X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=modules%2Fmisc%2Fgnutls.c;h=10671c340bb553db5cd3b252fa1b0c5e3aa80fd4;hb=a63042d4252aac81a1d05c833e0f061d6a601a0e;hp=465a13e0d5d6153cd8cec7fce1de53e0d59002e1;hpb=c0a898e18e7fce541be58980f09ca199b736dc1c;p=vlc diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c index 465a13e0d5..10671c340b 100644 --- a/modules/misc/gnutls.c +++ b/modules/misc/gnutls.c @@ -29,7 +29,7 @@ # include "config.h" #endif -#include +#include #include #include #include @@ -52,6 +52,7 @@ #include #include +#include #include #include @@ -85,30 +86,32 @@ static void CloseServer (vlc_object_t *); "This is the maximum number of resumed TLS sessions that " \ "the cache will hold." ) -vlc_module_begin(); - set_shortname( "GnuTLS" ); - set_description( N_("GnuTLS transport layer security") ); - set_capability( "tls client", 1 ); - set_callbacks( OpenClient, CloseClient ); - set_category( CAT_ADVANCED ); - set_subcategory( SUBCAT_ADVANCED_MISC ); - - add_obsolete_bool( "tls-check-cert" ); - add_obsolete_bool( "tls-check-hostname" ); - - add_submodule(); - set_description( N_("GnuTLS server") ); - set_capability( "tls server", 1 ); - set_category( CAT_ADVANCED ); - set_subcategory( SUBCAT_ADVANCED_MISC ); - set_callbacks( OpenServer, CloseServer ); - - add_obsolete_integer( "gnutls-dh-bits" ); +vlc_module_begin () + set_shortname( "GnuTLS" ) + set_description( N_("GnuTLS transport layer security") ) + set_capability( "tls client", 1 ) + set_callbacks( OpenClient, CloseClient ) + set_category( CAT_ADVANCED ) + set_subcategory( SUBCAT_ADVANCED_MISC ) + + add_obsolete_bool( "tls-check-cert" ) + add_obsolete_bool( "tls-check-hostname" ) + + add_submodule () + set_description( N_("GnuTLS server") ) + set_capability( "tls server", 1 ) + set_category( CAT_ADVANCED ) + set_subcategory( SUBCAT_ADVANCED_MISC ) + set_callbacks( OpenServer, CloseServer ) + + add_obsolete_integer( "gnutls-dh-bits" ) add_integer( "gnutls-cache-timeout", CACHE_TIMEOUT, NULL, - CACHE_TIMEOUT_TEXT, CACHE_TIMEOUT_LONGTEXT, true ); + CACHE_TIMEOUT_TEXT, CACHE_TIMEOUT_LONGTEXT, true ) add_integer( "gnutls-cache-size", CACHE_SIZE, NULL, CACHE_SIZE_TEXT, - CACHE_SIZE_LONGTEXT, true ); -vlc_module_end(); + CACHE_SIZE_LONGTEXT, true ) +vlc_module_end () + +static vlc_mutex_t gnutls_mutex = VLC_STATIC_MUTEX; /** * Initializes GnuTLS with proper locking. @@ -120,7 +123,7 @@ static int gnutls_Init (vlc_object_t *p_this) vlc_gcrypt_init (); /* GnuTLS depends on gcrypt */ - vlc_mutex_t *lock = var_AcquireMutex ("gnutls_mutex"); + vlc_mutex_lock (&gnutls_mutex); if (gnutls_global_init ()) { msg_Err (p_this, "cannot initialize GnuTLS"); @@ -139,7 +142,7 @@ static int gnutls_Init (vlc_object_t *p_this) ret = VLC_SUCCESS; error: - vlc_mutex_unlock (lock); + vlc_mutex_unlock (&gnutls_mutex); return ret; } @@ -149,11 +152,11 @@ error: */ static void gnutls_Deinit (vlc_object_t *p_this) { - vlc_mutex_t *lock = var_AcquireMutex( "gnutls_mutex" ); + vlc_mutex_lock (&gnutls_mutex); gnutls_global_deinit (); msg_Dbg (p_this, "GnuTLS deinitialized"); - vlc_mutex_unlock (lock); + vlc_mutex_unlock (&gnutls_mutex); } @@ -418,6 +421,7 @@ gnutls_SessionPrioritize (vlc_object_t *obj, gnutls_session_t session) /* Note that ordering matters (on the client side) */ static const int protos[] = { + /*GNUTLS_TLS1_2, as of GnuTLS 2.6.5, still not ratified */ GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, @@ -431,6 +435,9 @@ gnutls_SessionPrioritize (vlc_object_t *obj, gnutls_session_t session) }; static const int macs[] = { + GNUTLS_MAC_SHA512, + GNUTLS_MAC_SHA384, + GNUTLS_MAC_SHA256, GNUTLS_MAC_SHA1, GNUTLS_MAC_RMD160, // RIPEMD GNUTLS_MAC_MD5, @@ -444,6 +451,7 @@ gnutls_SessionPrioritize (vlc_object_t *obj, gnutls_session_t session) GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128, + // TODO? Camellia ciphers? //GNUTLS_CIPHER_DES_CBC, //GNUTLS_CIPHER_ARCFOUR_40, //GNUTLS_CIPHER_RC2_40_CBC, @@ -514,7 +522,7 @@ gnutls_Addx509Directory( vlc_object_t *p_this, if( *psz_dirname == '\0' ) psz_dirname = "."; - dir = utf8_opendir( psz_dirname ); + dir = vlc_opendir( psz_dirname ); if( dir == NULL ) { if (errno != ENOENT) @@ -525,7 +533,7 @@ gnutls_Addx509Directory( vlc_object_t *p_this, msg_Dbg (p_this, "creating empty certificate directory: %s", psz_dirname); - utf8_mkdir (psz_dirname, b_priv ? 0700 : 0755); + vlc_mkdir (psz_dirname, b_priv ? 0700 : 0755); return VLC_SUCCESS; } #ifdef S_ISLNK @@ -540,7 +548,7 @@ gnutls_Addx509Directory( vlc_object_t *p_this, * that the inode is still the same, to avoid TOCTOU race condition. */ if( ( fd == -1) - || fstat( fd, &st1 ) || utf8_lstat( psz_dirname, &st2 ) + || fstat( fd, &st1 ) || vlc_lstat( psz_dirname, &st2 ) || S_ISLNK( st2.st_mode ) || ( st1.st_ino != st2.st_ino ) ) { closedir( dir ); @@ -551,12 +559,15 @@ gnutls_Addx509Directory( vlc_object_t *p_this, for (;;) { - char *ent = utf8_readdir (dir); + char *ent = vlc_readdir (dir); if (ent == NULL) break; if ((strcmp (ent, ".") == 0) || (strcmp (ent, "..") == 0)) + { + free( ent ); continue; + } char path[strlen (psz_dirname) + strlen (ent) + 2]; sprintf (path, "%s"DIR_SEP"%s", psz_dirname, ent); @@ -577,7 +588,7 @@ gnutls_Addx509File( vlc_object_t *p_this, { struct stat st; - int fd = utf8_open (psz_path, O_RDONLY, 0); + int fd = vlc_open (psz_path, O_RDONLY); if (fd == -1) goto error; @@ -665,12 +676,12 @@ static int OpenClient (vlc_object_t *obj) goto error; } - char *userdir = config_GetUserDataDir (); + char *userdir = config_GetUserDir ( VLC_DATA_DIR ); if (userdir != NULL) { char path[strlen (userdir) + sizeof ("/ssl/private")]; sprintf (path, "%s/ssl", userdir); - utf8_mkdir (path, 0755); + vlc_mkdir (path, 0755); sprintf (path, "%s/ssl/certs", userdir); gnutls_Addx509Directory (VLC_OBJECT (p_session), @@ -721,10 +732,11 @@ static int OpenClient (vlc_object_t *obj) char *servername = var_GetNonEmptyString (p_session, "tls-server-name"); if (servername == NULL ) msg_Err (p_session, "server name missing for TLS session"); + else + gnutls_server_name_set (p_sys->session.session, GNUTLS_NAME_DNS, + servername, strlen (servername)); p_sys->session.psz_hostname = servername; - gnutls_server_name_set (p_sys->session.session, GNUTLS_NAME_DNS, - servername, strlen (servername)); return VLC_SUCCESS; @@ -896,7 +908,6 @@ gnutls_SessionClose (tls_server_t *p_server, tls_session_t *p_session) gnutls_bye( p_sys->session, GNUTLS_SHUT_WR ); gnutls_deinit( p_sys->session ); - vlc_object_detach( p_session ); vlc_object_release( p_session ); free( p_sys ); @@ -965,8 +976,9 @@ gnutls_ServerSessionPrepare( tls_server_t *p_server ) gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUIRE); /* Session resumption support */ - i_val = config_GetInt (p_server, "gnutls-cache-timeout"); - gnutls_db_set_cache_expiration (session, i_val); + i_val = var_InheritInteger (p_server, "gnutls-cache-timeout"); + if (i_val >= 0) + gnutls_db_set_cache_expiration (session, i_val); gnutls_db_set_retrieve_function( session, cb_fetch ); gnutls_db_set_remove_function( session, cb_delete ); gnutls_db_set_store_function( session, cb_store ); @@ -976,7 +988,6 @@ gnutls_ServerSessionPrepare( tls_server_t *p_server ) error: free( p_session->p_sys ); - vlc_object_detach( p_session ); vlc_object_release( p_session ); return NULL; } @@ -1065,7 +1076,9 @@ static int OpenServer (vlc_object_t *obj) if( p_sys == NULL ) return VLC_ENOMEM; - p_sys->i_cache_size = config_GetInt (obj, "gnutls-cache-size"); + p_sys->i_cache_size = var_InheritInteger (obj, "gnutls-cache-size"); + if (p_sys->i_cache_size == -1) /* Duh, config subsystem exploded?! */ + p_sys->i_cache_size = 0; p_sys->p_cache = calloc (p_sys->i_cache_size, sizeof (struct saved_session_t)); if (p_sys->p_cache == NULL)