Commit 640a0f99 authored by David Fuhrmann's avatar David Fuhrmann Committed by Thomas Guillem

securetransport: Add mode to ignore untrusted certificates

This is a workaround only for chromecast and only for the 3.0
branch.
Signed-off-by: Thomas Guillem's avatarThomas Guillem <thomas@gllm.fr>
parent 7179660f
......@@ -221,7 +221,7 @@ static OSStatus st_SocketWriteFunc (SSLConnectionRef connection,
return retValue;
}
static int st_validateServerCertificate (vlc_tls_t *session, const char *hostname) {
static int st_validateServerCertificate (vlc_tls_t *session, vlc_tls_creds_t *cred, const char *hostname) {
vlc_tls_st_t *sys = (vlc_tls_st_t *)session;
int result = -1;
......@@ -269,6 +269,12 @@ static int st_validateServerCertificate (vlc_tls_t *session, const char *hostnam
msg_Warn(sys->obj, "cerfificate verification failed, result is %d", trust_eval_result);
}
if (cred->obj.flags & OBJECT_FLAGS_INSECURE) {
msg_Warn(sys->obj, "Accepting untrusted certificate, this is very insecure!");
result = 0;
goto out;
}
/* get leaf certificate */
/* SSLCopyPeerCertificates is only available on OSX 10.5 or later */
#if !TARGET_OS_IPHONE
......@@ -402,7 +408,7 @@ static int st_Handshake (vlc_tls_creds_t *crd, vlc_tls_t *session,
switch (retValue) {
case noErr:
if (sys->b_server_mode == false && st_validateServerCertificate(session, host) != 0) {
if (sys->b_server_mode == false && st_validateServerCertificate(session, crd, host) != 0) {
return -1;
}
msg_Dbg(crd, "handshake completed successfully");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment