Forgotten in previous commit.

[vlc] / modules / misc / gnutls.c

diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c
index ed5b4e11ccce5767ffefa5d14f1d1f7677a00c58..fcccbe47825fae4c47b9b7796ebcc5d8a2818f97 100644 (file)
--- a/modules/misc/gnutls.c
+++ b/modules/misc/gnutls.c
@@ -25,6 +25,10 @@
  * Preamble
  *****************************************************************************/
 
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
 #include <vlc/vlc.h>
 #include <errno.h>
 #include <time.h>
@@ -72,11 +76,6 @@ static void CloseServer (vlc_object_t *);
     "This is the maximum number of resumed TLS sessions that " \
     "the cache will hold." )
 
-#define CHECK_CERT_TEXT N_("Check TLS/SSL server certificate validity")
-#define CHECK_CERT_LONGTEXT N_( \
-    "This ensures that the server certificate is valid " \
-    "(i.e. signed by an approved Certification Authority)." )
-
 vlc_module_begin();
     set_shortname( "GnuTLS" );
     set_description( _("GnuTLS transport layer security") );
@@ -85,8 +84,7 @@ vlc_module_begin();
     set_category( CAT_ADVANCED );
     set_subcategory( SUBCAT_ADVANCED_MISC );
 
-    add_bool( "tls-check-cert", VLC_TRUE, NULL, CHECK_CERT_TEXT,
-              CHECK_CERT_LONGTEXT, VLC_FALSE );
+    add_obsolete_bool( "tls-check-cert" );
     add_obsolete_bool( "tls-check-hostname" );
 
     add_submodule();
@@ -113,9 +111,6 @@ GCRY_THREAD_OPTION_PTHREAD_IMPL;
  * gcrypt thread option VLC implementation
  */
 
-# define NEED_THREAD_CONTEXT 1
-static vlc_object_t *__p_gcry_data = NULL;
-
 static int gcry_vlc_mutex_init( void **p_sys )
 {
     int i_val;
@@ -124,7 +119,7 @@ static int gcry_vlc_mutex_init( void **p_sys )
     if( p_lock == NULL)
         return ENOMEM;
 
-    i_val = vlc_mutex_init( __p_gcry_data, p_lock );
+    i_val = vlc_mutex_init( (vlc_object_t *)NULL, p_lock );
     if( i_val )
         free( p_lock );
     else
@@ -134,22 +129,22 @@ static int gcry_vlc_mutex_init( void **p_sys )
 
 static int gcry_vlc_mutex_destroy( void **p_sys )
 {
-    int i_val;
     vlc_mutex_t *p_lock = (vlc_mutex_t *)*p_sys;
-
-    i_val = vlc_mutex_destroy( p_lock );
+    vlc_mutex_destroy( p_lock );
     free( p_lock );
-    return i_val;
+    return VLC_SUCCESS;
 }
 
 static int gcry_vlc_mutex_lock( void **p_sys )
 {
-    return vlc_mutex_lock( (vlc_mutex_t *)*p_sys );
+    vlc_mutex_lock( (vlc_mutex_t *)*p_sys );
+    return VLC_SUCCESS;
 }
 
 static int gcry_vlc_mutex_unlock( void **lock )
 {
-    return vlc_mutex_unlock( (vlc_mutex_t *)*lock );
+    vlc_mutex_unlock( (vlc_mutex_t *)*lock );
+    return VLC_SUCCESS;
 }
 
 static struct gcry_thread_cbs gcry_threads_vlc =
@@ -172,14 +167,7 @@ static int gnutls_Init (vlc_object_t *p_this)
 {
     int ret = VLC_EGENERIC;
 
-    vlc_mutex_t *lock = var_GetGlobalMutex ("gnutls_mutex");
-    vlc_mutex_lock (lock);
-
-    /* This should probably be removed/fixed. It will screw up with multiple
-     * LibVLC instances. */
-#ifdef NEED_THREAD_CONTEXT
-    __p_gcry_data = VLC_OBJECT (p_this->p_libvlc);
-#endif
+    vlc_mutex_t *lock = var_AcquireMutex ("gnutls_mutex");
 
     gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_vlc);
     if (gnutls_global_init ())
@@ -210,8 +198,7 @@ error:
  */
 static void gnutls_Deinit (vlc_object_t *p_this)
 {
-    vlc_mutex_t *lock = var_GetGlobalMutex( "gnutls_mutex" );
-    vlc_mutex_lock (lock);
+    vlc_mutex_t *lock = var_AcquireMutex( "gnutls_mutex" );
 
     gnutls_global_deinit ();
     msg_Dbg (p_this, "GnuTLS deinitialized");
@@ -415,17 +402,13 @@ gnutls_HandshakeAndValidate( tls_session_t *session )
         goto error;
     }
 
-    if( p_sys->psz_hostname != NULL )
+    assert( p_sys->psz_hostname != NULL );
+    if ( !gnutls_x509_crt_check_hostname( cert, p_sys->psz_hostname ) )
     {
-        if ( !gnutls_x509_crt_check_hostname( cert, p_sys->psz_hostname ) )
-        {
-            msg_Err( session, "Certificate does not match \"%s\"",
-                     p_sys->psz_hostname );
-            goto error;
-        }
+        msg_Err( session, "Certificate does not match \"%s\"",
+                 p_sys->psz_hostname );
+        goto error;
     }
-    else
-        msg_Warn( session, "Certificate and hostname were not verified" );
 
     if( gnutls_x509_crt_get_expiration_time( cert ) < time( NULL ) )
     {
@@ -715,7 +698,6 @@ static int OpenClient (vlc_object_t *obj)
     p_session->pf_set_fd = gnutls_SetFD;
 
     p_sys->session.b_handshaked = VLC_FALSE;
-    p_sys->session.psz_hostname = NULL;
 
     const char *homedir = obj->p_libvlc->psz_datadir,
                *datadir = config_GetDataDir ();
@@ -735,19 +717,15 @@ static int OpenClient (vlc_object_t *obj)
     sprintf (path, "%s/ssl", homedir);
     utf8_mkdir (path, 0755);
 
-    if (var_CreateGetBool (obj, "tls-check-cert"))
-    {
-        sprintf (path, "%s/ssl/certs", homedir);
-        gnutls_Addx509Directory (VLC_OBJECT (p_session),
-                                  p_sys->x509_cred, path, VLC_FALSE);
-
-        sprintf (path, "%s/ca-certificates.crt", datadir);
-        gnutls_Addx509File (VLC_OBJECT (p_session),
-                            p_sys->x509_cred, path, VLC_FALSE);
-        p_session->pf_handshake = gnutls_HandshakeAndValidate;
-    }
-    else
-        p_session->pf_handshake = gnutls_ContinueHandshake;
+    sprintf (path, "%s/ssl/certs", homedir);
+    gnutls_Addx509Directory (VLC_OBJECT (p_session),
+                             p_sys->x509_cred, path, VLC_FALSE);
+
+    sprintf (path, "%s/ca-certificates.crt", datadir);
+    gnutls_Addx509File (VLC_OBJECT (p_session),
+                        p_sys->x509_cred, path, VLC_FALSE);
+    p_session->pf_handshake = gnutls_HandshakeAndValidate;
+    /*p_session->pf_handshake = gnutls_ContinueHandshake;*/
 
     sprintf (path, "%s/ssl/private", homedir);
     gnutls_Addx509Directory (VLC_OBJECT (p_session), p_sys->x509_cred,
@@ -780,12 +758,12 @@ static int OpenClient (vlc_object_t *obj)
     }
 
     char *servername = var_GetNonEmptyString (p_session, "tls-server-name");
-    if (servername != NULL )
-    {
-        p_sys->session.psz_hostname = servername;
-        gnutls_server_name_set (p_sys->session.session, GNUTLS_NAME_DNS,
-                                servername, strlen (servername));
-    }
+    if (servername == NULL )
+        msg_Err (p_session, "server name missing for TLS session");
+
+    p_sys->session.psz_hostname = servername;
+    gnutls_server_name_set (p_sys->session.session, GNUTLS_NAME_DNS,
+                            servername, strlen (servername));
 
     return VLC_SUCCESS;
 
@@ -958,7 +936,7 @@ gnutls_SessionClose (tls_server_t *p_server, tls_session_t *p_session)
     gnutls_deinit( p_sys->session );
 
     vlc_object_detach( p_session );
-    vlc_object_destroy( p_session );
+    vlc_object_release( p_session );
 
     free( p_sys );
 }
@@ -982,7 +960,7 @@ gnutls_ServerSessionPrepare( tls_server_t *p_server )
     p_session->p_sys = malloc( sizeof(struct tls_session_sys_t) );
     if( p_session->p_sys == NULL )
     {
-        vlc_object_destroy( p_session );
+        vlc_object_release( p_session );
         return NULL;
     }
 
@@ -1038,7 +1016,7 @@ gnutls_ServerSessionPrepare( tls_server_t *p_server )
 error:
     free( p_session->p_sys );
     vlc_object_detach( p_session );
-    vlc_object_destroy( p_session );
+    vlc_object_release( p_session );
     return NULL;
 }