Commit 754c3ef0 authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont

tls: vlc_tls_t needs not be a VLC object

parent f48b0f3f
......@@ -38,8 +38,7 @@ typedef struct vlc_tls_creds vlc_tls_creds_t;
/** TLS session */
struct vlc_tls
{
VLC_COMMON_MEMBERS
vlc_object_t *obj;
void *sys;
int fd;
......
......@@ -117,13 +117,13 @@ struct vlc_h1_conn
bool released;
};
#define CO(conn) ((vlc_object_t *)((conn)->tls))
#define CO(conn) ((conn)->tls->obj)
static void vlc_h1_conn_destroy(struct vlc_h1_conn *conn);
static void *vlc_h1_stream_fatal(struct vlc_h1_conn *conn)
{
msg_Dbg(conn->tls, "connection failed");
msg_Dbg(CO(conn), "connection failed");
vlc_https_disconnect(conn->tls);
conn->tls = NULL;
return NULL;
......
......@@ -28,6 +28,7 @@
#include <vlc_common.h>
#include <vlc_block.h>
#include <vlc_interrupt.h>
#include <vlc_tls.h>
#include "h2frame.h"
#include "h2output.h"
......@@ -35,7 +36,7 @@
#include "transport.h"
#include "message.h"
#define CO(c) ((vlc_object_t *)((c)->tls))
#define CO(c) ((c)->tls->obj)
#define SO(s) CO((s)->conn)
/** HTTP/2 connection */
......
......@@ -36,6 +36,7 @@
#include <vlc_common.h>
#include <vlc_block.h>
#include <vlc_tls.h>
#include "h2frame.h"
#include "h2conn.h"
#include "message.h"
......@@ -44,22 +45,24 @@
/* I/O callbacks */
static int internal_fd = -1;
static vlc_tls_t fake_tls;
ssize_t vlc_https_send(struct vlc_tls *tls, const void *buf, size_t len)
{
assert(tls == NULL);
assert(tls == &fake_tls);
(void) buf;
return len;
}
ssize_t vlc_https_recv(struct vlc_tls *tls, void *buf, size_t size)
{
assert(tls == NULL);
assert(tls == &fake_tls);
return read(internal_fd, buf, size);
}
void vlc_https_disconnect(struct vlc_tls *tls)
{
assert(tls == NULL);
assert(tls == &fake_tls);
if (close(internal_fd))
assert(!"close");
}
......@@ -87,7 +90,7 @@ static void conn_create(void)
external_fd = fds[0];
internal_fd = fds[1];
conn = vlc_h2_conn_create(NULL);
conn = vlc_h2_conn_create(&fake_tls);
assert(conn != NULL);
conn_send(vlc_h2_frame_settings());
}
......
......@@ -25,6 +25,7 @@
#include <assert.h>
#include <stdlib.h>
#include <vlc_common.h>
#include <vlc_tls.h>
#include "h2frame.h"
#include "h2output.h"
#include "transport.h"
......@@ -205,7 +206,7 @@ static void *vlc_h2_output_thread(void *data)
do
{
frame = vlc_h2_output_dequeue(out);
vlc_h2_frame_dump((vlc_object_t *)(out->tls), frame, "out");
vlc_h2_frame_dump(out->tls->obj, frame, "out");
}
while (vlc_h2_frame_send(out->tls, frame) == 0);
......
......@@ -29,6 +29,7 @@
#include <stdint.h>
#include <stdlib.h>
#include <vlc_common.h>
#include <vlc_tls.h>
#include "h2frame.h"
#include "h2output.h"
#include "transport.h"
......@@ -40,12 +41,14 @@ static bool send_failure = false;
static bool expect_hello = true;
static vlc_sem_t rx;
static vlc_tls_t fake_tls;
/* Callback for sent frames */
ssize_t vlc_https_send(struct vlc_tls *tls, const void *buf, size_t len)
{
const uint8_t *p = buf;
assert(tls == NULL);
assert(tls == &fake_tls);
if (expect_hello)
{
......@@ -99,19 +102,19 @@ int main(void)
struct vlc_h2_output *out;
/* Dummy */
out = vlc_h2_output_create(NULL, false);
out = vlc_h2_output_create(&fake_tls, false);
assert(out != NULL);
vlc_h2_output_destroy(out);
vlc_sem_init(&rx, 0);
out = vlc_h2_output_create(NULL, expect_hello = true);
out = vlc_h2_output_create(&fake_tls, expect_hello = true);
assert(out != NULL);
vlc_h2_output_destroy(out);
vlc_sem_destroy(&rx);
/* Success */
vlc_sem_init(&rx, 0);
out = vlc_h2_output_create(NULL, false);
out = vlc_h2_output_create(&fake_tls, false);
assert(out != NULL);
assert(vlc_h2_output_send_prio(out, NULL) == -1);
assert(vlc_h2_output_send_prio(out, frame(0)) == 0);
......@@ -136,7 +139,7 @@ int main(void)
vlc_sem_init(&rx, 0);
counter = 10;
out = vlc_h2_output_create(NULL, false);
out = vlc_h2_output_create(&fake_tls, false);
assert(out != NULL);
assert(vlc_h2_output_send(out, frame(10)) == 0);
......@@ -150,7 +153,7 @@ int main(void)
/* Failure during hello */
vlc_sem_init(&rx, 0);
counter = 0;
out = vlc_h2_output_create(NULL, expect_hello = true);
out = vlc_h2_output_create(&fake_tls, expect_hello = true);
assert(out != NULL);
vlc_sem_wait(&rx);
......
......@@ -98,7 +98,7 @@ static void gnutls_Deinit (void)
}
#endif
static int gnutls_Error (vlc_object_t *obj, int val)
static int gnutls_Error(vlc_tls_t *tls, int val)
{
switch (val)
{
......@@ -117,10 +117,10 @@ static int gnutls_Error (vlc_object_t *obj, int val)
break;
default:
msg_Err (obj, "%s", gnutls_strerror (val));
msg_Err(tls->obj, "%s", gnutls_strerror (val));
#ifndef NDEBUG
if (!gnutls_error_is_fatal (val))
msg_Err (obj, "Error above should be handled");
msg_Err(tls->obj, "Error above should be handled");
#endif
#ifdef _WIN32
WSASetLastError (WSAECONNRESET);
......@@ -129,7 +129,6 @@ static int gnutls_Error (vlc_object_t *obj, int val)
}
return -1;
}
#define gnutls_Error(o, val) gnutls_Error(VLC_OBJECT(o), val)
#ifdef IOV_MAX
static ssize_t vlc_gnutls_writev (gnutls_transport_ptr_t ptr,
......@@ -197,9 +196,9 @@ static void gnutls_Close (vlc_tls_t *tls)
gnutls_deinit (session);
}
static int gnutls_SessionOpen (vlc_tls_t *tls, int type,
gnutls_certificate_credentials_t x509, int fd,
const char *const *alpn)
static int gnutls_SessionOpen(vlc_tls_creds_t *creds, vlc_tls_t *tls, int type,
gnutls_certificate_credentials_t x509, int fd,
const char *const *alpn)
{
gnutls_session_t session;
const char *errp;
......@@ -208,19 +207,19 @@ static int gnutls_SessionOpen (vlc_tls_t *tls, int type,
val = gnutls_init (&session, type);
if (val != 0)
{
msg_Err (tls, "cannot initialize TLS session: %s",
gnutls_strerror (val));
msg_Err(creds, "cannot initialize TLS session: %s",
gnutls_strerror(val));
return VLC_EGENERIC;
}
char *priorities = var_InheritString (tls, "gnutls-priorities");
char *priorities = var_InheritString(creds, "gnutls-priorities");
if (unlikely(priorities == NULL))
goto error;
val = gnutls_priority_set_direct (session, priorities, &errp);
if (val < 0)
msg_Err (tls, "cannot set TLS priorities \"%s\": %s", errp,
gnutls_strerror (val));
msg_Err(creds, "cannot set TLS priorities \"%s\": %s", errp,
gnutls_strerror(val));
free (priorities);
if (val < 0)
goto error;
......@@ -228,8 +227,8 @@ static int gnutls_SessionOpen (vlc_tls_t *tls, int type,
val = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509);
if (val < 0)
{
msg_Err (tls, "cannot set TLS session credentials: %s",
gnutls_strerror (val));
msg_Err(creds, "cannot set TLS session credentials: %s",
gnutls_strerror(val));
goto error;
}
......@@ -280,7 +279,8 @@ error:
* 1 if more would-be blocking recv is needed,
* 2 if more would-be blocking send is required.
*/
static int gnutls_ContinueHandshake (vlc_tls_t *tls, char **restrict alp)
static int gnutls_ContinueHandshake(vlc_tls_creds_t *crd, vlc_tls_t *tls,
char **restrict alp)
{
gnutls_session_t session = tls->sys;
int val;
......@@ -291,7 +291,7 @@ static int gnutls_ContinueHandshake (vlc_tls_t *tls, char **restrict alp)
do
{
val = gnutls_handshake (session);
msg_Dbg (tls, "TLS handshake: %s", gnutls_strerror (val));
msg_Dbg(crd, "TLS handshake: %s", gnutls_strerror (val));
switch (val)
{
......@@ -306,9 +306,9 @@ static int gnutls_ContinueHandshake (vlc_tls_t *tls, char **restrict alp)
while (!gnutls_error_is_fatal (val));
#ifdef _WIN32
msg_Dbg (tls, "Winsock error %d", WSAGetLastError ());
msg_Dbg(crd, "Winsock error %d", WSAGetLastError ());
#endif
msg_Err (tls, "TLS handshake error: %s", gnutls_strerror (val));
msg_Err(crd, "TLS handshake error: %s", gnutls_strerror (val));
return -1;
done:
......@@ -336,7 +336,7 @@ static int gnutls_ClientSessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *tls,
int fd, const char *hostname,
const char *const *alpn)
{
int val = gnutls_SessionOpen (tls, GNUTLS_CLIENT, crd->sys, fd, alpn);
int val = gnutls_SessionOpen(crd, tls, GNUTLS_CLIENT, crd->sys, fd, alpn);
if (val != VLC_SUCCESS)
return val;
......@@ -357,7 +357,7 @@ static int gnutls_ClientHandshake(vlc_tls_creds_t *creds, vlc_tls_t *tls,
const char *host, const char *service,
char **restrict alp)
{
int val = gnutls_ContinueHandshake (tls, alp);
int val = gnutls_ContinueHandshake(creds, tls, alp);
if (val)
return val;
......@@ -368,8 +368,8 @@ static int gnutls_ClientHandshake(vlc_tls_creds_t *creds, vlc_tls_t *tls,
val = gnutls_certificate_verify_peers3 (session, host, &status);
if (val)
{
msg_Err (tls, "Certificate verification error: %s",
gnutls_strerror (val));
msg_Err(creds, "Certificate verification error: %s",
gnutls_strerror(val));
return -1;
}
......@@ -382,7 +382,7 @@ static int gnutls_ClientHandshake(vlc_tls_creds_t *creds, vlc_tls_t *tls,
if (gnutls_certificate_verification_status_print(status,
gnutls_certificate_type_get (session), &desc, 0) == 0)
{
msg_Err (tls, "Certificate verification failure: %s", desc.data);
msg_Err(creds, "Certificate verification failure: %s", desc.data);
gnutls_free (desc.data);
}
......@@ -400,44 +400,44 @@ static int gnutls_ClientHandshake(vlc_tls_creds_t *creds, vlc_tls_t *tls,
datum = gnutls_certificate_get_peers (session, &count);
if (datum == NULL || count == 0)
{
msg_Err (tls, "Peer certificate not available");
msg_Err(creds, "Peer certificate not available");
return -1;
}
msg_Dbg (tls, "%u certificate(s) in the list", count);
msg_Dbg(creds, "%u certificate(s) in the list", count);
val = gnutls_verify_stored_pubkey (NULL, NULL, host, service,
GNUTLS_CRT_X509, datum, 0);
const char *msg;
switch (val)
{
case 0:
msg_Dbg (tls, "certificate key match for %s", host);
msg_Dbg(creds, "certificate key match for %s", host);
return 0;
case GNUTLS_E_NO_CERTIFICATE_FOUND:
msg_Dbg (tls, "no known certificates for %s", host);
msg_Dbg(creds, "no known certificates for %s", host);
msg = N_("However the security certificate presented by the "
"server is unknown and could not be authenticated by any "
"trusted Certificate Authority.");
break;
case GNUTLS_E_CERTIFICATE_KEY_MISMATCH:
msg_Dbg (tls, "certificate keys mismatch for %s", host);
msg_Dbg(creds, "certificate keys mismatch for %s", host);
msg = N_("However the security certificate presented by the "
"server changed since the previous visit and was not "
"authenticated by any trusted Certificate Authority. ");
break;
default:
msg_Err (tls, "certificate key match error for %s: %s", host,
gnutls_strerror (val));
msg_Err(creds, "certificate key match error for %s: %s", host,
gnutls_strerror(val));
return -1;
}
if (dialog_Question (tls, _("Insecure site"),
if (dialog_Question(creds, _("Insecure site"),
_("You attempted to reach %s. %s\n"
"This problem may be stem from an attempt to breach your security, "
"compromise your privacy, or a configuration error.\n\n"
"If in doubt, abort now.\n"),
_("Abort"), _("View certificate"), NULL,
vlc_gettext (msg), host) != 2)
_("Abort"), _("View certificate"), NULL,
vlc_gettext(msg), host) != 2)
return -1;
gnutls_x509_crt_t cert;
......@@ -452,11 +452,11 @@ static int gnutls_ClientHandshake(vlc_tls_creds_t *creds, vlc_tls_t *tls,
}
gnutls_x509_crt_deinit (cert);
val = dialog_Question (tls, _("Insecure site"),
val = dialog_Question(creds, _("Insecure site"),
_("This is the certificate presented by %s:\n%s\n\n"
"If in doubt, abort now.\n"),
_("Abort"), _("Accept 24 hours"),
_("Accept permanently"), host, desc.data);
_("Abort"), _("Accept 24 hours"),
_("Accept permanently"), host, desc.data);
gnutls_free (desc.data);
time_t expiry = 0;
......@@ -469,7 +469,7 @@ static int gnutls_ClientHandshake(vlc_tls_creds_t *creds, vlc_tls_t *tls,
val = gnutls_store_pubkey (NULL, NULL, host, service,
GNUTLS_CRT_X509, datum, expiry, 0);
if (val)
msg_Err (tls, "cannot store X.509 certificate: %s",
msg_Err(creds, "cannot store X.509 certificate: %s",
gnutls_strerror (val));
return 0;
}
......@@ -540,7 +540,8 @@ static int gnutls_ServerSessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *tls,
vlc_tls_creds_sys_t *sys = crd->sys;
assert (hostname == NULL);
return gnutls_SessionOpen (tls, GNUTLS_SERVER, sys->x509_cred, fd, alpn);
return gnutls_SessionOpen(crd, tls, GNUTLS_SERVER, sys->x509_cred, fd,
alpn);
}
static int gnutls_ServerHandshake(vlc_tls_creds_t *crd, vlc_tls_t *tls,
......@@ -548,7 +549,7 @@ static int gnutls_ServerHandshake(vlc_tls_creds_t *crd, vlc_tls_t *tls,
char **restrict alp)
{
(void) host; (void) service;
return gnutls_ContinueHandshake (tls, alp);
return gnutls_ContinueHandshake(crd, tls, alp);
}
/**
......
......@@ -106,11 +106,11 @@ static int st_Error (vlc_tls_t *obj, int val)
case errSSLClosedGraceful:
case errSSLClosedAbort:
msg_Dbg(obj, "Connection closed with code %d", val);
msg_Dbg(obj->obj, "Connection closed with code %d", val);
errno = ECONNRESET;
break;
default:
msg_Err(obj, "Found error %d", val);
msg_Err(obj->obj, "Found error %d", val);
errno = ECONNRESET;
}
return -1;
......@@ -138,7 +138,7 @@ static OSStatus st_SocketReadFunc (SSLConnectionRef connection,
val = read(sys->i_fd, currData, bytesToGo);
if (val <= 0) {
if (val == 0) {
msg_Dbg(session, "found eof");
msg_Dbg(session->obj, "found eof");
retValue = errSSLClosedGraceful;
} else { /* do the switch */
switch (errno) {
......@@ -154,7 +154,7 @@ static OSStatus st_SocketReadFunc (SSLConnectionRef connection,
sys->b_blocking_send = false;
break;
default:
msg_Err(session, "try to read %d bytes, got error %d",
msg_Err(session->obj, "try to read %d bytes, got error %d",
(int)bytesToGo, errno);
retValue = ioErr;
break;
......@@ -210,7 +210,7 @@ static OSStatus st_SocketWriteFunc (SSLConnectionRef connection,
break;
default:
msg_Err(session, "error while writing: %d", errno);
msg_Err(session->obj, "error while writing: %d", errno);
retValue = ioErr;
}
}
......@@ -228,7 +228,7 @@ static int st_validateServerCertificate (vlc_tls_t *session, const char *hostnam
SecTrustRef trust = NULL;
OSStatus ret = SSLCopyPeerTrust(sys->p_context, &trust);
if (ret != noErr || trust == NULL) {
msg_Err(session, "error getting certifictate chain");
msg_Err(session->obj, "error getting certifictate chain");
return -1;
}
......@@ -240,7 +240,7 @@ static int st_validateServerCertificate (vlc_tls_t *session, const char *hostnam
/* enable default root / anchor certificates */
ret = SecTrustSetAnchorCertificates(trust, NULL);
if (ret != noErr) {
msg_Err(session, "error setting anchor certificates");
msg_Err(session->obj, "error setting anchor certificates");
result = -1;
goto out;
}
......@@ -249,7 +249,7 @@ static int st_validateServerCertificate (vlc_tls_t *session, const char *hostnam
ret = SecTrustEvaluate(trust, &trust_eval_result);
if (ret != noErr) {
msg_Err(session, "error calling SecTrustEvaluate");
msg_Err(session->obj, "error calling SecTrustEvaluate");
result = -1;
goto out;
}
......@@ -257,14 +257,14 @@ static int st_validateServerCertificate (vlc_tls_t *session, const char *hostnam
switch (trust_eval_result) {
case kSecTrustResultUnspecified:
case kSecTrustResultProceed:
msg_Dbg(session, "cerfificate verification successful, result is %d", trust_eval_result);
msg_Dbg(session->obj, "cerfificate verification successful, result is %d", trust_eval_result);
result = 0;
goto out;
case kSecTrustResultRecoverableTrustFailure:
case kSecTrustResultDeny:
default:
msg_Warn(session, "cerfificate verification failed, result is %d", trust_eval_result);
msg_Warn(session->obj, "cerfificate verification failed, result is %d", trust_eval_result);
}
/* get leaf certificate */
......@@ -309,7 +309,7 @@ static int st_validateServerCertificate (vlc_tls_t *session, const char *hostnam
continue;
if (CFEqual(knownHost, cfHostname) && CFEqual(knownCert, leaf_cert)) {
msg_Warn(session, "certificate already accepted, continuing");
msg_Warn(session->obj, "certificate already accepted, continuing");
result = 0;
goto out;
}
......@@ -336,7 +336,7 @@ static int st_validateServerCertificate (vlc_tls_t *session, const char *hostnam
_("Abort"), _("Accept certificate temporarily"), NULL, hostname);
if (answer == 2) {
msg_Warn(session, "Proceeding despite of failed certificate validation");
msg_Warn(session->obj, "Proceeding despite of failed certificate validation");
/* save leaf certificate in whitelist */
const void *keys[] = {cfKeyHost, cfKeyCertificate};
......@@ -346,7 +346,7 @@ static int st_validateServerCertificate (vlc_tls_t *session, const char *hostnam
&kCFTypeDictionaryKeyCallBacks,
&kCFTypeDictionaryValueCallBacks);
if (!dict) {
msg_Err(session, "error creating dict");
msg_Err(session->obj, "error creating dict");
result = -1;
goto out;
}
......@@ -388,7 +388,7 @@ static int st_Handshake (vlc_tls_creds_t *crd, vlc_tls_t *session,
OSStatus retValue = SSLHandshake(sys->p_context);
if (retValue == errSSLWouldBlock) {
msg_Dbg(session, "handshake is blocked, try again later");
msg_Dbg(crd, "handshake is blocked, try again later");
return 1 + (sys->b_blocking_send ? 1 : 0);
}
......@@ -397,7 +397,7 @@ static int st_Handshake (vlc_tls_creds_t *crd, vlc_tls_t *session,
if (sys->b_server_mode == false && st_validateServerCertificate(session, host) != 0) {
return -1;
}
msg_Dbg(session, "handshake completed successfully");
msg_Dbg(crd, "handshake completed successfully");
sys->b_handshaked = true;
return 0;
......@@ -405,17 +405,17 @@ static int st_Handshake (vlc_tls_creds_t *crd, vlc_tls_t *session,
return st_Handshake(session, host, service, alp);
case errSSLConnectionRefused:
msg_Err(session, "connection was refused");
msg_Err(crd, "connection was refused");
return -1;
case errSSLNegotiation:
msg_Err(session, "cipher suite negotiation failed");
msg_Err(crd, "cipher suite negotiation failed");
return -1;
case errSSLFatalAlert:
msg_Err(session, "fatal error occured during handshake");
msg_Err(crd, "fatal error occured during handshake");
return -1;
default:
msg_Err(session, "handshake returned error %d", (int)retValue);
msg_Err(crd, "handshake returned error %d", (int)retValue);
return -1;
}
}
......@@ -488,7 +488,7 @@ static ssize_t st_Recv (vlc_tls_t *session, void *buf, size_t length)
/* peer performed shutdown */
if (ret == errSSLClosedNoNotify || ret == errSSLClosedGraceful) {
msg_Dbg(session, "Got close notification with code %i", (int)ret);
msg_Dbg(session->obj, "Got close notification with code %i", (int)ret);
return 0;
}
......@@ -501,7 +501,7 @@ static ssize_t st_Recv (vlc_tls_t *session, void *buf, size_t length)
static void st_SessionClose (vlc_tls_t *session) {
vlc_tls_sys_t *sys = session->sys;
msg_Dbg(session, "close TLS session");
msg_Dbg(session->obj, "close TLS session");
if (sys->p_context) {
if (sys->b_handshaked) {
......@@ -550,12 +550,12 @@ static int st_SessionOpenCommon (vlc_tls_creds_t *crd, vlc_tls_t *session,
#if TARGET_OS_IPHONE
p_context = SSLCreateContext(NULL, b_server ? kSSLServerSide : kSSLClientSide, kSSLStreamType);
if (p_context == NULL) {
msg_Err(session, "cannot create ssl context");
msg_Err(crd, "cannot create ssl context");
return -1;
}
#else
if (SSLNewContext(b_server, &p_context) != noErr) {
msg_Err(session, "error calling SSLNewContext");
msg_Err(crd, "error calling SSLNewContext");
return -1;
}
#endif
......@@ -564,13 +564,13 @@ static int st_SessionOpenCommon (vlc_tls_creds_t *crd, vlc_tls_t *session,
OSStatus ret = SSLSetIOFuncs(p_context, st_SocketReadFunc, st_SocketWriteFunc);
if (ret != noErr) {
msg_Err(session, "cannot set io functions");
msg_Err(crd, "cannot set io functions");
return -1;
}
ret = SSLSetConnection(p_context, session);
if (ret != noErr) {
msg_Err(session, "cannot set connection");
msg_Err(crd, "cannot set connection");
return -1;
}
......@@ -580,7 +580,7 @@ static int st_SessionOpenCommon (vlc_tls_creds_t *crd, vlc_tls_t *session,
static int st_ClientSessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *session,
int fd, const char *hostname, const char *const *alpn) {
VLC_UNUSED(alpn);
msg_Dbg(session, "open TLS session for %s", hostname);
msg_Dbg(crd, "open TLS session for %s", hostname);
int ret = st_SessionOpenCommon(crd, session, fd, false);
if (ret != noErr) {
......@@ -592,7 +592,7 @@ static int st_ClientSessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *session,
ret = SSLSetPeerDomainName(sys->p_context, hostname, strlen(hostname));
if (ret != noErr) {
msg_Err(session, "cannot set peer domain name");
msg_Err(crd, "cannot set peer domain name");
goto error;
}
......@@ -602,14 +602,14 @@ static int st_ClientSessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *session,
/* this has effect only on iOS 5 and OSX 10.8 or later ... */
ret = SSLSetSessionOption(sys->p_context, kSSLSessionOptionBreakOnServerAuth, true);
if (ret != noErr) {
msg_Err (session, "cannot set session option");
msg_Err (crd, "cannot set session option");
goto error;
}
#if !TARGET_OS_IPHONE
/* ... thus calling this for earlier osx versions, which is not available on iOS in turn */
ret = SSLSetEnableCertVerify(sys->p_context, false);
if (ret != noErr) {
msg_Err(session, "error setting enable cert verify");
msg_Err(crd, "error setting enable cert verify");
goto error;
}
#endif
......@@ -663,7 +663,7 @@ static int st_ServerSessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *session,
VLC_UNUSED(hostname);
VLC_UNUSED(alpn);
msg_Dbg(session, "open TLS server session");
msg_Dbg(crd, "open TLS server session");
int ret = st_SessionOpenCommon(crd, session, fd, true);
if (ret != noErr) {
......@@ -676,7 +676,7 @@ static int st_ServerSessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *session,
ret = SSLSetCertificate(sys->p_context, p_cred_sys->server_cert_chain);
if (ret != noErr) {
msg_Err(session, "cannot set server certificate");
msg_Err(crd, "cannot set server certificate");
goto error;