X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=modules%2Fmisc%2Fgnutls.c;h=5c527d2b1213045745417c5f204533ba898f747e;hb=dadb0622e6244456f7b5576ab2f9aa0c6582c683;hp=0131015c878ec04ac7addbd4f9ca34aa85515b9a;hpb=37b0e5a2c61efef752410de8b743c15c4b871c55;p=vlc

diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c
index 0131015c87..5c527d2b12 100644
--- a/modules/misc/gnutls.c
+++ b/modules/misc/gnutls.c
@@ -36,9 +36,6 @@
 
 #include <sys/types.h>
 #include <errno.h>
-#ifdef HAVE_DIRENT_H
-# include <dirent.h>
-#endif
 #ifdef HAVE_SYS_STAT_H
 # include <sys/stat.h>
 #endif
@@ -52,6 +49,7 @@
 
 #include <vlc_tls.h>
 #include <vlc_charset.h>
+#include <vlc_fs.h>
 #include <vlc_block.h>
 
 #include <gcrypt.h>
@@ -85,30 +83,30 @@ static void CloseServer (vlc_object_t *);
     "This is the maximum number of resumed TLS sessions that " \
     "the cache will hold." )
 
-vlc_module_begin();
-    set_shortname( "GnuTLS" );
-    set_description( N_("GnuTLS transport layer security") );
-    set_capability( "tls client", 1 );
-    set_callbacks( OpenClient, CloseClient );
-    set_category( CAT_ADVANCED );
-    set_subcategory( SUBCAT_ADVANCED_MISC );
-
-    add_obsolete_bool( "tls-check-cert" );
-    add_obsolete_bool( "tls-check-hostname" );
-
-    add_submodule();
-        set_description( N_("GnuTLS server") );
-        set_capability( "tls server", 1 );
-        set_category( CAT_ADVANCED );
-        set_subcategory( SUBCAT_ADVANCED_MISC );
-        set_callbacks( OpenServer, CloseServer );
-
-        add_obsolete_integer( "gnutls-dh-bits" );
+vlc_module_begin ()
+    set_shortname( "GnuTLS" )
+    set_description( N_("GnuTLS transport layer security") )
+    set_capability( "tls client", 1 )
+    set_callbacks( OpenClient, CloseClient )
+    set_category( CAT_ADVANCED )
+    set_subcategory( SUBCAT_ADVANCED_MISC )
+
+    add_obsolete_bool( "tls-check-cert" )
+    add_obsolete_bool( "tls-check-hostname" )
+
+    add_submodule ()
+        set_description( N_("GnuTLS server") )
+        set_capability( "tls server", 1 )
+        set_category( CAT_ADVANCED )
+        set_subcategory( SUBCAT_ADVANCED_MISC )
+        set_callbacks( OpenServer, CloseServer )
+
+        add_obsolete_integer( "gnutls-dh-bits" )
         add_integer( "gnutls-cache-timeout", CACHE_TIMEOUT, NULL,
-                    CACHE_TIMEOUT_TEXT, CACHE_TIMEOUT_LONGTEXT, true );
+                    CACHE_TIMEOUT_TEXT, CACHE_TIMEOUT_LONGTEXT, true )
         add_integer( "gnutls-cache-size", CACHE_SIZE, NULL, CACHE_SIZE_TEXT,
-                    CACHE_SIZE_LONGTEXT, true );
-vlc_module_end();
+                    CACHE_SIZE_LONGTEXT, true )
+vlc_module_end ()
 
 static vlc_mutex_t gnutls_mutex = VLC_STATIC_MUTEX;
 
@@ -164,11 +162,12 @@ static int gnutls_Error (vlc_object_t *obj, int val)
     switch (val)
     {
         case GNUTLS_E_AGAIN:
-#ifndef WIN32
+#ifdef WIN32
+            WSASetLastError (WSAEWOULDBLOCK);
+#else
             errno = EAGAIN;
-            break;
 #endif
-            /* WinSock does not return EAGAIN, return EINTR instead */
+            break;
 
         case GNUTLS_E_INTERRUPTED:
 #ifdef WIN32
@@ -237,7 +236,7 @@ gnutls_Recv( void *p_session, void *buf, int i_length )
 /**
  * Starts or continues the TLS handshake.
  *
- * @return -1 on fatal error, 0 on succesful handshake completion,
+ * @return -1 on fatal error, 0 on successful handshake completion,
  * 1 if more would-be blocking recv is needed,
  * 2 if more would-be blocking send is required.
  */
@@ -420,6 +419,7 @@ gnutls_SessionPrioritize (vlc_object_t *obj, gnutls_session_t session)
     /* Note that ordering matters (on the client side) */
     static const int protos[] =
     {
+        /*GNUTLS_TLS1_2, as of GnuTLS 2.6.5, still not ratified */
         GNUTLS_TLS1_1,
         GNUTLS_TLS1_0,
         GNUTLS_SSL3,
@@ -433,6 +433,9 @@ gnutls_SessionPrioritize (vlc_object_t *obj, gnutls_session_t session)
     };
     static const int macs[] =
     {
+        GNUTLS_MAC_SHA512,
+        GNUTLS_MAC_SHA384,
+        GNUTLS_MAC_SHA256,
         GNUTLS_MAC_SHA1,
         GNUTLS_MAC_RMD160, // RIPEMD
         GNUTLS_MAC_MD5,
@@ -446,6 +449,7 @@ gnutls_SessionPrioritize (vlc_object_t *obj, gnutls_session_t session)
         GNUTLS_CIPHER_AES_128_CBC,
         GNUTLS_CIPHER_3DES_CBC,
         GNUTLS_CIPHER_ARCFOUR_128,
+        // TODO? Camellia ciphers?
         //GNUTLS_CIPHER_DES_CBC,
         //GNUTLS_CIPHER_ARCFOUR_40,
         //GNUTLS_CIPHER_RC2_40_CBC,
@@ -516,7 +520,7 @@ gnutls_Addx509Directory( vlc_object_t *p_this,
     if( *psz_dirname == '\0' )
         psz_dirname = ".";
 
-    dir = utf8_opendir( psz_dirname );
+    dir = vlc_opendir( psz_dirname );
     if( dir == NULL )
     {
         if (errno != ENOENT)
@@ -527,7 +531,7 @@ gnutls_Addx509Directory( vlc_object_t *p_this,
 
         msg_Dbg (p_this, "creating empty certificate directory: %s",
                  psz_dirname);
-        utf8_mkdir (psz_dirname, b_priv ? 0700 : 0755);
+        vlc_mkdir (psz_dirname, b_priv ? 0700 : 0755);
         return VLC_SUCCESS;
     }
 #ifdef S_ISLNK
@@ -542,7 +546,7 @@ gnutls_Addx509Directory( vlc_object_t *p_this,
          * that the inode is still the same, to avoid TOCTOU race condition.
          */
         if( ( fd == -1)
-         || fstat( fd, &st1 ) || utf8_lstat( psz_dirname, &st2 )
+         || fstat( fd, &st1 ) || vlc_lstat( psz_dirname, &st2 )
          || S_ISLNK( st2.st_mode ) || ( st1.st_ino != st2.st_ino ) )
         {
             closedir( dir );
@@ -553,12 +557,15 @@ gnutls_Addx509Directory( vlc_object_t *p_this,
 
     for (;;)
     {
-        char *ent = utf8_readdir (dir);
+        char *ent = vlc_readdir (dir);
         if (ent == NULL)
             break;
 
         if ((strcmp (ent, ".") == 0) || (strcmp (ent, "..") == 0))
+        {
+            free( ent );
             continue;
+        }
 
         char path[strlen (psz_dirname) + strlen (ent) + 2];
         sprintf (path, "%s"DIR_SEP"%s", psz_dirname, ent);
@@ -579,7 +586,7 @@ gnutls_Addx509File( vlc_object_t *p_this,
 {
     struct stat st;
 
-    int fd = utf8_open (psz_path, O_RDONLY, 0);
+    int fd = vlc_open (psz_path, O_RDONLY);
     if (fd == -1)
         goto error;
 
@@ -667,12 +674,12 @@ static int OpenClient (vlc_object_t *obj)
         goto error;
     }
 
-    char *userdir = config_GetUserDataDir ();
+    char *userdir = config_GetUserDir ( VLC_DATA_DIR );
     if (userdir != NULL)
     {
         char path[strlen (userdir) + sizeof ("/ssl/private")];
         sprintf (path, "%s/ssl", userdir);
-        utf8_mkdir (path, 0755);
+        vlc_mkdir (path, 0755);
 
         sprintf (path, "%s/ssl/certs", userdir);
         gnutls_Addx509Directory (VLC_OBJECT (p_session),
@@ -899,7 +906,6 @@ gnutls_SessionClose (tls_server_t *p_server, tls_session_t *p_session)
         gnutls_bye( p_sys->session, GNUTLS_SHUT_WR );
     gnutls_deinit( p_sys->session );
 
-    vlc_object_detach( p_session );
     vlc_object_release( p_session );
 
     free( p_sys );
@@ -968,7 +974,7 @@ gnutls_ServerSessionPrepare( tls_server_t *p_server )
         gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUIRE);
 
     /* Session resumption support */
-    i_val = config_GetInt (p_server, "gnutls-cache-timeout");
+    i_val = var_InheritInteger (p_server, "gnutls-cache-timeout");
     if (i_val >= 0)
         gnutls_db_set_cache_expiration (session, i_val);
     gnutls_db_set_retrieve_function( session, cb_fetch );
@@ -980,7 +986,6 @@ gnutls_ServerSessionPrepare( tls_server_t *p_server )
 
 error:
     free( p_session->p_sys );
-    vlc_object_detach( p_session );
     vlc_object_release( p_session );
     return NULL;
 }
@@ -1069,7 +1074,7 @@ static int OpenServer (vlc_object_t *obj)
     if( p_sys == NULL )
         return VLC_ENOMEM;
 
-    p_sys->i_cache_size = config_GetInt (obj, "gnutls-cache-size");
+    p_sys->i_cache_size = var_InheritInteger (obj, "gnutls-cache-size");
     if (p_sys->i_cache_size == -1) /* Duh, config subsystem exploded?! */
         p_sys->i_cache_size = 0;
     p_sys->p_cache = calloc (p_sys->i_cache_size,