Commit 3ece7ecb authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont

There is really no excuse for not checking the hostname.

I wonder why I added this option in the first place.
parent 2cbdbc87
...@@ -80,11 +80,6 @@ static void Close( vlc_object_t * ); ...@@ -80,11 +80,6 @@ static void Close( vlc_object_t * );
"This ensures that the server certificate is valid " \ "This ensures that the server certificate is valid " \
"(i.e. signed by an approved Certification Authority)." ) "(i.e. signed by an approved Certification Authority)." )
#define CHECK_HOSTNAME_TEXT N_("Check TLS/SSL server hostname in certificate")
#define CHECK_HOSTNAME_LONGTEXT N_( \
"This ensures that the server hostname in certificate matches the " \
"requested host name." )
vlc_module_begin(); vlc_module_begin();
set_shortname( "GnuTLS" ); set_shortname( "GnuTLS" );
set_description( _("GnuTLS TLS encryption layer") ); set_description( _("GnuTLS TLS encryption layer") );
...@@ -95,8 +90,7 @@ vlc_module_begin(); ...@@ -95,8 +90,7 @@ vlc_module_begin();
add_bool( "tls-check-cert", VLC_TRUE, NULL, CHECK_CERT_TEXT, add_bool( "tls-check-cert", VLC_TRUE, NULL, CHECK_CERT_TEXT,
CHECK_CERT_LONGTEXT, VLC_FALSE ); CHECK_CERT_LONGTEXT, VLC_FALSE );
add_bool( "tls-check-hostname", VLC_TRUE, NULL, CHECK_HOSTNAME_TEXT, add_deprecated_bool( "tls-check-hostname" );
CHECK_HOSTNAME_LONGTEXT, VLC_FALSE );
add_integer( "gnutls-dh-bits", DH_BITS, NULL, DH_BITS_TEXT, add_integer( "gnutls-dh-bits", DH_BITS, NULL, DH_BITS_TEXT,
DH_BITS_LONGTEXT, VLC_TRUE ); DH_BITS_LONGTEXT, VLC_TRUE );
...@@ -398,18 +392,15 @@ gnutls_BeginHandshake( tls_session_t *p_session, int fd, ...@@ -398,18 +392,15 @@ gnutls_BeginHandshake( tls_session_t *p_session, int fd,
if( psz_hostname != NULL ) if( psz_hostname != NULL )
{ {
gnutls_server_name_set( p_sys->session, GNUTLS_NAME_DNS, psz_hostname, gnutls_server_name_set (p_sys->session, GNUTLS_NAME_DNS, psz_hostname,
strlen( psz_hostname ) ); strlen (psz_hostname));
if (var_CreateGetBool (p_session, "tls-check-hostname")) p_sys->psz_hostname = strdup (psz_hostname);
{ if (p_sys->psz_hostname == NULL)
p_sys->psz_hostname = strdup( psz_hostname );
if( p_sys->psz_hostname == NULL )
{ {
p_session->pf_close( p_session ); p_session->pf_close (p_session);
return -1; return -1;
} }
} }
}
return p_session->pf_handshake2( p_session ); return p_session->pf_handshake2( p_session );
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment