Always check the certificates chain - it does not make any sense, is counter-intuitiv...

author Rémi Denis-Courmont <rem@videolan.org>

Wed, 17 Oct 2007 17:14:30 +0000 (17:14 +0000)

committer Rémi Denis-Courmont <rem@videolan.org>

Wed, 17 Oct 2007 17:14:30 +0000 (17:14 +0000)
author Rémi Denis-Courmont <rem@videolan.org>
Wed, 17 Oct 2007 17:14:30 +0000 (17:14 +0000)
committer Rémi Denis-Courmont <rem@videolan.org>
Wed, 17 Oct 2007 17:14:30 +0000 (17:14 +0000)
diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c

index 46224bb46910b02864d613ea8ac95c64d7792c9e..d5677b268dd33fdf6d8eaac2cd3e128fce3dc3db 100644 (file)
--- a/modules/misc/gnutls.c
+++ b/modules/misc/gnutls.c
@@ -72,11 +72,6 @@ static void CloseServer (vlc_object_t *);
      "This is the maximum number of resumed TLS sessions that " \
      "the cache will hold." )
  
-#define CHECK_CERT_TEXT N_("Check TLS/SSL server certificate validity")
-#define CHECK_CERT_LONGTEXT N_( \
-    "This ensures that the server certificate is valid " \
-    "(i.e. signed by an approved Certification Authority)." )
-
  vlc_module_begin();
      set_shortname( "GnuTLS" );
      set_description( _("GnuTLS transport layer security") );
@@ -85,8 +80,7 @@ vlc_module_begin();
      set_category( CAT_ADVANCED );
      set_subcategory( SUBCAT_ADVANCED_MISC );
  
-    add_bool( "tls-check-cert", VLC_TRUE, NULL, CHECK_CERT_TEXT,
-              CHECK_CERT_LONGTEXT, VLC_FALSE );
+    add_obsolete_bool( "tls-check-cert" );
      add_obsolete_bool( "tls-check-hostname" );
  
      add_submodule();
@@ -728,19 +722,15 @@ static int OpenClient (vlc_object_t *obj)
      sprintf (path, "%s/ssl", homedir);
      utf8_mkdir (path, 0755);
  
-    if (var_CreateGetBool (obj, "tls-check-cert"))
-    {
-        sprintf (path, "%s/ssl/certs", homedir);
-        gnutls_Addx509Directory (VLC_OBJECT (p_session),
-                                  p_sys->x509_cred, path, VLC_FALSE);
-
-        sprintf (path, "%s/ca-certificates.crt", datadir);
-        gnutls_Addx509File (VLC_OBJECT (p_session),
-                            p_sys->x509_cred, path, VLC_FALSE);
-        p_session->pf_handshake = gnutls_HandshakeAndValidate;
-    }
-    else
-        p_session->pf_handshake = gnutls_ContinueHandshake;
+    sprintf (path, "%s/ssl/certs", homedir);
+    gnutls_Addx509Directory (VLC_OBJECT (p_session),
+                             p_sys->x509_cred, path, VLC_FALSE);
+
+    sprintf (path, "%s/ca-certificates.crt", datadir);
+    gnutls_Addx509File (VLC_OBJECT (p_session),
+                        p_sys->x509_cred, path, VLC_FALSE);
+    p_session->pf_handshake = gnutls_HandshakeAndValidate;
+    /*p_session->pf_handshake = gnutls_ContinueHandshake;*/
  
      sprintf (path, "%s/ssl/private", homedir);
      gnutls_Addx509Directory (VLC_OBJECT (p_session), p_sys->x509_cred,
author	Rémi Denis-Courmont <rem@videolan.org>
	Wed, 17 Oct 2007 17:14:30 +0000 (17:14 +0000)
committer	Rémi Denis-Courmont <rem@videolan.org>
	Wed, 17 Oct 2007 17:14:30 +0000 (17:14 +0000)