tls: clean up server credentials activation prototype

5344b8e8 · Rémi Denis-Courmont · 179ffb95 · 5344b8e8 · 5344b8e8 · 5344b8e8
Commit 5344b8e8 authored Sep 29, 2012 by Rémi Denis-Courmont
Hide whitespace changes
Inline Side-by-side

Showing with 47 additions and 49 deletions

include/vlc_tls.h include/vlc_tls.h +4 -3

modules/misc/gnutls.c modules/misc/gnutls.c +17 -30

src/network/tls.c src/network/tls.c +26 -16

No files found.
--- a/include/vlc_tls.h
+++ b/include/vlc_tls.h
@@ -34,7 +34,7 @@ typedef struct vlc_tls_sys vlc_tls_sys_t;
 typedef struct vlc_tls_creds vlc_tls_creds_t;
 typedef struct vlc_tls_creds_sys vlc_tls_creds_sys_t;

-
+/** TLS session */
 struct vlc_tls
 {
    VLC_COMMON_MEMBERS
@@ -58,7 +58,7 @@ VLC_API void vlc_tls_ClientDelete (vlc_tls_t *);
 # define tls_Recv( a, b, c ) (((vlc_tls_t *)a)->sock.pf_recv (a, b, c))


-/** TLS (server-side) credentials */
+/** TLS credentials (certificate, private and trust settings) */
 struct vlc_tls_creds
 {
    VLC_COMMON_MEMBERS
@@ -75,7 +75,8 @@ struct vlc_tls_creds

 vlc_tls_creds_t *vlc_tls_ServerCreate (vlc_object_t *,
                                       const char *cert, const char *key);
-void vlc_tls_ServerDelete (vlc_tls_creds_t *);
+void vlc_tls_Delete (vlc_tls_creds_t *);
+#define vlc_tls_ServerDelete vlc_tls_Delete
 int vlc_tls_ServerAddCA (vlc_tls_creds_t *srv, const char *path);
 int vlc_tls_ServerAddCRL (vlc_tls_creds_t *srv, const char *path);


--- a/modules/misc/gnutls.c
+++ b/modules/misc/gnutls.c
@@ -59,8 +59,8 @@
 *****************************************************************************/
 static int  OpenClient  (vlc_tls_t *, int, const char *);
 static void CloseClient (vlc_tls_t *);
-static int  OpenServer  (vlc_object_t *);
-static void CloseServer (vlc_object_t *);
+static int  OpenServer  (vlc_tls_creds_t *, const char *, const char *);
+static void CloseServer (vlc_tls_creds_t *);

 #define PRIORITIES_TEXT N_("TLS cipher priorities")
 #define PRIORITIES_LONGTEXT N_("Ciphers, key exchange methods, " \
@@ -762,25 +762,22 @@ static int gnutls_ServerAddCRL (vlc_tls_creds_t *server, const char *crl_path)
 /**
 * Allocates a whole server's TLS credentials.
 */
-static int OpenServer (vlc_object_t *obj)
+static int OpenServer (vlc_tls_creds_t *crd, const char *cert, const char *key)
 {
-    vlc_tls_creds_t *server = (vlc_tls_creds_t *)obj;
    int val;

-    if (gnutls_Init (obj))
+    if (gnutls_Init (VLC_OBJECT(crd)))
        return VLC_EGENERIC;

-    msg_Dbg (obj, "creating TLS server");
-
    vlc_tls_creds_sys_t *sys = malloc (sizeof (*sys));
    if (unlikely(sys == NULL))
        goto error;

-    server->sys     = sys;
-    server->add_CA  = gnutls_ServerAddCA;
-    server->add_CRL = gnutls_ServerAddCRL;
-    server->open    = gnutls_SessionOpen;
-    server->close   = gnutls_SessionClose;
+    crd->sys     = sys;
+    crd->add_CA  = gnutls_ServerAddCA;
+    crd->add_CRL = gnutls_ServerAddCRL;
+    crd->open    = gnutls_SessionOpen;
+    crd->close   = gnutls_SessionClose;
    /* No certificate validation by default */
    sys->handshake  = gnutls_ContinueHandshake;

@@ -788,25 +785,16 @@ static int OpenServer (vlc_object_t *obj)
    val = gnutls_certificate_allocate_credentials (&sys->x509_cred);
    if (val != 0)
    {
-        msg_Err (server, "cannot allocate credentials: %s",
+        msg_Err (crd, "cannot allocate credentials: %s",
                 gnutls_strerror (val));
        goto error;
    }

-    char *cert_path = var_GetNonEmptyString (obj, "tls-x509-cert");
-    char *key_path = var_GetNonEmptyString (obj, "tls-x509-key");
-    const char *lcert = ToLocale (cert_path);
-    const char *lkey = ToLocale (key_path);
-    val = gnutls_certificate_set_x509_key_file (sys->x509_cred, lcert, lkey,
+    val = gnutls_certificate_set_x509_key_file (sys->x509_cred, cert, key,
                                                GNUTLS_X509_FMT_PEM);
-    LocaleFree (lkey);
-    LocaleFree (lcert);
-    free (key_path);
-    free (cert_path);
-
    if (val < 0)
    {
-        msg_Err (server, "cannot set certificate chain or private key: %s",
+        msg_Err (crd, "cannot set certificate chain or private key: %s",
                 gnutls_strerror (val));
        gnutls_certificate_free_credentials (sys->x509_cred);
        goto error;
@@ -831,7 +819,7 @@ static int OpenServer (vlc_object_t *obj)
    }
    if (val < 0)
    {
-        msg_Err (server, "cannot initialize DHE cipher suites: %s",
+        msg_Err (crd, "cannot initialize DHE cipher suites: %s",
                 gnutls_strerror (val));
    }

@@ -839,22 +827,21 @@ static int OpenServer (vlc_object_t *obj)

 error:
    free (sys);
-    gnutls_Deinit (obj);
+    gnutls_Deinit (VLC_OBJECT(crd));
    return VLC_EGENERIC;
 }

 /**
 * Destroys a TLS server object.
 */
-static void CloseServer (vlc_object_t *obj)
+static void CloseServer (vlc_tls_creds_t *crd)
 {
-    vlc_tls_creds_t *server = (vlc_tls_creds_t *)obj;
-    vlc_tls_creds_sys_t *sys = server->sys;
+    vlc_tls_creds_sys_t *sys = crd->sys;

    /* all sessions depending on the server are now deinitialized */
    gnutls_certificate_free_credentials (sys->x509_cred);
    gnutls_dh_params_deinit (sys->dh_params);
    free (sys);

-    gnutls_Deinit (obj);
+    gnutls_Deinit (VLC_OBJECT(crd));
 }
--- a/src/network/tls.c
+++ b/src/network/tls.c
@@ -36,6 +36,24 @@
 #include <vlc_tls.h>
 #include <vlc_modules.h>

+static int tls_server_load(void *func, va_list ap)
+{
+    int (*activate) (vlc_tls_creds_t *, const char *, const char *) = func;
+    vlc_tls_creds_t *crd = va_arg (ap, vlc_tls_creds_t *);
+    const char *cert = va_arg (ap, const char *);
+    const char *key = va_arg (ap, const char *);
+
+    return activate (crd, cert, key);
+}
+
+static void tls_unload(void *func, va_list ap)
+{
+    void (*deactivate) (vlc_tls_creds_t *) = func;
+    vlc_tls_creds_t *crd = va_arg (ap, vlc_tls_creds_t *);
+
+    deactivate (crd);
+}
+
 /**
 * Allocates a whole server's TLS credentials.
 *
@@ -54,19 +72,11 @@ vlc_tls_ServerCreate (vlc_object_t *obj, const char *cert_path,
    if (unlikely(srv == NULL))
        return NULL;

-    var_Create (srv, "tls-x509-cert", VLC_VAR_STRING);
-    var_Create (srv, "tls-x509-key", VLC_VAR_STRING);
-
-    if (cert_path != NULL)
-    {
-        var_SetString (srv, "tls-x509-cert", cert_path);
-
-        if (key_path == NULL)
-            key_path = cert_path;
-        var_SetString (srv, "tls-x509-key", key_path);
-    }
+    if (key_path == NULL)
+        key_path = cert_path;

-    srv->module = module_need (srv, "tls server", NULL, false );
+    srv->module = vlc_module_load (srv, "tls server", NULL, false,
+                                   tls_server_load, srv, cert_path, key_path);
    if (srv->module == NULL)
    {
        msg_Err (srv, "TLS server plugin not available");
@@ -83,13 +93,13 @@ vlc_tls_ServerCreate (vlc_object_t *obj, const char *cert_path,
 * Releases data allocated with vlc_tls_ServerCreate().
 * @param srv TLS server object to be destroyed, or NULL
 */
-void vlc_tls_ServerDelete (vlc_tls_creds_t *srv)
+void vlc_tls_Delete (vlc_tls_creds_t *crd)
 {
-    if (srv == NULL)
+    if (crd == NULL)
        return;

-    module_unneed (srv, srv->module);
-    vlc_object_release (srv);
+    vlc_module_unload (crd->module, tls_unload, crd);
+    vlc_object_release (crd);
 }