Factor HTTP/TLS server code into httpd core

73a0a9f9 · Rémi Denis-Courmont · 86614c50 · 73a0a9f9 · 73a0a9f9 · 73a0a9f9
Commit 73a0a9f9 authored Aug 02, 2011 by Rémi Denis-Courmont
6 changed files
--- a/include/vlc_httpd.h
+++ b/include/vlc_httpd.h
@@ -100,7 +100,7 @@ struct httpd_message_t

 /* create a new host */
 VLC_API httpd_host_t * httpd_HostNew( vlc_object_t *, const char *psz_host, int i_port ) VLC_USED;
-VLC_API httpd_host_t * httpd_TLSHostNew( vlc_object_t *, const char *, int, const char *, const char *, const char *, const char * ) VLC_USED;
+VLC_API httpd_host_t * httpd_TLSHostNew( vlc_object_t *, const char *, int ) VLC_USED;

 /* delete a host */
 VLC_API void httpd_HostDelete( httpd_host_t * );

--- a/modules/access_output/http.c
+++ b/modules/access_output/http.c
@@ -71,22 +71,6 @@ static void Close( vlc_object_t * );
 #define MIME_TEXT N_("Mime")
 #define MIME_LONGTEXT N_("MIME returned by the server (autodetected " \
                        "if not specified)." )
-#define CERT_TEXT N_( "Certificate file" )
-#define CERT_LONGTEXT N_( "Path to the x509 PEM certificate file that will "\
-                          "be used for HTTPS." )
-#define KEY_TEXT N_( "Private key file" )
-#define KEY_LONGTEXT N_( "Path to the x509 PEM private key file that will " \
-                         "be used for HTTPS. Leave " \
-                         "empty if you don't have one." )
-#define CA_TEXT N_( "Root CA file" )
-#define CA_LONGTEXT N_( "Path to the x509 PEM trusted root CA certificates " \
-                        "(certificate authority) file that will be used for " \
-                        "HTTPS. Leave empty if you " \
-                        "don't have one." )
-#define CRL_TEXT N_( "CRL file" )
-#define CRL_LONGTEXT N_( "Path to the x509 PEM Certificates Revocation List " \
-                         "file that will be used for SSL. Leave " \
-                         "empty if you don't have one." )
 #define BONJOUR_TEXT N_( "Advertise with Bonjour")
 #define BONJOUR_LONGTEXT N_( "Advertise the stream with the Bonjour protocol." )

@@ -104,14 +88,6 @@ vlc_module_begin ()
                  PASS_TEXT, PASS_LONGTEXT, true )
    add_string( SOUT_CFG_PREFIX "mime", "",
                MIME_TEXT, MIME_LONGTEXT, true )
-    add_loadfile( SOUT_CFG_PREFIX "cert", "vlc.pem",
-                CERT_TEXT, CERT_LONGTEXT, true )
-    add_loadfile( SOUT_CFG_PREFIX "key", NULL,
-                KEY_TEXT, KEY_LONGTEXT, true )
-    add_loadfile( SOUT_CFG_PREFIX "ca", NULL,
-                CA_TEXT, CA_LONGTEXT, true )
-    add_loadfile( SOUT_CFG_PREFIX "crl", NULL,
-                CRL_TEXT, CRL_LONGTEXT, true )
 #if 0 //def HAVE_AVAHI_CLIENT
    add_bool( SOUT_CFG_PREFIX "bonjour", false,
              BONJOUR_TEXT, BONJOUR_LONGTEXT, true);
@@ -166,8 +142,6 @@ static int Open( vlc_object_t *p_this )
    char                *psz_user;
    char                *psz_pwd;
    char                *psz_mime;
-    char                *psz_cert = NULL, *psz_key = NULL, *psz_ca = NULL,
-                        *psz_crl = NULL;

    if( !( p_sys = p_access->p_sys =
                malloc( sizeof( sout_access_out_sys_t ) ) ) )
@@ -211,32 +185,22 @@ static int Open( vlc_object_t *p_this )
        psz_parser = psz_bind_addr;
    }

-    /* SSL support */
+    /* TLS support */
    if( p_access->psz_access && !strcmp( p_access->psz_access, "https" ) )
    {
-        psz_cert = var_CreateGetNonEmptyString( p_this, SOUT_CFG_PREFIX"cert" );
-        psz_key = var_CreateGetNonEmptyString( p_this, SOUT_CFG_PREFIX"key" );
-        psz_ca = var_CreateGetNonEmptyString( p_this, SOUT_CFG_PREFIX"ca" );
-        psz_crl = var_CreateGetNonEmptyString( p_this, SOUT_CFG_PREFIX"crl" );
-
        if( i_bind_port <= 0 )
            i_bind_port = DEFAULT_SSL_PORT;
+        p_sys->p_httpd_host = httpd_TLSHostNew( VLC_OBJECT(p_access),
+                                                psz_bind_addr, i_bind_port );
    }
    else
    {
        if( i_bind_port <= 0 )
            i_bind_port = DEFAULT_PORT;
+        p_sys->p_httpd_host = httpd_HostNew( VLC_OBJECT(p_access),
+                                             psz_bind_addr, i_bind_port );
    }

-    p_sys->p_httpd_host = httpd_TLSHostNew( VLC_OBJECT(p_access),
-                                            psz_bind_addr, i_bind_port,
-                                            psz_cert, psz_key, psz_ca,
-                                            psz_crl );
-    free( psz_cert );
-    free( psz_key );
-    free( psz_ca );
-    free( psz_crl );
-
    if( p_sys->p_httpd_host == NULL )
    {
        msg_Err( p_access, "cannot listen on %s port %d",

--- a/modules/lua/libs/httpd.c
+++ b/modules/lua/libs/httpd.c
@@ -70,18 +70,10 @@ static int vlclua_httpd_tls_host_new( lua_State *L )
    vlc_object_t *p_this = vlclua_get_this( L );
    const char *psz_host = luaL_checkstring( L, 1 );
    int i_port = luaL_checkint( L, 2 );
-    const char *psz_cert = luaL_optstring( L, 3, NULL );
-    const char *psz_key = luaL_optstring( L, 4, NULL );
-    const char *psz_ca = luaL_optstring( L, 5, NULL );
-    const char *psz_crl = luaL_optstring( L, 6, NULL );
-    httpd_host_t *p_host = httpd_TLSHostNew( p_this, psz_host, i_port,
-                                                   psz_cert, psz_key,
-                                                   psz_ca, psz_crl );
+    httpd_host_t *p_host = httpd_HostNew( p_this, psz_host, i_port );
    if( !p_host )
-        return luaL_error( L, "Failed to create HTTP TLS host \"%s:%d\" "
-                           "(cert: \"%s\", key: \"%s\", ca: \"%s\", "
-                           "crl: \"%s\").", psz_host, i_port,
-                           psz_cert, psz_key, psz_ca, psz_crl );
+        return luaL_error( L, "Failed to create HTTP host \"%s:%d\" ",
+                           psz_host, i_port );

    httpd_host_t **pp_host = lua_newuserdata( L, sizeof( httpd_host_t * ) );
    *pp_host = p_host;

--- a/src/libvlc-module.c
+++ b/src/libvlc-module.c
@@ -889,6 +889,24 @@ static const char *const ppsz_clock_descriptions[] =
 #define TIMEOUT_LONGTEXT N_( \
    "Default TCP connection timeout (in milliseconds). " )

+#define HTTP_CERT_TEXT N_("HTTP/TLS server certificate")
+#define CERT_LONGTEXT N_( \
+   "This X.509 certicate file (PEM format) is used for server-side TLS." )
+
+#define HTTP_KEY_TEXT N_("HTTP/TLS server private key")
+#define KEY_LONGTEXT N_( \
+   "This private key file (PEM format) is used for server-side TLS.")
+
+#define HTTP_CA_TEXT N_("HTTP/TLS Certificate Authority")
+#define CA_LONGTEXT N_( \
+   "This X.509 certificate file (PEM format) can optionally be used " \
+   "to authenticate remote clients in TLS sessions.")
+
+#define HTTP_CRL_TEXT N_("HTTP/TLS Certificate Revocation List")
+#define CRL_LONGTEXT N_( \
+   "This file countains an optional CRL to prevent remove clients " \
+   "from using revoked certificates in TLS sessions.")
+
 #define SOCKS_SERVER_TEXT N_("SOCKS server")
 #define SOCKS_SERVER_LONGTEXT N_( \
    "SOCKS proxy server to use. This must be of the form " \
@@ -1881,6 +1899,15 @@ vlc_module_begin ()
    add_integer( "ipv4-timeout", 5 * 1000, TIMEOUT_TEXT,
                 TIMEOUT_LONGTEXT, true )

+    add_loadfile( "http-cert", NULL, HTTP_CERT_TEXT, CERT_LONGTEXT, true )
+        add_deprecated_alias( "sout-http-cert" ) /* since 1.2.0 */
+    add_loadfile( "http-key", NULL, HTTP_KEY_TEXT, KEY_LONGTEXT, true )
+        add_deprecated_alias( "sout-http-key" ) /* since 1.2.0 */
+    add_loadfile( "http-ca", NULL, HTTP_CA_TEXT, CA_LONGTEXT, true )
+        add_deprecated_alias( "sout-http-ca" ) /* since 1.2.0 */
+    add_loadfile( "http-crl", NULL, HTTP_CRL_TEXT, CRL_LONGTEXT, true )
+        add_deprecated_alias( "sout-http-crl" ) /* since 1.2.0 */
+
    set_section( N_( "Socks proxy") , NULL )
    add_string( "socks", NULL,
                 SOCKS_SERVER_TEXT, SOCKS_SERVER_LONGTEXT, true )

--- a/src/missing.c
+++ b/src/missing.c
@@ -95,7 +95,14 @@ void httpd_HostDelete (httpd_host_t *h)

 httpd_host_t *httpd_HostNew (vlc_object_t *obj, const char *host, int port)
 {
-    return httpd_TLSHostNew (obj, host, port, NULL, NULL, NULL, NULL);
+    (void) host; (void) port;
+    msg_Err (obj, "VLC httpd support not compiled-in!");
+    return NULL;
+}
+
+httpd_host_t *httpd_TLSHostNew (vlc_object_t *obj, const char *host, int port)
+{
+     return httpd_HostNew (obj, host, port);
 }

 void httpd_MsgAdd (httpd_message_t *m, const char *name, const char *fmt, ...)
@@ -157,16 +164,6 @@ int httpd_StreamSend (httpd_stream_t *stream, uint8_t *data, int count)
    assert (0);
 }

-httpd_host_t *httpd_TLSHostNew (vlc_object_t *obj, const char *host, int port,
-                                const char *cert, const char *key,
-                                const char *ca, const char *crl)
-{
-     (void) host; (void) port;
-     (void) cert; (void) key; (void) ca; (void) crl;
-     msg_Err (obj, "VLC httpd support not compiled-in!");
-     return NULL;
-}
-
 int httpd_UrlCatch (httpd_url_t *url, int request, httpd_callback_t cb,
                    httpd_callback_sys_t *data)
 {

--- a/src/network/httpd.c
+++ b/src/network/httpd.c
@@ -964,25 +964,78 @@ void httpd_StreamDelete( httpd_stream_t *stream )
 * Low level
 *****************************************************************************/
 static void* httpd_HostThread( void * );
+static httpd_host_t *httpd_HostCreate( vlc_object_t *, const char *, int,
+                                       vlc_tls_creds_t * );

 /* create a new host */
 httpd_host_t *httpd_HostNew( vlc_object_t *p_this, const char *psz_host,
                             int i_port )
 {
-    return httpd_TLSHostNew( p_this, psz_host, i_port, NULL, NULL, NULL, NULL
-                           );
+    return httpd_HostCreate( p_this, psz_host, i_port, NULL );
+}
+
+httpd_host_t *httpd_TLSHostNew( vlc_object_t *obj, const char *host, int port )
+{
+    char *cert = var_InheritString( obj, "http-cert" );
+    if( cert == NULL )
+    {
+        msg_Err( obj, "HTTP/TLS certificate not specified!" );
+        return NULL;
+    }
+
+    char *key = var_InheritString( obj, "http-key" );
+    vlc_tls_creds_t *tls = vlc_tls_ServerCreate( obj, cert, key );
+
+    if( tls == NULL )
+    {
+        msg_Err( obj, "HTTP/TLS certificate error (%s and %s)",
+                 cert, (key != NULL) ? key : cert );
+        free( key );
+        free( cert );
+        return NULL;
+    }
+    free( key );
+    free( cert );
+
+    char *ca = var_InheritString( obj, "http-ca" );
+    if( ca != NULL )
+    {
+        if( vlc_tls_ServerAddCA( tls, ca ) )
+        {
+            msg_Err( obj, "HTTP/TLS CA error (%s)", ca );
+            free( ca );
+            goto error;
+        }
+        free( ca );
+    }
+
+    char *crl = var_InheritString( obj, "http-crl" );
+    if( crl != NULL )
+    {
+        if( vlc_tls_ServerAddCRL( tls, crl ) )
+        {
+            msg_Err( obj, "TLS CRL error (%s)", crl );
+            free( crl );
+            goto error;
+        }
+        free( crl );
+    }
+
+    return httpd_HostCreate( obj, host, port, tls );
+
+error:
+    vlc_tls_ServerDelete( tls );
+    return NULL;
 }

 static vlc_mutex_t httpd_mutex = VLC_STATIC_MUTEX;

-httpd_host_t *httpd_TLSHostNew( vlc_object_t *p_this, const char *psz_hostname,
-                                int i_port,
-                                const char *psz_cert, const char *psz_key,
-                                const char *psz_ca, const char *psz_crl )
+static httpd_host_t *httpd_HostCreate( vlc_object_t *p_this,
+                                       const char *psz_hostname, int i_port,
+                                       vlc_tls_creds_t *p_tls )
 {
    httpd_t      *httpd;
    httpd_host_t *host;
-    vlc_tls_creds_t *p_tls;
    char *psz_host;
    int i;

@@ -1021,7 +1074,7 @@ httpd_host_t *httpd_TLSHostNew( vlc_object_t *p_this, const char *psz_hostname,
        host = httpd->host[i];

        /* cannot mix TLS and non-TLS hosts */
-        if( ( ( httpd->host[i]->p_tls != NULL ) != ( psz_cert != NULL ) )
+        if( ( ( httpd->host[i]->p_tls != NULL ) != ( p_tls != NULL ) )
         || ( host->i_port != i_port )
         || strcmp( host->psz_hostname, psz_hostname ) )
            continue;
@@ -1035,36 +1088,13 @@ httpd_host_t *httpd_TLSHostNew( vlc_object_t *p_this, const char *psz_hostname,
        vlc_mutex_unlock( &host->lock );

        vlc_mutex_unlock( &httpd_mutex );
+        if( p_tls != NULL )
+            vlc_tls_ServerDelete( p_tls );
        return host;
    }

    host = NULL;

-    /* determine TLS configuration */
-    if ( psz_cert != NULL )
-    {
-        p_tls = vlc_tls_ServerCreate( p_this, psz_cert, psz_key );
-        if ( p_tls == NULL )
-        {
-            msg_Err( p_this, "TLS initialization error" );
-            goto error;
-        }
-
-        if ( ( psz_ca != NULL) && vlc_tls_ServerAddCA( p_tls, psz_ca ) )
-        {
-            msg_Err( p_this, "TLS CA error" );
-            goto error;
-        }
-
-        if ( ( psz_crl != NULL) && vlc_tls_ServerAddCRL( p_tls, psz_crl ) )
-        {
-            msg_Err( p_this, "TLS CRL error" );
-            goto error;
-        }
-    }
-    else
-        p_tls = NULL;
-
    /* create the new host */
    host = (httpd_host_t *)vlc_custom_create( p_this, sizeof (*host),
                                              "http host" );