tls: vlc_tls_t needs not be a VLC object

754c3ef0 · Rémi Denis-Courmont · f48b0f3f · 754c3ef0 · 754c3ef0 · 754c3ef0
Commit 754c3ef0 authored Dec 16, 2015 by Rémi Denis-Courmont
9 changed files
--- a/include/vlc_tls.h
+++ b/include/vlc_tls.h
@@ -38,8 +38,7 @@ typedef struct vlc_tls_creds vlc_tls_creds_t;
 /** TLS session */
 struct vlc_tls
 {
-    VLC_COMMON_MEMBERS
+    vlc_object_t *obj;
    void *sys;
    int fd;

--- a/modules/access/http/h1conn.c
+++ b/modules/access/http/h1conn.c
@@ -117,13 +117,13 @@ struct vlc_h1_conn
    bool released;
 };
-#define CO(conn) ((vlc_object_t *)((conn)->tls))
+#define CO(conn) ((conn)->tls->obj)
 static void vlc_h1_conn_destroy(struct vlc_h1_conn *conn);
 static void *vlc_h1_stream_fatal(struct vlc_h1_conn *conn)
 {
-    msg_Dbg(conn->tls, "connection failed");
+    msg_Dbg(CO(conn), "connection failed");
    vlc_https_disconnect(conn->tls);
    conn->tls = NULL;
    return NULL;

--- a/modules/access/http/h2conn.c
+++ b/modules/access/http/h2conn.c
@@ -28,6 +28,7 @@
 #include <vlc_common.h>
 #include <vlc_block.h>
 #include <vlc_interrupt.h>
+#include <vlc_tls.h>
 #include "h2frame.h"
 #include "h2output.h"
@@ -35,7 +36,7 @@
 #include "transport.h"
 #include "message.h"
-#define CO(c) ((vlc_object_t *)((c)->tls))
+#define CO(c) ((c)->tls->obj)
 #define SO(s) CO((s)->conn)
 /** HTTP/2 connection */

--- a/modules/access/http/h2conn_test.c
+++ b/modules/access/http/h2conn_test.c
@@ -36,6 +36,7 @@
 #include <vlc_common.h>
 #include <vlc_block.h>
+#include <vlc_tls.h>
 #include "h2frame.h"
 #include "h2conn.h"
 #include "message.h"
@@ -44,22 +45,24 @@
 /* I/O callbacks */
 static int internal_fd = -1;
+static vlc_tls_t fake_tls;
 ssize_t vlc_https_send(struct vlc_tls *tls, const void *buf, size_t len)
 {
-    assert(tls == NULL);
+    assert(tls == &fake_tls);
    (void) buf;
    return len;
 }
 ssize_t vlc_https_recv(struct vlc_tls *tls, void *buf, size_t size)
 {
-    assert(tls == NULL);
+    assert(tls == &fake_tls);
    return read(internal_fd, buf, size);
 }
 void vlc_https_disconnect(struct vlc_tls *tls)
 {
-    assert(tls == NULL);
+    assert(tls == &fake_tls);
    if (close(internal_fd))
        assert(!"close");
 }
@@ -87,7 +90,7 @@ static void conn_create(void)
    external_fd = fds[0];
    internal_fd = fds[1];
-    conn = vlc_h2_conn_create(NULL);
+    conn = vlc_h2_conn_create(&fake_tls);
    assert(conn != NULL);
    conn_send(vlc_h2_frame_settings());
 }

--- a/modules/access/http/h2output.c
+++ b/modules/access/http/h2output.c
@@ -25,6 +25,7 @@
 #include <assert.h>
 #include <stdlib.h>
 #include <vlc_common.h>
+#include <vlc_tls.h>
 #include "h2frame.h"
 #include "h2output.h"
 #include "transport.h"
@@ -205,7 +206,7 @@ static void *vlc_h2_output_thread(void *data)
    do
    {
        frame = vlc_h2_output_dequeue(out);
-        vlc_h2_frame_dump((vlc_object_t *)(out->tls), frame, "out");
+        vlc_h2_frame_dump(out->tls->obj, frame, "out");
    }
    while (vlc_h2_frame_send(out->tls, frame) == 0);

--- a/modules/access/http/h2output_test.c
+++ b/modules/access/http/h2output_test.c
@@ -29,6 +29,7 @@
 #include <stdint.h>
 #include <stdlib.h>
 #include <vlc_common.h>
+#include <vlc_tls.h>
 #include "h2frame.h"
 #include "h2output.h"
 #include "transport.h"
@@ -40,12 +41,14 @@ static bool send_failure = false;
 static bool expect_hello = true;
 static vlc_sem_t rx;
+static vlc_tls_t fake_tls;
 /* Callback for sent frames */
 ssize_t vlc_https_send(struct vlc_tls *tls, const void *buf, size_t len)
 {
    const uint8_t *p = buf;
-    assert(tls == NULL);
+    assert(tls == &fake_tls);
    if (expect_hello)
    {
@@ -99,19 +102,19 @@ int main(void)
    struct vlc_h2_output *out;
    /* Dummy */
-    out = vlc_h2_output_create(NULL, false);
+    out = vlc_h2_output_create(&fake_tls, false);
    assert(out != NULL);
    vlc_h2_output_destroy(out);
    vlc_sem_init(&rx, 0);
-    out = vlc_h2_output_create(NULL, expect_hello = true);
+    out = vlc_h2_output_create(&fake_tls, expect_hello = true);
    assert(out != NULL);
    vlc_h2_output_destroy(out);
    vlc_sem_destroy(&rx);
    /* Success */
    vlc_sem_init(&rx, 0);
-    out = vlc_h2_output_create(NULL, false);
+    out = vlc_h2_output_create(&fake_tls, false);
    assert(out != NULL);
    assert(vlc_h2_output_send_prio(out, NULL) == -1);
    assert(vlc_h2_output_send_prio(out, frame(0)) == 0);
@@ -136,7 +139,7 @@ int main(void)
    vlc_sem_init(&rx, 0);
    counter = 10;
-    out = vlc_h2_output_create(NULL, false);
+    out = vlc_h2_output_create(&fake_tls, false);
    assert(out != NULL);
    assert(vlc_h2_output_send(out, frame(10)) == 0);
@@ -150,7 +153,7 @@ int main(void)
    /* Failure during hello */
    vlc_sem_init(&rx, 0);
    counter = 0;
-    out = vlc_h2_output_create(NULL, expect_hello = true);
+    out = vlc_h2_output_create(&fake_tls, expect_hello = true);
    assert(out != NULL);
    vlc_sem_wait(&rx);

--- a/modules/misc/gnutls.c
+++ b/modules/misc/gnutls.c
@@ -98,7 +98,7 @@ static void gnutls_Deinit (void)
 }
 #endif
-static int gnutls_Error (vlc_object_t *obj, int val)
+static int gnutls_Error(vlc_tls_t *tls, int val)
 {
    switch (val)
    {
@@ -117,10 +117,10 @@ static int gnutls_Error (vlc_object_t *obj, int val)
            break;
        default:
-            msg_Err (obj, "%s", gnutls_strerror (val));
+            msg_Err(tls->obj, "%s", gnutls_strerror (val));
 #ifndef NDEBUG
            if (!gnutls_error_is_fatal (val))
-                msg_Err (obj, "Error above should be handled");
+                msg_Err(tls->obj, "Error above should be handled");
 #endif
 #ifdef _WIN32
            WSASetLastError (WSAECONNRESET);
@@ -129,7 +129,6 @@ static int gnutls_Error (vlc_object_t *obj, int val)
    }
    return -1;
 }
-#define gnutls_Error(o, val) gnutls_Error(VLC_OBJECT(o), val)
 #ifdef IOV_MAX
 static ssize_t vlc_gnutls_writev (gnutls_transport_ptr_t ptr,
@@ -197,7 +196,7 @@ static void gnutls_Close (vlc_tls_t *tls)
    gnutls_deinit (session);
 }
-static int gnutls_SessionOpen (vlc_tls_t *tls, int type,
+static int gnutls_SessionOpen(vlc_tls_creds_t *creds, vlc_tls_t *tls, int type,
                              gnutls_certificate_credentials_t x509, int fd,
                              const char *const *alpn)
 {
@@ -208,19 +207,19 @@ static int gnutls_SessionOpen (vlc_tls_t *tls, int type,
    val = gnutls_init (&session, type);
    if (val != 0)
    {
-        msg_Err (tls, "cannot initialize TLS session: %s",
+        msg_Err(creds, "cannot initialize TLS session: %s",
-                 gnutls_strerror (val));
+                gnutls_strerror(val));
        return VLC_EGENERIC;
    }
-    char *priorities = var_InheritString (tls, "gnutls-priorities");
+    char *priorities = var_InheritString(creds, "gnutls-priorities");
    if (unlikely(priorities == NULL))
        goto error;
    val = gnutls_priority_set_direct (session, priorities, &errp);
    if (val < 0)
-        msg_Err (tls, "cannot set TLS priorities \"%s\": %s", errp,
+        msg_Err(creds, "cannot set TLS priorities \"%s\": %s", errp,
-                 gnutls_strerror (val));
+                gnutls_strerror(val));
    free (priorities);
    if (val < 0)
        goto error;
@@ -228,8 +227,8 @@ static int gnutls_SessionOpen (vlc_tls_t *tls, int type,
    val = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509);
    if (val < 0)
    {
-        msg_Err (tls, "cannot set TLS session credentials: %s",
+        msg_Err(creds, "cannot set TLS session credentials: %s",
-                 gnutls_strerror (val));
+                gnutls_strerror(val));
        goto error;
    }
@@ -280,7 +279,8 @@ error:
 * 1 if more would-be blocking recv is needed,
 * 2 if more would-be blocking send is required.
 */
-static int gnutls_ContinueHandshake (vlc_tls_t *tls, char **restrict alp)
+static int gnutls_ContinueHandshake(vlc_tls_creds_t *crd, vlc_tls_t *tls,
+                                    char **restrict alp)
 {
    gnutls_session_t session = tls->sys;
    int val;
@@ -291,7 +291,7 @@ static int gnutls_ContinueHandshake (vlc_tls_t *tls, char **restrict alp)
    do
    {
        val = gnutls_handshake (session);
-        msg_Dbg (tls, "TLS handshake: %s", gnutls_strerror (val));
+        msg_Dbg(crd, "TLS handshake: %s", gnutls_strerror (val));
        switch (val)
        {
@@ -306,9 +306,9 @@ static int gnutls_ContinueHandshake (vlc_tls_t *tls, char **restrict alp)
    while (!gnutls_error_is_fatal (val));
 #ifdef _WIN32
-    msg_Dbg (tls, "Winsock error %d", WSAGetLastError ());
+    msg_Dbg(crd, "Winsock error %d", WSAGetLastError ());
 #endif
-    msg_Err (tls, "TLS handshake error: %s", gnutls_strerror (val));
+    msg_Err(crd, "TLS handshake error: %s", gnutls_strerror (val));
    return -1;
 done:
@@ -336,7 +336,7 @@ static int gnutls_ClientSessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *tls,
                                     int fd, const char *hostname,
                                     const char *const *alpn)
 {
-    int val = gnutls_SessionOpen (tls, GNUTLS_CLIENT, crd->sys, fd, alpn);
+    int val = gnutls_SessionOpen(crd, tls, GNUTLS_CLIENT, crd->sys, fd, alpn);
    if (val != VLC_SUCCESS)
        return val;
@@ -357,7 +357,7 @@ static int gnutls_ClientHandshake(vlc_tls_creds_t *creds, vlc_tls_t *tls,
                                  const char *host, const char *service,
                                  char **restrict alp)
 {
-    int val = gnutls_ContinueHandshake (tls, alp);
+    int val = gnutls_ContinueHandshake(creds, tls, alp);
    if (val)
        return val;
@@ -368,8 +368,8 @@ static int gnutls_ClientHandshake(vlc_tls_creds_t *creds, vlc_tls_t *tls,
    val = gnutls_certificate_verify_peers3 (session, host, &status);
    if (val)
    {
-        msg_Err (tls, "Certificate verification error: %s",
+        msg_Err(creds, "Certificate verification error: %s",
-                 gnutls_strerror (val));
+                gnutls_strerror(val));
        return -1;
    }
@@ -382,7 +382,7 @@ static int gnutls_ClientHandshake(vlc_tls_creds_t *creds, vlc_tls_t *tls,
    if (gnutls_certificate_verification_status_print(status,
                         gnutls_certificate_type_get (session), &desc, 0) == 0)
    {
-        msg_Err (tls, "Certificate verification failure: %s", desc.data);
+        msg_Err(creds, "Certificate verification failure: %s", desc.data);
        gnutls_free (desc.data);
    }
@@ -400,44 +400,44 @@ static int gnutls_ClientHandshake(vlc_tls_creds_t *creds, vlc_tls_t *tls,
    datum = gnutls_certificate_get_peers (session, &count);
    if (datum == NULL || count == 0)
    {
-        msg_Err (tls, "Peer certificate not available");
+        msg_Err(creds, "Peer certificate not available");
        return -1;
    }
-    msg_Dbg (tls, "%u certificate(s) in the list", count);
+    msg_Dbg(creds, "%u certificate(s) in the list", count);
    val = gnutls_verify_stored_pubkey (NULL, NULL, host, service,
                                       GNUTLS_CRT_X509, datum, 0);
    const char *msg;
    switch (val)
    {
        case 0:
-            msg_Dbg (tls, "certificate key match for %s", host);
+            msg_Dbg(creds, "certificate key match for %s", host);
            return 0;
        case GNUTLS_E_NO_CERTIFICATE_FOUND:
-            msg_Dbg (tls, "no known certificates for %s", host);
+            msg_Dbg(creds, "no known certificates for %s", host);
            msg = N_("However the security certificate presented by the "
                "server is unknown and could not be authenticated by any "
                "trusted Certificate Authority.");
            break;
        case GNUTLS_E_CERTIFICATE_KEY_MISMATCH:
-            msg_Dbg (tls, "certificate keys mismatch for %s", host);
+            msg_Dbg(creds, "certificate keys mismatch for %s", host);
            msg = N_("However the security certificate presented by the "
                "server changed since the previous visit and was not "
                "authenticated by any trusted Certificate Authority. ");
            break;
        default:
-            msg_Err (tls, "certificate key match error for %s: %s", host,
+            msg_Err(creds, "certificate key match error for %s: %s", host,
-                     gnutls_strerror (val));
+                    gnutls_strerror(val));
            return -1;
    }
-    if (dialog_Question (tls, _("Insecure site"),
+    if (dialog_Question(creds, _("Insecure site"),
        _("You attempted to reach %s. %s\n"
          "This problem may be stem from an attempt to breach your security, "
          "compromise your privacy, or a configuration error.\n\n"
          "If in doubt, abort now.\n"),
                        _("Abort"), _("View certificate"), NULL,
-                         vlc_gettext (msg), host) != 2)
+                        vlc_gettext(msg), host) != 2)
        return -1;
    gnutls_x509_crt_t cert;
@@ -452,7 +452,7 @@ static int gnutls_ClientHandshake(vlc_tls_creds_t *creds, vlc_tls_t *tls,
    }
    gnutls_x509_crt_deinit (cert);
-    val = dialog_Question (tls, _("Insecure site"),
+    val = dialog_Question(creds, _("Insecure site"),
         _("This is the certificate presented by %s:\n%s\n\n"
           "If in doubt, abort now.\n"),
                          _("Abort"), _("Accept 24 hours"),
@@ -469,7 +469,7 @@ static int gnutls_ClientHandshake(vlc_tls_creds_t *creds, vlc_tls_t *tls,
            val = gnutls_store_pubkey (NULL, NULL, host, service,
                                       GNUTLS_CRT_X509, datum, expiry, 0);
            if (val)
-                msg_Err (tls, "cannot store X.509 certificate: %s",
+                msg_Err(creds, "cannot store X.509 certificate: %s",
                         gnutls_strerror (val));
            return 0;
    }
@@ -540,7 +540,8 @@ static int gnutls_ServerSessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *tls,
    vlc_tls_creds_sys_t *sys = crd->sys;
    assert (hostname == NULL);
-    return gnutls_SessionOpen (tls, GNUTLS_SERVER, sys->x509_cred, fd, alpn);
+    return gnutls_SessionOpen(crd, tls, GNUTLS_SERVER, sys->x509_cred, fd,
+                              alpn);
 }
 static int gnutls_ServerHandshake(vlc_tls_creds_t *crd, vlc_tls_t *tls,
@@ -548,7 +549,7 @@ static int gnutls_ServerHandshake(vlc_tls_creds_t *crd, vlc_tls_t *tls,
                                  char **restrict alp)
 {
    (void) host; (void) service;
-    return gnutls_ContinueHandshake (tls, alp);
+    return gnutls_ContinueHandshake(crd, tls, alp);
 }
 /**

--- a/modules/misc/securetransport.c
+++ b/modules/misc/securetransport.c
@@ -106,11 +106,11 @@ static int st_Error (vlc_tls_t *obj, int val)
        case errSSLClosedGraceful:
        case errSSLClosedAbort:
-            msg_Dbg(obj, "Connection closed with code %d", val);
+            msg_Dbg(obj->obj, "Connection closed with code %d", val);
            errno = ECONNRESET;
            break;
        default:
-            msg_Err(obj, "Found error %d", val);
+            msg_Err(obj->obj, "Found error %d", val);
            errno = ECONNRESET;
    }
    return -1;
@@ -138,7 +138,7 @@ static OSStatus st_SocketReadFunc (SSLConnectionRef connection,
        val = read(sys->i_fd, currData, bytesToGo);
        if (val <= 0) {
            if (val == 0) {
-                msg_Dbg(session, "found eof");
+                msg_Dbg(session->obj, "found eof");
                retValue = errSSLClosedGraceful;
            } else { /* do the switch */
                switch (errno) {
@@ -154,7 +154,7 @@ static OSStatus st_SocketReadFunc (SSLConnectionRef connection,
                        sys->b_blocking_send = false;
                        break;
                    default:
-                        msg_Err(session, "try to read %d bytes, got error %d",
+                        msg_Err(session->obj, "try to read %d bytes, got error %d",
                                (int)bytesToGo, errno);
                        retValue = ioErr;
                        break;
@@ -210,7 +210,7 @@ static OSStatus st_SocketWriteFunc (SSLConnectionRef connection,
                break;
            default:
-                msg_Err(session, "error while writing: %d", errno);
+                msg_Err(session->obj, "error while writing: %d", errno);
                retValue = ioErr;
        }
    }
@@ -228,7 +228,7 @@ static int st_validateServerCertificate (vlc_tls_t *session, const char *hostnam
    SecTrustRef trust = NULL;
    OSStatus ret = SSLCopyPeerTrust(sys->p_context, &trust);
    if (ret != noErr || trust == NULL) {
-        msg_Err(session, "error getting certifictate chain");
+        msg_Err(session->obj, "error getting certifictate chain");
        return -1;
    }
@@ -240,7 +240,7 @@ static int st_validateServerCertificate (vlc_tls_t *session, const char *hostnam
    /* enable default root / anchor certificates */
    ret = SecTrustSetAnchorCertificates(trust, NULL);
    if (ret != noErr) {
-        msg_Err(session, "error setting anchor certificates");
+        msg_Err(session->obj, "error setting anchor certificates");
        result = -1;
        goto out;
    }
@@ -249,7 +249,7 @@ static int st_validateServerCertificate (vlc_tls_t *session, const char *hostnam
    ret = SecTrustEvaluate(trust, &trust_eval_result);
    if (ret != noErr) {
-        msg_Err(session, "error calling SecTrustEvaluate");
+        msg_Err(session->obj, "error calling SecTrustEvaluate");
        result = -1;
        goto out;
    }
@@ -257,14 +257,14 @@ static int st_validateServerCertificate (vlc_tls_t *session, const char *hostnam
    switch (trust_eval_result) {
        case kSecTrustResultUnspecified:
        case kSecTrustResultProceed:
-            msg_Dbg(session, "cerfificate verification successful, result is %d", trust_eval_result);
+            msg_Dbg(session->obj, "cerfificate verification successful, result is %d", trust_eval_result);
            result = 0;
            goto out;
        case kSecTrustResultRecoverableTrustFailure:
        case kSecTrustResultDeny:
        default:
-            msg_Warn(session, "cerfificate verification failed, result is %d", trust_eval_result);
+            msg_Warn(session->obj, "cerfificate verification failed, result is %d", trust_eval_result);
    }
    /* get leaf certificate */
@@ -309,7 +309,7 @@ static int st_validateServerCertificate (vlc_tls_t *session, const char *hostnam
            continue;
        if (CFEqual(knownHost, cfHostname) && CFEqual(knownCert, leaf_cert)) {
-            msg_Warn(session, "certificate already accepted, continuing");
+            msg_Warn(session->obj, "certificate already accepted, continuing");
            result = 0;
            goto out;
        }
@@ -336,7 +336,7 @@ static int st_validateServerCertificate (vlc_tls_t *session, const char *hostnam
                                  _("Abort"), _("Accept certificate temporarily"), NULL, hostname);
    if (answer == 2) {
-        msg_Warn(session, "Proceeding despite of failed certificate validation");
+        msg_Warn(session->obj, "Proceeding despite of failed certificate validation");
        /* save leaf certificate in whitelist */
        const void *keys[] = {cfKeyHost, cfKeyCertificate};
@@ -346,7 +346,7 @@ static int st_validateServerCertificate (vlc_tls_t *session, const char *hostnam
                                                   &kCFTypeDictionaryKeyCallBacks,
                                                   &kCFTypeDictionaryValueCallBacks);
        if (!dict) {
-            msg_Err(session, "error creating dict");
+            msg_Err(session->obj, "error creating dict");
            result = -1;
            goto out;
        }
@@ -388,7 +388,7 @@ static int st_Handshake (vlc_tls_creds_t *crd, vlc_tls_t *session,
    OSStatus retValue = SSLHandshake(sys->p_context);
    if (retValue == errSSLWouldBlock) {
-        msg_Dbg(session, "handshake is blocked, try again later");
+        msg_Dbg(crd, "handshake is blocked, try again later");
        return 1 + (sys->b_blocking_send ? 1 : 0);
    }
@@ -397,7 +397,7 @@ static int st_Handshake (vlc_tls_creds_t *crd, vlc_tls_t *session,
            if (sys->b_server_mode == false && st_validateServerCertificate(session, host) != 0) {
                return -1;
            }
-            msg_Dbg(session, "handshake completed successfully");
+            msg_Dbg(crd, "handshake completed successfully");
            sys->b_handshaked = true;
            return 0;
@@ -405,17 +405,17 @@ static int st_Handshake (vlc_tls_creds_t *crd, vlc_tls_t *session,
            return st_Handshake(session, host, service, alp);
        case errSSLConnectionRefused:
-            msg_Err(session, "connection was refused");
+            msg_Err(crd, "connection was refused");
            return -1;
        case errSSLNegotiation:
-            msg_Err(session, "cipher suite negotiation failed");
+            msg_Err(crd, "cipher suite negotiation failed");
            return -1;
        case errSSLFatalAlert:
-            msg_Err(session, "fatal error occured during handshake");
+            msg_Err(crd, "fatal error occured during handshake");
            return -1;
        default:
-            msg_Err(session, "handshake returned error %d", (int)retValue);
+            msg_Err(crd, "handshake returned error %d", (int)retValue);
            return -1;
    }
 }
@@ -488,7 +488,7 @@ static ssize_t st_Recv (vlc_tls_t *session, void *buf, size_t length)
    /* peer performed shutdown */
    if (ret == errSSLClosedNoNotify || ret == errSSLClosedGraceful) {
-        msg_Dbg(session, "Got close notification with code %i", (int)ret);
+        msg_Dbg(session->obj, "Got close notification with code %i", (int)ret);
        return 0;
    }
@@ -501,7 +501,7 @@ static ssize_t st_Recv (vlc_tls_t *session, void *buf, size_t length)
 static void st_SessionClose (vlc_tls_t *session) {
    vlc_tls_sys_t *sys = session->sys;
-    msg_Dbg(session, "close TLS session");
+    msg_Dbg(session->obj, "close TLS session");
    if (sys->p_context) {
        if (sys->b_handshaked) {
@@ -550,12 +550,12 @@ static int st_SessionOpenCommon (vlc_tls_creds_t *crd, vlc_tls_t *session,
 #if TARGET_OS_IPHONE
    p_context = SSLCreateContext(NULL, b_server ? kSSLServerSide : kSSLClientSide, kSSLStreamType);
    if (p_context == NULL) {
-        msg_Err(session, "cannot create ssl context");
+        msg_Err(crd, "cannot create ssl context");
        return -1;
    }
 #else
    if (SSLNewContext(b_server, &p_context) != noErr) {
-        msg_Err(session, "error calling SSLNewContext");
+        msg_Err(crd, "error calling SSLNewContext");
        return -1;
    }
 #endif
@@ -564,13 +564,13 @@ static int st_SessionOpenCommon (vlc_tls_creds_t *crd, vlc_tls_t *session,
    OSStatus ret = SSLSetIOFuncs(p_context, st_SocketReadFunc, st_SocketWriteFunc);
    if (ret != noErr) {
-        msg_Err(session, "cannot set io functions");
+        msg_Err(crd, "cannot set io functions");
        return -1;
    }
    ret = SSLSetConnection(p_context, session);
    if (ret != noErr) {
-        msg_Err(session, "cannot set connection");
+        msg_Err(crd, "cannot set connection");
        return -1;
    }
@@ -580,7 +580,7 @@ static int st_SessionOpenCommon (vlc_tls_creds_t *crd, vlc_tls_t *session,
 static int st_ClientSessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *session,
                                     int fd, const char *hostname, const char *const *alpn) {
    VLC_UNUSED(alpn);
-    msg_Dbg(session, "open TLS session for %s", hostname);
+    msg_Dbg(crd, "open TLS session for %s", hostname);
    int ret = st_SessionOpenCommon(crd, session, fd, false);
    if (ret != noErr) {
@@ -592,7 +592,7 @@ static int st_ClientSessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *session,
    ret = SSLSetPeerDomainName(sys->p_context, hostname, strlen(hostname));
    if (ret != noErr) {
-        msg_Err(session, "cannot set peer domain name");
+        msg_Err(crd, "cannot set peer domain name");
        goto error;
    }
@@ -602,14 +602,14 @@ static int st_ClientSessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *session,
    /* this has effect only on iOS 5 and OSX 10.8 or later ... */
    ret = SSLSetSessionOption(sys->p_context, kSSLSessionOptionBreakOnServerAuth, true);
    if (ret != noErr) {
-        msg_Err (session, "cannot set session option");
+        msg_Err (crd, "cannot set session option");
        goto error;
    }
 #if !TARGET_OS_IPHONE
    /* ... thus calling this for earlier osx versions, which is not available on iOS in turn */
    ret = SSLSetEnableCertVerify(sys->p_context, false);
    if (ret != noErr) {
-        msg_Err(session, "error setting enable cert verify");
+        msg_Err(crd, "error setting enable cert verify");
        goto error;
    }
 #endif
@@ -663,7 +663,7 @@ static int st_ServerSessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *session,
    VLC_UNUSED(hostname);
    VLC_UNUSED(alpn);
-    msg_Dbg(session, "open TLS server session");
+    msg_Dbg(crd, "open TLS server session");
    int ret = st_SessionOpenCommon(crd, session, fd, true);
    if (ret != noErr) {
@@ -676,7 +676,7 @@ static int st_ServerSessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *session,
    ret = SSLSetCertificate(sys->p_context, p_cred_sys->server_cert_chain);
    if (ret != noErr) {
-        msg_Err(session, "cannot set server certificate");
+        msg_Err(crd, "cannot set server certificate");
        goto error;
    }

--- a/src/network/tls.c
+++ b/src/network/tls.c
@@ -131,22 +131,26 @@ void vlc_tls_Delete (vlc_tls_creds_t *crd)
 vlc_tls_t *vlc_tls_SessionCreate (vlc_tls_creds_t *crd, int fd,
                                  const char *host, const char *const *alpn)
 {
-    vlc_tls_t *session = vlc_custom_create (crd->p_parent, sizeof (*session),
+    vlc_tls_t *session = malloc(sizeof (*session));
-                                            "tls session");
+    if (unlikely(session == NULL))
+        return NULL;
+    session->obj = crd->p_parent;
+    session->fd = fd;
    int val = crd->open (crd, session, fd, host, alpn);
    if (val != VLC_SUCCESS)
    {
-        vlc_object_release (session);
+        free(session);
-        return NULL;
+        session= NULL;
    }
-    session->fd = fd;
    return session;
 }
 void vlc_tls_SessionDelete (vlc_tls_t *session)
 {
    session->close (session);
-    vlc_object_release (session);
+    free(session);
 }
 static void cleanup_tls(void *data)
@@ -182,7 +186,7 @@ vlc_tls_t *vlc_tls_ClientSessionCreate (vlc_tls_creds_t *crd, int fd,
    {
        if (val < 0)
        {
-            msg_Err (session, "TLS client session handshake error");
+            msg_Err(crd, "TLS session handshake error");
 error:
            vlc_tls_SessionDelete (session);
            session = NULL;
@@ -201,7 +205,7 @@ error:
        canc = vlc_savecancel();
        if (val == 0)
        {
-            msg_Err (session, "TLS client session handshake timeout");
+            msg_Err(crd, "TLS session handshake timeout");
            goto error;
        }
    }