/* create a new host */
VLC_API httpd_host_t * httpd_HostNew( vlc_object_t *, const char *psz_host, int i_port ) VLC_USED;
-VLC_API httpd_host_t * httpd_TLSHostNew( vlc_object_t *, const char *, int, const char *, const char *, const char *, const char * ) VLC_USED;
+VLC_API httpd_host_t * httpd_TLSHostNew( vlc_object_t *, const char *, int ) VLC_USED;
/* delete a host */
VLC_API void httpd_HostDelete( httpd_host_t * );
#define MIME_TEXT N_("Mime")
#define MIME_LONGTEXT N_("MIME returned by the server (autodetected " \
"if not specified)." )
-#define CERT_TEXT N_( "Certificate file" )
-#define CERT_LONGTEXT N_( "Path to the x509 PEM certificate file that will "\
- "be used for HTTPS." )
-#define KEY_TEXT N_( "Private key file" )
-#define KEY_LONGTEXT N_( "Path to the x509 PEM private key file that will " \
- "be used for HTTPS. Leave " \
- "empty if you don't have one." )
-#define CA_TEXT N_( "Root CA file" )
-#define CA_LONGTEXT N_( "Path to the x509 PEM trusted root CA certificates " \
- "(certificate authority) file that will be used for " \
- "HTTPS. Leave empty if you " \
- "don't have one." )
-#define CRL_TEXT N_( "CRL file" )
-#define CRL_LONGTEXT N_( "Path to the x509 PEM Certificates Revocation List " \
- "file that will be used for SSL. Leave " \
- "empty if you don't have one." )
#define BONJOUR_TEXT N_( "Advertise with Bonjour")
#define BONJOUR_LONGTEXT N_( "Advertise the stream with the Bonjour protocol." )
PASS_TEXT, PASS_LONGTEXT, true )
add_string( SOUT_CFG_PREFIX "mime", "",
MIME_TEXT, MIME_LONGTEXT, true )
- add_loadfile( SOUT_CFG_PREFIX "cert", "vlc.pem",
- CERT_TEXT, CERT_LONGTEXT, true )
- add_loadfile( SOUT_CFG_PREFIX "key", NULL,
- KEY_TEXT, KEY_LONGTEXT, true )
- add_loadfile( SOUT_CFG_PREFIX "ca", NULL,
- CA_TEXT, CA_LONGTEXT, true )
- add_loadfile( SOUT_CFG_PREFIX "crl", NULL,
- CRL_TEXT, CRL_LONGTEXT, true )
#if 0 //def HAVE_AVAHI_CLIENT
add_bool( SOUT_CFG_PREFIX "bonjour", false,
BONJOUR_TEXT, BONJOUR_LONGTEXT, true);
char *psz_user;
char *psz_pwd;
char *psz_mime;
- char *psz_cert = NULL, *psz_key = NULL, *psz_ca = NULL,
- *psz_crl = NULL;
if( !( p_sys = p_access->p_sys =
malloc( sizeof( sout_access_out_sys_t ) ) ) )
psz_parser = psz_bind_addr;
}
- /* SSL support */
+ /* TLS support */
if( p_access->psz_access && !strcmp( p_access->psz_access, "https" ) )
{
- psz_cert = var_CreateGetNonEmptyString( p_this, SOUT_CFG_PREFIX"cert" );
- psz_key = var_CreateGetNonEmptyString( p_this, SOUT_CFG_PREFIX"key" );
- psz_ca = var_CreateGetNonEmptyString( p_this, SOUT_CFG_PREFIX"ca" );
- psz_crl = var_CreateGetNonEmptyString( p_this, SOUT_CFG_PREFIX"crl" );
-
if( i_bind_port <= 0 )
i_bind_port = DEFAULT_SSL_PORT;
+ p_sys->p_httpd_host = httpd_TLSHostNew( VLC_OBJECT(p_access),
+ psz_bind_addr, i_bind_port );
}
else
{
if( i_bind_port <= 0 )
i_bind_port = DEFAULT_PORT;
+ p_sys->p_httpd_host = httpd_HostNew( VLC_OBJECT(p_access),
+ psz_bind_addr, i_bind_port );
}
- p_sys->p_httpd_host = httpd_TLSHostNew( VLC_OBJECT(p_access),
- psz_bind_addr, i_bind_port,
- psz_cert, psz_key, psz_ca,
- psz_crl );
- free( psz_cert );
- free( psz_key );
- free( psz_ca );
- free( psz_crl );
-
if( p_sys->p_httpd_host == NULL )
{
msg_Err( p_access, "cannot listen on %s port %d",
vlc_object_t *p_this = vlclua_get_this( L );
const char *psz_host = luaL_checkstring( L, 1 );
int i_port = luaL_checkint( L, 2 );
- const char *psz_cert = luaL_optstring( L, 3, NULL );
- const char *psz_key = luaL_optstring( L, 4, NULL );
- const char *psz_ca = luaL_optstring( L, 5, NULL );
- const char *psz_crl = luaL_optstring( L, 6, NULL );
- httpd_host_t *p_host = httpd_TLSHostNew( p_this, psz_host, i_port,
- psz_cert, psz_key,
- psz_ca, psz_crl );
+ httpd_host_t *p_host = httpd_HostNew( p_this, psz_host, i_port );
if( !p_host )
- return luaL_error( L, "Failed to create HTTP TLS host \"%s:%d\" "
- "(cert: \"%s\", key: \"%s\", ca: \"%s\", "
- "crl: \"%s\").", psz_host, i_port,
- psz_cert, psz_key, psz_ca, psz_crl );
+ return luaL_error( L, "Failed to create HTTP host \"%s:%d\" ",
+ psz_host, i_port );
httpd_host_t **pp_host = lua_newuserdata( L, sizeof( httpd_host_t * ) );
*pp_host = p_host;
#define TIMEOUT_LONGTEXT N_( \
"Default TCP connection timeout (in milliseconds). " )
+#define HTTP_CERT_TEXT N_("HTTP/TLS server certificate")
+#define CERT_LONGTEXT N_( \
+ "This X.509 certicate file (PEM format) is used for server-side TLS." )
+
+#define HTTP_KEY_TEXT N_("HTTP/TLS server private key")
+#define KEY_LONGTEXT N_( \
+ "This private key file (PEM format) is used for server-side TLS.")
+
+#define HTTP_CA_TEXT N_("HTTP/TLS Certificate Authority")
+#define CA_LONGTEXT N_( \
+ "This X.509 certificate file (PEM format) can optionally be used " \
+ "to authenticate remote clients in TLS sessions.")
+
+#define HTTP_CRL_TEXT N_("HTTP/TLS Certificate Revocation List")
+#define CRL_LONGTEXT N_( \
+ "This file countains an optional CRL to prevent remove clients " \
+ "from using revoked certificates in TLS sessions.")
+
#define SOCKS_SERVER_TEXT N_("SOCKS server")
#define SOCKS_SERVER_LONGTEXT N_( \
"SOCKS proxy server to use. This must be of the form " \
add_integer( "ipv4-timeout", 5 * 1000, TIMEOUT_TEXT,
TIMEOUT_LONGTEXT, true )
+ add_loadfile( "http-cert", NULL, HTTP_CERT_TEXT, CERT_LONGTEXT, true )
+ add_deprecated_alias( "sout-http-cert" ) /* since 1.2.0 */
+ add_loadfile( "http-key", NULL, HTTP_KEY_TEXT, KEY_LONGTEXT, true )
+ add_deprecated_alias( "sout-http-key" ) /* since 1.2.0 */
+ add_loadfile( "http-ca", NULL, HTTP_CA_TEXT, CA_LONGTEXT, true )
+ add_deprecated_alias( "sout-http-ca" ) /* since 1.2.0 */
+ add_loadfile( "http-crl", NULL, HTTP_CRL_TEXT, CRL_LONGTEXT, true )
+ add_deprecated_alias( "sout-http-crl" ) /* since 1.2.0 */
+
set_section( N_( "Socks proxy") , NULL )
add_string( "socks", NULL,
SOCKS_SERVER_TEXT, SOCKS_SERVER_LONGTEXT, true )
httpd_host_t *httpd_HostNew (vlc_object_t *obj, const char *host, int port)
{
- return httpd_TLSHostNew (obj, host, port, NULL, NULL, NULL, NULL);
+ (void) host; (void) port;
+ msg_Err (obj, "VLC httpd support not compiled-in!");
+ return NULL;
+}
+
+httpd_host_t *httpd_TLSHostNew (vlc_object_t *obj, const char *host, int port)
+{
+ return httpd_HostNew (obj, host, port);
}
void httpd_MsgAdd (httpd_message_t *m, const char *name, const char *fmt, ...)
assert (0);
}
-httpd_host_t *httpd_TLSHostNew (vlc_object_t *obj, const char *host, int port,
- const char *cert, const char *key,
- const char *ca, const char *crl)
-{
- (void) host; (void) port;
- (void) cert; (void) key; (void) ca; (void) crl;
- msg_Err (obj, "VLC httpd support not compiled-in!");
- return NULL;
-}
-
int httpd_UrlCatch (httpd_url_t *url, int request, httpd_callback_t cb,
httpd_callback_sys_t *data)
{
* Low level
*****************************************************************************/
static void* httpd_HostThread( void * );
+static httpd_host_t *httpd_HostCreate( vlc_object_t *, const char *, int,
+ vlc_tls_creds_t * );
/* create a new host */
httpd_host_t *httpd_HostNew( vlc_object_t *p_this, const char *psz_host,
int i_port )
{
- return httpd_TLSHostNew( p_this, psz_host, i_port, NULL, NULL, NULL, NULL
- );
+ return httpd_HostCreate( p_this, psz_host, i_port, NULL );
+}
+
+httpd_host_t *httpd_TLSHostNew( vlc_object_t *obj, const char *host, int port )
+{
+ char *cert = var_InheritString( obj, "http-cert" );
+ if( cert == NULL )
+ {
+ msg_Err( obj, "HTTP/TLS certificate not specified!" );
+ return NULL;
+ }
+
+ char *key = var_InheritString( obj, "http-key" );
+ vlc_tls_creds_t *tls = vlc_tls_ServerCreate( obj, cert, key );
+
+ if( tls == NULL )
+ {
+ msg_Err( obj, "HTTP/TLS certificate error (%s and %s)",
+ cert, (key != NULL) ? key : cert );
+ free( key );
+ free( cert );
+ return NULL;
+ }
+ free( key );
+ free( cert );
+
+ char *ca = var_InheritString( obj, "http-ca" );
+ if( ca != NULL )
+ {
+ if( vlc_tls_ServerAddCA( tls, ca ) )
+ {
+ msg_Err( obj, "HTTP/TLS CA error (%s)", ca );
+ free( ca );
+ goto error;
+ }
+ free( ca );
+ }
+
+ char *crl = var_InheritString( obj, "http-crl" );
+ if( crl != NULL )
+ {
+ if( vlc_tls_ServerAddCRL( tls, crl ) )
+ {
+ msg_Err( obj, "TLS CRL error (%s)", crl );
+ free( crl );
+ goto error;
+ }
+ free( crl );
+ }
+
+ return httpd_HostCreate( obj, host, port, tls );
+
+error:
+ vlc_tls_ServerDelete( tls );
+ return NULL;
}
static vlc_mutex_t httpd_mutex = VLC_STATIC_MUTEX;
-httpd_host_t *httpd_TLSHostNew( vlc_object_t *p_this, const char *psz_hostname,
- int i_port,
- const char *psz_cert, const char *psz_key,
- const char *psz_ca, const char *psz_crl )
+static httpd_host_t *httpd_HostCreate( vlc_object_t *p_this,
+ const char *psz_hostname, int i_port,
+ vlc_tls_creds_t *p_tls )
{
httpd_t *httpd;
httpd_host_t *host;
- vlc_tls_creds_t *p_tls;
char *psz_host;
int i;
host = httpd->host[i];
/* cannot mix TLS and non-TLS hosts */
- if( ( ( httpd->host[i]->p_tls != NULL ) != ( psz_cert != NULL ) )
+ if( ( ( httpd->host[i]->p_tls != NULL ) != ( p_tls != NULL ) )
|| ( host->i_port != i_port )
|| strcmp( host->psz_hostname, psz_hostname ) )
continue;
vlc_mutex_unlock( &host->lock );
vlc_mutex_unlock( &httpd_mutex );
+ if( p_tls != NULL )
+ vlc_tls_ServerDelete( p_tls );
return host;
}
host = NULL;
- /* determine TLS configuration */
- if ( psz_cert != NULL )
- {
- p_tls = vlc_tls_ServerCreate( p_this, psz_cert, psz_key );
- if ( p_tls == NULL )
- {
- msg_Err( p_this, "TLS initialization error" );
- goto error;
- }
-
- if ( ( psz_ca != NULL) && vlc_tls_ServerAddCA( p_tls, psz_ca ) )
- {
- msg_Err( p_this, "TLS CA error" );
- goto error;
- }
-
- if ( ( psz_crl != NULL) && vlc_tls_ServerAddCRL( p_tls, psz_crl ) )
- {
- msg_Err( p_this, "TLS CRL error" );
- goto error;
- }
- }
- else
- p_tls = NULL;
-
/* create the new host */
host = (httpd_host_t *)vlc_custom_create( p_this, sizeof (*host),
"http host" );