TLS certificate verified" );
- if( p_sys->psz_hostname == NULL )
- return 0;
+ goto error;
+ }
- /* certificate (host)name verification */
- p_data = gnutls_certificate_get_peers( p_sys->session, &status );
- if( p_data == NULL )
- {
- msg_Err( p_session, "TLS peer certificate not available" );
- p_session->pf_close( p_session );
- return -1;
- }
+ /* certificate (host)name verification */
+ const gnutls_datum *data = gnutls_certificate_get_peers( p_sys->session,
+ &(size_t){ 0 } );
+ if( data == NULL )
+ {
+ msg_Err( session, "Peer certificate not available" );
+ goto error;
+ }
- val = gnutls_x509_crt_init( &cert );
- if( val )
- {
- msg_Err( p_session, "x509 fatal error: %s",
- gnutls_strerror( val ) );
- p_session->pf_close( p_session );
- return -1;
- }
+ gnutls_x509_crt cert;
+ val = gnutls_x509_crt_init( &cert );
+ if( val )
+ {
+ msg_Err( session, "x509 fatal error: %s", gnutls_strerror( val ) );
+ goto error;
+ }
- val = gnutls_x509_crt_import( cert, p_data, GNUTLS_X509_FMT_DER );
- if( val )
- {
- msg_Err( p_session, "x509 certificate import error: %s",
- gnutls_strerror( val ) );
- gnutls_x509_crt_deinit( cert );
- p_session->pf_close( p_session );
- return -1;
- }
+ val = gnutls_x509_crt_import( cert, data, GNUTLS_X509_FMT_DER );
+ if( val )
+ {
+ msg_Err( session, "Certificate import error: %s",
+ gnutls_strerror( val ) );
+ gnutls_x509_crt_deinit( cert );
+ goto crt_error;
+ }
- if( gnutls_x509_crt_check_hostname( cert, p_sys->psz_hostname ) == 0 )
+ if( p_sys->psz_hostname != NULL )
+ {
+ if ( !gnutls_x509_crt_check_hostname( cert, p_sys->psz_hostname ) )
{
- msg_Err( p_session, "x509 certificate does not match \"%s\"",
+ msg_Err( session, "Certificate does not match \"%s\"",
p_sys->psz_hostname );
- gnutls_x509_crt_deinit( cert );
- p_session->pf_close( p_session );
- return -1;
+ goto crt_error;
}
+ }
+ else
+ msg_Warn( session, "Certificate and hostname were not verified" );
- gnutls_x509_crt_deinit( cert );
+ if( gnutls_x509_crt_get_expiration_time( cert ) < time( NULL ) )
+ {
+ msg_Err( session, "Certificate expired" );
+ goto crt_error;
+ }
- msg_Dbg( p_session, "x509 hostname verified" );
- return 0;
+ if( gnutls_x509_crt_get_activation_time( cert ) > time ( NULL ) )
+ {
+ msg_Err( session, "Certificate not yet valid" );
+ goto crt_error;
}
- return val;
+ gnutls_x509_crt_deinit( cert );
+ msg_Dbg( session, "TLS/x509 certificate verified" );
+ return 0;
+
+crt_error:
+ gnutls_x509_crt_deinit( cert );
+error:
+ session->pf_close( session );
+ return -1;
}
+/**
+ * Starts negociation of a TLS session.
+ *
+ * @param fd stream socket already connected with the peer.
+ * @param psz_hostname if not NULL, hostname to mention as a Server Name.
+ *
+ * @return -1 on error (you need not and must not call tls_SessionClose),
+ * 0 on succesful handshake completion, 1 if more would-be blocking recv is
+ * needed, 2 if more would-be blocking send is required.
+ */
static int
gnutls_BeginHandshake( tls_session_t *p_session, int fd,
- const char *psz_hostname )
+ const char *psz_hostname )
{
tls_session_sys_t *p_sys;
return p_session->pf_handshake2( p_session );
}
-/*****************************************************************************
- * tls_SessionClose:
- *****************************************************************************
+/**
* Terminates TLS session and releases session data.
- *****************************************************************************/
+ * You still have to close the socket yourself.
+ */
static void
gnutls_SessionClose( tls_session_t *p_session )
{
gnutls_certificate_free_credentials( x509_cred );
}
+
+static int
+gnutls_Addx509File( vlc_object_t *p_this,
+ gnutls_certificate_credentials cred,
+ const char *psz_path, vlc_bool_t b_priv );
+
static int
gnutls_Addx509Directory( vlc_object_t *p_this,
gnutls_certificate_credentials cred,
vlc_bool_t b_priv )
{
DIR* dir;
- const char *psz_dirent;
if( *psz_dirname == '\0' )
psz_dirname = ".";
dir = utf8_opendir( psz_dirname );
if( dir == NULL )
{
- msg_Warn( p_this, "Cannot open directory (%s): %s", psz_dirname,
+ msg_Warn( p_this, "cannot open directory (%s): %s", psz_dirname,
strerror( errno ) );
return VLC_EGENERIC;
}
}
#endif
- while( ( psz_dirent = utf8_readdir( dir ) ) != NULL )
+ for (;;)
{
- struct stat st;
- char *psz_filename;
- int check;
+ char *ent = utf8_readdir (dir);
+ if (ent == NULL)
+ break;
- if( ( strcmp( ".", psz_dirent ) == 0 )
- || ( strcmp( "..", psz_dirent ) == 0 ) )
+ if ((strcmp (ent, ".") == 0) || (strcmp (ent, "..") == 0))
continue;
- check = asprintf( &psz_filename, "%s/%s", psz_dirname,
- psz_dirent );
- LocaleFree( psz_dirent );
- if( check == -1 )
- continue;
+ char path[strlen (psz_dirname) + strlen (ent) + 2];
+ sprintf (path, "%s"DIR_SEP"%s", psz_dirname, ent);
+ free (ent);
- if( utf8_stat( psz_filename, &st ) == 0 )
+ gnutls_Addx509File( p_this, cred, path, b_priv );
+ }
+
+ closedir( dir );
+ return VLC_SUCCESS;
+}
+
+
+static int
+gnutls_Addx509File( vlc_object_t *p_this,
+ gnutls_certificate_credentials cred,
+ const char *psz_path, vlc_bool_t b_priv )
+{
+ struct stat st;
+
+ if( utf8_stat( psz_path, &st ) == 0 )
+ {
+ if( S_ISREG( st.st_mode ) )
{
- if( S_ISREG( st.st_mode ) )
- {
- char *psz_localname = ToLocale( psz_filename );
- int i = b_priv
+ char *psz_localname = ToLocale( psz_path );
+ int i = b_priv
? gnutls_certificate_set_x509_key_file( cred,
- psz_localname, psz_localname, GNUTLS_X509_FMT_PEM )
- : gnutls_certificate_set_x509_trust_file( cred,
- psz_localname, GNUTLS_X509_FMT_PEM );
- LocaleFree( psz_localname );
-
- if( i < 0 )
- msg_Warn( p_this, "Cannot add x509 certificate (%s): %s",
- psz_filename, gnutls_strerror( i ) );
- else
- msg_Dbg( p_this, "Added x509 credentials (%s)",
- psz_filename );
+ psz_localname, psz_localname, GNUTLS_X509_FMT_PEM )
+ : gnutls_certificate_set_x509_trust_file( cred,
+ psz_localname, GNUTLS_X509_FMT_PEM );
+ LocaleFree( psz_localname );
+
+ if( i < 0 )
+ {
+ msg_Warn( p_this, "cannot add x509 credentials (%s): %s",
+ psz_path, gnutls_strerror( i ) );
+ return VLC_EGENERIC;
}
- else if( S_ISDIR( st.st_mode ) )
+ else
{
- msg_Dbg( p_this,
- "Looking recursively for x509 certificates in %s",
- psz_filename );
- gnutls_Addx509Directory( p_this, cred, psz_filename, b_priv);
+ msg_Dbg( p_this, "added x509 credentials (%s)",
+ psz_path );
+ return VLC_SUCCESS;
}
}
- free( psz_filename );
+ else if( S_ISDIR( st.st_mode ) )
+ {
+ msg_Dbg( p_this,
+ "looking recursively for x509 credentials in %s",
+ psz_path );
+ return gnutls_Addx509Directory( p_this, cred, psz_path, b_priv);
+ }
}
-
- closedir( dir );
- return VLC_SUCCESS;
+ else
+ msg_Warn( p_this, "cannot add x509 credentials (%s): %s",
+ psz_path, strerror( errno ) );
+ return VLC_EGENERIC;
}
-/*****************************************************************************
- * tls_ClientCreate:
- *****************************************************************************
- * Initializes client-side TLS session data.
- *****************************************************************************/
+
+/**
+ * Initializes a client-side TLS session.
+ */
static tls_session_t *
gnutls_ClientCreate( tls_t *p_tls )
{
i_val = gnutls_certificate_allocate_credentials( &p_sys->x509_cred );
if( i_val != 0 )
{
- msg_Err( p_tls, "Cannot allocate X509 credentials: %s",
+ msg_Err( p_tls, "cannot allocate X509 credentials: %s",
gnutls_strerror( i_val ) );
goto error;
}
char *psz_path;
if( asprintf( &psz_path, "%s/"CONFIG_DIR"/ssl/certs",
- p_tls->p_vlc->psz_homedir ) == -1 )
+ p_tls->p_libvlc->psz_homedir ) != -1 )
{
- gnutls_certificate_free_credentials( p_sys->x509_cred );
- goto error;
+ gnutls_Addx509Directory( (vlc_object_t *)p_session,
+ p_sys->x509_cred, psz_path, VLC_FALSE );
+ free( psz_path );
}
- gnutls_Addx509Directory( (vlc_object_t *)p_session, p_sys->x509_cred,
- psz_path, VLC_FALSE );
-#ifdef HOST_CA_PATH
- gnutls_Addx509Directory( (vlc_object_t *)p_session, p_sys->x509_cred,
- HOST_CA_PATH, VLC_FALSE );
-#endif
-
- free( psz_path );
+ if( asprintf( &psz_path, "%s/ca-certificates.crt",
+ config_GetDataDir ( (vlc_object_t *)p_session) ) != -1 )
+ {
+ gnutls_Addx509File( (vlc_object_t *)p_session,
+ p_sys->x509_cred, psz_path, VLC_FALSE );
+ free( psz_path );
+ }
p_session->pf_handshake2 = gnutls_HandshakeAndValidate;
}
else
char *psz_path;
if( asprintf( &psz_path, "%s/"CONFIG_DIR"/ssl/private",
- p_tls->p_vlc->psz_homedir ) == -1 )
+ p_tls->p_libvlc->psz_homedir ) == -1 )
{
gnutls_certificate_free_credentials( p_sys->x509_cred );
goto error;
i_val = gnutls_init( &p_sys->session.session, GNUTLS_CLIENT );
if( i_val != 0 )
{
- msg_Err( p_tls, "Cannot initialize TLS session: %s",
+ msg_Err( p_tls, "cannot initialize TLS session: %s",
gnutls_strerror( i_val ) );
gnutls_certificate_free_credentials( p_sys->x509_cred );
goto error;
i_val = gnutls_set_default_priority( p_sys->session.session );
if( i_val < 0 )
{
- msg_Err( p_tls, "Cannot set ciphers priorities: %s",
+ msg_Err( p_tls, "cannot set ciphers priorities: %s",
gnutls_strerror( i_val ) );
gnutls_deinit( p_sys->session.session );
gnutls_certificate_free_credentials( p_sys->x509_cred );
cert_type_priority );
if( i_val < 0 )
{
- msg_Err( p_tls, "Cannot set certificate type priorities: %s",
+ msg_Err( p_tls, "cannot set certificate type priorities: %s",
gnutls_strerror( i_val ) );
gnutls_deinit( p_sys->session.session );
gnutls_certificate_free_credentials( p_sys->x509_cred );
p_sys->x509_cred );
if( i_val < 0 )
{
- msg_Err( p_tls, "Cannot set TLS session credentials: %s",
+ msg_Err( p_tls, "cannot set TLS session credentials: %s",
gnutls_strerror( i_val ) );
gnutls_deinit( p_sys->session.session );
gnutls_certificate_free_credentials( p_sys->x509_cred );
}
-/*****************************************************************************
- * TLS session resumption callbacks
- *****************************************************************************/
+/**
+ * TLS session resumption callbacks (server-side)
+ */
static int cb_store( void *p_server, gnutls_datum key, gnutls_datum data )
{
tls_server_sys_t *p_sys = ((tls_server_t *)p_server)->p_sys;
}
-/*****************************************************************************
- * tls_ServerSessionPrepare:
- *****************************************************************************
- * Initializes server-side TLS session data.
- *****************************************************************************/
+/**
+ * Initializes a server-side TLS session.
+ */
static tls_session_t *
gnutls_ServerSessionPrepare( tls_server_t *p_server )
{
i_val = gnutls_init( &session, GNUTLS_SERVER );
if( i_val != 0 )
{
- msg_Err( p_server, "Cannot initialize TLS session: %s",
+ msg_Err( p_server, "cannot initialize TLS session: %s",
gnutls_strerror( i_val ) );
goto error;
}
i_val = gnutls_set_default_priority( session );
if( i_val < 0 )
{
- msg_Err( p_server, "Cannot set ciphers priorities: %s",
+ msg_Err( p_server, "cannot set ciphers priorities: %s",
gnutls_strerror( i_val ) );
gnutls_deinit( session );
goto error;
p_server_sys->x509_cred );
if( i_val < 0 )
{
- msg_Err( p_server, "Cannot set TLS session credentials: %s",
+ msg_Err( p_server, "cannot set TLS session credentials: %s",
gnutls_strerror( i_val ) );
gnutls_deinit( session );
goto error;
}
-/*****************************************************************************
- * tls_ServerDelete:
- *****************************************************************************
- * Releases data allocated with tls_ServerCreate.
- *****************************************************************************/
+/**
+ * Releases data allocated with tls_ServerCreate().
+ */
static void
gnutls_ServerDelete( tls_server_t *p_server )
{
}
-/*****************************************************************************
- * tls_ServerAddCA:
- *****************************************************************************
+/**
* Adds one or more certificate authorities.
- * Returns -1 on error, 0 on success.
+ *
+ * @param psz_ca_path (Unicode) path to an x509 certificates list.
+ *
+ * @return -1 on error, 0 on success.
*****************************************************************************/
static int
gnutls_ServerAddCA( tls_server_t *p_server, const char *psz_ca_path )
LocaleFree( psz_local_path );
if( val < 0 )
{
- msg_Err( p_server, "Cannot add trusted CA (%s): %s", psz_ca_path,
+ msg_Err( p_server, "cannot add trusted CA (%s): %s", psz_ca_path,
gnutls_strerror( val ) );
return VLC_EGENERIC;
}
}
-/*****************************************************************************
- * tls_ServerAddCRL:
- *****************************************************************************
+/**
* Adds a certificates revocation list to be sent to TLS clients.
- * Returns -1 on error, 0 on success.
- *****************************************************************************/
+ *
+ * @param psz_crl_path (Unicode) path of the CRL file.
+ *
+ * @return -1 on error, 0 on success.
+ */
static int
gnutls_ServerAddCRL( tls_server_t *p_server, const char *psz_crl_path )
{
LocaleFree( psz_crl_path );
if( val < 0 )
{
- msg_Err( p_server, "Cannot add CRL (%s): %s", psz_crl_path,
+ msg_Err( p_server, "cannot add CRL (%s): %s", psz_crl_path,
gnutls_strerror( val ) );
return VLC_EGENERIC;
}
}
-/*****************************************************************************
- * tls_ServerCreate:
- *****************************************************************************
+/**
* Allocates a whole server's TLS credentials.
- * Returns NULL on error.
- *****************************************************************************/
+ *
+ * @return NULL on error.
+ */
static tls_server_t *
gnutls_ServerCreate( tls_t *p_tls, const char *psz_cert_path,
const char *psz_key_path )
char *psz_local_key, *psz_local_cert;
int val;
- msg_Dbg( p_tls, "Creating TLS server" );
+ msg_Dbg( p_tls, "creating TLS server" );
p_sys = (tls_server_sys_t *)malloc( sizeof(struct tls_server_sys_t) );
if( p_sys == NULL )
/* No certificate validation by default */
p_sys->pf_handshake2 = gnutls_ContinueHandshake;
- /* FIXME: check for errors */
vlc_mutex_init( p_server, &p_sys->cache_lock );
/* Sets server's credentials */
val = gnutls_certificate_allocate_credentials( &p_sys->x509_cred );
if( val != 0 )
{
- msg_Err( p_server, "Cannot allocate X509 credentials: %s",
+ msg_Err( p_server, "cannot allocate X509 credentials: %s",
gnutls_strerror( val ) );
goto error;
}
LocaleFree( psz_key_path );
if( val < 0 )
{
- msg_Err( p_server, "Cannot set certificate chain or private key: %s",
+ msg_Err( p_server, "cannot set certificate chain or private key: %s",
gnutls_strerror( val ) );
gnutls_certificate_free_credentials( p_sys->x509_cred );
goto error;
val = gnutls_dh_params_init( &p_sys->dh_params );
if( val >= 0 )
{
- msg_Dbg( p_server, "Computing Diffie Hellman ciphers parameters" );
+ msg_Dbg( p_server, "computing Diffie Hellman ciphers parameters" );
val = gnutls_dh_params_generate2( p_sys->dh_params,
get_Int( p_tls, "gnutls-dh-bits" ) );
}
if( val < 0 )
{
- msg_Err( p_server, "Cannot initialize DH cipher suites: %s",
+ msg_Err( p_server, "cannot initialize DH cipher suites: %s",
gnutls_strerror( val ) );
gnutls_certificate_free_credentials( p_sys->x509_cred );
goto error;
}
- msg_Dbg( p_server, "Ciphers parameters computed" );
+ msg_Dbg( p_server, "ciphers parameters computed" );
gnutls_certificate_set_dh_params( p_sys->x509_cred, p_sys->dh_params);
}
-/*****************************************************************************
- * gcrypt thread option VLC implementation:
- *****************************************************************************/
-vlc_object_t *__p_gcry_data;
+#ifdef LIBVLC_USE_PTHREAD
+GCRY_THREAD_OPTION_PTHREAD_IMPL;
+# define gcry_threads_vlc gcry_threads_pthread
+#else
+/**
+ * gcrypt thread option VLC implementation
+ */
+
+# define NEED_THREAD_CONTEXT 1
+static vlc_object_t *__p_gcry_data;
static int gcry_vlc_mutex_init( void **p_sys )
{
gcry_vlc_mutex_lock,
gcry_vlc_mutex_unlock
};
+#endif
/*****************************************************************************
vlc_value_t lock, count;
- var_Create( p_this->p_libvlc, "gnutls_mutex", VLC_VAR_MUTEX );
- var_Get( p_this->p_libvlc, "gnutls_mutex", &lock );
+ var_Create( p_this->p_libvlc_global, "gnutls_mutex", VLC_VAR_MUTEX );
+ var_Get( p_this->p_libvlc_global, "gnutls_mutex", &lock );
vlc_mutex_lock( lock.p_address );
/* Initialize GnuTLS only once */
- var_Create( p_this->p_libvlc, "gnutls_count", VLC_VAR_INTEGER );
- var_Get( p_this->p_libvlc, "gnutls_count", &count);
+ var_Create( p_this->p_libvlc_global, "gnutls_count", VLC_VAR_INTEGER );
+ var_Get( p_this->p_libvlc_global, "gnutls_count", &count);
if( count.i_int == 0)
{
- const char *psz_version;
-
- __p_gcry_data = VLC_OBJECT( p_this->p_vlc );
+#ifdef NEED_THREAD_CONTEXT
+ __p_gcry_data = VLC_OBJECT( p_this->p_libvlc );
+#endif
gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_vlc);
if( gnutls_global_init( ) )
vlc_mutex_unlock( lock.p_address );
return VLC_EGENERIC;
}
- /*
- * FIXME: in fact, we currently depends on 1.0.17, but it breaks on
- * Debian which as a patched 1.0.16 (which we can use).
- */
- psz_version = gnutls_check_version( "1.0.16" );
+
+ const char *psz_version = gnutls_check_version( "1.2.9" );
if( psz_version == NULL )
{
gnutls_global_deinit( );
}
count.i_int++;
- var_Set( p_this->p_libvlc, "gnutls_count", count);
+ var_Set( p_this->p_libvlc_global, "gnutls_count", count);
vlc_mutex_unlock( lock.p_address );
p_tls->pf_server_create = gnutls_ServerCreate;
vlc_value_t lock, count;
- var_Create( p_this->p_libvlc, "gnutls_mutex", VLC_VAR_MUTEX );
- var_Get( p_this->p_libvlc, "gnutls_mutex", &lock );
+ var_Create( p_this->p_libvlc_global, "gnutls_mutex", VLC_VAR_MUTEX );
+ var_Get( p_this->p_libvlc_global, "gnutls_mutex", &lock );
vlc_mutex_lock( lock.p_address );
- var_Create( p_this->p_libvlc, "gnutls_count", VLC_VAR_INTEGER );
- var_Get( p_this->p_libvlc, "gnutls_count", &count);
+ var_Create( p_this->p_libvlc_global, "gnutls_count", VLC_VAR_INTEGER );
+ var_Get( p_this->p_libvlc_global, "gnutls_count", &count);
count.i_int--;
- var_Set( p_this->p_libvlc, "gnutls_count", count);
+ var_Set( p_this->p_libvlc_global, "gnutls_count", count);
if( count.i_int == 0 )
{
projects / vlc / blobdiff