*
* @return NULL on error.
*/
-tls_server_t *
-tls_ServerCreate (vlc_object_t *obj, const char *cert_path,
- const char *key_path)
+vlc_tls_creds_t *
+vlc_tls_ServerCreate (vlc_object_t *obj, const char *cert_path,
+ const char *key_path)
{
- tls_server_t *srv;
-
- srv = (tls_server_t *)vlc_custom_create (obj, sizeof (*srv), "tls server");
- if (srv == NULL)
+ vlc_tls_creds_t *srv = vlc_custom_create (obj, sizeof (*srv), "tls creds");
+ if (unlikely(srv == NULL))
return NULL;
var_Create (srv, "tls-x509-cert", VLC_VAR_STRING);
var_SetString (srv, "tls-x509-key", key_path);
}
- srv->p_module = module_need (srv, "tls server", NULL, false );
- if (srv->p_module == NULL)
+ srv->module = module_need (srv, "tls server", NULL, false );
+ if (srv->module == NULL)
{
msg_Err (srv, "TLS server plugin not available");
vlc_object_release (srv);
/**
- * Releases data allocated with tls_ServerCreate.
+ * Releases data allocated with vlc_tls_ServerCreate().
* @param srv TLS server object to be destroyed, or NULL
*/
-void tls_ServerDelete (tls_server_t *srv)
+void vlc_tls_ServerDelete (vlc_tls_creds_t *srv)
{
if (srv == NULL)
return;
- module_unneed (srv, srv->p_module);
+ module_unneed (srv, srv->module);
vlc_object_release (srv);
}
* Adds one or more certificate authorities from a file.
* @return -1 on error, 0 on success.
*/
-int tls_ServerAddCA (tls_server_t *srv, const char *path)
+int vlc_tls_ServerAddCA (vlc_tls_creds_t *srv, const char *path)
{
- return srv->pf_add_CA (srv, path);
+ return srv->add_CA (srv, path);
}
* Adds one or more certificate revocation list from a file.
* @return -1 on error, 0 on success.
*/
-int tls_ServerAddCRL (tls_server_t *srv, const char *path)
+int vlc_tls_ServerAddCRL (vlc_tls_creds_t *srv, const char *path)
{
- return srv->pf_add_CRL (srv, path);
+ return srv->add_CRL (srv, path);
}
-tls_session_t *tls_ServerSessionCreate (tls_server_t *srv, int fd)
+vlc_tls_t *vlc_tls_ServerSessionCreate (vlc_tls_creds_t *srv, int fd)
{
- tls_session_t *ses = srv->pf_open (srv);
- if (ses != NULL)
- ses->pf_set_fd (ses, fd);
- return ses;
+ return srv->open (srv, fd);
}
-void tls_ServerSessionDelete (tls_session_t *ses)
+void vlc_tls_ServerSessionDelete (vlc_tls_t *ses)
{
- tls_server_t *srv = (tls_server_t *)(ses->p_parent);
- srv->pf_close (srv, ses);
+ ses->u.close (ses);
}
-int tls_ServerSessionHandshake (tls_session_t *ses)
+int vlc_tls_ServerSessionHandshake (vlc_tls_t *ses)
{
- int val = ses->pf_handshake (ses);
+ int val = ses->handshake (ses);
if (val < 0)
- tls_ServerSessionDelete (ses);
+ vlc_tls_ServerSessionDelete (ses);
return val;
}
+/*** TLS client session ***/
+/* TODO: cache certificates for the whole VLC instance lifetime */
+
+static int tls_client_start(void *func, va_list ap)
+{
+ int (*activate) (vlc_tls_t *, int fd, const char *hostname) = func;
+ vlc_tls_t *session = va_arg (ap, vlc_tls_t *);
+ int fd = va_arg (ap, int);
+ const char *hostname = va_arg (ap, const char *);
+
+ return activate (session, fd, hostname);
+}
+
+static void tls_client_stop(void *func, va_list ap)
+{
+ void (*deactivate) (vlc_tls_t *) = func;
+ vlc_tls_t *session = va_arg (ap, vlc_tls_t *);
+
+ deactivate (session);
+}
+
/**
* Allocates a client's TLS credentials and shakes hands through the network.
* This is a blocking network operation.
*
* @return NULL on error.
**/
-tls_session_t *
-tls_ClientCreate (vlc_object_t *obj, int fd, const char *psz_hostname)
+vlc_tls_t *
+vlc_tls_ClientCreate (vlc_object_t *obj, int fd, const char *hostname)
{
- tls_session_t *cl;
- int val;
-
- cl = (tls_session_t *)vlc_custom_create (obj, sizeof (*cl), "tls client");
- if (cl == NULL)
+ vlc_tls_t *cl = vlc_custom_create (obj, sizeof (*cl), "tls client");
+ if (unlikely(cl == NULL))
return NULL;
- var_Create (cl, "tls-server-name", VLC_VAR_STRING);
- if (psz_hostname != NULL)
- {
- msg_Dbg (cl, "requested server name: %s", psz_hostname);
- var_SetString (cl, "tls-server-name", psz_hostname);
- }
- else
- msg_Dbg (cl, "requested anonymous server");
-
- cl->p_module = module_need (cl, "tls client", NULL, false );
- if (cl->p_module == NULL)
+ cl->u.module = vlc_module_load (cl, "tls client", NULL, false,
+ tls_client_start, cl, fd, hostname);
+ if (cl->u.module == NULL)
{
msg_Err (cl, "TLS client plugin not available");
vlc_object_release (cl);
return NULL;
}
- cl->pf_set_fd (cl, fd);
-
+ /* TODO: do this directly in the TLS plugin */
+ int val;
do
- val = cl->pf_handshake (cl);
+ val = cl->handshake (cl);
while (val > 0);
- if (val == 0)
+ if (val != 0)
{
- msg_Dbg (cl, "TLS client session initialized");
- return cl;
+ msg_Err (cl, "TLS client session handshake error");
+ vlc_module_unload (cl->u.module, tls_client_stop, cl);
+ vlc_object_release (cl);
+ return NULL;
}
- msg_Err (cl, "TLS client session handshake error");
-
- module_unneed (cl, cl->p_module);
- vlc_object_release (cl);
- return NULL;
+ msg_Dbg (cl, "TLS client session initialized");
+ return cl;
}
/**
- * Releases data allocated with tls_ClientCreate.
+ * Releases data allocated with vlc_tls_ClientCreate().
* It is your job to close the underlying socket.
*/
-void tls_ClientDelete (tls_session_t *cl)
+void vlc_tls_ClientDelete (vlc_tls_t *cl)
{
if (cl == NULL)
return;
- module_unneed (cl, cl->p_module);
+ vlc_module_unload (cl->u.module, tls_client_stop, cl);
vlc_object_release (cl);
}