vlc/vlc-3.0 | branch: master | Thomas Guillem <tho...@gllm.fr> | Thu Jan 18 11:25:32 2018 +0100| [0d8b5004b5df9b235a945da00eec50163a5e8e5c] | committer: Thomas Guillem
tls: Add a way to ignore CA check. Without breaking ABI. > http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=0d8b5004b5df9b235a945da00eec50163a5e8e5c --- include/vlc_objects.h | 1 + modules/misc/gnutls.c | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/include/vlc_objects.h b/include/vlc_objects.h index a5b5dc21dc..4a2814187a 100644 --- a/include/vlc_objects.h +++ b/include/vlc_objects.h @@ -31,6 +31,7 @@ /* Object flags */ #define OBJECT_FLAGS_QUIET 0x0002 #define OBJECT_FLAGS_NOINTERACT 0x0004 +#define OBJECT_FLAGS_INSECURE 0x1000 /* VLC 3.0 only, will be removed */ /***************************************************************************** * The vlc_object_t type. Yes, it's that simple :-) diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c index 1cca9c14a7..57429a0b99 100644 --- a/modules/misc/gnutls.c +++ b/modules/misc/gnutls.c @@ -445,6 +445,13 @@ static int gnutls_ClientHandshake(vlc_tls_creds_t *creds, vlc_tls_t *tls, gnutls_free (desc.data); } + if (status == (GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID) && + (creds->obj.flags & OBJECT_FLAGS_INSECURE)) + { + msg_Info( creds, "Accepting self-signed/untrusted CA certificate." ); + return 0; + } + status &= ~GNUTLS_CERT_INVALID; /* always set / catch-all error */ status &= ~GNUTLS_CERT_SIGNER_NOT_FOUND; /* unknown CA */ status &= ~GNUTLS_CERT_UNEXPECTED_OWNER; /* mismatched hostname */ _______________________________________________ vlc-commits mailing list vlc-commits@videolan.org https://mailman.videolan.org/listinfo/vlc-commits