* Preamble
*****************************************************************************/
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
#include <vlc/vlc.h>
#include <errno.h>
#include <time.h>
"This is the maximum number of resumed TLS sessions that " \
"the cache will hold." )
-#define CHECK_CERT_TEXT N_("Check TLS/SSL server certificate validity")
-#define CHECK_CERT_LONGTEXT N_( \
- "This ensures that the server certificate is valid " \
- "(i.e. signed by an approved Certification Authority)." )
-
vlc_module_begin();
set_shortname( "GnuTLS" );
set_description( _("GnuTLS transport layer security") );
set_category( CAT_ADVANCED );
set_subcategory( SUBCAT_ADVANCED_MISC );
- add_bool( "tls-check-cert", VLC_TRUE, NULL, CHECK_CERT_TEXT,
- CHECK_CERT_LONGTEXT, VLC_FALSE );
+ add_obsolete_bool( "tls-check-cert" );
add_obsolete_bool( "tls-check-hostname" );
add_submodule();
* gcrypt thread option VLC implementation
*/
-# define NEED_THREAD_CONTEXT 1
-static vlc_object_t *__p_gcry_data = NULL;
-
static int gcry_vlc_mutex_init( void **p_sys )
{
int i_val;
if( p_lock == NULL)
return ENOMEM;
- i_val = vlc_mutex_init( __p_gcry_data, p_lock );
+ i_val = vlc_mutex_init( (vlc_object_t *)NULL, p_lock );
if( i_val )
free( p_lock );
else
static int gcry_vlc_mutex_destroy( void **p_sys )
{
- int i_val;
vlc_mutex_t *p_lock = (vlc_mutex_t *)*p_sys;
-
- i_val = vlc_mutex_destroy( p_lock );
+ vlc_mutex_destroy( p_lock );
free( p_lock );
- return i_val;
+ return VLC_SUCCESS;
}
static int gcry_vlc_mutex_lock( void **p_sys )
{
- return vlc_mutex_lock( (vlc_mutex_t *)*p_sys );
+ vlc_mutex_lock( (vlc_mutex_t *)*p_sys );
+ return VLC_SUCCESS;
}
static int gcry_vlc_mutex_unlock( void **lock )
{
- return vlc_mutex_unlock( (vlc_mutex_t *)*lock );
+ vlc_mutex_unlock( (vlc_mutex_t *)*lock );
+ return VLC_SUCCESS;
}
static struct gcry_thread_cbs gcry_threads_vlc =
{
int ret = VLC_EGENERIC;
- vlc_mutex_t *lock = var_GetGlobalMutex ("gnutls_mutex");
- vlc_mutex_lock (lock);
-
- /* This should probably be removed/fixed. It will screw up with multiple
- * LibVLC instances. */
-#ifdef NEED_THREAD_CONTEXT
- __p_gcry_data = VLC_OBJECT (p_this->p_libvlc);
-#endif
+ vlc_mutex_t *lock = var_AcquireMutex ("gnutls_mutex");
gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_vlc);
if (gnutls_global_init ())
*/
static void gnutls_Deinit (vlc_object_t *p_this)
{
- vlc_mutex_t *lock = var_GetGlobalMutex( "gnutls_mutex" );
- vlc_mutex_lock (lock);
+ vlc_mutex_t *lock = var_AcquireMutex( "gnutls_mutex" );
gnutls_global_deinit ();
msg_Dbg (p_this, "GnuTLS deinitialized");
goto error;
}
- if( p_sys->psz_hostname != NULL )
+ assert( p_sys->psz_hostname != NULL );
+ if ( !gnutls_x509_crt_check_hostname( cert, p_sys->psz_hostname ) )
{
- if ( !gnutls_x509_crt_check_hostname( cert, p_sys->psz_hostname ) )
- {
- msg_Err( session, "Certificate does not match \"%s\"",
- p_sys->psz_hostname );
- goto error;
- }
+ msg_Err( session, "Certificate does not match \"%s\"",
+ p_sys->psz_hostname );
+ goto error;
}
- else
- msg_Warn( session, "Certificate and hostname were not verified" );
if( gnutls_x509_crt_get_expiration_time( cert ) < time( NULL ) )
{
p_session->pf_set_fd = gnutls_SetFD;
p_sys->session.b_handshaked = VLC_FALSE;
- p_sys->session.psz_hostname = NULL;
const char *homedir = obj->p_libvlc->psz_datadir,
*datadir = config_GetDataDir ();
sprintf (path, "%s/ssl", homedir);
utf8_mkdir (path, 0755);
- if (var_CreateGetBool (obj, "tls-check-cert"))
- {
- sprintf (path, "%s/ssl/certs", homedir);
- gnutls_Addx509Directory (VLC_OBJECT (p_session),
- p_sys->x509_cred, path, VLC_FALSE);
-
- sprintf (path, "%s/ca-certificates.crt", datadir);
- gnutls_Addx509File (VLC_OBJECT (p_session),
- p_sys->x509_cred, path, VLC_FALSE);
- p_session->pf_handshake = gnutls_HandshakeAndValidate;
- }
- else
- p_session->pf_handshake = gnutls_ContinueHandshake;
+ sprintf (path, "%s/ssl/certs", homedir);
+ gnutls_Addx509Directory (VLC_OBJECT (p_session),
+ p_sys->x509_cred, path, VLC_FALSE);
+
+ sprintf (path, "%s/ca-certificates.crt", datadir);
+ gnutls_Addx509File (VLC_OBJECT (p_session),
+ p_sys->x509_cred, path, VLC_FALSE);
+ p_session->pf_handshake = gnutls_HandshakeAndValidate;
+ /*p_session->pf_handshake = gnutls_ContinueHandshake;*/
sprintf (path, "%s/ssl/private", homedir);
gnutls_Addx509Directory (VLC_OBJECT (p_session), p_sys->x509_cred,
}
char *servername = var_GetNonEmptyString (p_session, "tls-server-name");
- if (servername != NULL )
- {
- p_sys->session.psz_hostname = servername;
- gnutls_server_name_set (p_sys->session.session, GNUTLS_NAME_DNS,
- servername, strlen (servername));
- }
+ if (servername == NULL )
+ msg_Err (p_session, "server name missing for TLS session");
+
+ p_sys->session.psz_hostname = servername;
+ gnutls_server_name_set (p_sys->session.session, GNUTLS_NAME_DNS,
+ servername, strlen (servername));
return VLC_SUCCESS;
gnutls_deinit( p_sys->session );
vlc_object_detach( p_session );
- vlc_object_destroy( p_session );
+ vlc_object_release( p_session );
free( p_sys );
}
p_session->p_sys = malloc( sizeof(struct tls_session_sys_t) );
if( p_session->p_sys == NULL )
{
- vlc_object_destroy( p_session );
+ vlc_object_release( p_session );
return NULL;
}
error:
free( p_session->p_sys );
vlc_object_detach( p_session );
- vlc_object_destroy( p_session );
+ vlc_object_release( p_session );
return NULL;
}