Commit 979e839a authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont

- Clean up

- Unicode file names fixes
parent 8b81fec8
/***************************************************************************** /*****************************************************************************
* tls.c * tls.c
***************************************************************************** *****************************************************************************
* Copyright (C) 2004-2005 Rémi Denis-Courmont * Copyright (C) 2004-2006 Rémi Denis-Courmont
* $Id$ * $Id$
* *
* Authors: Rémi Denis-Courmont <rem # videolan.org> * Authors: Rémi Denis-Courmont <rem # videolan.org>
...@@ -48,6 +48,7 @@ ...@@ -48,6 +48,7 @@
#include "vlc_tls.h" #include "vlc_tls.h"
#include "charset.h"
#include <gcrypt.h> #include <gcrypt.h>
#include <gnutls/gnutls.h> #include <gnutls/gnutls.h>
...@@ -336,7 +337,7 @@ gnutls_HandshakeAndValidate( tls_session_t *p_session ) ...@@ -336,7 +337,7 @@ gnutls_HandshakeAndValidate( tls_session_t *p_session )
} }
gnutls_x509_crt_deinit( cert ); gnutls_x509_crt_deinit( cert );
msg_Dbg( p_session, "x509 hostname verified" ); msg_Dbg( p_session, "x509 hostname verified" );
return 0; return 0;
} }
...@@ -416,7 +417,7 @@ is_regular( const char *psz_filename ) ...@@ -416,7 +417,7 @@ is_regular( const char *psz_filename )
#ifdef HAVE_SYS_STAT_H #ifdef HAVE_SYS_STAT_H
struct stat st; struct stat st;
return ( stat( psz_filename, &st ) == 0 ) return ( utf8_stat( psz_filename, &st ) == 0 )
&& S_ISREG( st.st_mode ); && S_ISREG( st.st_mode );
#else #else
return 1; return 1;
...@@ -430,13 +431,12 @@ gnutls_Addx509Directory( vlc_object_t *p_this, ...@@ -430,13 +431,12 @@ gnutls_Addx509Directory( vlc_object_t *p_this,
vlc_bool_t private ) vlc_bool_t private )
{ {
DIR* dir; DIR* dir;
struct dirent *p_ent; const char *psz_dirent;
int i_len;
if( *psz_dirname == '\0' ) if( *psz_dirname == '\0' )
psz_dirname = "."; psz_dirname = ".";
dir = opendir( psz_dirname ); dir = utf8_opendir( psz_dirname );
if( dir == NULL ) if( dir == NULL )
{ {
msg_Warn( p_this, "Cannot open directory (%s) : %s", psz_dirname, msg_Warn( p_this, "Cannot open directory (%s) : %s", psz_dirname,
...@@ -444,32 +444,32 @@ gnutls_Addx509Directory( vlc_object_t *p_this, ...@@ -444,32 +444,32 @@ gnutls_Addx509Directory( vlc_object_t *p_this,
return VLC_EGENERIC; return VLC_EGENERIC;
} }
i_len = strlen( psz_dirname ) + 2; while( ( psz_dirent = utf8_readdir( dir ) ) != NULL )
while( ( p_ent = readdir( dir ) ) != NULL )
{ {
char *psz_filename; char *psz_filename;
int check = asprintf( &psz_filename, "%s/%s", psz_dirname,
psz_filename = (char *)malloc( i_len + strlen( p_ent->d_name ) ); psz_dirent );
if( psz_filename == NULL ) LocaleFree( psz_dirent );
if( check == -1 )
{ {
closedir( dir ); closedir( dir );
return VLC_ENOMEM; return VLC_ENOMEM;
} }
sprintf( psz_filename, "%s/%s", psz_dirname, p_ent->d_name );
/* we neglect the race condition here - not security sensitive */ /* we neglect the race condition here - not security sensitive */
if( is_regular( psz_filename ) ) if( is_regular( psz_filename ) )
{ {
int i; int i;
char *psz_localname = ToLocale( psz_filename );
i = (private) i = (private)
? gnutls_certificate_set_x509_key_file( cred, psz_filename, ? gnutls_certificate_set_x509_key_file( cred, psz_localname,
psz_filename, psz_filename,
GNUTLS_X509_FMT_PEM ) GNUTLS_X509_FMT_PEM )
: gnutls_certificate_set_x509_trust_file( cred, psz_filename, : gnutls_certificate_set_x509_trust_file( cred, psz_localname,
GNUTLS_X509_FMT_PEM GNUTLS_X509_FMT_PEM
); );
LocaleFree( psz_localname );
if( i < 0 ) if( i < 0 )
{ {
msg_Warn( p_this, "Cannot add x509 certificate (%s) : %s", msg_Warn( p_this, "Cannot add x509 certificate (%s) : %s",
...@@ -503,7 +503,7 @@ gnutls_ClientCreate( tls_t *p_tls ) ...@@ -503,7 +503,7 @@ gnutls_ClientCreate( tls_t *p_tls )
p_sys = (tls_client_sys_t *)malloc( sizeof(struct tls_client_sys_t) ); p_sys = (tls_client_sys_t *)malloc( sizeof(struct tls_client_sys_t) );
if( p_sys == NULL ) if( p_sys == NULL )
return NULL; return NULL;
p_session = (struct tls_session_t *)vlc_object_create ( p_tls, sizeof(struct tls_session_t) ); p_session = (struct tls_session_t *)vlc_object_create ( p_tls, sizeof(struct tls_session_t) );
if( p_session == NULL ) if( p_session == NULL )
{ {
...@@ -535,18 +535,14 @@ gnutls_ClientCreate( tls_t *p_tls ) ...@@ -535,18 +535,14 @@ gnutls_ClientCreate( tls_t *p_tls )
{ {
/* FIXME: support for changing path/using multiple paths */ /* FIXME: support for changing path/using multiple paths */
char *psz_path; char *psz_path;
const char *psz_homedir;
psz_homedir = p_tls->p_vlc->psz_homedir; if( asprintf( &psz_path, "%s/"CONFIG_DIR"/ssl/certs",
psz_path = (char *)malloc( strlen( psz_homedir ) p_tls->p_vlc->psz_homedir ) == -1 )
+ sizeof( CONFIG_DIR ) + 12 );
if( psz_path == NULL )
{ {
gnutls_certificate_free_credentials( p_sys->x509_cred ); gnutls_certificate_free_credentials( p_sys->x509_cred );
goto error; goto error;
} }
sprintf( psz_path, "%s/"CONFIG_DIR"/ssl/certs", psz_homedir );
gnutls_Addx509Directory( (vlc_object_t *)p_session, p_sys->x509_cred, gnutls_Addx509Directory( (vlc_object_t *)p_session, p_sys->x509_cred,
psz_path, VLC_FALSE ); psz_path, VLC_FALSE );
...@@ -559,18 +555,14 @@ gnutls_ClientCreate( tls_t *p_tls ) ...@@ -559,18 +555,14 @@ gnutls_ClientCreate( tls_t *p_tls )
{ {
/* FIXME: support for changing path/using multiple paths */ /* FIXME: support for changing path/using multiple paths */
char *psz_path; char *psz_path;
const char *psz_homedir;
psz_homedir = p_tls->p_vlc->psz_homedir; if( asprintf( &psz_path, "%s/"CONFIG_DIR"/ssl/private",
psz_path = (char *)malloc( strlen( psz_homedir ) p_tls->p_vlc->psz_homedir ) == -1 )
+ sizeof( CONFIG_DIR ) + 14 );
if( psz_path == NULL )
{ {
gnutls_certificate_free_credentials( p_sys->x509_cred ); gnutls_certificate_free_credentials( p_sys->x509_cred );
goto error; goto error;
} }
sprintf( psz_path, "%s/"CONFIG_DIR"/ssl/private", psz_homedir );
gnutls_Addx509Directory( (vlc_object_t *)p_session, p_sys->x509_cred, gnutls_Addx509Directory( (vlc_object_t *)p_session, p_sys->x509_cred,
psz_path, VLC_TRUE ); psz_path, VLC_TRUE );
...@@ -744,7 +736,7 @@ gnutls_ServerSessionPrepare( tls_server_t *p_server ) ...@@ -744,7 +736,7 @@ gnutls_ServerSessionPrepare( tls_server_t *p_server )
p_session = vlc_object_create( p_server, sizeof (struct tls_session_t) ); p_session = vlc_object_create( p_server, sizeof (struct tls_session_t) );
if( p_session == NULL ) if( p_session == NULL )
return NULL; return NULL;
p_session->p_sys = malloc( sizeof(struct tls_session_sys_t) ); p_session->p_sys = malloc( sizeof(struct tls_session_sys_t) );
if( p_session->p_sys == NULL ) if( p_session->p_sys == NULL )
{ {
...@@ -850,14 +842,17 @@ gnutls_ServerDelete( tls_server_t *p_server ) ...@@ -850,14 +842,17 @@ gnutls_ServerDelete( tls_server_t *p_server )
static int static int
gnutls_ServerAddCA( tls_server_t *p_server, const char *psz_ca_path ) gnutls_ServerAddCA( tls_server_t *p_server, const char *psz_ca_path )
{ {
int val;
tls_server_sys_t *p_sys; tls_server_sys_t *p_sys;
char *psz_local_path;
int val;
p_sys = (tls_server_sys_t *)(p_server->p_sys); p_sys = (tls_server_sys_t *)(p_server->p_sys);
psz_local_path = ToLocale( psz_ca_path );
val = gnutls_certificate_set_x509_trust_file( p_sys->x509_cred, val = gnutls_certificate_set_x509_trust_file( p_sys->x509_cred,
psz_ca_path, psz_local_path,
GNUTLS_X509_FMT_PEM ); GNUTLS_X509_FMT_PEM );
LocaleFree( psz_local_path );
if( val < 0 ) if( val < 0 )
{ {
msg_Err( p_server, "Cannot add trusted CA (%s) : %s", psz_ca_path, msg_Err( p_server, "Cannot add trusted CA (%s) : %s", psz_ca_path,
...@@ -883,11 +878,13 @@ static int ...@@ -883,11 +878,13 @@ static int
gnutls_ServerAddCRL( tls_server_t *p_server, const char *psz_crl_path ) gnutls_ServerAddCRL( tls_server_t *p_server, const char *psz_crl_path )
{ {
int val; int val;
char *psz_local_path = ToLocale( psz_crl_path );
val = gnutls_certificate_set_x509_crl_file( ((tls_server_sys_t *) val = gnutls_certificate_set_x509_crl_file( ((tls_server_sys_t *)
(p_server->p_sys))->x509_cred, (p_server->p_sys))->x509_cred,
psz_crl_path, psz_local_path,
GNUTLS_X509_FMT_PEM ); GNUTLS_X509_FMT_PEM );
LocaleFree( psz_crl_path );
if( val < 0 ) if( val < 0 )
{ {
msg_Err( p_server, "Cannot add CRL (%s) : %s", psz_crl_path, msg_Err( p_server, "Cannot add CRL (%s) : %s", psz_crl_path,
...@@ -897,7 +894,7 @@ gnutls_ServerAddCRL( tls_server_t *p_server, const char *psz_crl_path ) ...@@ -897,7 +894,7 @@ gnutls_ServerAddCRL( tls_server_t *p_server, const char *psz_crl_path )
msg_Dbg( p_server, "%d CRL added (%s)", val, psz_crl_path ); msg_Dbg( p_server, "%d CRL added (%s)", val, psz_crl_path );
return VLC_SUCCESS; return VLC_SUCCESS;
} }
/***************************************************************************** /*****************************************************************************
* tls_ServerCreate: * tls_ServerCreate:
...@@ -911,6 +908,7 @@ gnutls_ServerCreate( tls_t *p_tls, const char *psz_cert_path, ...@@ -911,6 +908,7 @@ gnutls_ServerCreate( tls_t *p_tls, const char *psz_cert_path,
{ {
tls_server_t *p_server; tls_server_t *p_server;
tls_server_sys_t *p_sys; tls_server_sys_t *p_sys;
char *psz_local_key, *psz_local_cert;
int val; int val;
msg_Dbg( p_tls, "Creating TLS server" ); msg_Dbg( p_tls, "Creating TLS server" );
...@@ -960,9 +958,13 @@ gnutls_ServerCreate( tls_t *p_tls, const char *psz_cert_path, ...@@ -960,9 +958,13 @@ gnutls_ServerCreate( tls_t *p_tls, const char *psz_cert_path,
goto error; goto error;
} }
psz_local_cert = ToLocale( psz_cert_path );
psz_local_key = ToLocale( psz_key_path );
val = gnutls_certificate_set_x509_key_file( p_sys->x509_cred, val = gnutls_certificate_set_x509_key_file( p_sys->x509_cred,
psz_cert_path, psz_key_path, psz_local_cert, psz_local_key,
GNUTLS_X509_FMT_PEM ); GNUTLS_X509_FMT_PEM );
LocaleFree( psz_cert_path );
LocaleFree( psz_key_path );
if( val < 0 ) if( val < 0 )
{ {
msg_Err( p_server, "Cannot set certificate chain or private key : %s", msg_Err( p_server, "Cannot set certificate chain or private key : %s",
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment