X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fmisc%2Fgnutls.c;h=622807bdfd7e7d640359497dff78b67a7a9a7ff6;hb=de587c237065de4696d9d035d0504cdf34990d87;hp=1f6be91df328f4afd719ab3ba5c95c08cfdfa04f;hpb=9b6ca602809f373e1770e32720f7961c3a0febed;p=vlc diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c index 1f6be91df3..622807bdfd 100644 --- a/modules/misc/gnutls.c +++ b/modules/misc/gnutls.c @@ -29,7 +29,8 @@ # include "config.h" #endif -#include +#include +#include #include #include @@ -40,14 +41,18 @@ #endif #ifdef HAVE_SYS_STAT_H # include -# ifdef HAVE_UNISTD_H -# include -# endif #endif +#ifdef WIN32 +# include +#else +# include +#endif +# include #include #include +#include #include #include @@ -60,6 +65,8 @@ #include "dhparams.h" +#include + /***************************************************************************** * Module descriptor *****************************************************************************/ @@ -80,7 +87,7 @@ static void CloseServer (vlc_object_t *); vlc_module_begin(); set_shortname( "GnuTLS" ); - set_description( _("GnuTLS transport layer security") ); + set_description( N_("GnuTLS transport layer security") ); set_capability( "tls client", 1 ); set_callbacks( OpenClient, CloseClient ); set_category( CAT_ADVANCED ); @@ -90,7 +97,7 @@ vlc_module_begin(); add_obsolete_bool( "tls-check-hostname" ); add_submodule(); - set_description( _("GnuTLS server") ); + set_description( N_("GnuTLS server") ); set_capability( "tls server", 1 ); set_category( CAT_ADVANCED ); set_subcategory( SUBCAT_ADVANCED_MISC ); @@ -570,41 +577,48 @@ gnutls_Addx509File( vlc_object_t *p_this, { struct stat st; - if( utf8_stat( psz_path, &st ) == 0 ) + int fd = utf8_open (psz_path, O_RDONLY, 0); + if (fd == -1) + goto error; + + block_t *block = block_File (fd); + if (block != NULL) { - if( S_ISREG( st.st_mode ) ) - { - char *psz_localname = ToLocale( psz_path ); - int i = b_priv - ? gnutls_certificate_set_x509_key_file( cred, - psz_localname, psz_localname, GNUTLS_X509_FMT_PEM ) - : gnutls_certificate_set_x509_trust_file( cred, - psz_localname, GNUTLS_X509_FMT_PEM ); - LocaleFree( psz_localname ); - - if( i < 0 ) - { - msg_Warn( p_this, "cannot add x509 credentials (%s): %s", - psz_path, gnutls_strerror( i ) ); - return VLC_EGENERIC; - } - else - { - msg_Dbg( p_this, "added x509 credentials (%s)", - psz_path ); - return VLC_SUCCESS; - } - } - else if( S_ISDIR( st.st_mode ) ) + close (fd); + + gnutls_datum data = { + .data = block->p_buffer, + .size = block->i_buffer, + }; + int res = b_priv + ? gnutls_certificate_set_x509_key_mem (cred, &data, &data, + GNUTLS_X509_FMT_PEM) + : gnutls_certificate_set_x509_trust_mem (cred, &data, + GNUTLS_X509_FMT_PEM); + block_Release (block); + + if (res < 0) { - msg_Dbg( p_this, - "looking recursively for x509 credentials in %s", - psz_path ); - return gnutls_Addx509Directory( p_this, cred, psz_path, b_priv); + msg_Warn (p_this, "cannot add x509 credentials (%s): %s", + psz_path, gnutls_strerror (res)); + return VLC_EGENERIC; } + msg_Dbg (p_this, "added x509 credentials (%s)", psz_path); + return VLC_SUCCESS; } - else - msg_Warn( p_this, "cannot add x509 credentials (%s): %m", psz_path ); + + if (!fstat (fd, &st) && S_ISDIR (st.st_mode)) + { + close (fd); + msg_Dbg (p_this, "looking recursively for x509 credentials in %s", + psz_path); + return gnutls_Addx509Directory (p_this, cred, psz_path, b_priv); + } + +error: + msg_Warn (p_this, "cannot add x509 credentials (%s): %m", psz_path); + if (fd != -1) + close (fd); return VLC_EGENERIC; } @@ -667,10 +681,11 @@ static int OpenClient (vlc_object_t *obj) free (userdir); } - const char *datadir = config_GetDataDir (); + const char *confdir = config_GetConfDir (); { - char path[strlen (datadir) + sizeof ("/ca-certificates.crt")]; - sprintf (path, "%s/ca-certificates.crt", datadir); + char path[strlen (confdir) + + sizeof ("/ssl/certs/ca-certificates.crt")]; + sprintf (path, "%s/ssl/certs/ca-certificates.crt", confdir); gnutls_Addx509File (VLC_OBJECT (p_session), p_sys->x509_cred, path, false); }