[vlc-commits] securetransport: Add mode to ignore untrusted certificates

Tue, 06 Feb 2018 01:59:40 -0800 

vlc/vlc-3.0 | branch: master | David Fuhrmann <[email protected]> | Sun 
Feb  4 16:13:50 2018 +0100| [640a0f99be6b83758fb4dd87ed8734cb6297675d] | 
committer: Thomas Guillem

securetransport: Add mode to ignore untrusted certificates

This is a workaround only for chromecast and only for the 3.0
branch.

Signed-off-by: Thomas Guillem <[email protected]>

> http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=640a0f99be6b83758fb4dd87ed8734cb6297675d
---

 modules/misc/securetransport.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/modules/misc/securetransport.c b/modules/misc/securetransport.c
index 74d4b9cdc7..3a6acba65f 100644
--- a/modules/misc/securetransport.c
+++ b/modules/misc/securetransport.c
@@ -221,7 +221,7 @@ static OSStatus st_SocketWriteFunc (SSLConnectionRef 
connection,
     return retValue;
 }
 
-static int st_validateServerCertificate (vlc_tls_t *session, const char 
*hostname) {
+static int st_validateServerCertificate (vlc_tls_t *session, vlc_tls_creds_t 
*cred, const char *hostname) {
 
     vlc_tls_st_t *sys = (vlc_tls_st_t *)session;
     int result = -1;
@@ -269,6 +269,12 @@ static int st_validateServerCertificate (vlc_tls_t 
*session, const char *hostnam
             msg_Warn(sys->obj, "cerfificate verification failed, result is 
%d", trust_eval_result);
     }
 
+    if (cred->obj.flags & OBJECT_FLAGS_INSECURE) {
+        msg_Warn(sys->obj, "Accepting untrusted certificate, this is very 
insecure!");
+        result = 0;
+        goto out;
+    }
+
     /* get leaf certificate */
     /* SSLCopyPeerCertificates is only available on OSX 10.5 or later */
 #if !TARGET_OS_IPHONE
@@ -402,7 +408,7 @@ static int st_Handshake (vlc_tls_creds_t *crd, vlc_tls_t 
*session,
 
     switch (retValue) {
         case noErr:
-            if (sys->b_server_mode == false && 
st_validateServerCertificate(session, host) != 0) {
+            if (sys->b_server_mode == false && 
st_validateServerCertificate(session, crd, host) != 0) {
                 return -1;
             }
             msg_Dbg(crd, "handshake completed successfully");

_______________________________________________
vlc-commits mailing list
[email protected]
https://mailman.videolan.org/listinfo/vlc-commits

Reply via email to