vlc | branch: master | Rémi Denis-Courmont <[email protected]> | Sat Aug 23 01:31:01 2014 +0300| [dd65f95ca57f8a3991266e063833e5abd5142e09] | committer: Rémi Denis-Courmont
gnutls: remove useless structure for client-side credentials > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=dd65f95ca57f8a3991266e063833e5abd5142e09 --- include/vlc_tls.h | 3 +- modules/misc/gnutls.c | 83 +++++++++++++++++++++++-------------------------- 2 files changed, 40 insertions(+), 46 deletions(-) diff --git a/include/vlc_tls.h b/include/vlc_tls.h index b143544..c55b979 100644 --- a/include/vlc_tls.h +++ b/include/vlc_tls.h @@ -32,7 +32,6 @@ typedef struct vlc_tls vlc_tls_t; typedef struct vlc_tls_sys vlc_tls_sys_t; typedef struct vlc_tls_creds vlc_tls_creds_t; -typedef struct vlc_tls_creds_sys vlc_tls_creds_sys_t; /** TLS session */ struct vlc_tls @@ -62,7 +61,7 @@ struct vlc_tls_creds VLC_COMMON_MEMBERS module_t *module; - vlc_tls_creds_sys_t *sys; + void *sys; int (*open) (vlc_tls_creds_t *, vlc_tls_t *, int fd, const char *host); int (*handshake) (vlc_tls_t *, const char *host, const char *service); diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c index a435907..bbc0950 100644 --- a/modules/misc/gnutls.c +++ b/modules/misc/gnutls.c @@ -410,16 +410,6 @@ gnutls_SessionPrioritize (vlc_object_t *obj, gnutls_session_t session) /** - * TLS credentials private data - */ -struct vlc_tls_creds_sys -{ - gnutls_certificate_credentials_t x509_cred; - gnutls_dh_params_t dh_params; /* XXX: used for server only */ -}; - - -/** * Terminates TLS session and releases session data. * You still have to close the socket yourself. */ @@ -435,67 +425,78 @@ static void gnutls_SessionClose (vlc_tls_t *session) } -static int gnutls_SessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *session, - int type, int fd) +static int gnutls_SessionOpen (vlc_tls_t *tls, int type, + gnutls_certificate_credentials_t x509, int fd) { - vlc_tls_sys_t *sys = malloc (sizeof (*session->sys)); + vlc_tls_sys_t *sys = malloc (sizeof (*tls->sys)); if (unlikely(sys == NULL)) return VLC_ENOMEM; - session->sys = sys; - session->sock.p_sys = session; - session->sock.pf_send = gnutls_Send; - session->sock.pf_recv = gnutls_Recv; sys->handshaked = false; int val = gnutls_init (&sys->session, type); if (val != 0) { - msg_Err (session, "cannot initialize TLS session: %s", + msg_Err (tls, "cannot initialize TLS session: %s", gnutls_strerror (val)); free (sys); return VLC_EGENERIC; } - if (gnutls_SessionPrioritize (VLC_OBJECT (crd), sys->session)) + if (gnutls_SessionPrioritize (VLC_OBJECT (tls), sys->session)) goto error; - val = gnutls_credentials_set (sys->session, GNUTLS_CRD_CERTIFICATE, - crd->sys->x509_cred); + val = gnutls_credentials_set (sys->session, GNUTLS_CRD_CERTIFICATE, x509); if (val < 0) { - msg_Err (session, "cannot set TLS session credentials: %s", + msg_Err (tls, "cannot set TLS session credentials: %s", gnutls_strerror (val)); goto error; } gnutls_transport_set_ptr (sys->session, (gnutls_transport_ptr_t)(intptr_t)fd); + + tls->sys = sys; + tls->sock.p_sys = tls; + tls->sock.pf_send = gnutls_Send; + tls->sock.pf_recv = gnutls_Recv; return VLC_SUCCESS; error: - gnutls_SessionClose (session); + gnutls_SessionClose (tls); return VLC_EGENERIC; } /** + * Server-side TLS credentials private data + */ +typedef struct vlc_tls_creds_sys +{ + gnutls_certificate_credentials_t x509_cred; + gnutls_dh_params_t dh_params; +} vlc_tls_creds_sys_t; + +/** * Initializes a server-side TLS session. */ -static int gnutls_ServerSessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *session, +static int gnutls_ServerSessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *tls, int fd, const char *hostname) { + vlc_tls_creds_sys_t *sys = crd->sys; + assert (hostname == NULL); - return gnutls_SessionOpen (crd, session, GNUTLS_SERVER, fd); + return gnutls_SessionOpen (tls, GNUTLS_SERVER, sys->x509_cred, fd); } -static int gnutls_ClientSessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *session, +static int gnutls_ClientSessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *tls, int fd, const char *hostname) { - int val = gnutls_SessionOpen (crd, session, GNUTLS_CLIENT, fd); + int val = gnutls_SessionOpen (tls, GNUTLS_CLIENT, crd->sys, fd); if (val != VLC_SUCCESS) return val; - vlc_tls_sys_t *sys = session->sys; + vlc_tls_sys_t *sys = tls->sys; /* minimum DH prime bits */ gnutls_dh_set_prime_bits (sys->session, 1024); @@ -624,49 +625,43 @@ static void CloseServer (vlc_tls_creds_t *crd) */ static int OpenClient (vlc_tls_creds_t *crd) { + gnutls_certificate_credentials_t x509; + if (gnutls_Init (VLC_OBJECT(crd))) return VLC_EGENERIC; - vlc_tls_creds_sys_t *sys = malloc (sizeof (*sys)); - if (unlikely(sys == NULL)) - goto error; - - int val = gnutls_certificate_allocate_credentials (&sys->x509_cred); + int val = gnutls_certificate_allocate_credentials (&x509); if (val != 0) { msg_Err (crd, "cannot allocate credentials: %s", gnutls_strerror (val)); - goto error; + gnutls_Deinit (VLC_OBJECT(crd)); + return VLC_EGENERIC; } - val = gnutls_certificate_set_x509_system_trust (sys->x509_cred); + val = gnutls_certificate_set_x509_system_trust (x509); if (val < 0) msg_Err (crd, "cannot load trusted Certificate Authorities: %s", gnutls_strerror (val)); else msg_Dbg (crd, "loaded %d trusted CAs", val); - gnutls_certificate_set_verify_flags (sys->x509_cred, + gnutls_certificate_set_verify_flags (x509, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); - crd->sys = sys; + crd->sys = x509; crd->open = gnutls_ClientSessionOpen; crd->handshake = gnutls_HandshakeAndValidate; crd->close = gnutls_SessionClose; return VLC_SUCCESS; -error: - free (sys); - gnutls_Deinit (VLC_OBJECT(crd)); - return VLC_EGENERIC; } static void CloseClient (vlc_tls_creds_t *crd) { - vlc_tls_creds_sys_t *sys = crd->sys; + gnutls_certificate_credentials_t x509 = crd->sys; - gnutls_certificate_free_credentials (sys->x509_cred); - free (sys); + gnutls_certificate_free_credentials (x509); gnutls_Deinit (VLC_OBJECT(crd)); } _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
