vlc | branch: master | Rémi Denis-Courmont <r...@remlab.net> | Thu Sep 27 21:40:41 2012 +0300| [ca7d4cbd3647a6a75103dc122779518feba30296] | committer: Rémi Denis-Courmont
gnutls: use system X.509 trust GnuTLS system trust supports more systems, and supports Linux and Windows better, than the old custom code. > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=ca7d4cbd3647a6a75103dc122779518feba30296 --- modules/misc/Modules.am | 2 +- modules/misc/gnutls.c | 55 +++++++++++------------------------------------ 2 files changed, 13 insertions(+), 44 deletions(-) diff --git a/modules/misc/Modules.am b/modules/misc/Modules.am index aa92fa8..4512e1d 100644 --- a/modules/misc/Modules.am +++ b/modules/misc/Modules.am @@ -16,7 +16,7 @@ libgnutls_plugin_la_SOURCES = gnutls.c dhparams.h libgnutls_plugin_la_CFLAGS = $(AM_CFLAGS) $(GNUTLS_CFLAGS) libgnutls_plugin_la_LIBADD = $(AM_LIBADD) $(GNUTLS_LIBS) if HAVE_WIN32 -libgnutls_plugin_la_LIBADD += -lcrypt32 $(SOCKET_LIBS) +libgnutls_plugin_la_LIBADD += $(SOCKET_LIBS) endif EXTRA_LTLIBRARIES += libgnutls_plugin.la libvlc_LTLIBRARIES += $(LTLIBgnutls) diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c index 3416d8e..c4c0583 100644 --- a/modules/misc/gnutls.c +++ b/modules/misc/gnutls.c @@ -32,9 +32,7 @@ #include <sys/stat.h> #ifdef WIN32 -# include <windows.h> # include <io.h> -# include <wincrypt.h> #else # include <unistd.h> #endif @@ -49,6 +47,10 @@ #include <gnutls/gnutls.h> #include <gnutls/x509.h> +#if (GNUTLS_VERSION_NUMBER < 0x030014) +# define gnutls_certificate_set_x509_system_trust(c) \ + (c, GNUTLS_E_UNIMPLEMENTED_FEATURE) +#endif #include "dhparams.h" @@ -118,7 +120,7 @@ static int gnutls_Init (vlc_object_t *p_this) goto error; } - const char *psz_version = gnutls_check_version ("2.0.0"); + const char *psz_version = gnutls_check_version ("3.0.20"); if (psz_version == NULL) { msg_Err (p_this, "unsupported GnuTLS version"); @@ -459,36 +461,6 @@ static void gnutls_x509_AddPath (vlc_object_t *obj, gnutls_x509_AddFD (obj, cred, fd, priv, 5); } -#else /* WIN32 */ -static int -gnutls_loadOSCAList (vlc_object_t *p_this, - gnutls_certificate_credentials cred) -{ - HCERTSTORE hCertStore = CertOpenSystemStoreA((HCRYPTPROV)NULL, "ROOT"); - if (!hCertStore) - { - msg_Warn (p_this, "could not open the Cert SystemStore"); - return VLC_EGENERIC; - } - - PCCERT_CONTEXT pCertContext = CertEnumCertificatesInStore(hCertStore, NULL); - while( pCertContext ) - { - gnutls_datum data = { - .data = pCertContext->pbCertEncoded, - .size = pCertContext->cbCertEncoded, - }; - - if(!gnutls_certificate_set_x509_trust_mem(cred, &data, GNUTLS_X509_FMT_DER)) - { - msg_Warn (p_this, "cannot add x509 credential"); - return VLC_EGENERIC; - } - - pCertContext = CertEnumCertificatesInStore(hCertStore, pCertContext); - } - return VLC_SUCCESS; -} #endif /* WIN32 */ /** @@ -520,6 +492,13 @@ static int OpenClient (vlc_tls_t *session, int fd, const char *hostname) goto error; } + val = gnutls_certificate_set_x509_system_trust (sys->x509_cred); + if (val < 0) + msg_Err (session, "cannot load trusted Certificate Authorities: %s", + gnutls_strerror (val)); + else + msg_Dbg (session, "loaded %d trusted CAs", val); + #ifndef WIN32 char *userdir = config_GetUserDir (VLC_DATA_DIR); if (userdir != NULL) @@ -534,16 +513,6 @@ static int OpenClient (vlc_tls_t *session, int fd, const char *hostname) gnutls_x509_AddPath (VLC_OBJECT(session), sys->x509_cred, path, true); free (userdir); } - - const char *confdir = config_GetConfDir (); - { - char path[strlen (confdir) - + sizeof ("/ssl/certs/ca-certificates.crt")]; - sprintf (path, "%s/ssl/certs/ca-certificates.crt", confdir); - gnutls_x509_AddPath (VLC_OBJECT(session), sys->x509_cred, path, false); - } -#else /* WIN32 */ - gnutls_loadOSCAList (VLC_OBJECT(session), sys->x509_cred); #endif gnutls_certificate_set_verify_flags (sys->x509_cred, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); _______________________________________________ vlc-commits mailing list vlc-commits@videolan.org http://mailman.videolan.org/listinfo/vlc-commits
