[vlc-commits] Win32: use the OS list of certificate authorities
Geoffroy Couprie
git at videolan.org
Fri Jul 1 00:34:12 CEST 2011
vlc | branch: master | Geoffroy Couprie <geal at videolan.org> | Sat Apr 30 19:29:55 2011 +0200| [95b0fe358d8f84e39a8497de0de924a27dc9e994] | committer: Jean-Baptiste Kempf
Win32: use the OS list of certificate authorities
Ref #3682 and #3666
Now, we have
[022d6ffc] main tls client debug: TLS client session initialized
instead of
[004e6ffc] gnutls tls client error: Certificate could not be verified
However, this still doesn't work fine, since we got a:
"access_http acccess error: failed to read answer"
Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=95b0fe358d8f84e39a8497de0de924a27dc9e994
---
configure.ac | 2 +-
modules/misc/gnutls.c | 41 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 42 insertions(+), 1 deletions(-)
diff --git a/configure.ac b/configure.ac
index 87ade39..14c729c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4065,7 +4065,7 @@ AS_IF([test "${enable_gnutls}" != "no"], [
VLC_ADD_CFLAGS([gnutls], [$GNUTLS_CFLAGS])
AS_IF([test "${SYS}" = "mingw32"], [
dnl pkg-config --libs gnutls omits these
- VLC_ADD_LIBS([gnutls], [-lz ${LTLIBINTL}])
+ VLC_ADD_LIBS([gnutls], [-lz ${LTLIBINTL} -lcrypt32])
])
VLC_ADD_LIBS([gnutls], [${GCRYPT_LIBS}])
VLC_ADD_CFLAGS([gnutls], [${GCRYPT_CFLAGS}])
diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c
index cc60b69..c0f8a03 100644
--- a/modules/misc/gnutls.c
+++ b/modules/misc/gnutls.c
@@ -41,6 +41,7 @@
#endif
#ifdef WIN32
# include <io.h>
+# include <wincrypt.h>
#else
# include <unistd.h>
#endif
@@ -439,6 +440,10 @@ static int
gnutls_Addx509File( vlc_object_t *p_this,
gnutls_certificate_credentials_t cred,
const char *psz_path, bool b_priv );
+#ifdef WIN32
+static int gnutls_loadOSCAList(vlc_object_t *p_this,
+ gnutls_certificate_credentials_t cred);
+#endif
static int
gnutls_Addx509Directory( vlc_object_t *p_this,
@@ -562,6 +567,37 @@ error:
return VLC_EGENERIC;
}
+#ifdef WIN32
+static int
+gnutls_loadOSCAList( vlc_object_t *p_this,
+ gnutls_certificate_credentials cred)
+{
+ HCERTSTORE hCertStore = CertOpenSystemStoreA((HCRYPTPROV)NULL, "ROOT");
+ if (!hCertStore)
+ {
+ msg_Warn (p_this, "could not open the Cert SystemStore");
+ return VLC_EGENERIC;
+ }
+
+ PCCERT_CONTEXT pCertContext = CertEnumCertificatesInStore(hCertStore, NULL);
+ while( pCertContext )
+ {
+ gnutls_datum data = {
+ .data = pCertContext->pbCertEncoded,
+ .size = pCertContext->cbCertEncoded,
+ };
+
+ if(!gnutls_certificate_set_x509_trust_mem(cred, &data, GNUTLS_X509_FMT_DER))
+ {
+ msg_Warn (p_this, "cannot add x509 credential");
+ return VLC_EGENERIC;
+ }
+
+ pCertContext = CertEnumCertificatesInStore(hCertStore, pCertContext);
+ }
+ return VLC_SUCCESS;
+}
+#endif
/** TLS client session data */
typedef struct tls_client_sys_t
@@ -626,8 +662,13 @@ static int OpenClient (vlc_object_t *obj)
char path[strlen (confdir)
+ sizeof ("/ssl/certs/ca-certificates.crt")];
sprintf (path, "%s/ssl/certs/ca-certificates.crt", confdir);
+#ifdef WIN32
+ gnutls_loadOSCAList (VLC_OBJECT (p_session),
+ p_sys->x509_cred);
+#else
gnutls_Addx509File (VLC_OBJECT (p_session),
p_sys->x509_cred, path, false);
+#endif
}
p_session->pf_handshake = gnutls_HandshakeAndValidate;
/*p_session->pf_handshake = gnutls_ContinueHandshake;*/
More information about the vlc-commits
mailing list