vlc | branch: master | Rémi Denis-Courmont <[email protected]> | Sun Nov 18 14:35:41 2018 +0200| [c212795864783b81008292d7868058d12ccfd71d] | committer: Rémi Denis-Courmont
tls: separate client and server types They are manipulated differently. It makes sense to use the same types for session, but not so much for credentials. > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=c212795864783b81008292d7868058d12ccfd71d --- include/vlc_tls.h | 115 ++++++++++++++------- modules/access/ftp.c | 8 +- modules/access/http/connmgr.c | 6 +- modules/access/http/transport.h | 7 +- modules/access/http/tunnel.c | 2 +- modules/demux/adaptive/http/Transport.cpp | 4 +- modules/demux/adaptive/http/Transport.hpp | 2 +- modules/misc/gnutls.c | 12 +-- modules/misc/securetransport.c | 16 +-- modules/stream_out/chromecast/chromecast.h | 2 +- .../chromecast/chromecast_communication.cpp | 4 +- src/libvlccore.sym | 5 +- src/network/httpd.c | 14 +-- src/network/tls.c | 63 +++++------ test/modules/misc/tls.c | 14 +-- 15 files changed, 159 insertions(+), 115 deletions(-) diff --git a/include/vlc_tls.h b/include/vlc_tls.h index 66683cea35..258bc5674f 100644 --- a/include/vlc_tls.h +++ b/include/vlc_tls.h @@ -125,65 +125,46 @@ struct vlc_tls_operations /** * \defgroup tls Transport Layer Security * @{ + * \defgroup tls_client TLS client + * @{ */ /** - * TLS credentials + * TLS client-side credentials * - * This structure contains the credentials for establishing TLS sessions. - * This includes root Certificate Authorities (on client side), - * trust and cryptographic parameters, - * public certificates and private keys. + * This structure contains the credentials for establishing TLS sessions + * on client side, essentially the set of trusted root Certificate Authorities + * with which to validate certificate chains presented by servers. */ -typedef struct vlc_tls_creds +typedef struct vlc_tls_client { struct vlc_common_members obj; void *sys; - vlc_tls_t *(*open)(struct vlc_tls_creds *, vlc_tls_t *sock, + vlc_tls_t *(*open)(struct vlc_tls_client *, vlc_tls_t *sock, const char *host, const char *const *alpn); int (*handshake)(vlc_tls_t *session, const char *hostname, const char *service, char ** /*restrict*/ alp); - void (*destroy)(struct vlc_tls_creds *); -} vlc_tls_creds_t; + void (*destroy)(struct vlc_tls_client *); +} vlc_tls_client_t; /** - * Allocates TLS credentials for a client. + * Allocates TLS client-side credentials. + * * Credentials can be cached and reused across multiple TLS sessions. * * @return TLS credentials object, or NULL on error. **/ -VLC_API vlc_tls_creds_t *vlc_tls_ClientCreate(vlc_object_t *); - -/** - * Allocates server TLS credentials. - * - * @param cert path to an x509 certificate (required) - * @param key path to the PKCS private key for the certificate, - * or NULL to use cert path - * - * @return TLS credentials object, or NULL on error. - */ -VLC_API vlc_tls_creds_t *vlc_tls_ServerCreate(vlc_object_t *, const char *cert, - const char *key); - -static inline int vlc_tls_SessionHandshake (vlc_tls_creds_t *crd, - vlc_tls_t *tls) -{ - return crd->handshake(tls, NULL, NULL, NULL); -} +VLC_API vlc_tls_client_t *vlc_tls_ClientCreate(vlc_object_t *); /** - * Releases TLS credentials. + * Releases TLS client-side credentials. * - * Releases data allocated with vlc_tls_ClientCreate() or - * vlc_tls_ServerCreate(). - * - * @param srv object to be destroyed (or NULL) + * Releases data allocated with vlc_tls_ClientCreate(). */ -VLC_API void vlc_tls_Delete(vlc_tls_creds_t *); +VLC_API void vlc_tls_ClientDelete(vlc_tls_client_t *); /** * Initiates a client TLS session. @@ -209,7 +190,7 @@ VLC_API void vlc_tls_Delete(vlc_tls_creds_t *); * * @return TLS session, or NULL on error. **/ -VLC_API vlc_tls_t *vlc_tls_ClientSessionCreate(vlc_tls_creds_t *creds, +VLC_API vlc_tls_t *vlc_tls_ClientSessionCreate(vlc_tls_client_t *creds, vlc_tls_t *sock, const char *host, const char *service, @@ -217,6 +198,53 @@ VLC_API vlc_tls_t *vlc_tls_ClientSessionCreate(vlc_tls_creds_t *creds, char **alp); /** + * @} + * \defgroup tls_server TLS server + * @{ + */ + +/** + * TLS server-side credentials + * + * This structure contains the credentials for establishing TLS sessions. + * This includes root Certificate Authorities (on client side), + * trust and cryptographic parameters, + * public certificates and private keys. + */ +typedef struct vlc_tls_server +{ + struct vlc_common_members obj; + + void *sys; + + vlc_tls_t *(*open)(struct vlc_tls_server *, vlc_tls_t *sock, + const char *host, const char *const *alpn); + int (*handshake)(vlc_tls_t *session, + const char *hostname, const char *service, + char ** /*restrict*/ alp); + void (*destroy)(struct vlc_tls_server *); +} vlc_tls_server_t; + +/** + * Allocates server TLS credentials. + * + * @param cert path to an x509 certificate (required) + * @param key path to the PKCS private key for the certificate, + * or NULL to use cert path + * + * @return TLS credentials object, or NULL on error. + */ +VLC_API vlc_tls_server_t *vlc_tls_ServerCreate(vlc_object_t *, + const char *cert, + const char *key); + +static inline int vlc_tls_SessionHandshake(vlc_tls_server_t *crd, + vlc_tls_t *tls) +{ + return crd->handshake(tls, NULL, NULL, NULL); +} + +/** * Creates a TLS server session. * * Allocates a Transport Layer Security (TLS) session as the server side, using @@ -235,10 +263,19 @@ VLC_API vlc_tls_t *vlc_tls_ClientSessionCreate(vlc_tls_creds_t *creds, * * @return TLS session, or NULL on error. */ -VLC_API vlc_tls_t *vlc_tls_ServerSessionCreate(vlc_tls_creds_t *creds, +VLC_API vlc_tls_t *vlc_tls_ServerSessionCreate(vlc_tls_server_t *creds, vlc_tls_t *sock, const char *const *alpn); +/** + * Releases server-side TLS credentials. + * + * Releases data allocated with vlc_tls_ServerCreate(). + */ +VLC_API void vlc_tls_ServerDelete(vlc_tls_server_t *); + +/** @} */ + /** @} */ /** @@ -430,9 +467,9 @@ VLC_API vlc_tls_t *vlc_tls_SocketOpenTCP(vlc_object_t *obj, * connection to the specified host and port number, and finally attempts to * establish a TLS session over the TCP/IP stream. * - * See also vlc_tls_SocketOpenTCP() and vlc_tls_SessionCreate(). + * See also vlc_tls_SocketOpenTCP() and vlc_tls_ClientSessionCreate(). */ -VLC_API vlc_tls_t *vlc_tls_SocketOpenTLS(vlc_tls_creds_t *crd, +VLC_API vlc_tls_t *vlc_tls_SocketOpenTLS(vlc_tls_client_t *crd, const char *hostname, unsigned port, const char *service, const char *const *alpn, char **alp); diff --git a/modules/access/ftp.c b/modules/access/ftp.c index d6a5404367..6a7ba56595 100644 --- a/modules/access/ftp.c +++ b/modules/access/ftp.c @@ -142,7 +142,7 @@ struct access_sys_t vlc_url_t url; ftp_features_t features; - vlc_tls_creds_t *p_creds; + vlc_tls_client_t *p_creds; enum tls_mode_e tlsmode; vlc_tls_t *cmd; vlc_tls_t *data; @@ -763,7 +763,7 @@ error: exit_error: vlc_UrlClean( &p_sys->url ); - vlc_tls_Delete( p_sys->p_creds ); + vlc_tls_ClientDelete( p_sys->p_creds ); return VLC_EGENERIC; } @@ -811,7 +811,7 @@ static int OutOpen( vlc_object_t *p_this ) exit_error: vlc_UrlClean( &p_sys->url ); - vlc_tls_Delete( p_sys->p_creds ); + vlc_tls_ClientDelete( p_sys->p_creds ); return VLC_EGENERIC; } #endif @@ -837,7 +837,7 @@ static void Close( vlc_object_t *p_access, access_sys_t *p_sys ) /* free memory */ vlc_UrlClean( &p_sys->url ); - vlc_tls_Delete( p_sys->p_creds ); + vlc_tls_ClientDelete( p_sys->p_creds ); } static void InClose( vlc_object_t *p_this ) diff --git a/modules/access/http/connmgr.c b/modules/access/http/connmgr.c index 11229f8d36..5f527106a7 100644 --- a/modules/access/http/connmgr.c +++ b/modules/access/http/connmgr.c @@ -52,7 +52,7 @@ void vlc_http_dbg(void *ctx, const char *fmt, ...) va_end(ap); } -vlc_tls_t *vlc_https_connect(vlc_tls_creds_t *creds, const char *name, +vlc_tls_t *vlc_https_connect(vlc_tls_client_t *creds, const char *name, unsigned port, bool *restrict two) { if (port == 0) @@ -95,7 +95,7 @@ static char *vlc_http_proxy_find(const char *hostname, unsigned port, struct vlc_http_mgr { vlc_object_t *obj; - vlc_tls_creds_t *creds; + vlc_tls_client_t *creds; struct vlc_http_cookie_jar_t *jar; struct vlc_http_conn *conn; }; @@ -282,6 +282,6 @@ void vlc_http_mgr_destroy(struct vlc_http_mgr *mgr) if (mgr->conn != NULL) vlc_http_mgr_release(mgr, mgr->conn); if (mgr->creds != NULL) - vlc_tls_Delete(mgr->creds); + vlc_tls_ClientDelete(mgr->creds); free(mgr); } diff --git a/modules/access/http/transport.h b/modules/access/http/transport.h index 2bfe1a3102..455f424931 100644 --- a/modules/access/http/transport.h +++ b/modules/access/http/transport.h @@ -25,12 +25,13 @@ #include <stdbool.h> struct vlc_tls; -struct vlc_tls_creds; +struct vlc_tls_client; -struct vlc_tls *vlc_https_connect(struct vlc_tls_creds *creds, +struct vlc_tls *vlc_https_connect(struct vlc_tls_client *creds, const char *name, unsigned port, bool *restrict two); -struct vlc_tls *vlc_https_connect_proxy(void *ctx, struct vlc_tls_creds *creds, +struct vlc_tls *vlc_https_connect_proxy(void *ctx, + struct vlc_tls_client *creds, const char *name, unsigned port, bool *restrict two, const char *proxy); #endif diff --git a/modules/access/http/tunnel.c b/modules/access/http/tunnel.c index 570b6a9dca..60c724a3c0 100644 --- a/modules/access/http/tunnel.c +++ b/modules/access/http/tunnel.c @@ -142,7 +142,7 @@ static const struct vlc_tls_operations vlc_tls_proxy_ops = vlc_tls_ProxyClose, }; -vlc_tls_t *vlc_https_connect_proxy(void *ctx, vlc_tls_creds_t *creds, +vlc_tls_t *vlc_https_connect_proxy(void *ctx, vlc_tls_client_t *creds, const char *hostname, unsigned port, bool *restrict two, const char *proxy) { diff --git a/modules/demux/adaptive/http/Transport.cpp b/modules/demux/adaptive/http/Transport.cpp index b827a69a31..bcb65a93d9 100644 --- a/modules/demux/adaptive/http/Transport.cpp +++ b/modules/demux/adaptive/http/Transport.cpp @@ -52,7 +52,7 @@ bool Transport::connect(vlc_object_t *p_object, const std::string &hostname, int NULL, NULL ); if(!tls) { - vlc_tls_Delete(creds); + vlc_tls_ClientDelete(creds); creds = NULL; } } @@ -79,7 +79,7 @@ void Transport::disconnect() if(creds) { - vlc_tls_Delete(creds); + vlc_tls_ClientDelete(creds); creds = NULL; } } diff --git a/modules/demux/adaptive/http/Transport.hpp b/modules/demux/adaptive/http/Transport.hpp index c06db0e23f..eb5149a2b9 100644 --- a/modules/demux/adaptive/http/Transport.hpp +++ b/modules/demux/adaptive/http/Transport.hpp @@ -41,7 +41,7 @@ namespace adaptive void disconnect (); protected: - vlc_tls_creds_t *creds; + vlc_tls_client_t *creds; vlc_tls_t *tls; bool b_secure; }; diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c index 99eebcf686..4d47951337 100644 --- a/modules/misc/gnutls.c +++ b/modules/misc/gnutls.c @@ -386,7 +386,7 @@ done: return 0; } -static vlc_tls_t *gnutls_ClientSessionOpen(vlc_tls_creds_t *crd, +static vlc_tls_t *gnutls_ClientSessionOpen(vlc_tls_client_t *crd, vlc_tls_t *sk, const char *hostname, const char *const *alpn) { @@ -542,7 +542,7 @@ error: return -1; } -static void gnutls_ClientDestroy(vlc_tls_creds_t *crd) +static void gnutls_ClientDestroy(vlc_tls_client_t *crd) { gnutls_certificate_credentials_t x509 = crd->sys; @@ -552,7 +552,7 @@ static void gnutls_ClientDestroy(vlc_tls_creds_t *crd) /** * Initializes a client-side TLS credentials. */ -static int OpenClient (vlc_tls_creds_t *crd) +static int OpenClient(vlc_tls_client_t *crd) { gnutls_certificate_credentials_t x509; @@ -613,7 +613,7 @@ typedef struct vlc_tls_creds_sys /** * Initializes a server-side TLS session. */ -static vlc_tls_t *gnutls_ServerSessionOpen(vlc_tls_creds_t *crd, +static vlc_tls_t *gnutls_ServerSessionOpen(vlc_tls_server_t *crd, vlc_tls_t *sk, const char *hostname, const char *const *alpn) { @@ -635,7 +635,7 @@ static int gnutls_ServerHandshake(vlc_tls_t *tls, return gnutls_ContinueHandshake(priv, alp); } -static void gnutls_ServerDestroy(vlc_tls_creds_t *crd) +static void gnutls_ServerDestroy(vlc_tls_server_t *crd) { vlc_tls_creds_sys_t *sys = crd->sys; @@ -648,7 +648,7 @@ static void gnutls_ServerDestroy(vlc_tls_creds_t *crd) /** * Allocates a whole server's TLS credentials. */ -static int OpenServer (vlc_tls_creds_t *crd, const char *cert, const char *key) +static int OpenServer(vlc_tls_server_t *crd, const char *cert, const char *key) { gnutls_Banner(VLC_OBJECT(crd)); diff --git a/modules/misc/securetransport.c b/modules/misc/securetransport.c index 0f02460b0f..acc2b44e98 100644 --- a/modules/misc/securetransport.c +++ b/modules/misc/securetransport.c @@ -86,10 +86,10 @@ static char* CFArrayALPNCopyFirst(CFArrayRef alpnArray) /***************************************************************************** * Module descriptor *****************************************************************************/ -static int OpenClient (vlc_tls_creds_t *); +static int OpenClient (vlc_tls_client_t *); #if !TARGET_OS_IPHONE - static int OpenServer (vlc_tls_creds_t *crd, const char *cert, const char *key); + static int OpenServer (vlc_tls_server_t *crd, const char *cert, const char *key); #endif vlc_module_begin () @@ -722,7 +722,7 @@ error: return NULL; } -static vlc_tls_t *st_ClientSessionOpen(vlc_tls_creds_t *crd, vlc_tls_t *sock, +static vlc_tls_t *st_ClientSessionOpen(vlc_tls_client_t *crd, vlc_tls_t *sock, const char *hostname, const char *const *alpn) { msg_Dbg(crd, "open TLS session for %s", hostname); @@ -807,7 +807,7 @@ error: return NULL; } -static void st_ClientDestroy (vlc_tls_creds_t *crd) { +static void st_ClientDestroy (vlc_tls_client_t *crd) { msg_Dbg(crd, "close secure transport client"); vlc_tls_creds_sys_t *sys = crd->sys; @@ -821,7 +821,7 @@ static void st_ClientDestroy (vlc_tls_creds_t *crd) { /** * Initializes a client-side TLS credentials. */ -static int OpenClient (vlc_tls_creds_t *crd) { +static int OpenClient (vlc_tls_client_t *crd) { msg_Dbg(crd, "open st client"); @@ -846,7 +846,7 @@ static int OpenClient (vlc_tls_creds_t *crd) { /** * Initializes a server-side TLS session. */ -static vlc_tls_t *st_ServerSessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *sock, +static vlc_tls_t *st_ServerSessionOpen (vlc_tls_server_t *crd, vlc_tls_t *sock, const char *hostname, const char *const *alpn) { VLC_UNUSED(hostname); @@ -875,7 +875,7 @@ error: return NULL; } -static void st_ServerDestroy (vlc_tls_creds_t *crd) { +static void st_ServerDestroy (vlc_tls_server_t *crd) { msg_Dbg(crd, "close secure transport server"); vlc_tls_creds_sys_t *sys = crd->sys; @@ -889,7 +889,7 @@ static void st_ServerDestroy (vlc_tls_creds_t *crd) { /** * Initializes server-side TLS credentials. */ -static int OpenServer (vlc_tls_creds_t *crd, const char *cert, const char *key) { +static int OpenServer (vlc_tls_server_t *crd, const char *cert, const char *key) { /* * This function expects the label of the certificate in "cert", stored diff --git a/modules/stream_out/chromecast/chromecast.h b/modules/stream_out/chromecast/chromecast.h index 502ce3ceb0..4e6fb2ebb2 100644 --- a/modules/stream_out/chromecast/chromecast.h +++ b/modules/stream_out/chromecast/chromecast.h @@ -151,7 +151,7 @@ private: private: vlc_object_t* m_module; - vlc_tls_creds_t *m_creds; + vlc_tls_client_t *m_creds; vlc_tls_t *m_tls; unsigned m_receiver_requestId; unsigned m_requestId; diff --git a/modules/stream_out/chromecast/chromecast_communication.cpp b/modules/stream_out/chromecast/chromecast_communication.cpp index 263cfc5af6..952e4691ea 100644 --- a/modules/stream_out/chromecast/chromecast_communication.cpp +++ b/modules/stream_out/chromecast/chromecast_communication.cpp @@ -55,7 +55,7 @@ ChromecastCommunication::ChromecastCommunication( vlc_object_t* p_module, NULL, NULL ); if (m_tls == NULL) { - vlc_tls_Delete(m_creds); + vlc_tls_ClientDelete(m_creds); throw std::runtime_error( "Failed to create client session" ); } @@ -76,7 +76,7 @@ void ChromecastCommunication::disconnect() if ( m_tls != NULL ) { vlc_tls_Close(m_tls); - vlc_tls_Delete(m_creds); + vlc_tls_ClientDelete(m_creds); m_tls = NULL; } } diff --git a/src/libvlccore.sym b/src/libvlccore.sym index a8f71c2a13..c72ce7208d 100644 --- a/src/libvlccore.sym +++ b/src/libvlccore.sym @@ -435,9 +435,10 @@ text_segment_FromRuby text_segment_ruby_New text_segment_ruby_ChainDelete vlc_tls_ClientCreate -vlc_tls_ServerCreate -vlc_tls_Delete +vlc_tls_ClientDelete vlc_tls_ClientSessionCreate +vlc_tls_ServerCreate +vlc_tls_ServerDelete vlc_tls_ServerSessionCreate vlc_tls_SessionDelete vlc_tls_Read diff --git a/src/network/httpd.c b/src/network/httpd.c index e0f24d7db6..fbab3980bc 100644 --- a/src/network/httpd.c +++ b/src/network/httpd.c @@ -100,7 +100,7 @@ struct httpd_host_t struct vlc_list clients; /* TLS data */ - vlc_tls_creds_t *p_tls; + vlc_tls_server_t *p_tls; }; @@ -861,7 +861,7 @@ void httpd_StreamDelete(httpd_stream_t *stream) *****************************************************************************/ static void* httpd_HostThread(void *); static httpd_host_t *httpd_HostCreate(vlc_object_t *, const char *, - const char *, vlc_tls_creds_t *); + const char *, vlc_tls_server_t *); /* create a new host */ httpd_host_t *vlc_http_HostNew(vlc_object_t *p_this) @@ -878,7 +878,7 @@ httpd_host_t *vlc_https_HostNew(vlc_object_t *obj) } char *key = var_InheritString(obj, "http-key"); - vlc_tls_creds_t *tls = vlc_tls_ServerCreate(obj, cert, key); + vlc_tls_server_t *tls = vlc_tls_ServerCreate(obj, cert, key); if (!tls) { msg_Err(obj, "HTTP/TLS certificate error (%s and %s)", @@ -907,7 +907,7 @@ static struct httpd static httpd_host_t *httpd_HostCreate(vlc_object_t *p_this, const char *hostvar, const char *portvar, - vlc_tls_creds_t *p_tls) + vlc_tls_server_t *p_tls) { httpd_host_t *host; unsigned port = var_InheritInteger(p_this, portvar); @@ -926,7 +926,7 @@ static httpd_host_t *httpd_HostCreate(vlc_object_t *p_this, atomic_fetch_add_explicit(&host->ref, 1, memory_order_relaxed); vlc_mutex_unlock(&httpd.mutex); - vlc_tls_Delete(p_tls); + vlc_tls_ServerDelete(p_tls); return host; } @@ -980,7 +980,7 @@ error: vlc_object_release(host); } - vlc_tls_Delete(p_tls); + vlc_tls_ServerDelete(p_tls); return NULL; } @@ -1010,7 +1010,7 @@ void httpd_HostDelete(httpd_host_t *host) } assert(vlc_list_is_empty(&host->urls)); - vlc_tls_Delete(host->p_tls); + vlc_tls_ServerDelete(host->p_tls); net_ListenClose(host->fds); vlc_cond_destroy(&host->wait); vlc_mutex_destroy(&host->lock); diff --git a/src/network/tls.c b/src/network/tls.c index 5b86f00718..1fabdd3b42 100644 --- a/src/network/tls.c +++ b/src/network/tls.c @@ -49,8 +49,8 @@ static int tls_server_load(void *func, va_list ap) { - int (*activate) (vlc_tls_creds_t *, const char *, const char *) = func; - vlc_tls_creds_t *crd = va_arg (ap, vlc_tls_creds_t *); + int (*activate)(vlc_tls_server_t *, const char *, const char *) = func; + vlc_tls_server_t *crd = va_arg(ap, vlc_tls_server_t *); const char *cert = va_arg (ap, const char *); const char *key = va_arg (ap, const char *); @@ -59,17 +59,17 @@ static int tls_server_load(void *func, va_list ap) static int tls_client_load(void *func, va_list ap) { - int (*activate) (vlc_tls_creds_t *) = func; - vlc_tls_creds_t *crd = va_arg (ap, vlc_tls_creds_t *); + int (*activate)(vlc_tls_client_t *) = func; + vlc_tls_client_t *crd = va_arg(ap, vlc_tls_client_t *); return activate (crd); } -vlc_tls_creds_t * +vlc_tls_server_t * vlc_tls_ServerCreate (vlc_object_t *obj, const char *cert_path, const char *key_path) { - vlc_tls_creds_t *srv = vlc_custom_create (obj, sizeof (*srv), + vlc_tls_server_t *srv = vlc_custom_create(obj, sizeof (*srv), "tls server"); if (unlikely(srv == NULL)) return NULL; @@ -88,9 +88,19 @@ vlc_tls_ServerCreate (vlc_object_t *obj, const char *cert_path, return srv; } -vlc_tls_creds_t *vlc_tls_ClientCreate (vlc_object_t *obj) +void vlc_tls_ServerDelete(vlc_tls_server_t *crd) { - vlc_tls_creds_t *crd = vlc_custom_create (obj, sizeof (*crd), + if (crd == NULL) + return; + + crd->destroy(crd); + vlc_objres_clear(VLC_OBJECT(crd)); + vlc_object_release(crd); +} + +vlc_tls_client_t *vlc_tls_ClientCreate(vlc_object_t *obj) +{ + vlc_tls_client_t *crd = vlc_custom_create(obj, sizeof (*crd), "tls client"); if (unlikely(crd == NULL)) return NULL; @@ -106,7 +116,7 @@ vlc_tls_creds_t *vlc_tls_ClientCreate (vlc_object_t *obj) return crd; } -void vlc_tls_Delete (vlc_tls_creds_t *crd) +void vlc_tls_ClientDelete(vlc_tls_client_t *crd) { if (crd == NULL) return; @@ -119,20 +129,6 @@ void vlc_tls_Delete (vlc_tls_creds_t *crd) /*** TLS session ***/ -static vlc_tls_t *vlc_tls_SessionCreate(vlc_tls_creds_t *crd, - vlc_tls_t *sock, - const char *host, - const char *const *alpn) -{ - vlc_tls_t *session; - int canc = vlc_savecancel(); - session = crd->open(crd, sock, host, alpn); - vlc_restorecancel(canc); - if (session != NULL) - session->p = sock; - return session; -} - void vlc_tls_SessionDelete (vlc_tls_t *session) { int canc = vlc_savecancel(); @@ -147,17 +143,21 @@ static void cleanup_tls(void *data) vlc_tls_SessionDelete (session); } -vlc_tls_t *vlc_tls_ClientSessionCreate(vlc_tls_creds_t *crd, vlc_tls_t *sock, +vlc_tls_t *vlc_tls_ClientSessionCreate(vlc_tls_client_t *crd, vlc_tls_t *sock, const char *host, const char *service, const char *const *alpn, char **alp) { int val; + int canc = vlc_savecancel(); + vlc_tls_t *session = crd->open(crd, sock, host, alpn); + vlc_restorecancel(canc); - vlc_tls_t *session = vlc_tls_SessionCreate(crd, sock, host, alpn); if (session == NULL) return NULL; - int canc = vlc_savecancel(); + session->p = sock; + + canc = vlc_savecancel(); vlc_tick_t deadline = vlc_tick_now (); deadline += VLC_TICK_FROM_MS( var_InheritInteger (crd, "ipv4-timeout") ); @@ -199,14 +199,19 @@ error: return session; } -vlc_tls_t *vlc_tls_ServerSessionCreate(vlc_tls_creds_t *crd, +vlc_tls_t *vlc_tls_ServerSessionCreate(vlc_tls_server_t *crd, vlc_tls_t *sock, const char *const *alpn) { - return vlc_tls_SessionCreate(crd, sock, NULL, alpn); + int canc = vlc_savecancel(); + vlc_tls_t *session = crd->open(crd, sock, NULL, alpn); + vlc_restorecancel(canc); + if (session != NULL) + session->p = sock; + return session; } -vlc_tls_t *vlc_tls_SocketOpenTLS(vlc_tls_creds_t *creds, const char *name, +vlc_tls_t *vlc_tls_SocketOpenTLS(vlc_tls_client_t *creds, const char *name, unsigned port, const char *service, const char *const *alpn, char **alp) { diff --git a/test/modules/misc/tls.c b/test/modules/misc/tls.c index 9ade43560b..8005c5dc86 100644 --- a/test/modules/misc/tls.c +++ b/test/modules/misc/tls.c @@ -41,8 +41,8 @@ #include <vlc/vlc.h> -static vlc_tls_creds_t *server_creds; -static vlc_tls_creds_t *client_creds; +static vlc_tls_server_t *server_creds; +static vlc_tls_client_t *client_creds; static void *tls_echo(void *data) { @@ -149,7 +149,7 @@ int main(void) libvlc_release(vlc); return 77; } - vlc_tls_Delete(server_creds); + vlc_tls_ServerDelete(server_creds); server_creds = vlc_tls_ServerCreate(obj, CERTFILE, CERTFILE); assert(server_creds != NULL); @@ -162,8 +162,8 @@ int main(void) tls = securepair(&th, alpn, alpn, NULL); assert(tls == NULL); - vlc_tls_Delete(client_creds); - vlc_tls_Delete(server_creds); + vlc_tls_ClientDelete(client_creds); + vlc_tls_ServerDelete(server_creds); libvlc_release(vlc); /*** Tests with test certs database - server cert accepted. ***/ @@ -290,8 +290,8 @@ int main(void) vlc_tls_Close(tls); vlc_join(th, NULL); - vlc_tls_Delete(client_creds); - vlc_tls_Delete(server_creds); + vlc_tls_ClientDelete(client_creds); + vlc_tls_ServerDelete(server_creds); libvlc_release(vlc); return 0; _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
