Commit 05fe8005 authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont
Browse files

gnutls: add an option to disable system trust

parent d12e3442
...@@ -556,12 +556,15 @@ static int OpenClient (vlc_tls_creds_t *crd) ...@@ -556,12 +556,15 @@ static int OpenClient (vlc_tls_creds_t *crd)
return VLC_EGENERIC; return VLC_EGENERIC;
} }
val = gnutls_certificate_set_x509_system_trust (x509); if (var_InheritBool(crd, "gnutls-system-trust"))
if (val < 0) {
msg_Err (crd, "cannot load trusted Certificate Authorities: %s", val = gnutls_certificate_set_x509_system_trust(x509);
gnutls_strerror (val)); if (val < 0)
else msg_Err(crd, "cannot load trusted Certificate Authorities "
msg_Dbg (crd, "loaded %d trusted CAs", val); "from %s: %s", "system", gnutls_strerror(val));
else
msg_Dbg(crd, "loaded %d trusted CAs from %s", val, "system");
}
gnutls_certificate_set_verify_flags (x509, gnutls_certificate_set_verify_flags (x509,
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
...@@ -724,6 +727,11 @@ static void CloseServer (vlc_tls_creds_t *crd) ...@@ -724,6 +727,11 @@ static void CloseServer (vlc_tls_creds_t *crd)
} }
#endif #endif
#define SYSTEM_TRUST_TEXT N_("Use system trust database")
#define SYSTEM_TRUST_LONGTEXT N_( \
"Trust the root certificates of Certificate Authorities stored in " \
"the operating system trust database to authenticate TLS sessions.")
#define PRIORITIES_TEXT N_("TLS cipher priorities") #define PRIORITIES_TEXT N_("TLS cipher priorities")
#define PRIORITIES_LONGTEXT N_("Ciphers, key exchange methods, " \ #define PRIORITIES_LONGTEXT N_("Ciphers, key exchange methods, " \
"hash functions and compression methods can be selected. " \ "hash functions and compression methods can be selected. " \
...@@ -750,6 +758,8 @@ vlc_module_begin () ...@@ -750,6 +758,8 @@ vlc_module_begin ()
set_callbacks( OpenClient, CloseClient ) set_callbacks( OpenClient, CloseClient )
set_category( CAT_ADVANCED ) set_category( CAT_ADVANCED )
set_subcategory( SUBCAT_ADVANCED_NETWORK ) set_subcategory( SUBCAT_ADVANCED_NETWORK )
add_bool("gnutls-system-trust", true, SYSTEM_TRUST_TEXT,
SYSTEM_TRUST_LONGTEXT, true)
add_string ("gnutls-priorities", "NORMAL", PRIORITIES_TEXT, add_string ("gnutls-priorities", "NORMAL", PRIORITIES_TEXT,
PRIORITIES_LONGTEXT, false) PRIORITIES_LONGTEXT, false)
change_string_list (priorities_values, priorities_text) change_string_list (priorities_values, priorities_text)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment