Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
vlc-2-2
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
videolan
vlc-2-2
Commits
48130cfa
Commit
48130cfa
authored
Jul 23, 2011
by
Rémi Denis-Courmont
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
GnuTLS: remove server-side support for session resumption
This was lame as we did not ever call db_check.
parent
9c8d0bf2
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
0 additions
and
162 deletions
+0
-162
modules/misc/gnutls.c
modules/misc/gnutls.c
+0
-162
No files found.
modules/misc/gnutls.c
View file @
48130cfa
...
@@ -58,10 +58,6 @@
...
@@ -58,10 +58,6 @@
#include <gnutls/x509.h>
#include <gnutls/x509.h>
#include <vlc_gcrypt.h>
#include <vlc_gcrypt.h>
#define CACHE_TIMEOUT 3600
#define CACHE_SIZE 64
#include "dhparams.h"
#include "dhparams.h"
#include <assert.h>
#include <assert.h>
...
@@ -93,16 +89,6 @@ static const char *const priorities_text[] = {
...
@@ -93,16 +89,6 @@ static const char *const priorities_text[] = {
N_
(
"Export (include insecure ciphers)"
),
N_
(
"Export (include insecure ciphers)"
),
};
};
#define CACHE_TIMEOUT_TEXT N_("Expiration time for resumed TLS sessions")
#define CACHE_TIMEOUT_LONGTEXT N_( \
"It is possible to cache the resumed TLS sessions. This is the expiration "\
"time of the sessions stored in this cache, in seconds." )
#define CACHE_SIZE_TEXT N_("Number of resumed TLS sessions")
#define CACHE_SIZE_LONGTEXT N_( \
"This is the maximum number of resumed TLS sessions that " \
"the cache will hold." )
vlc_module_begin
()
vlc_module_begin
()
set_shortname
(
"GNU TLS"
)
set_shortname
(
"GNU TLS"
)
set_description
(
N_
(
"GNU TLS transport layer security"
)
)
set_description
(
N_
(
"GNU TLS transport layer security"
)
)
...
@@ -121,10 +107,6 @@ vlc_module_begin ()
...
@@ -121,10 +107,6 @@ vlc_module_begin ()
add_string
(
"gnutls-priorities"
,
"NORMAL"
,
PRIORITIES_TEXT
,
add_string
(
"gnutls-priorities"
,
"NORMAL"
,
PRIORITIES_TEXT
,
PRIORITIES_LONGTEXT
,
false
)
PRIORITIES_LONGTEXT
,
false
)
change_string_list
(
priorities_values
,
priorities_text
,
NULL
)
change_string_list
(
priorities_values
,
priorities_text
,
NULL
)
add_integer
(
"gnutls-cache-timeout"
,
CACHE_TIMEOUT
,
CACHE_TIMEOUT_TEXT
,
CACHE_TIMEOUT_LONGTEXT
,
true
)
add_integer
(
"gnutls-cache-size"
,
CACHE_SIZE
,
CACHE_SIZE_TEXT
,
CACHE_SIZE_LONGTEXT
,
true
)
vlc_module_end
()
vlc_module_end
()
static
vlc_mutex_t
gnutls_mutex
=
VLC_STATIC_MUTEX
;
static
vlc_mutex_t
gnutls_mutex
=
VLC_STATIC_MUTEX
;
...
@@ -744,126 +726,10 @@ struct tls_server_sys_t
...
@@ -744,126 +726,10 @@ struct tls_server_sys_t
{
{
gnutls_certificate_credentials_t
x509_cred
;
gnutls_certificate_credentials_t
x509_cred
;
gnutls_dh_params_t
dh_params
;
gnutls_dh_params_t
dh_params
;
struct
saved_session_t
*
p_cache
;
struct
saved_session_t
*
p_store
;
int
i_cache_size
;
vlc_mutex_t
cache_lock
;
int
(
*
pf_handshake
)
(
tls_session_t
*
);
int
(
*
pf_handshake
)
(
tls_session_t
*
);
};
};
/**
* TLS session resumption callbacks (server-side)
*/
#define MAX_SESSION_ID 32
#define MAX_SESSION_DATA 1024
typedef
struct
saved_session_t
{
char
id
[
MAX_SESSION_ID
];
char
data
[
MAX_SESSION_DATA
];
unsigned
i_idlen
;
unsigned
i_datalen
;
}
saved_session_t
;
static
int
cb_store
(
void
*
p_server
,
gnutls_datum
key
,
gnutls_datum
data
)
{
tls_server_sys_t
*
p_sys
=
((
tls_server_t
*
)
p_server
)
->
p_sys
;
if
(
(
p_sys
->
i_cache_size
==
0
)
||
(
key
.
size
>
MAX_SESSION_ID
)
||
(
data
.
size
>
MAX_SESSION_DATA
)
)
return
-
1
;
vlc_mutex_lock
(
&
p_sys
->
cache_lock
);
memcpy
(
p_sys
->
p_store
->
id
,
key
.
data
,
key
.
size
);
memcpy
(
p_sys
->
p_store
->
data
,
data
.
data
,
data
.
size
);
p_sys
->
p_store
->
i_idlen
=
key
.
size
;
p_sys
->
p_store
->
i_datalen
=
data
.
size
;
p_sys
->
p_store
++
;
if
(
(
p_sys
->
p_store
-
p_sys
->
p_cache
)
==
p_sys
->
i_cache_size
)
p_sys
->
p_store
=
p_sys
->
p_cache
;
vlc_mutex_unlock
(
&
p_sys
->
cache_lock
);
return
0
;
}
static
gnutls_datum
cb_fetch
(
void
*
p_server
,
gnutls_datum
key
)
{
static
const
gnutls_datum_t
err_datum
=
{
NULL
,
0
};
tls_server_sys_t
*
p_sys
=
((
tls_server_t
*
)
p_server
)
->
p_sys
;
saved_session_t
*
p_session
,
*
p_end
;
p_session
=
p_sys
->
p_cache
;
p_end
=
p_session
+
p_sys
->
i_cache_size
;
vlc_mutex_lock
(
&
p_sys
->
cache_lock
);
while
(
p_session
<
p_end
)
{
if
(
(
p_session
->
i_idlen
==
key
.
size
)
&&
!
memcmp
(
p_session
->
id
,
key
.
data
,
key
.
size
)
)
{
gnutls_datum_t
data
;
data
.
size
=
p_session
->
i_datalen
;
data
.
data
=
gnutls_malloc
(
data
.
size
);
if
(
data
.
data
==
NULL
)
{
vlc_mutex_unlock
(
&
p_sys
->
cache_lock
);
return
err_datum
;
}
memcpy
(
data
.
data
,
p_session
->
data
,
data
.
size
);
vlc_mutex_unlock
(
&
p_sys
->
cache_lock
);
return
data
;
}
p_session
++
;
}
vlc_mutex_unlock
(
&
p_sys
->
cache_lock
);
return
err_datum
;
}
static
int
cb_delete
(
void
*
p_server
,
gnutls_datum
key
)
{
tls_server_sys_t
*
p_sys
=
((
tls_server_t
*
)
p_server
)
->
p_sys
;
saved_session_t
*
p_session
,
*
p_end
;
p_session
=
p_sys
->
p_cache
;
p_end
=
p_session
+
p_sys
->
i_cache_size
;
vlc_mutex_lock
(
&
p_sys
->
cache_lock
);
while
(
p_session
<
p_end
)
{
if
(
(
p_session
->
i_idlen
==
key
.
size
)
&&
!
memcmp
(
p_session
->
id
,
key
.
data
,
key
.
size
)
)
{
p_session
->
i_datalen
=
p_session
->
i_idlen
=
0
;
vlc_mutex_unlock
(
&
p_sys
->
cache_lock
);
return
0
;
}
p_session
++
;
}
vlc_mutex_unlock
(
&
p_sys
->
cache_lock
);
return
-
1
;
}
/**
/**
* Terminates TLS session and releases session data.
* Terminates TLS session and releases session data.
* You still have to close the socket yourself.
* You still have to close the socket yourself.
...
@@ -945,15 +811,6 @@ gnutls_ServerSessionPrepare( tls_server_t *p_server )
...
@@ -945,15 +811,6 @@ gnutls_ServerSessionPrepare( tls_server_t *p_server )
if
(
p_session
->
pf_handshake
==
gnutls_HandshakeAndValidate
)
if
(
p_session
->
pf_handshake
==
gnutls_HandshakeAndValidate
)
gnutls_certificate_server_set_request
(
session
,
GNUTLS_CERT_REQUIRE
);
gnutls_certificate_server_set_request
(
session
,
GNUTLS_CERT_REQUIRE
);
/* Session resumption support */
i_val
=
var_InheritInteger
(
p_server
,
"gnutls-cache-timeout"
);
if
(
i_val
>=
0
)
gnutls_db_set_cache_expiration
(
session
,
i_val
);
gnutls_db_set_retrieve_function
(
session
,
cb_fetch
);
gnutls_db_set_remove_function
(
session
,
cb_delete
);
gnutls_db_set_store_function
(
session
,
cb_store
);
gnutls_db_set_ptr
(
session
,
p_server
);
return
p_session
;
return
p_session
;
error:
error:
...
@@ -1046,18 +903,6 @@ static int OpenServer (vlc_object_t *obj)
...
@@ -1046,18 +903,6 @@ static int OpenServer (vlc_object_t *obj)
if
(
p_sys
==
NULL
)
if
(
p_sys
==
NULL
)
return
VLC_ENOMEM
;
return
VLC_ENOMEM
;
p_sys
->
i_cache_size
=
var_InheritInteger
(
obj
,
"gnutls-cache-size"
);
if
(
p_sys
->
i_cache_size
==
-
1
)
/* Duh, config subsystem exploded?! */
p_sys
->
i_cache_size
=
0
;
p_sys
->
p_cache
=
calloc
(
p_sys
->
i_cache_size
,
sizeof
(
struct
saved_session_t
));
if
(
p_sys
->
p_cache
==
NULL
)
{
free
(
p_sys
);
return
VLC_ENOMEM
;
}
p_sys
->
p_store
=
p_sys
->
p_cache
;
p_server
->
p_sys
=
p_sys
;
p_server
->
p_sys
=
p_sys
;
p_server
->
pf_add_CA
=
gnutls_ServerAddCA
;
p_server
->
pf_add_CA
=
gnutls_ServerAddCA
;
p_server
->
pf_add_CRL
=
gnutls_ServerAddCRL
;
p_server
->
pf_add_CRL
=
gnutls_ServerAddCRL
;
...
@@ -1067,8 +912,6 @@ static int OpenServer (vlc_object_t *obj)
...
@@ -1067,8 +912,6 @@ static int OpenServer (vlc_object_t *obj)
/* No certificate validation by default */
/* No certificate validation by default */
p_sys
->
pf_handshake
=
gnutls_ContinueHandshake
;
p_sys
->
pf_handshake
=
gnutls_ContinueHandshake
;
vlc_mutex_init
(
&
p_sys
->
cache_lock
);
/* Sets server's credentials */
/* Sets server's credentials */
val
=
gnutls_certificate_allocate_credentials
(
&
p_sys
->
x509_cred
);
val
=
gnutls_certificate_allocate_credentials
(
&
p_sys
->
x509_cred
);
if
(
val
!=
0
)
if
(
val
!=
0
)
...
@@ -1124,8 +967,6 @@ static int OpenServer (vlc_object_t *obj)
...
@@ -1124,8 +967,6 @@ static int OpenServer (vlc_object_t *obj)
return
VLC_SUCCESS
;
return
VLC_SUCCESS
;
error:
error:
vlc_mutex_destroy
(
&
p_sys
->
cache_lock
);
free
(
p_sys
->
p_cache
);
free
(
p_sys
);
free
(
p_sys
);
return
VLC_EGENERIC
;
return
VLC_EGENERIC
;
}
}
...
@@ -1137,9 +978,6 @@ static void CloseServer (vlc_object_t *p_server)
...
@@ -1137,9 +978,6 @@ static void CloseServer (vlc_object_t *p_server)
{
{
tls_server_sys_t
*
p_sys
=
((
tls_server_t
*
)
p_server
)
->
p_sys
;
tls_server_sys_t
*
p_sys
=
((
tls_server_t
*
)
p_server
)
->
p_sys
;
vlc_mutex_destroy
(
&
p_sys
->
cache_lock
);
free
(
p_sys
->
p_cache
);
/* all sessions depending on the server are now deinitialized */
/* all sessions depending on the server are now deinitialized */
gnutls_certificate_free_credentials
(
p_sys
->
x509_cred
);
gnutls_certificate_free_credentials
(
p_sys
->
x509_cred
);
gnutls_dh_params_deinit
(
p_sys
->
dh_params
);
gnutls_dh_params_deinit
(
p_sys
->
dh_params
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment