Skip to content

V
vlc
Commit dd65f95c authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont
Browse files
Options

gnutls: remove useless structure for client-side credentials

parent 2200a457
Hide whitespace changes
Inline Side-by-side
Showing with 40 additions and 46 deletions
include/vlc_tls.h
View file @ dd65f95c
...@@ -32,7 +32,6 @@ ...@@ -32,7 +32,6 @@
typedef struct vlc_tls vlc_tls_t; typedef struct vlc_tls vlc_tls_t;
typedef struct vlc_tls_sys vlc_tls_sys_t; typedef struct vlc_tls_sys vlc_tls_sys_t;
typedef struct vlc_tls_creds vlc_tls_creds_t; typedef struct vlc_tls_creds vlc_tls_creds_t;
typedef struct vlc_tls_creds_sys vlc_tls_creds_sys_t;
/** TLS session */ /** TLS session */
struct vlc_tls struct vlc_tls
...@@ -62,7 +61,7 @@ struct vlc_tls_creds ...@@ -62,7 +61,7 @@ struct vlc_tls_creds
VLC_COMMON_MEMBERS VLC_COMMON_MEMBERS
module_t *module; module_t *module;
vlc_tls_creds_sys_t *sys; void *sys;
int (*open) (vlc_tls_creds_t *, vlc_tls_t *, int fd, const char *host); int (*open) (vlc_tls_creds_t *, vlc_tls_t *, int fd, const char *host);
int (*handshake) (vlc_tls_t *, const char *host, const char *service); int (*handshake) (vlc_tls_t *, const char *host, const char *service);
......
modules/misc/gnutls.c
View file @ dd65f95c
...@@ -409,16 +409,6 @@ gnutls_SessionPrioritize (vlc_object_t *obj, gnutls_session_t session) ...@@ -409,16 +409,6 @@ gnutls_SessionPrioritize (vlc_object_t *obj, gnutls_session_t session)
} }
/**
* TLS credentials private data
*/
struct vlc_tls_creds_sys
{
gnutls_certificate_credentials_t x509_cred;
gnutls_dh_params_t dh_params; /* XXX: used for server only */
};
/** /**
* Terminates TLS session and releases session data. * Terminates TLS session and releases session data.
* You still have to close the socket yourself. * You still have to close the socket yourself.
...@@ -435,67 +425,78 @@ static void gnutls_SessionClose (vlc_tls_t *session) ...@@ -435,67 +425,78 @@ static void gnutls_SessionClose (vlc_tls_t *session)
} }
static int gnutls_SessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *session, static int gnutls_SessionOpen (vlc_tls_t *tls, int type,
int type, int fd) gnutls_certificate_credentials_t x509, int fd)
{ {
vlc_tls_sys_t *sys = malloc (sizeof (*session->sys)); vlc_tls_sys_t *sys = malloc (sizeof (*tls->sys));
if (unlikely(sys == NULL)) if (unlikely(sys == NULL))
return VLC_ENOMEM; return VLC_ENOMEM;
session->sys = sys;
session->sock.p_sys = session;
session->sock.pf_send = gnutls_Send;
session->sock.pf_recv = gnutls_Recv;
sys->handshaked = false; sys->handshaked = false;
int val = gnutls_init (&sys->session, type); int val = gnutls_init (&sys->session, type);
if (val != 0) if (val != 0)
{ {
msg_Err (session, "cannot initialize TLS session: %s", msg_Err (tls, "cannot initialize TLS session: %s",
gnutls_strerror (val)); gnutls_strerror (val));
free (sys); free (sys);
return VLC_EGENERIC; return VLC_EGENERIC;
} }
if (gnutls_SessionPrioritize (VLC_OBJECT (crd), sys->session)) if (gnutls_SessionPrioritize (VLC_OBJECT (tls), sys->session))
goto error; goto error;
val = gnutls_credentials_set (sys->session, GNUTLS_CRD_CERTIFICATE, val = gnutls_credentials_set (sys->session, GNUTLS_CRD_CERTIFICATE, x509);
crd->sys->x509_cred);
if (val < 0) if (val < 0)
{ {
msg_Err (session, "cannot set TLS session credentials: %s", msg_Err (tls, "cannot set TLS session credentials: %s",
gnutls_strerror (val)); gnutls_strerror (val));
goto error; goto error;
} }
gnutls_transport_set_ptr (sys->session, gnutls_transport_set_ptr (sys->session,
(gnutls_transport_ptr_t)(intptr_t)fd); (gnutls_transport_ptr_t)(intptr_t)fd);
tls->sys = sys;
tls->sock.p_sys = tls;
tls->sock.pf_send = gnutls_Send;
tls->sock.pf_recv = gnutls_Recv;
return VLC_SUCCESS; return VLC_SUCCESS;
error: error:
gnutls_SessionClose (session); gnutls_SessionClose (tls);
return VLC_EGENERIC; return VLC_EGENERIC;
} }
/**
* Server-side TLS credentials private data
*/
typedef struct vlc_tls_creds_sys
{
gnutls_certificate_credentials_t x509_cred;
gnutls_dh_params_t dh_params;
} vlc_tls_creds_sys_t;
/** /**
* Initializes a server-side TLS session. * Initializes a server-side TLS session.
*/ */
static int gnutls_ServerSessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *session, static int gnutls_ServerSessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *tls,
int fd, const char *hostname) int fd, const char *hostname)
{ {
vlc_tls_creds_sys_t *sys = crd->sys;
assert (hostname == NULL); assert (hostname == NULL);
return gnutls_SessionOpen (crd, session, GNUTLS_SERVER, fd); return gnutls_SessionOpen (tls, GNUTLS_SERVER, sys->x509_cred, fd);
} }
static int gnutls_ClientSessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *session, static int gnutls_ClientSessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *tls,
int fd, const char *hostname) int fd, const char *hostname)
{ {
int val = gnutls_SessionOpen (crd, session, GNUTLS_CLIENT, fd); int val = gnutls_SessionOpen (tls, GNUTLS_CLIENT, crd->sys, fd);
if (val != VLC_SUCCESS) if (val != VLC_SUCCESS)
return val; return val;
vlc_tls_sys_t *sys = session->sys; vlc_tls_sys_t *sys = tls->sys;
/* minimum DH prime bits */ /* minimum DH prime bits */
gnutls_dh_set_prime_bits (sys->session, 1024); gnutls_dh_set_prime_bits (sys->session, 1024);
...@@ -624,49 +625,43 @@ static void CloseServer (vlc_tls_creds_t *crd) ...@@ -624,49 +625,43 @@ static void CloseServer (vlc_tls_creds_t *crd)
*/ */
static int OpenClient (vlc_tls_creds_t *crd) static int OpenClient (vlc_tls_creds_t *crd)
{ {
gnutls_certificate_credentials_t x509;
if (gnutls_Init (VLC_OBJECT(crd))) if (gnutls_Init (VLC_OBJECT(crd)))
return VLC_EGENERIC; return VLC_EGENERIC;
vlc_tls_creds_sys_t *sys = malloc (sizeof (*sys)); int val = gnutls_certificate_allocate_credentials (&x509);
if (unlikely(sys == NULL))
goto error;
int val = gnutls_certificate_allocate_credentials (&sys->x509_cred);
if (val != 0) if (val != 0)
{ {
msg_Err (crd, "cannot allocate credentials: %s", msg_Err (crd, "cannot allocate credentials: %s",
gnutls_strerror (val)); gnutls_strerror (val));
goto error; gnutls_Deinit (VLC_OBJECT(crd));
return VLC_EGENERIC;
} }
val = gnutls_certificate_set_x509_system_trust (sys->x509_cred); val = gnutls_certificate_set_x509_system_trust (x509);
if (val < 0) if (val < 0)
msg_Err (crd, "cannot load trusted Certificate Authorities: %s", msg_Err (crd, "cannot load trusted Certificate Authorities: %s",
gnutls_strerror (val)); gnutls_strerror (val));
else else
msg_Dbg (crd, "loaded %d trusted CAs", val); msg_Dbg (crd, "loaded %d trusted CAs", val);
gnutls_certificate_set_verify_flags (sys->x509_cred, gnutls_certificate_set_verify_flags (x509,
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
crd->sys = sys; crd->sys = x509;
crd->open = gnutls_ClientSessionOpen; crd->open = gnutls_ClientSessionOpen;
crd->handshake = gnutls_HandshakeAndValidate; crd->handshake = gnutls_HandshakeAndValidate;
crd->close = gnutls_SessionClose; crd->close = gnutls_SessionClose;
return VLC_SUCCESS; return VLC_SUCCESS;
error:
free (sys);
gnutls_Deinit (VLC_OBJECT(crd));
return VLC_EGENERIC;
} }
static void CloseClient (vlc_tls_creds_t *crd) static void CloseClient (vlc_tls_creds_t *crd)
{ {
vlc_tls_creds_sys_t *sys = crd->sys; gnutls_certificate_credentials_t x509 = crd->sys;
gnutls_certificate_free_credentials (sys->x509_cred); gnutls_certificate_free_credentials (x509);
free (sys);
gnutls_Deinit (VLC_OBJECT(crd)); gnutls_Deinit (VLC_OBJECT(crd));
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment