gnutls.c File Reference
Data Structures | |
| struct | tls_session_sys_t |
| struct | error_msg_t |
| struct | tls_client_sys_t |
| TLS client session data. More... | |
| struct | tls_server_sys_t |
| Server-side TLS. More... | |
| struct | saved_session_t |
Defines | |
| #define | CACHE_TIMEOUT 3600 |
| #define | CACHE_SIZE 64 |
| #define | CACHE_TIMEOUT_TEXT N_("Expiration time for resumed TLS sessions") |
| #define | CACHE_TIMEOUT_LONGTEXT |
| #define | CACHE_SIZE_TEXT N_("Number of resumed TLS sessions") |
| #define | CACHE_SIZE_LONGTEXT |
| #define | MAX_SESSION_ID 32 |
| TLS session resumption callbacks (server-side). | |
| #define | MAX_SESSION_DATA 1024 |
Typedefs | |
| typedef int(* | tls_prio_func )(gnutls_session_t, const int *) |
Functions | |
| static int | OpenClient (vlc_object_t *obj) |
| Initializes a client-side TLS session. | |
| static void | CloseClient (vlc_object_t *) |
| static int | OpenServer (vlc_object_t *obj) |
| Allocates a whole server's TLS credentials. | |
| static void | CloseServer (vlc_object_t *p_server) |
| Destroys a TLS server object. | |
| int | vlc_entry__main (module_t *p_module) |
| const char * | vlc_entry_license__main (void) |
| static int | gnutls_Init (vlc_object_t *p_this) |
| Initializes GnuTLS with proper locking. | |
| static void | gnutls_Deinit (vlc_object_t *p_this) |
| Deinitializes GnuTLS. | |
| static int | gnutls_Error (vlc_object_t *obj, int val) |
| static int | gnutls_Send (void *p_session, const void *buf, int i_length) |
| Sends data through a TLS session. | |
| static int | gnutls_Recv (void *p_session, void *buf, int i_length) |
| Receives data through a TLS session. | |
| static int | gnutls_ContinueHandshake (tls_session_t *p_session) |
| Starts or continues the TLS handshake. | |
| static int | gnutls_HandshakeAndValidate (tls_session_t *session) |
| static void | gnutls_SetFD (tls_session_t *p_session, int fd) |
| Sets the operating system file descriptor backend for the TLS sesison. | |
| static int | gnutls_SetPriority (vlc_object_t *restrict obj, const char *restrict name, tls_prio_func func, gnutls_session_t session, const int *restrict values) |
| static int | gnutls_SessionPrioritize (vlc_object_t *obj, gnutls_session_t session) |
| static int | gnutls_Addx509File (vlc_object_t *p_this, gnutls_certificate_credentials_t cred, const char *psz_path, bool b_priv) |
| static int | gnutls_Addx509Directory (vlc_object_t *p_this, gnutls_certificate_credentials_t cred, const char *psz_dirname, bool b_priv) |
| static int | gnutls_Addx509File (vlc_object_t *p_this, gnutls_certificate_credentials cred, const char *psz_path, bool b_priv) |
| static int | cb_store (void *p_server, gnutls_datum key, gnutls_datum data) |
| static gnutls_datum | cb_fetch (void *p_server, gnutls_datum key) |
| static int | cb_delete (void *p_server, gnutls_datum key) |
| static void | gnutls_SessionClose (tls_server_t *p_server, tls_session_t *p_session) |
| Terminates TLS session and releases session data. | |
| static tls_session_t * | gnutls_ServerSessionPrepare (tls_server_t *p_server) |
| Initializes a server-side TLS session. | |
| static int | gnutls_ServerAddCA (tls_server_t *p_server, const char *psz_ca_path) |
| Adds one or more certificate authorities. | |
| static int | gnutls_ServerAddCRL (tls_server_t *p_server, const char *psz_crl_path) |
| Adds a certificates revocation list to be sent to TLS clients. | |
Variables | |
| static vlc_mutex_t | gnutls_mutex = PTHREAD_MUTEX_INITIALIZER |
| static const error_msg_t | cert_errors [] |
Define Documentation
| #define CACHE_SIZE 64 |
| #define CACHE_SIZE_LONGTEXT |
Value:
N_( \ "This is the maximum number of resumed TLS sessions that " \ "the cache will hold." )
| #define CACHE_SIZE_TEXT N_("Number of resumed TLS sessions") |
| #define CACHE_TIMEOUT 3600 |
| #define CACHE_TIMEOUT_LONGTEXT |
Value:
N_( \ "It is possible to cache the resumed TLS sessions. This is the expiration "\ "time of the sessions stored in this cache, in seconds." )
| #define CACHE_TIMEOUT_TEXT N_("Expiration time for resumed TLS sessions") |
| #define MAX_SESSION_DATA 1024 |
Referenced by cb_store().
| #define MAX_SESSION_ID 32 |
Typedef Documentation
| typedef int(* tls_prio_func)(gnutls_session_t, const int *) |
Function Documentation
| static int cb_delete | ( | void * | p_server, | |
| gnutls_datum | key | |||
| ) | [static] |
| static gnutls_datum cb_fetch | ( | void * | p_server, | |
| gnutls_datum | key | |||
| ) | [static] |
| static int cb_store | ( | void * | p_server, | |
| gnutls_datum | key, | |||
| gnutls_datum | data | |||
| ) | [static] |
References tls_server_sys_t::cache_lock, saved_session_t::data, tls_server_sys_t::i_cache_size, saved_session_t::i_datalen, saved_session_t::i_idlen, saved_session_t::id, MAX_SESSION_DATA, MAX_SESSION_ID, tls_server_sys_t::p_cache, tls_server_sys_t::p_store, p_sys, vlc_mutex_lock(), and vlc_mutex_unlock().
Referenced by gnutls_ServerSessionPrepare().
| static void CloseClient | ( | vlc_object_t * | obj | ) | [static] |
| static void CloseServer | ( | vlc_object_t * | p_server | ) | [static] |
Destroys a TLS server object.
References tls_server_sys_t::cache_lock, tls_server_sys_t::dh_params, gnutls_Deinit(), tls_server_sys_t::p_cache, p_sys, vlc_mutex_destroy(), and tls_server_sys_t::x509_cred.
| static int gnutls_Addx509Directory | ( | vlc_object_t * | p_this, | |
| gnutls_certificate_credentials_t | cred, | |||
| const char * | psz_dirname, | |||
| bool | b_priv | |||
| ) | [static] |
References closedir, DIR_SEP, gnutls_Addx509File(), msg_Dbg, msg_Err, VLC_EGENERIC, vlc_lstat(), vlc_mkdir(), vlc_opendir(), vlc_readdir(), and VLC_SUCCESS.
Referenced by gnutls_Addx509File(), and OpenClient().
| static int gnutls_Addx509File | ( | vlc_object_t * | p_this, | |
| gnutls_certificate_credentials | cred, | |||
| const char * | psz_path, | |||
| bool | b_priv | |||
| ) | [static] |
References block_File(), block_Release(), gnutls_Addx509Directory(), block_t::i_buffer, msg_Dbg, msg_Warn, block_t::p_buffer, VLC_EGENERIC, vlc_open(), and VLC_SUCCESS.
| static int gnutls_Addx509File | ( | vlc_object_t * | p_this, | |
| gnutls_certificate_credentials_t | cred, | |||
| const char * | psz_path, | |||
| bool | b_priv | |||
| ) | [static] |
Referenced by gnutls_Addx509Directory(), and OpenClient().
| static int gnutls_ContinueHandshake | ( | tls_session_t * | p_session | ) | [static] |
Starts or continues the TLS handshake.
- Returns:
- -1 on fatal error, 0 on succesful handshake completion, 1 if more would-be blocking recv is needed, 2 if more would-be blocking send is required.
References tls_session_sys_t::b_handshaked, msg_Dbg, msg_Err, tls_session_t::p_sys, p_sys, and tls_session_sys_t::session.
Referenced by gnutls_HandshakeAndValidate(), and OpenServer().
| static void gnutls_Deinit | ( | vlc_object_t * | p_this | ) | [static] |
Deinitializes GnuTLS.
References gnutls_mutex, msg_Dbg, vlc_mutex_lock(), and vlc_mutex_unlock().
Referenced by CloseClient(), CloseServer(), and OpenClient().
| static int gnutls_Error | ( | vlc_object_t * | obj, | |
| int | val | |||
| ) | [static] |
| static int gnutls_HandshakeAndValidate | ( | tls_session_t * | session | ) | [static] |
References error_msg_t::flag, gnutls_ContinueHandshake(), msg_Err, tls_session_t::p_sys, p_sys, and tls_session_sys_t::session.
Referenced by gnutls_ServerAddCA(), gnutls_ServerSessionPrepare(), and OpenClient().
| static int gnutls_Init | ( | vlc_object_t * | p_this | ) | [static] |
Initializes GnuTLS with proper locking.
- Returns:
- VLC_SUCCESS on success, a VLC error code otherwise.
References gnutls_mutex, msg_Dbg, msg_Err, VLC_EGENERIC, vlc_gcrypt_init(), vlc_mutex_lock(), vlc_mutex_unlock(), and VLC_SUCCESS.
Referenced by OpenClient(), and OpenServer().
| static int gnutls_Recv | ( | void * | p_session, | |
| void * | buf, | |||
| int | i_length | |||
| ) | [static] |
Receives data through a TLS session.
References gnutls_Error(), p_sys, and tls_session_sys_t::session.
Referenced by gnutls_ServerSessionPrepare(), and OpenClient().
| static int gnutls_Send | ( | void * | p_session, | |
| const void * | buf, | |||
| int | i_length | |||
| ) | [static] |
Sends data through a TLS session.
References gnutls_Error(), p_sys, and tls_session_sys_t::session.
Referenced by gnutls_ServerSessionPrepare(), and OpenClient().
| static int gnutls_ServerAddCA | ( | tls_server_t * | p_server, | |
| const char * | psz_ca_path | |||
| ) | [static] |
Adds one or more certificate authorities.
- Parameters:
-
psz_ca_path (Unicode) path to an x509 certificates list.
- Returns:
- -1 on error, 0 on success.
References gnutls_HandshakeAndValidate(), LocaleFree(), msg_Dbg, msg_Err, tls_server_t::p_sys, p_sys, tls_server_sys_t::pf_handshake, ToLocale(), VLC_EGENERIC, VLC_SUCCESS, and tls_server_sys_t::x509_cred.
Referenced by OpenServer().
| static int gnutls_ServerAddCRL | ( | tls_server_t * | p_server, | |
| const char * | psz_crl_path | |||
| ) | [static] |
Adds a certificates revocation list to be sent to TLS clients.
- Parameters:
-
psz_crl_path (Unicode) path of the CRL file.
- Returns:
- -1 on error, 0 on success.
References LocaleFree(), msg_Dbg, msg_Err, tls_server_t::p_sys, ToLocale(), VLC_EGENERIC, and VLC_SUCCESS.
Referenced by OpenServer().
| static tls_session_t* gnutls_ServerSessionPrepare | ( | tls_server_t * | p_server | ) | [static] |
Initializes a server-side TLS session.
References tls_session_sys_t::b_handshaked, cb_delete(), cb_fetch(), cb_store(), gnutls_HandshakeAndValidate(), gnutls_Recv(), gnutls_Send(), gnutls_SessionPrioritize(), gnutls_SetFD(), msg_Err, virtual_socket_t::p_sys, tls_server_t::p_sys, tls_session_t::p_sys, tls_server_sys_t::pf_handshake, tls_session_t::pf_handshake, virtual_socket_t::pf_recv, virtual_socket_t::pf_send, tls_session_t::pf_set_fd, tls_session_sys_t::psz_hostname, tls_session_sys_t::session, tls_session_t::sock, var_InheritInteger, VLC_OBJECT, vlc_object_create, vlc_object_release, and tls_server_sys_t::x509_cred.
Referenced by OpenServer().
| static void gnutls_SessionClose | ( | tls_server_t * | p_server, | |
| tls_session_t * | p_session | |||
| ) | [static] |
Terminates TLS session and releases session data.
You still have to close the socket yourself.
References tls_session_sys_t::b_handshaked, tls_session_t::p_sys, p_sys, tls_session_sys_t::session, and vlc_object_release.
Referenced by OpenServer().
| static int gnutls_SessionPrioritize | ( | vlc_object_t * | obj, | |
| gnutls_session_t | session | |||
| ) | [static] |
References gnutls_SetPriority(), msg_Err, VLC_EGENERIC, and VLC_SUCCESS.
Referenced by gnutls_ServerSessionPrepare(), and OpenClient().
| static void gnutls_SetFD | ( | tls_session_t * | p_session, | |
| int | fd | |||
| ) | [static] |
Sets the operating system file descriptor backend for the TLS sesison.
- Parameters:
-
fd stream socket already connected with the peer.
References tls_session_t::p_sys, and tls_session_sys_t::session.
Referenced by gnutls_ServerSessionPrepare(), and OpenClient().
| static int gnutls_SetPriority | ( | vlc_object_t *restrict | obj, | |
| const char *restrict | name, | |||
| tls_prio_func | func, | |||
| gnutls_session_t | session, | |||
| const int *restrict | values | |||
| ) | [static] |
| static int OpenClient | ( | vlc_object_t * | obj | ) | [static] |
Initializes a client-side TLS session.
References tls_session_sys_t::b_handshaked, config_GetConfDir(), config_GetUserDir(), gnutls_Addx509Directory(), gnutls_Addx509File(), gnutls_Deinit(), gnutls_HandshakeAndValidate(), gnutls_Init(), gnutls_Recv(), gnutls_Send(), gnutls_SessionPrioritize(), gnutls_SetFD(), msg_Err, virtual_socket_t::p_sys, tls_session_t::p_sys, p_sys, tls_session_t::pf_handshake, virtual_socket_t::pf_recv, virtual_socket_t::pf_send, tls_session_t::pf_set_fd, tls_session_sys_t::psz_hostname, tls_session_sys_t::session, tls_client_sys_t::session, tls_session_t::sock, var_GetNonEmptyString, VLC_DATA_DIR, VLC_EGENERIC, VLC_ENOMEM, vlc_mkdir(), VLC_OBJECT, VLC_SUCCESS, and tls_client_sys_t::x509_cred.
| static int OpenServer | ( | vlc_object_t * | obj | ) | [static] |
Allocates a whole server's TLS credentials.
References tls_server_sys_t::cache_lock, dh_params, tls_server_sys_t::dh_params, gnutls_ContinueHandshake(), gnutls_Init(), gnutls_ServerAddCA(), gnutls_ServerAddCRL(), gnutls_ServerSessionPrepare(), gnutls_SessionClose(), tls_server_sys_t::i_cache_size, LocaleFree(), msg_Dbg, msg_Err, tls_server_sys_t::p_cache, tls_server_sys_t::p_store, tls_server_t::p_sys, p_sys, tls_server_t::pf_add_CA, tls_server_t::pf_add_CRL, tls_server_t::pf_close, tls_server_sys_t::pf_handshake, tls_server_t::pf_open, size, ToLocale(), var_GetNonEmptyString, var_InheritInteger, VLC_EGENERIC, VLC_ENOMEM, vlc_mutex_destroy(), vlc_mutex_init(), VLC_SUCCESS, and tls_server_sys_t::x509_cred.
| int vlc_entry__main | ( | module_t * | p_module | ) |
| const char* vlc_entry_license__main | ( | void | ) |
Variable Documentation
const error_msg_t cert_errors[] [static] |
Initial value:
{
{ GNUTLS_CERT_INVALID,
"Certificate could not be verified" },
{ GNUTLS_CERT_REVOKED,
"Certificate was revoked" },
{ GNUTLS_CERT_SIGNER_NOT_FOUND,
"Certificate's signer was not found" },
{ GNUTLS_CERT_SIGNER_NOT_CA,
"Certificate's signer is not a CA" },
{ GNUTLS_CERT_INSECURE_ALGORITHM,
"Insecure certificate signature algorithm" },
{ 0, NULL }
}
vlc_mutex_t gnutls_mutex = PTHREAD_MUTEX_INITIALIZER [static] |
Referenced by gnutls_Deinit(), and gnutls_Init().
