Commit 5c8ad6bb authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont
Browse files

--dh-bits option to change the Diffie Hellman prime number's bits size

parent d36e5c73
...@@ -63,8 +63,8 @@ vlc_module_begin(); ...@@ -63,8 +63,8 @@ vlc_module_begin();
set_capability( "tls", 1 ); set_capability( "tls", 1 );
set_callbacks( Open, Close ); set_callbacks( Open, Close );
/*add_integer( "dh-bits", 1024, NULL, DH_BITS_TEXT, add_integer( "dh-bits", DH_BITS, NULL, DH_BITS_TEXT,
DH_BITS_LONGTEXT, VLC_TRUE );*/ DH_BITS_LONGTEXT, VLC_TRUE );
vlc_module_end(); vlc_module_end();
...@@ -168,6 +168,7 @@ gnutls_ServerSessionPrepare( tls_server_t *p_server ) ...@@ -168,6 +168,7 @@ gnutls_ServerSessionPrepare( tls_server_t *p_server )
tls_session_t *p_session; tls_session_t *p_session;
gnutls_session *p_sys; gnutls_session *p_sys;
int val; int val;
vlc_value_t bits;
p_sys = (gnutls_session *)malloc( sizeof(gnutls_session *) ); p_sys = (gnutls_session *)malloc( sizeof(gnutls_session *) );
if( p_sys == NULL ) if( p_sys == NULL )
...@@ -208,7 +209,14 @@ gnutls_ServerSessionPrepare( tls_server_t *p_server ) ...@@ -208,7 +209,14 @@ gnutls_ServerSessionPrepare( tls_server_t *p_server )
/*gnutls_certificate_server_set_request( p_session->session, /*gnutls_certificate_server_set_request( p_session->session,
GNUTLS_CERT_REQUEST ); */ GNUTLS_CERT_REQUEST ); */
gnutls_dh_set_prime_bits( *p_sys, DH_BITS ); if( var_Get( p_server->p_tls, "dh-bits", &bits ) != VLC_SUCCESS )
{
var_Create( p_server->p_tls, "dh-bits",
VLC_VAR_INTEGER | VLC_VAR_DOINHERIT );
var_Get( p_server->p_tls, "dh-bits", &bits );
}
gnutls_dh_set_prime_bits( *p_sys, bits.i_int );
p_session = malloc( sizeof (struct tls_session_t) ); p_session = malloc( sizeof (struct tls_session_t) );
if( p_session == NULL ) if( p_session == NULL )
...@@ -350,8 +358,18 @@ gnutls_ServerCreate( tls_t *p_this, const char *psz_cert_path, ...@@ -350,8 +358,18 @@ gnutls_ServerCreate( tls_t *p_this, const char *psz_cert_path,
val = gnutls_dh_params_init( &p_server_sys->dh_params ); val = gnutls_dh_params_init( &p_server_sys->dh_params );
if( val >= 0 ) if( val >= 0 )
{ {
vlc_value_t bits;
if( var_Get( p_this, "dh-bits", &bits ) != VLC_SUCCESS )
{
var_Create( p_this, "dh-bits",
VLC_VAR_INTEGER | VLC_VAR_DOINHERIT );
var_Get( p_this, "dh-bits", &bits );
}
msg_Dbg( p_this, "Computing Diffie Hellman ciphers parameters" ); msg_Dbg( p_this, "Computing Diffie Hellman ciphers parameters" );
val = gnutls_dh_params_generate2( p_server_sys->dh_params, DH_BITS ); val = gnutls_dh_params_generate2( p_server_sys->dh_params,
bits.i_int );
} }
if( val < 0 ) if( val < 0 )
{ {
...@@ -459,13 +477,13 @@ Open( vlc_object_t *p_this ) ...@@ -459,13 +477,13 @@ Open( vlc_object_t *p_this )
if( gnutls_global_init( ) ) if( gnutls_global_init( ) )
{ {
msg_Warn( p_this, "cannot initialize GNUTLS" ); msg_Warn( p_this, "cannot initialize GNUTLS" );
vlc_mutex_unlock( lock.p_address); vlc_mutex_unlock( lock.p_address );
return VLC_EGENERIC; return VLC_EGENERIC;
} }
if( gnutls_check_version( "1.0.0" ) == NULL ) if( gnutls_check_version( "1.0.0" ) == NULL )
{ {
gnutls_global_deinit( ); gnutls_global_deinit( );
vlc_mutex_unlock( lock.p_address); vlc_mutex_unlock( lock.p_address );
msg_Err( p_this, "unsupported GNUTLS version" ); msg_Err( p_this, "unsupported GNUTLS version" );
return VLC_EGENERIC; return VLC_EGENERIC;
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment