Win32: use the OS list of certificate authorities

Ref #3682 and #3666 Now, we have [022d6ffc] main tls client debug: TLS client session initialized instead of [004e6ffc] gnutls tls client error: Certificate could not be verified However, this still doesn't work fine, since we got a: "access_http acccess error: failed to read answer" Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org>

Win32: use the OS list of certificate authorities
Ref #3682 and #3666 Now, we have [022d6ffc] main tls client debug: TLS client session initialized instead of [004e6ffc] gnutls tls client error: Certificate could not be verified However, this still doesn't work fine, since we got a: "access_http acccess error: failed to read answer" Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org>
95b0fe35 · Geoffroy Couprie · Jean-Baptiste Kempf · 56a168ba · 95b0fe35 · 95b0fe35
Commit 95b0fe35 authored Apr 30, 2011 by Geoffroy Couprie Committed by Jean-Baptiste Kempf Jul 01, 2011
Show whitespace changes
Inline Side-by-side

Showing with 42 additions and 1 deletion

configure.ac configure.ac +1 -1

modules/misc/gnutls.c modules/misc/gnutls.c +41 -0

No files found.
--- a/configure.ac
+++ b/configure.ac
@@ -4065,7 +4065,7 @@ AS_IF([test "${enable_gnutls}" != "no"], [
    VLC_ADD_CFLAGS([gnutls], [$GNUTLS_CFLAGS])
    AS_IF([test "${SYS}" = "mingw32"], [
      dnl pkg-config --libs gnutls omits these
-      VLC_ADD_LIBS([gnutls], [-lz ${LTLIBINTL}])
+      VLC_ADD_LIBS([gnutls], [-lz ${LTLIBINTL} -lcrypt32])
    ])
    VLC_ADD_LIBS([gnutls], [${GCRYPT_LIBS}])
    VLC_ADD_CFLAGS([gnutls], [${GCRYPT_CFLAGS}])

--- a/modules/misc/gnutls.c
+++ b/modules/misc/gnutls.c
@@ -41,6 +41,7 @@
 #endif
 #ifdef WIN32
 # include <io.h>
+# include <wincrypt.h>
 #else
 # include <unistd.h>
 #endif
@@ -439,6 +440,10 @@ static int
 gnutls_Addx509File( vlc_object_t *p_this,
                    gnutls_certificate_credentials_t cred,
                    const char *psz_path, bool b_priv );
+#ifdef WIN32
+static int gnutls_loadOSCAList(vlc_object_t *p_this,
+                               gnutls_certificate_credentials_t cred);
+#endif

 static int
 gnutls_Addx509Directory( vlc_object_t *p_this,
@@ -562,6 +567,37 @@ error:
    return VLC_EGENERIC;
 }

+#ifdef WIN32
+static int
+gnutls_loadOSCAList( vlc_object_t *p_this,
+                     gnutls_certificate_credentials cred)
+{
+    HCERTSTORE hCertStore = CertOpenSystemStoreA((HCRYPTPROV)NULL, "ROOT");
+    if (!hCertStore)
+    {
+        msg_Warn (p_this, "could not open the Cert SystemStore");
+        return VLC_EGENERIC;
+    }
+
+    PCCERT_CONTEXT pCertContext = CertEnumCertificatesInStore(hCertStore, NULL);
+    while( pCertContext )
+    {
+        gnutls_datum data = {
+            .data = pCertContext->pbCertEncoded,
+            .size = pCertContext->cbCertEncoded,
+        };
+
+        if(!gnutls_certificate_set_x509_trust_mem(cred, &data, GNUTLS_X509_FMT_DER))
+        {
+            msg_Warn (p_this, "cannot add x509 credential");
+            return VLC_EGENERIC;
+        }
+
+        pCertContext = CertEnumCertificatesInStore(hCertStore, pCertContext);
+    }
+    return VLC_SUCCESS;
+}
+#endif

 /** TLS client session data */
 typedef struct tls_client_sys_t
@@ -626,8 +662,13 @@ static int OpenClient (vlc_object_t *obj)
        char path[strlen (confdir)
                   + sizeof ("/ssl/certs/ca-certificates.crt")];
        sprintf (path, "%s/ssl/certs/ca-certificates.crt", confdir);
+#ifdef WIN32
+        gnutls_loadOSCAList (VLC_OBJECT (p_session),
+                             p_sys->x509_cred);
+#else
        gnutls_Addx509File (VLC_OBJECT (p_session),
                            p_sys->x509_cred, path, false);
+#endif
    }
    p_session->pf_handshake = gnutls_HandshakeAndValidate;
    /*p_session->pf_handshake = gnutls_ContinueHandshake;*/