Commit 0e51a9e6 authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont

GnuTLS: read key material from memory - fixes #1108

parent a2ad5ed1
......@@ -41,14 +41,18 @@
#endif
#ifdef HAVE_SYS_STAT_H
# include <sys/stat.h>
# ifdef HAVE_UNISTD_H
#endif
#ifdef WIN32
# include <io.h>
#else
# include <unistd.h>
# endif
# include <fcntl.h>
#endif
#include <vlc_tls.h>
#include <vlc_charset.h>
#include <vlc_block.h>
#include <gcrypt.h>
#include <gnutls/gnutls.h>
......@@ -571,41 +575,48 @@ gnutls_Addx509File( vlc_object_t *p_this,
{
struct stat st;
if( utf8_stat( psz_path, &st ) == 0 )
{
if( S_ISREG( st.st_mode ) )
int fd = utf8_open (psz_path, O_RDONLY, 0);
if (fd == -1)
goto error;
block_t *block = block_File (fd);
if (block != NULL)
{
char *psz_localname = ToLocale( psz_path );
int i = b_priv
? gnutls_certificate_set_x509_key_file( cred,
psz_localname, psz_localname, GNUTLS_X509_FMT_PEM )
: gnutls_certificate_set_x509_trust_file( cred,
psz_localname, GNUTLS_X509_FMT_PEM );
LocaleFree( psz_localname );
if( i < 0 )
close (fd);
gnutls_datum data = {
.data = block->p_buffer,
.size = block->i_buffer,
};
int res = b_priv
? gnutls_certificate_set_x509_key_mem (cred, &data, &data,
GNUTLS_X509_FMT_PEM)
: gnutls_certificate_set_x509_trust_mem (cred, &data,
GNUTLS_X509_FMT_PEM);
block_Release (block);
if (res < 0)
{
msg_Warn( p_this, "cannot add x509 credentials (%s): %s",
psz_path, gnutls_strerror( i ) );
msg_Warn (p_this, "cannot add x509 credentials (%s): %s",
psz_path, gnutls_strerror (res));
return VLC_EGENERIC;
}
else
{
msg_Dbg( p_this, "added x509 credentials (%s)",
psz_path );
msg_Dbg (p_this, "added x509 credentials (%s)", psz_path);
return VLC_SUCCESS;
}
}
else if( S_ISDIR( st.st_mode ) )
if (!fstat (fd, &st) && S_ISDIR (st.st_mode))
{
msg_Dbg( p_this,
"looking recursively for x509 credentials in %s",
psz_path );
return gnutls_Addx509Directory( p_this, cred, psz_path, b_priv);
close (fd);
msg_Dbg (p_this, "looking recursively for x509 credentials in %s",
psz_path);
return gnutls_Addx509Directory (p_this, cred, psz_path, b_priv);
}
}
else
msg_Warn( p_this, "cannot add x509 credentials (%s): %m", psz_path );
error:
msg_Warn (p_this, "cannot add x509 credentials (%s): %m", psz_path);
if (fd != -1)
close (fd);
return VLC_EGENERIC;
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment