From: Rémi Denis-Courmont <rem@videolan.org>
Date: Thu, 10 Mar 2005 08:23:03 +0000 (+0000)
Subject: - Fix GnuTLS version detection
X-Git-Tag: 0.8.2~869
X-Git-Url: https://git.sesse.net/?a=commitdiff_plain;h=25c37b3f1648cd9ca99e4b5ba24ef0d2496aac66;p=vlc

- Fix GnuTLS version detection
---

diff --git a/configure.ac b/configure.ac
index 39d2137bc7..4ad773dd28 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1273,8 +1273,8 @@ AS_IF([test "${enable_gnutls}" != "no"], [
   AC_CHECK_HEADER(gcrypt.h,
     [AC_CHECK_LIB(gcrypt, gcry_control,
       [AC_CHECK_HEADER(gnutls/gnutls.h,
-        [AC_CHECK_LIB(gnutls, gnutls_deinit,
-	  [have_gnutls="yes"],, ${gnutls_LIBS})])],,
+        [AC_CHECK_LIB(gnutls, gnutls_certificate_verify_peers2,
+	  [have_gnutls="yes"],[old_gnutls="yes"], ${gnutls_LIBS})])],,
      ${gcrypt_LIBS})])
 
   AS_IF([test "${have_gnutls}" = "yes"], [
@@ -1282,7 +1282,7 @@ AS_IF([test "${enable_gnutls}" != "no"], [
     VLC_ADD_LDFLAGS([gnutls], [-lgnutls -lgcrypt -lgpg-error])
   ], [
     AS_IF([test "${enable_gnutls}" = "yes"], [
-      AC_MSG_ERROR([gnutls/gcrypt TLS/SSL support cannot be compiled])]
+      AC_MSG_ERROR([gnutls not present or too old (version 1.0.17 required)])]
     )]
   )]
 )
diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c
index 3517e72cb6..538c1b040d 100644
--- a/modules/misc/gnutls.c
+++ b/modules/misc/gnutls.c
@@ -65,6 +65,14 @@ static void Close( vlc_object_t * );
     "Allows you to modify the maximum number of resumed TLS sessions that " \
     "the cache will hold." )
 
+#define CHECK_CERT_TEXT N_("Check TLS/SSL server certificate validity")
+#define CHECK_CERT_LONGTEXT N_( \
+    "Ensures that server certificate is valid " \
+    "(ie. signed by an approved Certificate Authority)." )
+
+#define CHECK_HOSTNAME_TEXT N_("Check TLS/SSL server hostname in certificate")
+#define CHECK_HOSTNAME_LONGTEXT N_( \
+    "Ensures that server hostname in certificate match requested host name." )
 
 vlc_module_begin();
     set_description( _("GnuTLS TLS encryption layer") );
@@ -73,6 +81,13 @@ vlc_module_begin();
     set_category( CAT_ADVANCED );
     set_subcategory( SUBCAT_ADVANCED_MISC );
 
+#if 0
+    add_bool( "tls-check-cert", VLC_FALSE, NULL, CHECK_CERT_TEXT,
+              CHECK_CERT_LONGTEXT, VLC_FALSE );
+    add_bool( "tls-check-hostname", VLC_FALSE, NULL, CHECK_HOSTNAME_TEXT,
+              CHECK_HOSTNAME_LONGTEXT, VLC_FALSE );
+#endif
+
     add_integer( "dh-bits", DH_BITS, NULL, DH_BITS_TEXT,
                  DH_BITS_LONGTEXT, VLC_TRUE );
     add_integer( "tls-cache-expiration", CACHE_EXPIRATION, NULL,
@@ -865,6 +880,8 @@ Open( vlc_object_t *p_this )
 
     if( count.i_int == 0)
     {
+        const char *psz_version;
+
         __p_gcry_data = VLC_OBJECT( p_this->p_vlc );
 
         gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_vlc);
@@ -874,14 +891,19 @@ Open( vlc_object_t *p_this )
             vlc_mutex_unlock( lock.p_address );
             return VLC_EGENERIC;
         }
-        if( gnutls_check_version( "1.0.0" ) == NULL )
+        /*
+         * FIXME: in fact, we currently depends on 1.0.17, but it breaks on
+         * Debian which as a patched 1.0.16 (which we can use).
+         */
+        psz_version = gnutls_check_version( "1.0.16" );
+        if( psz_version == NULL )
         {
             gnutls_global_deinit( );
             vlc_mutex_unlock( lock.p_address );
             msg_Err( p_this, "unsupported GnuTLS version" );
             return VLC_EGENERIC;
         }
-        msg_Dbg( p_this, "GnuTLS initialized" );
+        msg_Dbg( p_this, "GnuTLS v%s initialized", psz_version );
     }
 
     count.i_int++;