Commit 03d1096a authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont

Make the Root CA certificates bundle file for gnutls a configure-time setting

(as it is highly distribution dependant)
On Debian --with-x509-ca-bundle=/etc/ssl/certs/ca-certificates.crt will do
(provided you have the ca-certificates package)
parent b3717a20
...@@ -1465,39 +1465,6 @@ AS_IF([test "${enable_growl}" != "no"], [ ...@@ -1465,39 +1465,6 @@ AS_IF([test "${enable_growl}" != "no"], [
) )
dnl
dnl TLS/SSL
dnl
AC_ARG_ENABLE(gnutls,
[ --enable-gnutls gnutls TLS/SSL support (default enabled)])
AS_IF([test "${enable_gnutls}" != "no"], [
gcrypt_LIBS="-lgpg-error"
AS_IF([test "${SYS}" = "mingw32"],
[gcrypt_LIBS="${gcrypt_LIBS} -lws2_32"
VLC_ADD_LDFLAGS([gnutls],[-lws2_32])]
)
gnutls_LIBS="-lgcrypt -lz ${gcrypt_LIBS}"
AC_CHECK_HEADER(gcrypt.h,
[AC_CHECK_LIB(gcrypt, gcry_control,
[AC_CHECK_HEADER(gnutls/gnutls.h,
[AC_CHECK_LIB(gnutls, gnutls_certificate_verify_peers2,
[have_gnutls="yes"],[old_gnutls="yes"], ${gnutls_LIBS})])],,
${gcrypt_LIBS})])
AS_IF([test "${have_gnutls}" = "yes"], [
VLC_ADD_PLUGINS([gnutls])
VLC_ADD_LDFLAGS([gnutls], [-lgnutls ${gnutls_LIBS}])
], [
AS_IF([test "${enable_gnutls}" = "yes"], [
AC_MSG_ERROR([gnutls not present or too old (version 1.0.17 required)])]
)]
)]
)
dnl dnl
dnl Input plugins dnl Input plugins
dnl dnl
...@@ -4897,6 +4864,63 @@ AM_CONDITIONAL(ENABLE_CORBA, test "$enablecorba" = "true") ...@@ -4897,6 +4864,63 @@ AM_CONDITIONAL(ENABLE_CORBA, test "$enablecorba" = "true")
AC_ARG_WITH(,[Misc options:]) AC_ARG_WITH(,[Misc options:])
dnl
dnl TLS/SSL
dnl
AC_ARG_ENABLE(gnutls,
[ --enable-gnutls gnutls TLS/SSL support (default enabled)])
AC_ARG_WITH(x509-ca-bunble,
[ --with-x509-ca-bundle x509 PEM certificate bundle path (no default)])
AS_IF([test "${enable_gnutls}" != "no"], [
gcrypt_LIBS="-lgpg-error"
AS_IF([test "${SYS}" = "mingw32"], [
gcrypt_LIBS="${gcrypt_LIBS} -lws2_32"
VLC_ADD_LDFLAGS([gnutls],[-lws2_32])
])
gnutls_LIBS="-lgcrypt -lz ${gcrypt_LIBS}"
AC_CHECK_HEADER(gcrypt.h, [
AC_CHECK_LIB(gcrypt, gcry_control, [
AC_CHECK_HEADER(gnutls/gnutls.h, [
AC_CHECK_LIB(gnutls, gnutls_certificate_verify_peers2,
[have_gnutls="yes"],[old_gnutls="yes"],[${gnutls_LIBS}])
])
],,[${gcrypt_LIBS}])
])
AS_IF([test "${have_gnutls}" = "yes"], [
VLC_ADD_PLUGINS([gnutls])
VLC_ADD_LDFLAGS([gnutls], [-lgnutls ${gnutls_LIBS}])
AC_MSG_CHECKING([for root CA certificates path])
AS_IF([test -z "${with_x509_ca_bundle}"], [
AC_MSG_RESULT([not specified])
AC_MSG_WARN([No root CA certificates for gnutls])
AS_IF([test "${enable_gnutls}"], [
AC_MSG_ERROR([Use --with-x509-ca-bundle=... (or --without-x509-ca-bundle though gnutls won't work properly).])
])
], [
AS_IF([test "${with_x509_ca_bundle}" != "no"], [
AC_MSG_RESULT([${with_x509_ca_bundle}])
AC_CHECK_FILE([${with_x509_ca_bundle}],,[
AC_MSG_WARN([${with_x509_ca_bundle} does not exist (are you cross-compiling?)])
])
AC_DEFINE_UNQUOTED(X509_CA_BUNDLE, ["${with_x509_ca_bundle}"],
[Define to the path of the host's root CA PEM certificates bundle file])
], [
AC_MSG_RESULT([none])
])
])
], [
AS_IF([test "${enable_gnutls}" = "yes"], [
AC_MSG_ERROR([gnutls not present or too old (version 1.0.17 required)])
])
])
])
dnl dnl
dnl Endianness check, AC_C_BIGENDIAN doesn't work if we are cross-compiling dnl Endianness check, AC_C_BIGENDIAN doesn't work if we are cross-compiling
dnl dnl
......
...@@ -88,12 +88,6 @@ static void Close( vlc_object_t * ); ...@@ -88,12 +88,6 @@ static void Close( vlc_object_t * );
#define CHECK_HOSTNAME_LONGTEXT N_( \ #define CHECK_HOSTNAME_LONGTEXT N_( \
"Ensures that server hostname in certificate match requested host name." ) "Ensures that server hostname in certificate match requested host name." )
#if defined (WIN32) || defined (UNDER_CE)
# undef HOST_CA_PATH
#else
# define HOST_CA_PATH "/etc/ssl/certs/ca-certificates.crt"
#endif
vlc_module_begin(); vlc_module_begin();
set_shortname( "GnuTLS" ); set_shortname( "GnuTLS" );
set_description( _("GnuTLS TLS encryption layer") ); set_description( _("GnuTLS TLS encryption layer") );
...@@ -600,9 +594,9 @@ gnutls_ClientCreate( tls_t *p_tls ) ...@@ -600,9 +594,9 @@ gnutls_ClientCreate( tls_t *p_tls )
gnutls_Addx509Directory( (vlc_object_t *)p_session, p_sys->x509_cred, gnutls_Addx509Directory( (vlc_object_t *)p_session, p_sys->x509_cred,
psz_path, VLC_FALSE ); psz_path, VLC_FALSE );
#ifdef HOST_CA_PATH #ifdef X509_CA_BUNDLE
gnutls_Addx509File( (vlc_object_t *)p_session, p_sys->x509_cred, gnutls_Addx509File( (vlc_object_t *)p_session, p_sys->x509_cred,
HOST_CA_PATH, VLC_FALSE ); X509_CA_BUNDLE, VLC_FALSE );
#endif #endif
free( psz_path ); free( psz_path );
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment