X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=modules%2Fmisc%2Fgnutls.c;h=ffa9917a634ce718ac18d3a966f07ad749ae529e;hb=b58dfe3584f7a60fcd5afbdac903b513f7082804;hp=083c150656a1217d065a7f44b0da9226d29ad06f;hpb=fe087a38282e93addb25fa9598393e40ea233b09;p=vlc diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c index 083c150656..ffa9917a63 100644 --- a/modules/misc/gnutls.c +++ b/modules/misc/gnutls.c @@ -1,10 +1,10 @@ /***************************************************************************** * tls.c ***************************************************************************** - * Copyright (C) 2004-2005 the VideoLAN team + * Copyright (C) 2004-2006 Rémi Denis-Courmont * $Id$ * - * Authors: Remi Denis-Courmont + * Authors: Rémi Denis-Courmont * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -18,7 +18,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA. + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA. *****************************************************************************/ /* @@ -48,6 +48,7 @@ #include "vlc_tls.h" +#include "charset.h" #include #include @@ -262,7 +263,7 @@ gnutls_HandshakeAndValidate( tls_session_t *p_session ) val = gnutls_ContinueHandshake( p_session ); if( val == 0 ) { - int status; + unsigned status; gnutls_x509_crt cert; const gnutls_datum *p_data; tls_session_sys_t *p_sys; @@ -299,7 +300,7 @@ gnutls_HandshakeAndValidate( tls_session_t *p_session ) return 0; /* certificate (host)name verification */ - p_data = gnutls_certificate_get_peers( p_sys->session, &val ); + p_data = gnutls_certificate_get_peers( p_sys->session, &status ); if( p_data == NULL ) { msg_Err( p_session, "TLS peer certificate not available" ); @@ -336,7 +337,7 @@ gnutls_HandshakeAndValidate( tls_session_t *p_session ) } gnutls_x509_crt_deinit( cert ); - + msg_Dbg( p_session, "x509 hostname verified" ); return 0; } @@ -352,7 +353,7 @@ gnutls_BeginHandshake( tls_session_t *p_session, int fd, p_sys = (tls_session_sys_t *)(p_session->p_sys); - gnutls_transport_set_ptr (p_sys->session, (gnutls_transport_ptr)fd); + gnutls_transport_set_ptr (p_sys->session, (gnutls_transport_ptr)(unsigned long)fd); if( psz_hostname != NULL ) { @@ -416,7 +417,7 @@ is_regular( const char *psz_filename ) #ifdef HAVE_SYS_STAT_H struct stat st; - return ( stat( psz_filename, &st ) == 0 ) + return ( utf8_stat( psz_filename, &st ) == 0 ) && S_ISREG( st.st_mode ); #else return 1; @@ -430,13 +431,12 @@ gnutls_Addx509Directory( vlc_object_t *p_this, vlc_bool_t private ) { DIR* dir; - struct dirent *p_ent; - int i_len; + const char *psz_dirent; if( *psz_dirname == '\0' ) psz_dirname = "."; - dir = opendir( psz_dirname ); + dir = utf8_opendir( psz_dirname ); if( dir == NULL ) { msg_Warn( p_this, "Cannot open directory (%s) : %s", psz_dirname, @@ -444,32 +444,32 @@ gnutls_Addx509Directory( vlc_object_t *p_this, return VLC_EGENERIC; } - i_len = strlen( psz_dirname ) + 2; - - while( ( p_ent = readdir( dir ) ) != NULL ) + while( ( psz_dirent = utf8_readdir( dir ) ) != NULL ) { char *psz_filename; - - psz_filename = (char *)malloc( i_len + strlen( p_ent->d_name ) ); - if( psz_filename == NULL ) + int check = asprintf( &psz_filename, "%s/%s", psz_dirname, + psz_dirent ); + LocaleFree( psz_dirent ); + if( check == -1 ) { closedir( dir ); return VLC_ENOMEM; } - sprintf( psz_filename, "%s/%s", psz_dirname, p_ent->d_name ); /* we neglect the race condition here - not security sensitive */ if( is_regular( psz_filename ) ) { int i; + char *psz_localname = ToLocale( psz_filename ); i = (private) - ? gnutls_certificate_set_x509_key_file( cred, psz_filename, + ? gnutls_certificate_set_x509_key_file( cred, psz_localname, psz_filename, GNUTLS_X509_FMT_PEM ) - : gnutls_certificate_set_x509_trust_file( cred, psz_filename, + : gnutls_certificate_set_x509_trust_file( cred, psz_localname, GNUTLS_X509_FMT_PEM ); + LocaleFree( psz_localname ); if( i < 0 ) { msg_Warn( p_this, "Cannot add x509 certificate (%s) : %s", @@ -503,7 +503,7 @@ gnutls_ClientCreate( tls_t *p_tls ) p_sys = (tls_client_sys_t *)malloc( sizeof(struct tls_client_sys_t) ); if( p_sys == NULL ) return NULL; - + p_session = (struct tls_session_t *)vlc_object_create ( p_tls, sizeof(struct tls_session_t) ); if( p_session == NULL ) { @@ -535,18 +535,14 @@ gnutls_ClientCreate( tls_t *p_tls ) { /* FIXME: support for changing path/using multiple paths */ char *psz_path; - const char *psz_homedir; - psz_homedir = p_tls->p_vlc->psz_homedir; - psz_path = (char *)malloc( strlen( psz_homedir ) - + sizeof( CONFIG_DIR ) + 12 ); - if( psz_path == NULL ) + if( asprintf( &psz_path, "%s/"CONFIG_DIR"/ssl/certs", + p_tls->p_vlc->psz_homedir ) == -1 ) { gnutls_certificate_free_credentials( p_sys->x509_cred ); goto error; } - sprintf( psz_path, "%s/"CONFIG_DIR"/ssl/certs", psz_homedir ); gnutls_Addx509Directory( (vlc_object_t *)p_session, p_sys->x509_cred, psz_path, VLC_FALSE ); @@ -559,18 +555,14 @@ gnutls_ClientCreate( tls_t *p_tls ) { /* FIXME: support for changing path/using multiple paths */ char *psz_path; - const char *psz_homedir; - psz_homedir = p_tls->p_vlc->psz_homedir; - psz_path = (char *)malloc( strlen( psz_homedir ) - + sizeof( CONFIG_DIR ) + 14 ); - if( psz_path == NULL ) + if( asprintf( &psz_path, "%s/"CONFIG_DIR"/ssl/private", + p_tls->p_vlc->psz_homedir ) == -1 ) { gnutls_certificate_free_credentials( p_sys->x509_cred ); goto error; } - sprintf( psz_path, "%s/"CONFIG_DIR"/ssl/private", psz_homedir ); gnutls_Addx509Directory( (vlc_object_t *)p_session, p_sys->x509_cred, psz_path, VLC_TRUE ); @@ -744,7 +736,7 @@ gnutls_ServerSessionPrepare( tls_server_t *p_server ) p_session = vlc_object_create( p_server, sizeof (struct tls_session_t) ); if( p_session == NULL ) return NULL; - + p_session->p_sys = malloc( sizeof(struct tls_session_sys_t) ); if( p_session->p_sys == NULL ) { @@ -850,14 +842,17 @@ gnutls_ServerDelete( tls_server_t *p_server ) static int gnutls_ServerAddCA( tls_server_t *p_server, const char *psz_ca_path ) { - int val; tls_server_sys_t *p_sys; + char *psz_local_path; + int val; p_sys = (tls_server_sys_t *)(p_server->p_sys); + psz_local_path = ToLocale( psz_ca_path ); val = gnutls_certificate_set_x509_trust_file( p_sys->x509_cred, - psz_ca_path, + psz_local_path, GNUTLS_X509_FMT_PEM ); + LocaleFree( psz_local_path ); if( val < 0 ) { msg_Err( p_server, "Cannot add trusted CA (%s) : %s", psz_ca_path, @@ -883,11 +878,13 @@ static int gnutls_ServerAddCRL( tls_server_t *p_server, const char *psz_crl_path ) { int val; + char *psz_local_path = ToLocale( psz_crl_path ); val = gnutls_certificate_set_x509_crl_file( ((tls_server_sys_t *) (p_server->p_sys))->x509_cred, - psz_crl_path, + psz_local_path, GNUTLS_X509_FMT_PEM ); + LocaleFree( psz_crl_path ); if( val < 0 ) { msg_Err( p_server, "Cannot add CRL (%s) : %s", psz_crl_path, @@ -897,7 +894,7 @@ gnutls_ServerAddCRL( tls_server_t *p_server, const char *psz_crl_path ) msg_Dbg( p_server, "%d CRL added (%s)", val, psz_crl_path ); return VLC_SUCCESS; } - + /***************************************************************************** * tls_ServerCreate: @@ -911,6 +908,7 @@ gnutls_ServerCreate( tls_t *p_tls, const char *psz_cert_path, { tls_server_t *p_server; tls_server_sys_t *p_sys; + char *psz_local_key, *psz_local_cert; int val; msg_Dbg( p_tls, "Creating TLS server" ); @@ -960,9 +958,13 @@ gnutls_ServerCreate( tls_t *p_tls, const char *psz_cert_path, goto error; } + psz_local_cert = ToLocale( psz_cert_path ); + psz_local_key = ToLocale( psz_key_path ); val = gnutls_certificate_set_x509_key_file( p_sys->x509_cred, - psz_cert_path, psz_key_path, + psz_local_cert, psz_local_key, GNUTLS_X509_FMT_PEM ); + LocaleFree( psz_cert_path ); + LocaleFree( psz_key_path ); if( val < 0 ) { msg_Err( p_server, "Cannot set certificate chain or private key : %s",