VLC  3.0.0-git
Data Structures | Typedefs | Functions
Collaboration diagram for Transport Layer Security:

Data Structures

struct  vlc_tls_creds
 TLS credentials. More...
 

Typedefs

typedef struct vlc_tls_creds vlc_tls_creds_t
 TLS credentials. More...
 

Functions

vlc_tls_creds_tvlc_tls_ClientCreate (vlc_object_t *)
 Allocates TLS credentials for a client. More...
 
vlc_tls_creds_tvlc_tls_ServerCreate (vlc_object_t *, const char *cert, const char *key)
 Allocates server TLS credentials. More...
 
static int vlc_tls_SessionHandshake (vlc_tls_creds_t *crd, vlc_tls_t *tls)
 
void vlc_tls_Delete (vlc_tls_creds_t *)
 Releases TLS credentials. More...
 
vlc_tls_tvlc_tls_ClientSessionCreate (vlc_tls_creds_t *creds, vlc_tls_t *sock, const char *host, const char *service, const char *const *alpn, char **alp)
 Initiates a client TLS session. More...
 
vlc_tls_tvlc_tls_ServerSessionCreate (vlc_tls_creds_t *creds, vlc_tls_t *sock, const char *const *alpn)
 Creates a TLS server session. More...
 

Detailed Description

Typedef Documentation

◆ vlc_tls_creds_t

TLS credentials.

This structure contains the credentials for establishing TLS sessions. This includes root Certificate Authorities (on client side), trust and cryptographic parameters, public certificates and private keys.

Function Documentation

◆ vlc_tls_ClientCreate()

vlc_tls_creds_t* vlc_tls_ClientCreate ( vlc_object_t )

Allocates TLS credentials for a client.

Credentials can be cached and reused across multiple TLS sessions.

Returns
TLS credentials object, or NULL on error.

References vlc_tls_creds::module, msg_Err, tls_client_load(), unlikely, vlc_custom_create, vlc_module_load, and vlc_object_release.

Referenced by vlc_https_request().

◆ vlc_tls_ClientSessionCreate()

vlc_tls_t* vlc_tls_ClientSessionCreate ( vlc_tls_creds_t creds,
vlc_tls_t sock,
const char *  host,
const char *  service,
const char *const *  alpn,
char **  alp 
)

Initiates a client TLS session.

Initiates a Transport Layer Security (TLS) session as the client side, using trusted root CAs previously loaded with vlc_tls_ClientCreate().

This is a blocking network operation and may be a thread cancellation point.

Parameters
credsX.509 credentials, i.e. set of root certificates of trusted certificate authorities
socksocket through which to establish the secure channel
hostnameexpected server name, used both as Server Name Indication and as expected Common Name of the peer certificate [IN]
serviceunique identifier for the service to connect to (only used locally for certificates database) [IN]
alpnNULL-terminated list of Application Layer Protocols to negotiate, or NULL to not negotiate protocols [IN]
alpstorage space for the negotiated Application Layer Protocol or NULL if negotiation was not performed [OUT]
Note
The credentials must remain valid until the session is finished.
Returns
TLS session, or NULL on error.

References cleanup_tls(), pollfd::events, pollfd::fd, vlc_tls_creds::handshake, mdate(), msg_Err, poll(), POLLIN, POLLOUT, var_InheritInteger, vlc_cleanup_pop, vlc_cleanup_push, vlc_restorecancel(), vlc_savecancel(), vlc_tls_GetFD(), vlc_tls_SessionCreate(), and vlc_tls_SessionDelete().

Referenced by vlc_https_connect_proxy(), vlc_tls_ClientSessionCreateFD(), vlc_tls_SessionHandshake(), and vlc_tls_SocketOpenTLS().

◆ vlc_tls_Delete()

void vlc_tls_Delete ( vlc_tls_creds_t )

Releases TLS credentials.

Releases data allocated with vlc_tls_ClientCreate() or vlc_tls_ServerCreate().

Parameters
srvobject to be destroyed (or NULL)

References vlc_tls_creds::module, tls_unload(), vlc_module_unload, and vlc_object_release.

Referenced by httpd_HostCreate(), httpd_HostDelete(), vlc_http_mgr_destroy(), and vlc_tls_SessionHandshake().

◆ vlc_tls_ServerCreate()

vlc_tls_creds_t* vlc_tls_ServerCreate ( vlc_object_t ,
const char *  cert,
const char *  key 
)

Allocates server TLS credentials.

Parameters
certpath to an x509 certificate (required)
keypath to the PKCS private key for the certificate, or NULL to use cert path
Returns
TLS credentials object, or NULL on error.

References vlc_tls_creds::module, msg_Err, tls_server_load(), unlikely, vlc_custom_create, vlc_module_load, and vlc_object_release.

Referenced by vlc_https_HostNew().

◆ vlc_tls_ServerSessionCreate()

vlc_tls_t* vlc_tls_ServerSessionCreate ( vlc_tls_creds_t creds,
vlc_tls_t sock,
const char *const *  alpn 
)

Creates a TLS server session.

Allocates a Transport Layer Security (TLS) session as the server side, using cryptographic keys pair and X.509 certificates chain already loaded with vlc_tls_ServerCreate().

Unlike vlc_tls_ClientSessionCreate(), this function does not perform any actual network I/O. vlc_tls_SessionHandshake() must be used to perform the TLS handshake before sending and receiving data through the TLS session.

This function is non-blocking and is not a cancellation point.

Parameters
credsserver credentials, i.e. keys pair and X.509 certificates chain
alpnNULL-terminated list of Application Layer Protocols to negotiate, or NULL to not negotiate protocols
Returns
TLS session, or NULL on error.

References vlc_tls_SessionCreate().

Referenced by httpdLoop(), and vlc_tls_SessionHandshake().

◆ vlc_tls_SessionHandshake()

static int vlc_tls_SessionHandshake ( vlc_tls_creds_t crd,
vlc_tls_t tls 
)
inlinestatic