Commit b027bfd8 authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont
Browse files

gnutls: remove support for certificates and keys from .config/vlc

Support for custom certificates will be better addressed with the
stored public key support in the GnuTLS library (in latter commit).

Support for private keys on client side was practically useless.
parent 48821bd5
......@@ -27,22 +27,11 @@
#include <errno.h>
#include <sys/types.h>
#include <errno.h>
#include <sys/stat.h>
#ifdef WIN32
# include <io.h>
# include <unistd.h>
#include <fcntl.h>
#include <assert.h>
#include <vlc_common.h>
#include <vlc_plugin.h>
#include <vlc_tls.h>
#include <vlc_charset.h>
#include <vlc_fs.h>
#include <vlc_block.h>
#include <gnutls/gnutls.h>
......@@ -54,8 +43,6 @@
#include "dhparams.h"
#include <assert.h>
* Module descriptor
......@@ -379,90 +366,6 @@ gnutls_SessionPrioritize (vlc_object_t *obj, gnutls_session_t session)
return val;
#ifndef WIN32
* Loads x509 credentials from a file descriptor (directory or regular file)
* and closes the descriptor.
static void gnutls_x509_AddFD (vlc_object_t *obj,
gnutls_certificate_credentials_t cred,
int fd, bool priv, unsigned recursion)
DIR *dir = fdopendir (fd);
if (dir != NULL)
if (recursion == 0)
goto skipdir;
for (;;)
char *ent = vlc_readdir (dir);
if (ent == NULL)
if ((strcmp (ent, ".") == 0) || (strcmp (ent, "..") == 0))
free (ent);
int nfd = vlc_openat (fd, ent, O_RDONLY);
if (nfd != -1)
msg_Dbg (obj, "loading x509 credentials from %s...", ent);
gnutls_x509_AddFD (obj, cred, nfd, priv, recursion);
msg_Dbg (obj, "cannot access x509 credentials in %s", ent);
free (ent);
closedir (dir);
block_t *block = block_File (fd);
if (block != NULL)
gnutls_datum_t data = {
.data = block->p_buffer,
.size = block->i_buffer,
int res = priv
? gnutls_certificate_set_x509_key_mem (cred, &data, &data,
: gnutls_certificate_set_x509_trust_mem (cred, &data,
block_Release (block);
if (res < 0)
msg_Warn (obj, "cannot add x509 credentials: %s",
gnutls_strerror (res));
msg_Dbg (obj, "added %d %s(s)", res, priv ? "key" : "certificate");
msg_Warn (obj, "cannot read x509 credentials: %m");
close (fd);
static void gnutls_x509_AddPath (vlc_object_t *obj,
gnutls_certificate_credentials_t cred,
const char *path, bool priv)
msg_Dbg (obj, "loading x509 credentials in %s...", path);
int fd = vlc_open (path, O_RDONLY);
if (fd == -1)
msg_Warn (obj, "cannot access x509 in %s: %m", path);
gnutls_x509_AddFD (obj, cred, fd, priv, 5);
#endif /* WIN32 */
* Initializes a client-side TLS session.
......@@ -499,21 +402,6 @@ static int OpenClient (vlc_tls_t *session, int fd, const char *hostname)
msg_Dbg (session, "loaded %d trusted CAs", val);
#ifndef WIN32
char *userdir = config_GetUserDir (VLC_DATA_DIR);
if (userdir != NULL)
char path[strlen (userdir) + sizeof ("/ssl/private/")];
sprintf (path, "%s/ssl", userdir);
vlc_mkdir (path, 0755);
sprintf (path, "%s/ssl/certs/", userdir);
gnutls_x509_AddPath (VLC_OBJECT(session), sys->x509_cred, path, false);
sprintf (path, "%s/ssl/private/", userdir);
gnutls_x509_AddPath (VLC_OBJECT(session), sys->x509_cred, path, true);
free (userdir);
gnutls_certificate_set_verify_flags (sys->x509_cred,
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment