From: RĂ©mi Denis-Courmont Date: Sat, 5 Mar 2005 17:46:10 +0000 (+0000) Subject: - TLS API cleanup X-Git-Tag: 0.8.2~964 X-Git-Url: https://git.sesse.net/?a=commitdiff_plain;h=73ae5d90d0ec1d6402625a5136720dc168e761f3;p=vlc - TLS API cleanup - some minor fixes as well --- diff --git a/include/vlc_tls.h b/include/vlc_tls.h index 2982f95533..1ad7f89639 100644 --- a/include/vlc_tls.h +++ b/include/vlc_tls.h @@ -1,7 +1,7 @@ /***************************************************************************** * tls.c ***************************************************************************** - * Copyright (C) 2004 VideoLAN + * Copyright (C) 2004-2005 VideoLAN * $Id: httpd.c 8263 2004-07-24 09:06:58Z courmisch $ * * Authors: Remi Denis-Courmont @@ -34,13 +34,15 @@ struct tls_t module_t *p_module; void *p_sys; - tls_server_t * (*pf_server_create) ( tls_t *, const char *, const char * ); - tls_session_t * (*pf_client_create) ( tls_t *, const char * ); + tls_server_t * (*pf_server_create) ( tls_t *, const char *, + const char * ); + tls_session_t * (*pf_client_create) ( tls_t * ); }; struct tls_server_t { - tls_t *p_tls; + VLC_COMMON_MEMBERS + void *p_sys; void (*pf_delete) ( tls_server_t * ); @@ -53,13 +55,12 @@ struct tls_server_t struct tls_session_t { - tls_t *p_tls; - tls_server_t *p_server; + VLC_COMMON_MEMBERS void *p_sys; struct virtual_socket_t sock; - int (*pf_handshake) ( tls_session_t *, int ); + int (*pf_handshake) ( tls_session_t *, int, const char * ); int (*pf_handshake2) ( tls_session_t * ); void (*pf_close) ( tls_session_t * ); }; @@ -71,7 +72,6 @@ struct tls_session_t * Allocates a whole server's TLS credentials. * Returns NULL on error. *****************************************************************************/ -# define __tls_ServerCreate( a, b, c ) (((tls_t *)a)->pf_server_create (a, b, c)) VLC_EXPORT( tls_server_t *, tls_ServerCreate, ( vlc_object_t *, const char *, const char * ) ); /***************************************************************************** @@ -92,20 +92,20 @@ VLC_EXPORT( tls_server_t *, tls_ServerCreate, ( vlc_object_t *, const char *, co # define tls_ServerAddCRL( a, b ) (((tls_server_t *)a)->pf_add_CRL (a, b)) -# define __tls_ServerDelete( a ) (((tls_server_t *)a)->pf_delete ( a )) VLC_EXPORT( void, tls_ServerDelete, ( tls_server_t * ) ); # define tls_ServerSessionPrepare( a ) (((tls_server_t *)a)->pf_session_prepare (a)) +# define tls_ServerSessionHandshake( a, b ) (((tls_session_t *)a)->pf_handshake (a, b, NULL)) +# define tls_ServerSessionClose( a ) (((tls_session_t *)a)->pf_close (a)) -# define __tls_ClientCreate( a, b ) (((tls_t *)a)->pf_client_create (a, b )) -VLC_EXPORT( tls_session_t *, tls_ClientCreate, ( vlc_object_t *, const char *, int ) ); +VLC_EXPORT( tls_session_t *, tls_ClientCreate, ( vlc_object_t *, int, const char * ) ); VLC_EXPORT( void, tls_ClientDelete, ( tls_session_t * ) ); -# define tls_SessionHandshake( a, b ) (((tls_session_t *)a)->pf_handshake (a, b)) +# define tls_ClientSessionHandshake( a, b, c ) (((tls_session_t *)a)->pf_handshake (a, b, c)) + # define tls_SessionContinueHandshake( a ) (((tls_session_t *)a)->pf_handshake2 (a)) -# define tls_SessionClose( a ) (((tls_session_t *)a)->pf_close (a)) /* NOTE: It is assumed that a->sock.p_sys = a */ # define tls_Send( a, b, c ) (((tls_session_t *)a)->sock.pf_send (a, b, c )) diff --git a/modules/access/http.c b/modules/access/http.c index 9adde3d245..2371e5aa28 100644 --- a/modules/access/http.c +++ b/modules/access/http.c @@ -860,7 +860,7 @@ static int Connect( access_t *p_access, int64_t i_tell ) return VLC_EGENERIC; } - p_sys->p_tls = tls_ClientCreate( VLC_OBJECT(p_access), NULL, p_sys->fd ); + p_sys->p_tls = tls_ClientCreate( VLC_OBJECT(p_access), p_sys->fd, NULL ); if( p_sys->p_tls == NULL ) { msg_Err( p_access, "cannot establish HTTP/SSL session" ); diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c index 97aefe0327..f757669477 100644 --- a/modules/misc/gnutls.c +++ b/modules/misc/gnutls.c @@ -111,6 +111,7 @@ typedef struct tls_server_sys_t typedef struct tls_session_sys_t { gnutls_session session; + vlc_bool_t b_handshaked; } tls_session_sys_t; @@ -199,25 +200,28 @@ gnutls_SessionContinueHandshake( tls_session_t *p_session) if( val < 0 ) { - gnutls_deinit( p_sys->session ); - msg_Err( p_session->p_tls, "TLS handshake failed : %s", + msg_Err( p_session, "TLS handshake failed : %s", gnutls_strerror( val ) ); - free( p_sys ); - free( p_session ); + p_session->pf_close( p_session ); return -1; } + p_sys->b_handshaked = VLC_TRUE; return 0; } static int -gnutls_SessionHandshake( tls_session_t *p_session, int fd ) +gnutls_SessionHandshake( tls_session_t *p_session, int fd, + const char *psz_hostname ) { tls_session_sys_t *p_sys; p_sys = (tls_session_sys_t *)(p_session->p_sys); gnutls_transport_set_ptr (p_sys->session, (gnutls_transport_ptr)fd); + if( psz_hostname != NULL ) + gnutls_server_name_set( p_sys->session, GNUTLS_NAME_DNS, psz_hostname, + strlen( psz_hostname ) ); return gnutls_SessionContinueHandshake( p_session ); } @@ -235,15 +239,23 @@ gnutls_SessionClose( tls_session_t *p_session ) p_sys = (tls_session_sys_t *)(p_session->p_sys); - /* On the client-side, credentials are re-allocated per session */ - if( p_session->p_server == NULL ) - gnutls_certificate_free_credentials( ((tls_client_sys_t *)p_sys) - ->x509_cred ); - - gnutls_bye( p_sys->session, GNUTLS_SHUT_WR ); + if( p_sys->b_handshaked == VLC_TRUE ) + gnutls_bye( p_sys->session, GNUTLS_SHUT_WR ); gnutls_deinit( p_sys->session ); + + vlc_object_detach( p_session ); + vlc_object_destroy( p_session ); + free( p_sys ); - free( p_session ); +} + +static void +gnutls_ClientDelete( tls_session_t *p_session ) +{ + /* On the client-side, credentials are re-allocated per session */ + gnutls_certificate_free_credentials( ((tls_client_sys_t *) + (p_session->p_sys))->x509_cred ); + gnutls_SessionClose( p_session ); } @@ -253,10 +265,10 @@ gnutls_SessionClose( tls_session_t *p_session ) * Initializes client-side TLS session data. *****************************************************************************/ static tls_session_t * -gnutls_ClientCreate( tls_t *p_tls, const char *psz_ca_path ) +gnutls_ClientCreate( tls_t *p_tls ) { - tls_session_t *p_session; - tls_client_sys_t *p_sys; + tls_session_t *p_session = NULL; + tls_client_sys_t *p_sys = NULL; int i_val; const int cert_type_priority[3] = { @@ -267,16 +279,35 @@ gnutls_ClientCreate( tls_t *p_tls, const char *psz_ca_path ) p_sys = (tls_client_sys_t *)malloc( sizeof(struct tls_client_sys_t) ); if( p_sys == NULL ) return NULL; + + p_session = (struct tls_session_t *)vlc_object_create ( p_tls, sizeof(struct tls_session_t) ); + if( p_session == NULL ) + { + free( p_sys ); + return NULL; + } + + p_session->p_sys = p_sys; + p_session->sock.p_sys = p_session; + p_session->sock.pf_send = gnutls_Send; + p_session->sock.pf_recv = gnutls_Recv; + p_session->pf_handshake = gnutls_SessionHandshake; + p_session->pf_handshake2 = gnutls_SessionContinueHandshake; + p_session->pf_close = gnutls_ClientDelete; + + p_sys->session.b_handshaked = VLC_FALSE; + + vlc_object_attach( p_session, p_tls ); i_val = gnutls_certificate_allocate_credentials( &p_sys->x509_cred ); if( i_val != 0 ) { msg_Err( p_tls, "Cannot allocate X509 credentials : %s", gnutls_strerror( i_val ) ); - free( p_sys ); - return NULL; + goto error; } +#if 0 if( psz_ca_path != NULL ) { i_val = gnutls_certificate_set_x509_trust_file( p_sys->x509_cred, @@ -287,19 +318,17 @@ gnutls_ClientCreate( tls_t *p_tls, const char *psz_ca_path ) msg_Err( p_tls, "Cannot add trusted CA (%s) : %s", psz_ca_path, gnutls_strerror( i_val ) ); gnutls_certificate_free_credentials( p_sys->x509_cred ); - free( p_sys ); - return NULL; + goto error; } } - +#endif i_val = gnutls_init( &p_sys->session.session, GNUTLS_CLIENT ); if( i_val != 0 ) { msg_Err( p_tls, "Cannot initialize TLS session : %s", gnutls_strerror( i_val ) ); gnutls_certificate_free_credentials( p_sys->x509_cred ); - free( p_sys ); - return NULL; + goto error; } i_val = gnutls_set_default_priority( p_sys->session.session ); @@ -309,8 +338,7 @@ gnutls_ClientCreate( tls_t *p_tls, const char *psz_ca_path ) gnutls_strerror( i_val ) ); gnutls_deinit( p_sys->session.session ); gnutls_certificate_free_credentials( p_sys->x509_cred ); - free( p_sys ); - return NULL; + goto error; } i_val = gnutls_certificate_type_set_priority( p_sys->session.session, @@ -321,8 +349,7 @@ gnutls_ClientCreate( tls_t *p_tls, const char *psz_ca_path ) gnutls_strerror( i_val ) ); gnutls_deinit( p_sys->session.session ); gnutls_certificate_free_credentials( p_sys->x509_cred ); - free( p_sys ); - return NULL; + goto error; } i_val = gnutls_credentials_set( p_sys->session.session, @@ -334,30 +361,17 @@ gnutls_ClientCreate( tls_t *p_tls, const char *psz_ca_path ) gnutls_strerror( i_val ) ); gnutls_deinit( p_sys->session.session ); gnutls_certificate_free_credentials( p_sys->x509_cred ); - free( p_sys ); - return NULL; + goto error; } - p_session = malloc( sizeof (struct tls_session_t) ); - if( p_session == NULL ) - { - gnutls_deinit( p_sys->session.session ); - gnutls_certificate_free_credentials( p_sys->x509_cred ); - free( p_sys ); - return NULL; - } + return p_session; - p_session->p_tls = p_tls; - p_session->p_server = NULL; - p_session->p_sys = p_sys; - p_session->sock.p_sys = p_session; - p_session->sock.pf_send = gnutls_Send; - p_session->sock.pf_recv = gnutls_Recv; - p_session->pf_handshake = gnutls_SessionHandshake; - p_session->pf_handshake2 = gnutls_SessionContinueHandshake; - p_session->pf_close = gnutls_SessionClose; +error: + vlc_object_detach( p_session ); + vlc_object_destroy( p_session ); + free( p_sys ); - return p_session; + return NULL; } @@ -471,21 +485,45 @@ gnutls_ServerSessionPrepare( tls_server_t *p_server ) gnutls_session session; int i_val; + p_session = vlc_object_create( p_server, sizeof (struct tls_session_t) ); + if( p_session == NULL ) + return NULL; + + p_session->p_sys = malloc( sizeof(struct tls_session_sys_t) ); + if( p_session->p_sys == NULL ) + { + vlc_object_destroy( p_session ); + return NULL; + } + + vlc_object_attach( p_session, p_server ); + + p_session->sock.p_sys = p_session; + p_session->sock.pf_send = gnutls_Send; + p_session->sock.pf_recv = gnutls_Recv; + p_session->pf_handshake = gnutls_SessionHandshake; + p_session->pf_handshake2 = gnutls_SessionContinueHandshake; + p_session->pf_close = gnutls_SessionClose; + + ((tls_session_sys_t *)p_session->p_sys)->b_handshaked = VLC_FALSE; + i_val = gnutls_init( &session, GNUTLS_SERVER ); if( i_val != 0 ) { - msg_Err( p_server->p_tls, "Cannot initialize TLS session : %s", + msg_Err( p_server, "Cannot initialize TLS session : %s", gnutls_strerror( i_val ) ); - return NULL; + goto error; } - + + ((tls_session_sys_t *)p_session->p_sys)->session = session; + i_val = gnutls_set_default_priority( session ); if( i_val < 0 ) { - msg_Err( p_server->p_tls, "Cannot set ciphers priorities : %s", + msg_Err( p_server, "Cannot set ciphers priorities : %s", gnutls_strerror( i_val ) ); gnutls_deinit( session ); - return NULL; + goto error; } i_val = gnutls_credentials_set( session, GNUTLS_CRD_CERTIFICATE, @@ -493,53 +531,33 @@ gnutls_ServerSessionPrepare( tls_server_t *p_server ) ->x509_cred ); if( i_val < 0 ) { - msg_Err( p_server->p_tls, "Cannot set TLS session credentials : %s", + msg_Err( p_server, "Cannot set TLS session credentials : %s", gnutls_strerror( i_val ) ); gnutls_deinit( session ); - return NULL; + goto error; } /* TODO: support for client authentication */ /*gnutls_certificate_server_set_request( p_session->session, GNUTLS_CERT_REQUEST ); */ - gnutls_dh_set_prime_bits( session, get_Int( p_server->p_tls, "dh-bits" ) ); + gnutls_dh_set_prime_bits( session, get_Int( p_server, "dh-bits" ) ); /* Session resumption support */ - gnutls_db_set_cache_expiration( session, get_Int( p_server->p_tls, + gnutls_db_set_cache_expiration( session, get_Int( p_server, "tls-cache-expiration" ) ); gnutls_db_set_retrieve_function( session, cb_fetch ); gnutls_db_set_remove_function( session, cb_delete ); gnutls_db_set_store_function( session, cb_store ); gnutls_db_set_ptr( session, p_server ); - p_session = malloc( sizeof (struct tls_session_t) ); - if( p_session == NULL ) - { - gnutls_deinit( session ); - return NULL; - } - - p_session->p_sys = (tls_session_sys_t *)malloc( sizeof(struct tls_session_sys_t) ); - if( p_session->p_sys == NULL ) - { - gnutls_deinit( session ); - free( p_session ); - return NULL; - } - - ((tls_session_sys_t *)p_session->p_sys)->session = session; - - p_session->p_tls = p_server->p_tls; - p_session->p_server = p_server; - p_session->sock.p_sys = p_session; - p_session->sock.pf_send = gnutls_Send; - p_session->sock.pf_recv = gnutls_Recv; - p_session->pf_handshake = gnutls_SessionHandshake; - p_session->pf_handshake2 = gnutls_SessionContinueHandshake; - p_session->pf_close = gnutls_SessionClose; - return p_session; + +error: + free( p_session->p_sys ); + vlc_object_detach( p_session ); + vlc_object_destroy( p_session ); + return NULL; } @@ -556,10 +574,13 @@ gnutls_ServerDelete( tls_server_t *p_server ) p_sys = (tls_server_sys_t *)p_server->p_sys; gnutls_certificate_free_credentials( p_sys->x509_cred ); - free( p_sys->p_cache ); vlc_mutex_destroy( &p_sys->cache_lock ); + + vlc_object_detach( p_server ); + vlc_object_destroy( p_server ); + + free( p_sys->p_cache ); free( p_sys ); - free( p_server ); } @@ -583,13 +604,12 @@ gnutls_ServerAddCA( tls_server_t *p_server, const char *psz_ca_path ) GNUTLS_X509_FMT_PEM ); if( val < 0 ) { - msg_Err( p_server->p_tls, "Cannot add trusted CA (%s) : %s", - psz_ca_path, gnutls_strerror( val ) ); + msg_Err( p_server, "Cannot add trusted CA (%s) : %s", psz_ca_path, + gnutls_strerror( val ) ); gnutls_ServerDelete( p_server ); return VLC_EGENERIC; } - msg_Dbg( p_server->p_tls, " %d trusted CA added (%s)", val, - psz_ca_path ); + msg_Dbg( p_server, " %d trusted CA added (%s)", val, psz_ca_path ); return VLC_SUCCESS; } @@ -611,12 +631,12 @@ gnutls_ServerAddCRL( tls_server_t *p_server, const char *psz_crl_path ) GNUTLS_X509_FMT_PEM ); if( val < 0 ) { - msg_Err( p_server->p_tls, "Cannot add CRL (%s) : %s", - psz_crl_path, gnutls_strerror( val ) ); + msg_Err( p_server, "Cannot add CRL (%s) : %s", psz_crl_path, + gnutls_strerror( val ) ); gnutls_ServerDelete( p_server ); return VLC_EGENERIC; } - msg_Dbg( p_server->p_tls, "%d CRL added (%s)", val, psz_crl_path ); + msg_Dbg( p_server, "%d CRL added (%s)", val, psz_crl_path ); return VLC_SUCCESS; } @@ -628,93 +648,98 @@ gnutls_ServerAddCRL( tls_server_t *p_server, const char *psz_crl_path ) * Returns NULL on error. *****************************************************************************/ static tls_server_t * -gnutls_ServerCreate( tls_t *p_this, const char *psz_cert_path, - const char *psz_key_path ) +gnutls_ServerCreate( tls_t *p_tls, const char *psz_cert_path, + const char *psz_key_path ) { tls_server_t *p_server; - tls_server_sys_t *p_server_sys; + tls_server_sys_t *p_sys; int val; - msg_Dbg( p_this, "Creating TLS server" ); + msg_Dbg( p_tls, "Creating TLS server" ); - p_server_sys = (tls_server_sys_t *)malloc( sizeof(struct tls_server_sys_t) ); - if( p_server_sys == NULL ) + p_sys = (tls_server_sys_t *)malloc( sizeof(struct tls_server_sys_t) ); + if( p_sys == NULL ) return NULL; - p_server_sys->i_cache_size = get_Int( p_this, "tls-cache-size" ); - p_server_sys->p_cache = (struct saved_session_t *) - calloc( p_server_sys->i_cache_size, - sizeof( struct saved_session_t ) ); - if( p_server_sys->p_cache == NULL ) + p_sys->i_cache_size = get_Int( p_tls, "tls-cache-size" ); + p_sys->p_cache = (struct saved_session_t *)calloc( p_sys->i_cache_size, + sizeof( struct saved_session_t ) ); + if( p_sys->p_cache == NULL ) + { + free( p_sys ); + return NULL; + } + p_sys->p_store = p_sys->p_cache; + + p_server = vlc_object_create( p_tls, sizeof(struct tls_server_t) ); + if( p_server == NULL ) { - free( p_server_sys ); + free( p_sys->p_cache ); + free( p_sys ); return NULL; } - p_server_sys->p_store = p_server_sys->p_cache; + + vlc_object_attach( p_server, p_tls ); + + p_server->p_sys = p_sys; + p_server->pf_delete = gnutls_ServerDelete; + p_server->pf_add_CA = gnutls_ServerAddCA; + p_server->pf_add_CRL = gnutls_ServerAddCRL; + p_server->pf_session_prepare = gnutls_ServerSessionPrepare; + /* FIXME: check for errors */ - vlc_mutex_init( p_this, &p_server_sys->cache_lock ); + vlc_mutex_init( p_server, &p_sys->cache_lock ); /* Sets server's credentials */ - val = gnutls_certificate_allocate_credentials( &p_server_sys->x509_cred ); + val = gnutls_certificate_allocate_credentials( &p_sys->x509_cred ); if( val != 0 ) { - msg_Err( p_this, "Cannot allocate X509 credentials : %s", + msg_Err( p_server, "Cannot allocate X509 credentials : %s", gnutls_strerror( val ) ); - free( p_server_sys ); - return NULL; + goto error; } - val = gnutls_certificate_set_x509_key_file( p_server_sys->x509_cred, + val = gnutls_certificate_set_x509_key_file( p_sys->x509_cred, psz_cert_path, psz_key_path, GNUTLS_X509_FMT_PEM ); if( val < 0 ) { - msg_Err( p_this, "Cannot set certificate chain or private key : %s", + msg_Err( p_server, "Cannot set certificate chain or private key : %s", gnutls_strerror( val ) ); - gnutls_certificate_free_credentials( p_server_sys->x509_cred ); - free( p_server_sys ); - return NULL; + gnutls_certificate_free_credentials( p_sys->x509_cred ); + goto error; } /* FIXME: * - regenerate these regularly * - support other ciper suites */ - val = gnutls_dh_params_init( &p_server_sys->dh_params ); + val = gnutls_dh_params_init( &p_sys->dh_params ); if( val >= 0 ) { - msg_Dbg( p_this, "Computing Diffie Hellman ciphers parameters" ); - val = gnutls_dh_params_generate2( p_server_sys->dh_params, - get_Int( p_this, "dh-bits" ) ); + msg_Dbg( p_server, "Computing Diffie Hellman ciphers parameters" ); + val = gnutls_dh_params_generate2( p_sys->dh_params, + get_Int( p_tls, "dh-bits" ) ); } if( val < 0 ) { - msg_Err( p_this, "Cannot initialize DH cipher suites : %s", + msg_Err( p_server, "Cannot initialize DH cipher suites : %s", gnutls_strerror( val ) ); - gnutls_certificate_free_credentials( p_server_sys->x509_cred ); - free( p_server_sys ); - return NULL; - } - msg_Dbg( p_this, "Ciphers parameters computed" ); - - gnutls_certificate_set_dh_params( p_server_sys->x509_cred, - p_server_sys->dh_params); - - p_server = (tls_server_t *)malloc( sizeof(struct tls_server_t) ); - if( p_server == NULL ) - { - free( p_server_sys ); - return NULL; + gnutls_certificate_free_credentials( p_sys->x509_cred ); + goto error; } + msg_Dbg( p_server, "Ciphers parameters computed" ); - p_server->p_tls = p_this; - p_server->p_sys = p_server_sys; - p_server->pf_delete = gnutls_ServerDelete; - p_server->pf_add_CA = gnutls_ServerAddCA; - p_server->pf_add_CRL = gnutls_ServerAddCRL; - p_server->pf_session_prepare = gnutls_ServerSessionPrepare; + gnutls_certificate_set_dh_params( p_sys->x509_cred, p_sys->dh_params); return p_server; + +error: + vlc_mutex_destroy( &p_sys->cache_lock ); + vlc_object_detach( p_server ); + vlc_object_destroy( p_server ); + free( p_sys ); + return NULL; } diff --git a/src/misc/httpd.c b/src/misc/httpd.c index c15c1c115d..62d9a70978 100644 --- a/src/misc/httpd.c +++ b/src/misc/httpd.c @@ -1539,7 +1539,7 @@ static void httpd_ClientClean( httpd_client_t *cl ) if( cl->fd >= 0 ) { if( cl->p_tls != NULL ) - tls_SessionClose( cl->p_tls ); + tls_ServerSessionClose( cl->p_tls ); net_Close( cl->fd ); cl->fd = -1; } @@ -2480,7 +2480,7 @@ static void httpd_HostThread( httpd_host_t *host ) if( p_tls != NULL) { - switch ( tls_SessionHandshake( p_tls, fd ) ) + switch ( tls_ServerSessionHandshake( p_tls, fd ) ) { case -1: msg_Err( host, "Rejecting TLS connection" ); @@ -2553,6 +2553,9 @@ static void httpd_HostThread( httpd_host_t *host ) } vlc_mutex_unlock( &host->lock ); } + + if( p_tls != NULL ) + tls_ServerSessionClose( p_tls ); } #ifndef HAVE_GETADDRINFO diff --git a/src/misc/tls.c b/src/misc/tls.c index fe64e16e94..78e068dcd9 100644 --- a/src/misc/tls.c +++ b/src/misc/tls.c @@ -1,7 +1,7 @@ /***************************************************************************** * tls.c ***************************************************************************** - * Copyright (C) 2004 VideoLAN + * Copyright (C) 2004-2005 VideoLAN * $Id: httpd.c 8263 2004-07-24 09:06:58Z courmisch $ * * Authors: Remi Denis-Courmont @@ -55,18 +55,18 @@ tls_ServerCreate( vlc_object_t *p_this, const char *psz_cert, if( psz_key == NULL ) psz_key = psz_cert; - p_server = __tls_ServerCreate( p_tls, psz_cert, psz_key ); + p_server = p_tls->pf_server_create( p_tls, psz_cert, psz_key ); if( p_server != NULL ) { - msg_Dbg( p_this, "TLS/SSL provider initialized" ); + msg_Dbg( p_tls, "TLS/SSL provider initialized" ); return p_server; } else - msg_Err( p_this, "TLS/SSL provider error" ); + msg_Err( p_tls, "TLS/SSL provider error" ); module_Unneed( p_tls, p_tls->p_module ); } else - msg_Err( p_this, "TLS/SSL provider not found" ); + msg_Err( p_tls, "TLS/SSL provider not found" ); vlc_object_detach( p_tls ); vlc_object_destroy( p_tls ); @@ -82,9 +82,9 @@ tls_ServerCreate( vlc_object_t *p_this, const char *psz_cert, void tls_ServerDelete( tls_server_t *p_server ) { - tls_t *p_tls = p_server->p_tls; + tls_t *p_tls = (tls_t *)p_server->p_parent; - __tls_ServerDelete( p_server ); + p_server->pf_delete( p_server ); module_Unneed( p_tls, p_tls->p_module ); vlc_object_detach( p_tls ); @@ -99,7 +99,7 @@ tls_ServerDelete( tls_server_t *p_server ) * Returns NULL on error. This is a blocking network operation. *****************************************************************************/ tls_session_t * -tls_ClientCreate( vlc_object_t *p_this, const char *psz_ca, int fd ) +tls_ClientCreate( vlc_object_t *p_this, int fd, const char *psz_hostname ) { tls_t *p_tls; tls_session_t *p_session; @@ -110,12 +110,14 @@ tls_ClientCreate( vlc_object_t *p_this, const char *psz_ca, int fd ) p_tls->p_module = module_Need( p_tls, "tls", 0, 0 ); if( p_tls->p_module != NULL ) { - p_session = __tls_ClientCreate( p_tls, psz_ca ); + p_session = p_tls->pf_client_create( p_tls ); if( p_session != NULL ) { int i_val; - for( i_val = tls_SessionHandshake( p_session, fd ); i_val > 0; + for( i_val = tls_ClientSessionHandshake( p_session, fd, + psz_hostname ); + i_val > 0; i_val = tls_SessionContinueHandshake( p_session ) ); if( i_val == 0 ) @@ -146,9 +148,9 @@ tls_ClientCreate( vlc_object_t *p_this, const char *psz_ca, int fd ) void tls_ClientDelete( tls_session_t *p_session ) { - tls_t *p_tls = p_session->p_tls; + tls_t *p_tls = (tls_t *)p_session->p_parent; - tls_SessionClose( p_session ); + p_session->pf_close( p_session ); module_Unneed( p_tls, p_tls->p_module ); vlc_object_detach( p_tls );