gnutls: remove support for certificates and keys from .config/vlc

Support for custom certificates will be better addressed with the stored public key support in the GnuTLS library (in latter commit). Support for private keys on client side was practically useless.

gnutls: remove support for certificates and keys from .config/vlc
Support for custom certificates will be better addressed with the stored public key support in the GnuTLS library (in latter commit). Support for private keys on client side was practically useless.
b027bfd8 · Rémi Denis-Courmont · 48821bd5 · b027bfd8
Commit b027bfd8 authored Sep 28, 2012 by Rémi Denis-Courmont
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 113 deletions

modules/misc/gnutls.c modules/misc/gnutls.c +1 -113

No files found.
--- a/modules/misc/gnutls.c
+++ b/modules/misc/gnutls.c
@@ -27,22 +27,11 @@
 #endif
 #include <errno.h>
-#include <sys/types.h>
+#include <assert.h>
-#include <errno.h>
-#include <sys/stat.h>
-#ifdef WIN32
-# include <io.h>
-#else
-# include <unistd.h>
-#endif
-#include <fcntl.h>
 #include <vlc_common.h>
 #include <vlc_plugin.h>
 #include <vlc_tls.h>
-#include <vlc_charset.h>
-#include <vlc_fs.h>
 #include <vlc_block.h>
 #include <gnutls/gnutls.h>
@@ -54,8 +43,6 @@
 #include "dhparams.h"
-#include <assert.h>
 /*****************************************************************************
 * Module descriptor
 *****************************************************************************/
@@ -379,90 +366,6 @@ gnutls_SessionPrioritize (vlc_object_t *obj, gnutls_session_t session)
    return val;
 }
-#ifndef WIN32
-/**
- * Loads x509 credentials from a file descriptor (directory or regular file)
- * and closes the descriptor.
- */
-static void gnutls_x509_AddFD (vlc_object_t *obj,
-                               gnutls_certificate_credentials_t cred,
-                               int fd, bool priv, unsigned recursion)
-{
-    DIR *dir = fdopendir (fd);
-    if (dir != NULL)
-    {
-        if (recursion == 0)
-            goto skipdir;
-        recursion--;
-        for (;;)
-        {
-            char *ent = vlc_readdir (dir);
-            if (ent == NULL)
-                break;
-            if ((strcmp (ent, ".") == 0) || (strcmp (ent, "..") == 0))
-            {
-                free (ent);
-                continue;
-            }
-            int nfd = vlc_openat (fd, ent, O_RDONLY);
-            if (nfd != -1)
-            {
-                msg_Dbg (obj, "loading x509 credentials from %s...", ent);
-                gnutls_x509_AddFD (obj, cred, nfd, priv, recursion);
-            }
-            else
-                msg_Dbg (obj, "cannot access x509 credentials in %s", ent);
-            free (ent);
-        }
-    skipdir:
-        closedir (dir);
-        return;
-    }
-    block_t *block = block_File (fd);
-    if (block != NULL)
-    {
-        gnutls_datum_t data = {
-            .data = block->p_buffer,
-            .size = block->i_buffer,
-        };
-        int res = priv
-            ? gnutls_certificate_set_x509_key_mem (cred, &data, &data,
-                                                   GNUTLS_X509_FMT_PEM)
-            : gnutls_certificate_set_x509_trust_mem (cred, &data,
-                                                     GNUTLS_X509_FMT_PEM);
-        block_Release (block);
-        if (res < 0)
-            msg_Warn (obj, "cannot add x509 credentials: %s",
-                      gnutls_strerror (res));
-        else
-            msg_Dbg (obj, "added %d %s(s)", res, priv ? "key" : "certificate");
-    }
-    else
-        msg_Warn (obj, "cannot read x509 credentials: %m");
-    close (fd);
-}
-static void gnutls_x509_AddPath (vlc_object_t *obj,
-                                 gnutls_certificate_credentials_t cred,
-                                 const char *path, bool priv)
-{
-    msg_Dbg (obj, "loading x509 credentials in %s...", path);
-    int fd = vlc_open (path, O_RDONLY);
-    if (fd == -1)
-    {
-        msg_Warn (obj, "cannot access x509 in %s: %m", path);
-        return;
-    }
-    gnutls_x509_AddFD (obj, cred, fd, priv, 5);
-}
-#endif /* WIN32 */
 /**
 * Initializes a client-side TLS session.
 */
@@ -499,21 +402,6 @@ static int OpenClient (vlc_tls_t *session, int fd, const char *hostname)
    else
        msg_Dbg (session, "loaded %d trusted CAs", val);
-#ifndef WIN32
-    char *userdir = config_GetUserDir (VLC_DATA_DIR);
-    if (userdir != NULL)
-    {
-        char path[strlen (userdir) + sizeof ("/ssl/private/")];
-        sprintf (path, "%s/ssl", userdir);
-        vlc_mkdir (path, 0755);
-        sprintf (path, "%s/ssl/certs/", userdir);
-        gnutls_x509_AddPath (VLC_OBJECT(session), sys->x509_cred, path, false);
-        sprintf (path, "%s/ssl/private/", userdir);
-        gnutls_x509_AddPath (VLC_OBJECT(session), sys->x509_cred, path, true);
-        free (userdir);
-    }
-#endif
    gnutls_certificate_set_verify_flags (sys->x509_cred,
                                         GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);