vlc | branch: master | Geoffroy Couprie <[email protected]> | Sat Apr 30 19:29:55 2011 +0200| [95b0fe358d8f84e39a8497de0de924a27dc9e994] | committer: Jean-Baptiste Kempf
Win32: use the OS list of certificate authorities Ref #3682 and #3666 Now, we have [022d6ffc] main tls client debug: TLS client session initialized instead of [004e6ffc] gnutls tls client error: Certificate could not be verified However, this still doesn't work fine, since we got a: "access_http acccess error: failed to read answer" Signed-off-by: Jean-Baptiste Kempf <[email protected]> > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=95b0fe358d8f84e39a8497de0de924a27dc9e994 --- configure.ac | 2 +- modules/misc/gnutls.c | 41 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 1 deletions(-) diff --git a/configure.ac b/configure.ac index 87ade39..14c729c 100644 --- a/configure.ac +++ b/configure.ac @@ -4065,7 +4065,7 @@ AS_IF([test "${enable_gnutls}" != "no"], [ VLC_ADD_CFLAGS([gnutls], [$GNUTLS_CFLAGS]) AS_IF([test "${SYS}" = "mingw32"], [ dnl pkg-config --libs gnutls omits these - VLC_ADD_LIBS([gnutls], [-lz ${LTLIBINTL}]) + VLC_ADD_LIBS([gnutls], [-lz ${LTLIBINTL} -lcrypt32]) ]) VLC_ADD_LIBS([gnutls], [${GCRYPT_LIBS}]) VLC_ADD_CFLAGS([gnutls], [${GCRYPT_CFLAGS}]) diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c index cc60b69..c0f8a03 100644 --- a/modules/misc/gnutls.c +++ b/modules/misc/gnutls.c @@ -41,6 +41,7 @@ #endif #ifdef WIN32 # include <io.h> +# include <wincrypt.h> #else # include <unistd.h> #endif @@ -439,6 +440,10 @@ static int gnutls_Addx509File( vlc_object_t *p_this, gnutls_certificate_credentials_t cred, const char *psz_path, bool b_priv ); +#ifdef WIN32 +static int gnutls_loadOSCAList(vlc_object_t *p_this, + gnutls_certificate_credentials_t cred); +#endif static int gnutls_Addx509Directory( vlc_object_t *p_this, @@ -562,6 +567,37 @@ error: return VLC_EGENERIC; } +#ifdef WIN32 +static int +gnutls_loadOSCAList( vlc_object_t *p_this, + gnutls_certificate_credentials cred) +{ + HCERTSTORE hCertStore = CertOpenSystemStoreA((HCRYPTPROV)NULL, "ROOT"); + if (!hCertStore) + { + msg_Warn (p_this, "could not open the Cert SystemStore"); + return VLC_EGENERIC; + } + + PCCERT_CONTEXT pCertContext = CertEnumCertificatesInStore(hCertStore, NULL); + while( pCertContext ) + { + gnutls_datum data = { + .data = pCertContext->pbCertEncoded, + .size = pCertContext->cbCertEncoded, + }; + + if(!gnutls_certificate_set_x509_trust_mem(cred, &data, GNUTLS_X509_FMT_DER)) + { + msg_Warn (p_this, "cannot add x509 credential"); + return VLC_EGENERIC; + } + + pCertContext = CertEnumCertificatesInStore(hCertStore, pCertContext); + } + return VLC_SUCCESS; +} +#endif /** TLS client session data */ typedef struct tls_client_sys_t @@ -626,8 +662,13 @@ static int OpenClient (vlc_object_t *obj) char path[strlen (confdir) + sizeof ("/ssl/certs/ca-certificates.crt")]; sprintf (path, "%s/ssl/certs/ca-certificates.crt", confdir); +#ifdef WIN32 + gnutls_loadOSCAList (VLC_OBJECT (p_session), + p_sys->x509_cred); +#else gnutls_Addx509File (VLC_OBJECT (p_session), p_sys->x509_cred, path, false); +#endif } p_session->pf_handshake = gnutls_HandshakeAndValidate; /*p_session->pf_handshake = gnutls_ContinueHandshake;*/ _______________________________________________ vlc-commits mailing list [email protected] http://mailman.videolan.org/listinfo/vlc-commits
