Commit c7d79839 authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont

Error out if hostname not specified

(this would be a bug in whatever is using the TLS object anyway)
parent 664b1e97
...@@ -413,17 +413,13 @@ gnutls_HandshakeAndValidate( tls_session_t *session ) ...@@ -413,17 +413,13 @@ gnutls_HandshakeAndValidate( tls_session_t *session )
goto error; goto error;
} }
if( p_sys->psz_hostname != NULL ) assert( p_sys->psz_hostname != NULL );
if ( !gnutls_x509_crt_check_hostname( cert, p_sys->psz_hostname ) )
{ {
if ( !gnutls_x509_crt_check_hostname( cert, p_sys->psz_hostname ) ) msg_Err( session, "Certificate does not match \"%s\"",
{ p_sys->psz_hostname );
msg_Err( session, "Certificate does not match \"%s\"", goto error;
p_sys->psz_hostname );
goto error;
}
} }
else
msg_Warn( session, "Certificate and hostname were not verified" );
if( gnutls_x509_crt_get_expiration_time( cert ) < time( NULL ) ) if( gnutls_x509_crt_get_expiration_time( cert ) < time( NULL ) )
{ {
...@@ -713,7 +709,6 @@ static int OpenClient (vlc_object_t *obj) ...@@ -713,7 +709,6 @@ static int OpenClient (vlc_object_t *obj)
p_session->pf_set_fd = gnutls_SetFD; p_session->pf_set_fd = gnutls_SetFD;
p_sys->session.b_handshaked = VLC_FALSE; p_sys->session.b_handshaked = VLC_FALSE;
p_sys->session.psz_hostname = NULL;
const char *homedir = obj->p_libvlc->psz_datadir, const char *homedir = obj->p_libvlc->psz_datadir,
*datadir = config_GetDataDir (); *datadir = config_GetDataDir ();
...@@ -778,12 +773,12 @@ static int OpenClient (vlc_object_t *obj) ...@@ -778,12 +773,12 @@ static int OpenClient (vlc_object_t *obj)
} }
char *servername = var_GetNonEmptyString (p_session, "tls-server-name"); char *servername = var_GetNonEmptyString (p_session, "tls-server-name");
if (servername != NULL ) if (servername == NULL )
{ msg_Err (p_session, "server name missing for TLS session");
p_sys->session.psz_hostname = servername;
gnutls_server_name_set (p_sys->session.session, GNUTLS_NAME_DNS, p_sys->session.psz_hostname = servername;
servername, strlen (servername)); gnutls_server_name_set (p_sys->session.session, GNUTLS_NAME_DNS,
} servername, strlen (servername));
return VLC_SUCCESS; return VLC_SUCCESS;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment