Commit 53ac919a authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont
Browse files

Require more recent GnuTLS and get rid of broken algos.

parent 8bf0d77a
...@@ -5071,7 +5071,7 @@ AC_ARG_ENABLE(gnutls, ...@@ -5071,7 +5071,7 @@ AC_ARG_ENABLE(gnutls,
[ --enable-gnutls gnutls TLS/SSL support (default enabled)]) [ --enable-gnutls gnutls TLS/SSL support (default enabled)])
AS_IF([test "${enable_gnutls}" != "no"], [ AS_IF([test "${enable_gnutls}" != "no"], [
PKG_CHECK_MODULES(GNUTLS, [gnutls >= 1.0.17], [have_gnutls="yes"], [have_gnutls="no"]) PKG_CHECK_MODULES(GNUTLS, [gnutls >= 1.2.9], [have_gnutls="yes"], [have_gnutls="no"])
AS_IF([test "${have_gnutls}" = "yes"], [ AS_IF([test "${have_gnutls}" = "yes"], [
VLC_ADD_PLUGINS([gnutls]) VLC_ADD_PLUGINS([gnutls])
...@@ -5079,7 +5079,7 @@ AS_IF([test "${enable_gnutls}" != "no"], [ ...@@ -5079,7 +5079,7 @@ AS_IF([test "${enable_gnutls}" != "no"], [
VLC_ADD_LDFLAGS([gnutls], [$GNUTLS_LIBS]) VLC_ADD_LDFLAGS([gnutls], [$GNUTLS_LIBS])
], [ ], [
AS_IF([test "${enable_gnutls}" = "yes"], [ AS_IF([test "${enable_gnutls}" = "yes"], [
AC_MSG_ERROR([gnutls not present or too old (version 1.0.17 required)]) AC_MSG_ERROR([gnutls not present or too old (version 1.2.9 required)])
]) ])
]) ])
]) ])
......
...@@ -330,15 +330,17 @@ gnutls_HandshakeAndValidate( tls_session_t *p_session ) ...@@ -330,15 +330,17 @@ gnutls_HandshakeAndValidate( tls_session_t *p_session )
if( status ) if( status )
{ {
msg_Warn( p_session, "TLS session: access denied" ); msg_Err( p_session, "TLS session: access denied" );
if( status & GNUTLS_CERT_INVALID ) if( status & GNUTLS_CERT_INVALID )
msg_Dbg( p_session, "certificate could not be verified" ); msg_Warn( p_session, "certificate could not be verified" );
if( status & GNUTLS_CERT_REVOKED ) if( status & GNUTLS_CERT_REVOKED )
msg_Dbg( p_session, "certificate was revoked" ); msg_Warn( p_session, "certificate was revoked" );
if( status & GNUTLS_CERT_SIGNER_NOT_FOUND ) if( status & GNUTLS_CERT_SIGNER_NOT_FOUND )
msg_Dbg( p_session, "certificate's signer was not found" ); msg_Warn( p_session, "certificate's signer was not found" );
if( status & GNUTLS_CERT_SIGNER_NOT_CA ) if( status & GNUTLS_CERT_SIGNER_NOT_CA )
msg_Dbg( p_session, "certificate's signer is not a CA" ); msg_Warn( p_session, "certificate's signer is not a CA" );
if( status & GNUTLS_CERT_INSECURE_ALGORITHM )
msg_Warn( p_session, "insecure certificate signature algorithm" );
p_session->pf_close( p_session ); p_session->pf_close( p_session );
return -1; return -1;
} }
...@@ -1152,11 +1154,8 @@ Open( vlc_object_t *p_this ) ...@@ -1152,11 +1154,8 @@ Open( vlc_object_t *p_this )
vlc_mutex_unlock( lock.p_address ); vlc_mutex_unlock( lock.p_address );
return VLC_EGENERIC; return VLC_EGENERIC;
} }
/*
* FIXME: in fact, we currently depends on 1.0.17, but it breaks on psz_version = gnutls_check_version( "1.2.9" );
* Debian which as a patched 1.0.16 (which we can use).
*/
psz_version = gnutls_check_version( "1.0.16" );
if( psz_version == NULL ) if( psz_version == NULL )
{ {
gnutls_global_deinit( ); gnutls_global_deinit( );
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment