Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
vlc-2-2
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
videolan
vlc-2-2
Commits
1b9d495d
Commit
1b9d495d
authored
May 17, 2011
by
Rémi Denis-Courmont
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
GNU TLS: switch to string based priorities (fix Debian #624027)
parent
3a4ab15b
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
21 additions
and
101 deletions
+21
-101
modules/misc/gnutls.c
modules/misc/gnutls.c
+21
-101
No files found.
modules/misc/gnutls.c
View file @
1b9d495d
...
@@ -73,6 +73,11 @@ static void CloseClient (vlc_object_t *);
...
@@ -73,6 +73,11 @@ static void CloseClient (vlc_object_t *);
static
int
OpenServer
(
vlc_object_t
*
);
static
int
OpenServer
(
vlc_object_t
*
);
static
void
CloseServer
(
vlc_object_t
*
);
static
void
CloseServer
(
vlc_object_t
*
);
#define PRIORITIES_TEXT N_("TLS cipher priorities")
#define PRIORITIES_LONGTEXT N_("Ciphers, key exchange methods, " \
"hash functions and compression methods can be selected. " \
"Refer to GNU TLS documentation for detailed syntax.")
#define CACHE_TIMEOUT_TEXT N_("Expiration time for resumed TLS sessions")
#define CACHE_TIMEOUT_TEXT N_("Expiration time for resumed TLS sessions")
#define CACHE_TIMEOUT_LONGTEXT N_( \
#define CACHE_TIMEOUT_LONGTEXT N_( \
"It is possible to cache the resumed TLS sessions. This is the expiration "\
"It is possible to cache the resumed TLS sessions. This is the expiration "\
...
@@ -84,20 +89,22 @@ static void CloseServer (vlc_object_t *);
...
@@ -84,20 +89,22 @@ static void CloseServer (vlc_object_t *);
"the cache will hold." )
"the cache will hold." )
vlc_module_begin
()
vlc_module_begin
()
set_shortname
(
"G
nu
TLS"
)
set_shortname
(
"G
NU
TLS"
)
set_description
(
N_
(
"G
nu
TLS transport layer security"
)
)
set_description
(
N_
(
"G
NU
TLS transport layer security"
)
)
set_capability
(
"tls client"
,
1
)
set_capability
(
"tls client"
,
1
)
set_callbacks
(
OpenClient
,
CloseClient
)
set_callbacks
(
OpenClient
,
CloseClient
)
set_category
(
CAT_ADVANCED
)
set_category
(
CAT_ADVANCED
)
set_subcategory
(
SUBCAT_ADVANCED_MISC
)
set_subcategory
(
SUBCAT_ADVANCED_MISC
)
add_submodule
()
add_submodule
()
set_description
(
N_
(
"G
nu
TLS server"
)
)
set_description
(
N_
(
"G
NU
TLS server"
)
)
set_capability
(
"tls server"
,
1
)
set_capability
(
"tls server"
,
1
)
set_category
(
CAT_ADVANCED
)
set_category
(
CAT_ADVANCED
)
set_subcategory
(
SUBCAT_ADVANCED_MISC
)
set_subcategory
(
SUBCAT_ADVANCED_MISC
)
set_callbacks
(
OpenServer
,
CloseServer
)
set_callbacks
(
OpenServer
,
CloseServer
)
add_string
(
"gnutls-priorities"
,
"NORMAL"
,
PRIORITIES_TEXT
,
PRIORITIES_LONGTEXT
,
false
)
add_integer
(
"gnutls-cache-timeout"
,
CACHE_TIMEOUT
,
add_integer
(
"gnutls-cache-timeout"
,
CACHE_TIMEOUT
,
CACHE_TIMEOUT_TEXT
,
CACHE_TIMEOUT_LONGTEXT
,
true
)
CACHE_TIMEOUT_TEXT
,
CACHE_TIMEOUT_LONGTEXT
,
true
)
add_integer
(
"gnutls-cache-size"
,
CACHE_SIZE
,
CACHE_SIZE_TEXT
,
add_integer
(
"gnutls-cache-size"
,
CACHE_SIZE
,
CACHE_SIZE_TEXT
,
...
@@ -391,112 +398,25 @@ gnutls_SetFD (tls_session_t *p_session, int fd)
...
@@ -391,112 +398,25 @@ gnutls_SetFD (tls_session_t *p_session, int fd)
(
gnutls_transport_ptr_t
)(
intptr_t
)
fd
);
(
gnutls_transport_ptr_t
)(
intptr_t
)
fd
);
}
}
typedef
int
(
*
tls_prio_func
)
(
gnutls_session_t
,
const
int
*
);
static
int
gnutls_SetPriority
(
vlc_object_t
*
restrict
obj
,
const
char
*
restrict
name
,
tls_prio_func
func
,
gnutls_session_t
session
,
const
int
*
restrict
values
)
{
int
val
=
func
(
session
,
values
);
if
(
val
<
0
)
{
msg_Err
(
obj
,
"cannot set %s priorities: %s"
,
name
,
gnutls_strerror
(
val
));
return
VLC_EGENERIC
;
}
return
VLC_SUCCESS
;
}
static
int
static
int
gnutls_SessionPrioritize
(
vlc_object_t
*
obj
,
gnutls_session_t
session
)
gnutls_SessionPrioritize
(
vlc_object_t
*
obj
,
gnutls_session_t
session
)
{
{
/* Note that ordering matters (on the client side) */
char
*
priorities
=
var_InheritString
(
obj
,
"gnutls-priorities"
);
static
const
int
protos
[]
=
if
(
unlikely
(
priorities
==
NULL
))
{
return
VLC_ENOMEM
;
/*GNUTLS_TLS1_2, as of GnuTLS 2.6.5, still not ratified */
GNUTLS_TLS1_1
,
GNUTLS_TLS1_0
,
GNUTLS_SSL3
,
0
};
static
const
int
comps
[]
=
{
GNUTLS_COMP_DEFLATE
,
GNUTLS_COMP_NULL
,
0
};
static
const
int
macs
[]
=
{
GNUTLS_MAC_SHA512
,
GNUTLS_MAC_SHA384
,
GNUTLS_MAC_SHA256
,
GNUTLS_MAC_SHA1
,
GNUTLS_MAC_RMD160
,
// RIPEMD
GNUTLS_MAC_MD5
,
//GNUTLS_MAC_MD2,
//GNUTLS_MAC_NULL,
0
};
static
const
int
ciphers
[]
=
{
GNUTLS_CIPHER_AES_256_CBC
,
GNUTLS_CIPHER_AES_128_CBC
,
GNUTLS_CIPHER_3DES_CBC
,
GNUTLS_CIPHER_ARCFOUR_128
,
// TODO? Camellia ciphers?
//GNUTLS_CIPHER_DES_CBC,
//GNUTLS_CIPHER_ARCFOUR_40,
//GNUTLS_CIPHER_RC2_40_CBC,
//GNUTLS_CIPHER_NULL,
0
};
static
const
int
kx
[]
=
{
GNUTLS_KX_DHE_RSA
,
GNUTLS_KX_DHE_DSS
,
GNUTLS_KX_RSA
,
//GNUTLS_KX_RSA_EXPORT,
//GNUTLS_KX_DHE_PSK, TODO
//GNUTLS_KX_PSK, TODO
//GNUTLS_KX_SRP_RSA, TODO
//GNUTLS_KX_SRP_DSS, TODO
//GNUTLS_KX_SRP, TODO
//GNUTLS_KX_ANON_DH,
0
};
static
const
int
cert_types
[]
=
{
GNUTLS_CRT_X509
,
//GNUTLS_CRT_OPENPGP, TODO
0
};
int
val
=
gnutls_set_default_priority
(
session
);
const
char
*
errp
;
int
val
=
gnutls_priority_set_direct
(
session
,
priorities
,
&
errp
);
if
(
val
<
0
)
if
(
val
<
0
)
{
{
msg_Err
(
obj
,
"cannot set
default TLS priorities: %s"
,
msg_Err
(
obj
,
"cannot set
TLS priorities
\"
%s
\"
: %s"
,
errp
,
gnutls_strerror
(
val
));
gnutls_strerror
(
val
));
return
VLC_EGENERIC
;
val
=
VLC_EGENERIC
;
}
}
else
if
(
gnutls_SetPriority
(
obj
,
"protocols"
,
val
=
VLC_SUCCESS
;
gnutls_protocol_set_priority
,
session
,
protos
)
free
(
priorities
);
||
gnutls_SetPriority
(
obj
,
"compression algorithms"
,
return
val
;
gnutls_compression_set_priority
,
session
,
comps
)
||
gnutls_SetPriority
(
obj
,
"MAC algorithms"
,
gnutls_mac_set_priority
,
session
,
macs
)
||
gnutls_SetPriority
(
obj
,
"ciphers"
,
gnutls_cipher_set_priority
,
session
,
ciphers
)
||
gnutls_SetPriority
(
obj
,
"key exchange algorithms"
,
gnutls_kx_set_priority
,
session
,
kx
)
||
gnutls_SetPriority
(
obj
,
"certificate types"
,
gnutls_certificate_type_set_priority
,
session
,
cert_types
))
return
VLC_EGENERIC
;
return
VLC_SUCCESS
;
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment