Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
vlc-2-2
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
videolan
vlc-2-2
Commits
7cc2c800
Commit
7cc2c800
authored
Feb 18, 2013
by
Rémi Denis-Courmont
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
gnutls: fix strict certificate checks and simplify
parent
ff4c8fdf
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
13 additions
and
32 deletions
+13
-32
modules/misc/gnutls.c
modules/misc/gnutls.c
+13
-32
No files found.
modules/misc/gnutls.c
View file @
7cc2c800
...
...
@@ -345,25 +345,17 @@ static int gnutls_CertSearch (vlc_tls_t *obj, const char *host,
static
struct
{
int
flag
;
const
char
msg
[
43
];
bool
strict
;
unsigned
flag
;
const
char
msg
[
29
];
}
cert_errs
[]
=
{
{
GNUTLS_CERT_INVALID
,
"Certificate could not be verified"
,
false
},
{
GNUTLS_CERT_REVOKED
,
"Certificate was revoked"
,
true
},
{
GNUTLS_CERT_SIGNER_NOT_FOUND
,
"Certificate's signer was not found"
,
false
},
{
GNUTLS_CERT_SIGNER_NOT_CA
,
"Certificate's signer is not a CA"
,
true
},
{
GNUTLS_CERT_INSECURE_ALGORITHM
,
"Insecure certificate signature algorithm"
,
true
},
{
GNUTLS_CERT_NOT_ACTIVATED
,
"Certificate is not yet activated"
,
true
},
{
GNUTLS_CERT_EXPIRED
,
"Certificate has expired"
,
true
},
{
GNUTLS_CERT_INVALID
,
"Certificate not verified"
},
{
GNUTLS_CERT_REVOKED
,
"Certificate revoked"
},
{
GNUTLS_CERT_SIGNER_NOT_FOUND
,
"Signer not found"
},
{
GNUTLS_CERT_SIGNER_NOT_CA
,
"Signer not a CA"
},
{
GNUTLS_CERT_INSECURE_ALGORITHM
,
"Signature algorithm insecure"
},
{
GNUTLS_CERT_NOT_ACTIVATED
,
"Certificate not activated"
},
{
GNUTLS_CERT_EXPIRED
,
"Certificate expired"
},
};
...
...
@@ -386,25 +378,14 @@ static int gnutls_HandshakeAndValidate (vlc_tls_t *session, const char *host,
gnutls_strerror
(
val
));
return
-
1
;
}
if
(
status
)
{
msg_Err
(
session
,
"Certificate verification failure
:"
);
msg_Err
(
session
,
"Certificate verification failure
(0x%04X)"
,
status
);
for
(
size_t
i
=
0
;
i
<
sizeof
(
cert_errs
)
/
sizeof
(
cert_errs
[
0
]);
i
++
)
if
(
status
&
cert_errs
[
i
].
flag
)
{
msg_Err
(
session
,
" * %s"
,
cert_errs
[
i
].
msg
);
status
&=
~
cert_errs
[
i
].
flag
;
if
(
cert_errs
[
i
].
strict
)
val
=
-
1
;
}
if
(
status
)
{
msg_Err
(
session
,
" * Unknown verification error 0x%04X"
,
status
);
val
=
-
1
;
}
status
=
-
1
;
if
(
status
&
~
(
GNUTLS_CERT_INVALID
|
GNUTLS_CERT_SIGNER_NOT_FOUND
))
return
-
1
;
}
/* certificate (host)name verification */
...
...
@@ -447,7 +428,7 @@ static int gnutls_HandshakeAndValidate (vlc_tls_t *session, const char *host,
}
error:
gnutls_x509_crt_deinit
(
cert
);
return
val
?
-
1
:
0
;
return
val
;
}
static
int
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment