Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
vlc
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
videolan
vlc
Commits
73ae5d90
Commit
73ae5d90
authored
Mar 05, 2005
by
Rémi Denis-Courmont
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
- TLS API cleanup
- some minor fixes as well
parent
1a90a3cd
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
196 additions
and
166 deletions
+196
-166
include/vlc_tls.h
include/vlc_tls.h
+13
-13
modules/access/http.c
modules/access/http.c
+1
-1
modules/misc/gnutls.c
modules/misc/gnutls.c
+163
-138
src/misc/httpd.c
src/misc/httpd.c
+5
-2
src/misc/tls.c
src/misc/tls.c
+14
-12
No files found.
include/vlc_tls.h
View file @
73ae5d90
/*****************************************************************************
* tls.c
*****************************************************************************
* Copyright (C) 2004 VideoLAN
* Copyright (C) 2004
-2005
VideoLAN
* $Id: httpd.c 8263 2004-07-24 09:06:58Z courmisch $
*
* Authors: Remi Denis-Courmont <courmisch@via.ecp.fr>
...
...
@@ -34,13 +34,15 @@ struct tls_t
module_t
*
p_module
;
void
*
p_sys
;
tls_server_t
*
(
*
pf_server_create
)
(
tls_t
*
,
const
char
*
,
const
char
*
);
tls_session_t
*
(
*
pf_client_create
)
(
tls_t
*
,
const
char
*
);
tls_server_t
*
(
*
pf_server_create
)
(
tls_t
*
,
const
char
*
,
const
char
*
);
tls_session_t
*
(
*
pf_client_create
)
(
tls_t
*
);
};
struct
tls_server_t
{
tls_t
*
p_tls
;
VLC_COMMON_MEMBERS
void
*
p_sys
;
void
(
*
pf_delete
)
(
tls_server_t
*
);
...
...
@@ -53,13 +55,12 @@ struct tls_server_t
struct
tls_session_t
{
tls_t
*
p_tls
;
tls_server_t
*
p_server
;
VLC_COMMON_MEMBERS
void
*
p_sys
;
struct
virtual_socket_t
sock
;
int
(
*
pf_handshake
)
(
tls_session_t
*
,
int
);
int
(
*
pf_handshake
)
(
tls_session_t
*
,
int
,
const
char
*
);
int
(
*
pf_handshake2
)
(
tls_session_t
*
);
void
(
*
pf_close
)
(
tls_session_t
*
);
};
...
...
@@ -71,7 +72,6 @@ struct tls_session_t
* Allocates a whole server's TLS credentials.
* Returns NULL on error.
*****************************************************************************/
# define __tls_ServerCreate( a, b, c ) (((tls_t *)a)->pf_server_create (a, b, c))
VLC_EXPORT
(
tls_server_t
*
,
tls_ServerCreate
,
(
vlc_object_t
*
,
const
char
*
,
const
char
*
)
);
/*****************************************************************************
...
...
@@ -92,20 +92,20 @@ VLC_EXPORT( tls_server_t *, tls_ServerCreate, ( vlc_object_t *, const char *, co
# define tls_ServerAddCRL( a, b ) (((tls_server_t *)a)->pf_add_CRL (a, b))
# define __tls_ServerDelete( a ) (((tls_server_t *)a)->pf_delete ( a ))
VLC_EXPORT
(
void
,
tls_ServerDelete
,
(
tls_server_t
*
)
);
# define tls_ServerSessionPrepare( a ) (((tls_server_t *)a)->pf_session_prepare (a))
# define tls_ServerSessionHandshake( a, b ) (((tls_session_t *)a)->pf_handshake (a, b, NULL))
# define tls_ServerSessionClose( a ) (((tls_session_t *)a)->pf_close (a))
# define __tls_ClientCreate( a, b ) (((tls_t *)a)->pf_client_create (a, b ))
VLC_EXPORT
(
tls_session_t
*
,
tls_ClientCreate
,
(
vlc_object_t
*
,
const
char
*
,
int
)
);
VLC_EXPORT
(
tls_session_t
*
,
tls_ClientCreate
,
(
vlc_object_t
*
,
int
,
const
char
*
)
);
VLC_EXPORT
(
void
,
tls_ClientDelete
,
(
tls_session_t
*
)
);
# define tls_SessionHandshake( a, b ) (((tls_session_t *)a)->pf_handshake (a, b))
# define tls_ClientSessionHandshake( a, b, c ) (((tls_session_t *)a)->pf_handshake (a, b, c))
# define tls_SessionContinueHandshake( a ) (((tls_session_t *)a)->pf_handshake2 (a))
# define tls_SessionClose( a ) (((tls_session_t *)a)->pf_close (a))
/* NOTE: It is assumed that a->sock.p_sys = a */
# define tls_Send( a, b, c ) (((tls_session_t *)a)->sock.pf_send (a, b, c ))
...
...
modules/access/http.c
View file @
73ae5d90
...
...
@@ -860,7 +860,7 @@ static int Connect( access_t *p_access, int64_t i_tell )
return
VLC_EGENERIC
;
}
p_sys
->
p_tls
=
tls_ClientCreate
(
VLC_OBJECT
(
p_access
),
NULL
,
p_sys
->
fd
);
p_sys
->
p_tls
=
tls_ClientCreate
(
VLC_OBJECT
(
p_access
),
p_sys
->
fd
,
NULL
);
if
(
p_sys
->
p_tls
==
NULL
)
{
msg_Err
(
p_access
,
"cannot establish HTTP/SSL session"
);
...
...
modules/misc/gnutls.c
View file @
73ae5d90
...
...
@@ -111,6 +111,7 @@ typedef struct tls_server_sys_t
typedef
struct
tls_session_sys_t
{
gnutls_session
session
;
vlc_bool_t
b_handshaked
;
}
tls_session_sys_t
;
...
...
@@ -199,25 +200,28 @@ gnutls_SessionContinueHandshake( tls_session_t *p_session)
if
(
val
<
0
)
{
gnutls_deinit
(
p_sys
->
session
);
msg_Err
(
p_session
->
p_tls
,
"TLS handshake failed : %s"
,
msg_Err
(
p_session
,
"TLS handshake failed : %s"
,
gnutls_strerror
(
val
)
);
free
(
p_sys
);
free
(
p_session
);
p_session
->
pf_close
(
p_session
);
return
-
1
;
}
p_sys
->
b_handshaked
=
VLC_TRUE
;
return
0
;
}
static
int
gnutls_SessionHandshake
(
tls_session_t
*
p_session
,
int
fd
)
gnutls_SessionHandshake
(
tls_session_t
*
p_session
,
int
fd
,
const
char
*
psz_hostname
)
{
tls_session_sys_t
*
p_sys
;
p_sys
=
(
tls_session_sys_t
*
)(
p_session
->
p_sys
);
gnutls_transport_set_ptr
(
p_sys
->
session
,
(
gnutls_transport_ptr
)
fd
);
if
(
psz_hostname
!=
NULL
)
gnutls_server_name_set
(
p_sys
->
session
,
GNUTLS_NAME_DNS
,
psz_hostname
,
strlen
(
psz_hostname
)
);
return
gnutls_SessionContinueHandshake
(
p_session
);
}
...
...
@@ -235,15 +239,23 @@ gnutls_SessionClose( tls_session_t *p_session )
p_sys
=
(
tls_session_sys_t
*
)(
p_session
->
p_sys
);
/* On the client-side, credentials are re-allocated per session */
if
(
p_session
->
p_server
==
NULL
)
gnutls_certificate_free_credentials
(
((
tls_client_sys_t
*
)
p_sys
)
->
x509_cred
);
gnutls_bye
(
p_sys
->
session
,
GNUTLS_SHUT_WR
);
if
(
p_sys
->
b_handshaked
==
VLC_TRUE
)
gnutls_bye
(
p_sys
->
session
,
GNUTLS_SHUT_WR
);
gnutls_deinit
(
p_sys
->
session
);
vlc_object_detach
(
p_session
);
vlc_object_destroy
(
p_session
);
free
(
p_sys
);
free
(
p_session
);
}
static
void
gnutls_ClientDelete
(
tls_session_t
*
p_session
)
{
/* On the client-side, credentials are re-allocated per session */
gnutls_certificate_free_credentials
(
((
tls_client_sys_t
*
)
(
p_session
->
p_sys
))
->
x509_cred
);
gnutls_SessionClose
(
p_session
);
}
...
...
@@ -253,10 +265,10 @@ gnutls_SessionClose( tls_session_t *p_session )
* Initializes client-side TLS session data.
*****************************************************************************/
static
tls_session_t
*
gnutls_ClientCreate
(
tls_t
*
p_tls
,
const
char
*
psz_ca_path
)
gnutls_ClientCreate
(
tls_t
*
p_tls
)
{
tls_session_t
*
p_session
;
tls_client_sys_t
*
p_sys
;
tls_session_t
*
p_session
=
NULL
;
tls_client_sys_t
*
p_sys
=
NULL
;
int
i_val
;
const
int
cert_type_priority
[
3
]
=
{
...
...
@@ -267,16 +279,35 @@ gnutls_ClientCreate( tls_t *p_tls, const char *psz_ca_path )
p_sys
=
(
tls_client_sys_t
*
)
malloc
(
sizeof
(
struct
tls_client_sys_t
)
);
if
(
p_sys
==
NULL
)
return
NULL
;
p_session
=
(
struct
tls_session_t
*
)
vlc_object_create
(
p_tls
,
sizeof
(
struct
tls_session_t
)
);
if
(
p_session
==
NULL
)
{
free
(
p_sys
);
return
NULL
;
}
p_session
->
p_sys
=
p_sys
;
p_session
->
sock
.
p_sys
=
p_session
;
p_session
->
sock
.
pf_send
=
gnutls_Send
;
p_session
->
sock
.
pf_recv
=
gnutls_Recv
;
p_session
->
pf_handshake
=
gnutls_SessionHandshake
;
p_session
->
pf_handshake2
=
gnutls_SessionContinueHandshake
;
p_session
->
pf_close
=
gnutls_ClientDelete
;
p_sys
->
session
.
b_handshaked
=
VLC_FALSE
;
vlc_object_attach
(
p_session
,
p_tls
);
i_val
=
gnutls_certificate_allocate_credentials
(
&
p_sys
->
x509_cred
);
if
(
i_val
!=
0
)
{
msg_Err
(
p_tls
,
"Cannot allocate X509 credentials : %s"
,
gnutls_strerror
(
i_val
)
);
free
(
p_sys
);
return
NULL
;
goto
error
;
}
#if 0
if( psz_ca_path != NULL )
{
i_val = gnutls_certificate_set_x509_trust_file( p_sys->x509_cred,
...
...
@@ -287,19 +318,17 @@ gnutls_ClientCreate( tls_t *p_tls, const char *psz_ca_path )
msg_Err( p_tls, "Cannot add trusted CA (%s) : %s", psz_ca_path,
gnutls_strerror( i_val ) );
gnutls_certificate_free_credentials( p_sys->x509_cred );
free
(
p_sys
);
return
NULL
;
goto error;
}
}
#endif
i_val
=
gnutls_init
(
&
p_sys
->
session
.
session
,
GNUTLS_CLIENT
);
if
(
i_val
!=
0
)
{
msg_Err
(
p_tls
,
"Cannot initialize TLS session : %s"
,
gnutls_strerror
(
i_val
)
);
gnutls_certificate_free_credentials
(
p_sys
->
x509_cred
);
free
(
p_sys
);
return
NULL
;
goto
error
;
}
i_val
=
gnutls_set_default_priority
(
p_sys
->
session
.
session
);
...
...
@@ -309,8 +338,7 @@ gnutls_ClientCreate( tls_t *p_tls, const char *psz_ca_path )
gnutls_strerror
(
i_val
)
);
gnutls_deinit
(
p_sys
->
session
.
session
);
gnutls_certificate_free_credentials
(
p_sys
->
x509_cred
);
free
(
p_sys
);
return
NULL
;
goto
error
;
}
i_val
=
gnutls_certificate_type_set_priority
(
p_sys
->
session
.
session
,
...
...
@@ -321,8 +349,7 @@ gnutls_ClientCreate( tls_t *p_tls, const char *psz_ca_path )
gnutls_strerror
(
i_val
)
);
gnutls_deinit
(
p_sys
->
session
.
session
);
gnutls_certificate_free_credentials
(
p_sys
->
x509_cred
);
free
(
p_sys
);
return
NULL
;
goto
error
;
}
i_val
=
gnutls_credentials_set
(
p_sys
->
session
.
session
,
...
...
@@ -334,30 +361,17 @@ gnutls_ClientCreate( tls_t *p_tls, const char *psz_ca_path )
gnutls_strerror
(
i_val
)
);
gnutls_deinit
(
p_sys
->
session
.
session
);
gnutls_certificate_free_credentials
(
p_sys
->
x509_cred
);
free
(
p_sys
);
return
NULL
;
goto
error
;
}
p_session
=
malloc
(
sizeof
(
struct
tls_session_t
)
);
if
(
p_session
==
NULL
)
{
gnutls_deinit
(
p_sys
->
session
.
session
);
gnutls_certificate_free_credentials
(
p_sys
->
x509_cred
);
free
(
p_sys
);
return
NULL
;
}
return
p_session
;
p_session
->
p_tls
=
p_tls
;
p_session
->
p_server
=
NULL
;
p_session
->
p_sys
=
p_sys
;
p_session
->
sock
.
p_sys
=
p_session
;
p_session
->
sock
.
pf_send
=
gnutls_Send
;
p_session
->
sock
.
pf_recv
=
gnutls_Recv
;
p_session
->
pf_handshake
=
gnutls_SessionHandshake
;
p_session
->
pf_handshake2
=
gnutls_SessionContinueHandshake
;
p_session
->
pf_close
=
gnutls_SessionClose
;
error:
vlc_object_detach
(
p_session
);
vlc_object_destroy
(
p_session
);
free
(
p_sys
);
return
p_session
;
return
NULL
;
}
...
...
@@ -471,21 +485,45 @@ gnutls_ServerSessionPrepare( tls_server_t *p_server )
gnutls_session
session
;
int
i_val
;
p_session
=
vlc_object_create
(
p_server
,
sizeof
(
struct
tls_session_t
)
);
if
(
p_session
==
NULL
)
return
NULL
;
p_session
->
p_sys
=
malloc
(
sizeof
(
struct
tls_session_sys_t
)
);
if
(
p_session
->
p_sys
==
NULL
)
{
vlc_object_destroy
(
p_session
);
return
NULL
;
}
vlc_object_attach
(
p_session
,
p_server
);
p_session
->
sock
.
p_sys
=
p_session
;
p_session
->
sock
.
pf_send
=
gnutls_Send
;
p_session
->
sock
.
pf_recv
=
gnutls_Recv
;
p_session
->
pf_handshake
=
gnutls_SessionHandshake
;
p_session
->
pf_handshake2
=
gnutls_SessionContinueHandshake
;
p_session
->
pf_close
=
gnutls_SessionClose
;
((
tls_session_sys_t
*
)
p_session
->
p_sys
)
->
b_handshaked
=
VLC_FALSE
;
i_val
=
gnutls_init
(
&
session
,
GNUTLS_SERVER
);
if
(
i_val
!=
0
)
{
msg_Err
(
p_server
->
p_tls
,
"Cannot initialize TLS session : %s"
,
msg_Err
(
p_server
,
"Cannot initialize TLS session : %s"
,
gnutls_strerror
(
i_val
)
);
return
NULL
;
goto
error
;
}
((
tls_session_sys_t
*
)
p_session
->
p_sys
)
->
session
=
session
;
i_val
=
gnutls_set_default_priority
(
session
);
if
(
i_val
<
0
)
{
msg_Err
(
p_server
->
p_tls
,
"Cannot set ciphers priorities : %s"
,
msg_Err
(
p_server
,
"Cannot set ciphers priorities : %s"
,
gnutls_strerror
(
i_val
)
);
gnutls_deinit
(
session
);
return
NULL
;
goto
error
;
}
i_val
=
gnutls_credentials_set
(
session
,
GNUTLS_CRD_CERTIFICATE
,
...
...
@@ -493,53 +531,33 @@ gnutls_ServerSessionPrepare( tls_server_t *p_server )
->
x509_cred
);
if
(
i_val
<
0
)
{
msg_Err
(
p_server
->
p_tls
,
"Cannot set TLS session credentials : %s"
,
msg_Err
(
p_server
,
"Cannot set TLS session credentials : %s"
,
gnutls_strerror
(
i_val
)
);
gnutls_deinit
(
session
);
return
NULL
;
goto
error
;
}
/* TODO: support for client authentication */
/*gnutls_certificate_server_set_request( p_session->session,
GNUTLS_CERT_REQUEST ); */
gnutls_dh_set_prime_bits
(
session
,
get_Int
(
p_server
->
p_tls
,
"dh-bits"
)
);
gnutls_dh_set_prime_bits
(
session
,
get_Int
(
p_server
,
"dh-bits"
)
);
/* Session resumption support */
gnutls_db_set_cache_expiration
(
session
,
get_Int
(
p_server
->
p_tls
,
gnutls_db_set_cache_expiration
(
session
,
get_Int
(
p_server
,
"tls-cache-expiration"
)
);
gnutls_db_set_retrieve_function
(
session
,
cb_fetch
);
gnutls_db_set_remove_function
(
session
,
cb_delete
);
gnutls_db_set_store_function
(
session
,
cb_store
);
gnutls_db_set_ptr
(
session
,
p_server
);
p_session
=
malloc
(
sizeof
(
struct
tls_session_t
)
);
if
(
p_session
==
NULL
)
{
gnutls_deinit
(
session
);
return
NULL
;
}
p_session
->
p_sys
=
(
tls_session_sys_t
*
)
malloc
(
sizeof
(
struct
tls_session_sys_t
)
);
if
(
p_session
->
p_sys
==
NULL
)
{
gnutls_deinit
(
session
);
free
(
p_session
);
return
NULL
;
}
((
tls_session_sys_t
*
)
p_session
->
p_sys
)
->
session
=
session
;
p_session
->
p_tls
=
p_server
->
p_tls
;
p_session
->
p_server
=
p_server
;
p_session
->
sock
.
p_sys
=
p_session
;
p_session
->
sock
.
pf_send
=
gnutls_Send
;
p_session
->
sock
.
pf_recv
=
gnutls_Recv
;
p_session
->
pf_handshake
=
gnutls_SessionHandshake
;
p_session
->
pf_handshake2
=
gnutls_SessionContinueHandshake
;
p_session
->
pf_close
=
gnutls_SessionClose
;
return
p_session
;
error:
free
(
p_session
->
p_sys
);
vlc_object_detach
(
p_session
);
vlc_object_destroy
(
p_session
);
return
NULL
;
}
...
...
@@ -556,10 +574,13 @@ gnutls_ServerDelete( tls_server_t *p_server )
p_sys
=
(
tls_server_sys_t
*
)
p_server
->
p_sys
;
gnutls_certificate_free_credentials
(
p_sys
->
x509_cred
);
free
(
p_sys
->
p_cache
);
vlc_mutex_destroy
(
&
p_sys
->
cache_lock
);
vlc_object_detach
(
p_server
);
vlc_object_destroy
(
p_server
);
free
(
p_sys
->
p_cache
);
free
(
p_sys
);
free
(
p_server
);
}
...
...
@@ -583,13 +604,12 @@ gnutls_ServerAddCA( tls_server_t *p_server, const char *psz_ca_path )
GNUTLS_X509_FMT_PEM
);
if
(
val
<
0
)
{
msg_Err
(
p_server
->
p_tls
,
"Cannot add trusted CA (%s) : %s"
,
psz_ca_path
,
gnutls_strerror
(
val
)
);
msg_Err
(
p_server
,
"Cannot add trusted CA (%s) : %s"
,
psz_ca_path
,
gnutls_strerror
(
val
)
);
gnutls_ServerDelete
(
p_server
);
return
VLC_EGENERIC
;
}
msg_Dbg
(
p_server
->
p_tls
,
" %d trusted CA added (%s)"
,
val
,
psz_ca_path
);
msg_Dbg
(
p_server
,
" %d trusted CA added (%s)"
,
val
,
psz_ca_path
);
return
VLC_SUCCESS
;
}
...
...
@@ -611,12 +631,12 @@ gnutls_ServerAddCRL( tls_server_t *p_server, const char *psz_crl_path )
GNUTLS_X509_FMT_PEM
);
if
(
val
<
0
)
{
msg_Err
(
p_server
->
p_tls
,
"Cannot add CRL (%s) : %s"
,
psz_crl_path
,
gnutls_strerror
(
val
)
);
msg_Err
(
p_server
,
"Cannot add CRL (%s) : %s"
,
psz_crl_path
,
gnutls_strerror
(
val
)
);
gnutls_ServerDelete
(
p_server
);
return
VLC_EGENERIC
;
}
msg_Dbg
(
p_server
->
p_tls
,
"%d CRL added (%s)"
,
val
,
psz_crl_path
);
msg_Dbg
(
p_server
,
"%d CRL added (%s)"
,
val
,
psz_crl_path
);
return
VLC_SUCCESS
;
}
...
...
@@ -628,93 +648,98 @@ gnutls_ServerAddCRL( tls_server_t *p_server, const char *psz_crl_path )
* Returns NULL on error.
*****************************************************************************/
static
tls_server_t
*
gnutls_ServerCreate
(
tls_t
*
p_t
hi
s
,
const
char
*
psz_cert_path
,
const
char
*
psz_key_path
)
gnutls_ServerCreate
(
tls_t
*
p_t
l
s
,
const
char
*
psz_cert_path
,
const
char
*
psz_key_path
)
{
tls_server_t
*
p_server
;
tls_server_sys_t
*
p_s
erver_s
ys
;
tls_server_sys_t
*
p_sys
;
int
val
;
msg_Dbg
(
p_t
hi
s
,
"Creating TLS server"
);
msg_Dbg
(
p_t
l
s
,
"Creating TLS server"
);
p_s
erver_s
ys
=
(
tls_server_sys_t
*
)
malloc
(
sizeof
(
struct
tls_server_sys_t
)
);
if
(
p_s
erver_s
ys
==
NULL
)
p_sys
=
(
tls_server_sys_t
*
)
malloc
(
sizeof
(
struct
tls_server_sys_t
)
);
if
(
p_sys
==
NULL
)
return
NULL
;
p_server_sys
->
i_cache_size
=
get_Int
(
p_this
,
"tls-cache-size"
);
p_server_sys
->
p_cache
=
(
struct
saved_session_t
*
)
calloc
(
p_server_sys
->
i_cache_size
,
sizeof
(
struct
saved_session_t
)
);
if
(
p_server_sys
->
p_cache
==
NULL
)
p_sys
->
i_cache_size
=
get_Int
(
p_tls
,
"tls-cache-size"
);
p_sys
->
p_cache
=
(
struct
saved_session_t
*
)
calloc
(
p_sys
->
i_cache_size
,
sizeof
(
struct
saved_session_t
)
);
if
(
p_sys
->
p_cache
==
NULL
)
{
free
(
p_sys
);
return
NULL
;
}
p_sys
->
p_store
=
p_sys
->
p_cache
;
p_server
=
vlc_object_create
(
p_tls
,
sizeof
(
struct
tls_server_t
)
);
if
(
p_server
==
NULL
)
{
free
(
p_server_sys
);
free
(
p_sys
->
p_cache
);
free
(
p_sys
);
return
NULL
;
}
p_server_sys
->
p_store
=
p_server_sys
->
p_cache
;
vlc_object_attach
(
p_server
,
p_tls
);
p_server
->
p_sys
=
p_sys
;
p_server
->
pf_delete
=
gnutls_ServerDelete
;
p_server
->
pf_add_CA
=
gnutls_ServerAddCA
;
p_server
->
pf_add_CRL
=
gnutls_ServerAddCRL
;
p_server
->
pf_session_prepare
=
gnutls_ServerSessionPrepare
;
/* FIXME: check for errors */
vlc_mutex_init
(
p_
this
,
&
p_server
_sys
->
cache_lock
);
vlc_mutex_init
(
p_
server
,
&
p
_sys
->
cache_lock
);
/* Sets server's credentials */
val
=
gnutls_certificate_allocate_credentials
(
&
p_s
erver_s
ys
->
x509_cred
);
val
=
gnutls_certificate_allocate_credentials
(
&
p_sys
->
x509_cred
);
if
(
val
!=
0
)
{
msg_Err
(
p_
this
,
"Cannot allocate X509 credentials : %s"
,
msg_Err
(
p_
server
,
"Cannot allocate X509 credentials : %s"
,
gnutls_strerror
(
val
)
);
free
(
p_server_sys
);
return
NULL
;
goto
error
;
}
val
=
gnutls_certificate_set_x509_key_file
(
p_s
erver_s
ys
->
x509_cred
,
val
=
gnutls_certificate_set_x509_key_file
(
p_sys
->
x509_cred
,
psz_cert_path
,
psz_key_path
,
GNUTLS_X509_FMT_PEM
);
if
(
val
<
0
)
{
msg_Err
(
p_
this
,
"Cannot set certificate chain or private key : %s"
,
msg_Err
(
p_
server
,
"Cannot set certificate chain or private key : %s"
,
gnutls_strerror
(
val
)
);
gnutls_certificate_free_credentials
(
p_server_sys
->
x509_cred
);
free
(
p_server_sys
);
return
NULL
;
gnutls_certificate_free_credentials
(
p_sys
->
x509_cred
);
goto
error
;
}
/* FIXME:
* - regenerate these regularly
* - support other ciper suites
*/
val
=
gnutls_dh_params_init
(
&
p_s
erver_s
ys
->
dh_params
);
val
=
gnutls_dh_params_init
(
&
p_sys
->
dh_params
);
if
(
val
>=
0
)
{
msg_Dbg
(
p_
this
,
"Computing Diffie Hellman ciphers parameters"
);
val
=
gnutls_dh_params_generate2
(
p_s
erver_s
ys
->
dh_params
,
get_Int
(
p_t
hi
s
,
"dh-bits"
)
);
msg_Dbg
(
p_
server
,
"Computing Diffie Hellman ciphers parameters"
);
val
=
gnutls_dh_params_generate2
(
p_sys
->
dh_params
,
get_Int
(
p_t
l
s
,
"dh-bits"
)
);
}
if
(
val
<
0
)
{
msg_Err
(
p_
this
,
"Cannot initialize DH cipher suites : %s"
,
msg_Err
(
p_
server
,
"Cannot initialize DH cipher suites : %s"
,
gnutls_strerror
(
val
)
);
gnutls_certificate_free_credentials
(
p_server_sys
->
x509_cred
);
free
(
p_server_sys
);
return
NULL
;
}
msg_Dbg
(
p_this
,
"Ciphers parameters computed"
);
gnutls_certificate_set_dh_params
(
p_server_sys
->
x509_cred
,
p_server_sys
->
dh_params
);
p_server
=
(
tls_server_t
*
)
malloc
(
sizeof
(
struct
tls_server_t
)
);
if
(
p_server
==
NULL
)
{
free
(
p_server_sys
);
return
NULL
;
gnutls_certificate_free_credentials
(
p_sys
->
x509_cred
);
goto
error
;
}
msg_Dbg
(
p_server
,
"Ciphers parameters computed"
);
p_server
->
p_tls
=
p_this
;
p_server
->
p_sys
=
p_server_sys
;
p_server
->
pf_delete
=
gnutls_ServerDelete
;
p_server
->
pf_add_CA
=
gnutls_ServerAddCA
;
p_server
->
pf_add_CRL
=
gnutls_ServerAddCRL
;
p_server
->
pf_session_prepare
=
gnutls_ServerSessionPrepare
;
gnutls_certificate_set_dh_params
(
p_sys
->
x509_cred
,
p_sys
->
dh_params
);
return
p_server
;
error:
vlc_mutex_destroy
(
&
p_sys
->
cache_lock
);
vlc_object_detach
(
p_server
);
vlc_object_destroy
(
p_server
);
free
(
p_sys
);
return
NULL
;
}
...
...
src/misc/httpd.c
View file @
73ae5d90
...
...
@@ -1539,7 +1539,7 @@ static void httpd_ClientClean( httpd_client_t *cl )
if
(
cl
->
fd
>=
0
)
{
if
(
cl
->
p_tls
!=
NULL
)
tls_SessionClose
(
cl
->
p_tls
);
tls_Se
rverSe
ssionClose
(
cl
->
p_tls
);
net_Close
(
cl
->
fd
);
cl
->
fd
=
-
1
;
}
...
...
@@ -2480,7 +2480,7 @@ static void httpd_HostThread( httpd_host_t *host )
if
(
p_tls
!=
NULL
)
{
switch
(
tls_SessionHandshake
(
p_tls
,
fd
)
)
switch
(
tls_Se
rverSe
ssionHandshake
(
p_tls
,
fd
)
)
{
case
-
1
:
msg_Err
(
host
,
"Rejecting TLS connection"
);
...
...
@@ -2553,6 +2553,9 @@ static void httpd_HostThread( httpd_host_t *host )
}
vlc_mutex_unlock
(
&
host
->
lock
);
}
if
(
p_tls
!=
NULL
)
tls_ServerSessionClose
(
p_tls
);
}
#ifndef HAVE_GETADDRINFO
...
...
src/misc/tls.c
View file @
73ae5d90
/*****************************************************************************
* tls.c
*****************************************************************************
* Copyright (C) 2004 VideoLAN
* Copyright (C) 2004
-2005
VideoLAN
* $Id: httpd.c 8263 2004-07-24 09:06:58Z courmisch $
*
* Authors: Remi Denis-Courmont <courmisch@via.ecp.fr>
...
...
@@ -55,18 +55,18 @@ tls_ServerCreate( vlc_object_t *p_this, const char *psz_cert,
if
(
psz_key
==
NULL
)
psz_key
=
psz_cert
;
p_server
=
__tls_ServerC
reate
(
p_tls
,
psz_cert
,
psz_key
);
p_server
=
p_tls
->
pf_server_c
reate
(
p_tls
,
psz_cert
,
psz_key
);
if
(
p_server
!=
NULL
)
{
msg_Dbg
(
p_t
hi
s
,
"TLS/SSL provider initialized"
);
msg_Dbg
(
p_t
l
s
,
"TLS/SSL provider initialized"
);
return
p_server
;
}
else
msg_Err
(
p_t
hi
s
,
"TLS/SSL provider error"
);
msg_Err
(
p_t
l
s
,
"TLS/SSL provider error"
);
module_Unneed
(
p_tls
,
p_tls
->
p_module
);
}
else
msg_Err
(
p_t
hi
s
,
"TLS/SSL provider not found"
);
msg_Err
(
p_t
l
s
,
"TLS/SSL provider not found"
);
vlc_object_detach
(
p_tls
);
vlc_object_destroy
(
p_tls
);
...
...
@@ -82,9 +82,9 @@ tls_ServerCreate( vlc_object_t *p_this, const char *psz_cert,
void
tls_ServerDelete
(
tls_server_t
*
p_server
)
{
tls_t
*
p_tls
=
p_server
->
p_tls
;
tls_t
*
p_tls
=
(
tls_t
*
)
p_server
->
p_parent
;
__tls_ServerD
elete
(
p_server
);
p_server
->
pf_d
elete
(
p_server
);
module_Unneed
(
p_tls
,
p_tls
->
p_module
);
vlc_object_detach
(
p_tls
);
...
...
@@ -99,7 +99,7 @@ tls_ServerDelete( tls_server_t *p_server )
* Returns NULL on error. This is a blocking network operation.
*****************************************************************************/
tls_session_t
*
tls_ClientCreate
(
vlc_object_t
*
p_this
,
const
char
*
psz_ca
,
int
fd
)
tls_ClientCreate
(
vlc_object_t
*
p_this
,
int
fd
,
const
char
*
psz_hostname
)
{
tls_t
*
p_tls
;
tls_session_t
*
p_session
;
...
...
@@ -110,12 +110,14 @@ tls_ClientCreate( vlc_object_t *p_this, const char *psz_ca, int fd )
p_tls
->
p_module
=
module_Need
(
p_tls
,
"tls"
,
0
,
0
);
if
(
p_tls
->
p_module
!=
NULL
)
{
p_session
=
__tls_ClientCreate
(
p_tls
,
psz_ca
);
p_session
=
p_tls
->
pf_client_create
(
p_tls
);
if
(
p_session
!=
NULL
)
{
int
i_val
;
for
(
i_val
=
tls_SessionHandshake
(
p_session
,
fd
);
i_val
>
0
;
for
(
i_val
=
tls_ClientSessionHandshake
(
p_session
,
fd
,
psz_hostname
);
i_val
>
0
;
i_val
=
tls_SessionContinueHandshake
(
p_session
)
);
if
(
i_val
==
0
)
...
...
@@ -146,9 +148,9 @@ tls_ClientCreate( vlc_object_t *p_this, const char *psz_ca, int fd )
void
tls_ClientDelete
(
tls_session_t
*
p_session
)
{
tls_t
*
p_tls
=
p_session
->
p_tls
;
tls_t
*
p_tls
=
(
tls_t
*
)
p_session
->
p_parent
;
tls_SessionC
lose
(
p_session
);
p_session
->
pf_c
lose
(
p_session
);
module_Unneed
(
p_tls
,
p_tls
->
p_module
);
vlc_object_detach
(
p_tls
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment