[vlc-commits] contrib/gnutls: add patch adding keychain root certificate lookups on OS X ( not supported on iOS)

Felix Paul Kühne git at videolan.org
Sun Nov 10 13:24:21 CET 2013


vlc | branch: master | Felix Paul Kühne <fkuehne at videolan.org> | Sun Nov 10 13:23:17 2013 +0100| [a06e7f27acef85631f7c748f568993de7f5023a1] | committer: Felix Paul Kühne

contrib/gnutls: add patch adding keychain root certificate lookups on OS X (not supported on iOS)

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=a06e7f27acef85631f7c748f568993de7f5023a1
---

 contrib/src/gnutls/mac-keychain-lookup.patch |   80 ++++++++++++++++++++++++++
 contrib/src/gnutls/rules.mak                 |    3 +
 2 files changed, 83 insertions(+)

diff --git a/contrib/src/gnutls/mac-keychain-lookup.patch b/contrib/src/gnutls/mac-keychain-lookup.patch
new file mode 100644
index 0000000..b42bb41
--- /dev/null
+++ b/contrib/src/gnutls/mac-keychain-lookup.patch
@@ -0,0 +1,80 @@
+diff -ru gnutls-plain/lib/Makefile.am gnutls/lib/Makefile.am
+--- gnutls-plain/lib/Makefile.am	2013-06-02 19:33:57.000000000 +0200
++++ gnutls/lib/Makefile.am	2013-11-10 13:04:36.000000000 +0100
+@@ -152,6 +152,10 @@
+ DISTCLEANFILES += $(defexec_DATA)
+ endif
+ 
++if MACOSX
++libgnutls_la_LDFLAGS += -Wl,-framework,Security,-framework,CoreFoundation
++endif
++
+ if WINDOWS
+ thirdparty_libadd += -lcrypt32
+ endif
+diff -ru gnutls-plain/lib/system.c gnutls/lib/system.c
+--- gnutls-plain/lib/system.c	2013-04-10 22:25:51.000000000 +0200
++++ gnutls/lib/system.c	2013-11-10 13:01:47.000000000 +0100
+@@ -57,6 +57,15 @@
+ #undef send
+ #undef select
+ 
++#ifdef __APPLE__
++#include "TargetConditionals.h"
++#ifdef TARGET_OS_MAC
++#define _UINT64
++#include <Security/Security.h>
++#include <Security/SecCertificate.h>
++#endif
++#endif
++
+ /* System specific function wrappers.
+  */
+ 
+@@ -550,6 +559,46 @@
+ 
+   return r;
+ }
++#elif defined(__APPLE__)
++#if TARGET_OS_MAC
++static
++int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags, unsigned int tl_vflags)
++{
++    CFArrayRef anchors;
++    int ret = 0;
++    printf("add_system_trust\n");
++    if (SecTrustCopyAnchorCertificates(&anchors) != 0) {
++        printf("failure one\n");
++        return -1;
++    }
++
++    CFIndex count = CFArrayGetCount(anchors);
++    for (int i = 0; i < count; i++) {
++        printf("looping %i\n", i);
++        SecCertificateRef certref = (SecCertificateRef)CFArrayGetValueAtIndex(anchors, i);
++
++        CSSM_DATA certData;
++        SecCertificateGetData(certref, &certData);
++        gnutls_datum data = {
++            .data = certData.Data,
++            .size = certData.Length,
++        };
++
++        if (!gnutls_x509_trust_list_add_trust_mem(list, &data, NULL, GNUTLS_X509_FMT_DER, tl_flags, tl_vflags))
++            printf("cannot add x509 credentials\n");
++        else
++            ret++;
++    }
++    CFRelease(anchors);
++
++    printf("will return %i\n", ret);
++
++    return ret;
++}
++
++#else
++#define add_system_trust(x,y,z) GNUTLS_E_UNIMPLEMENTED_FEATURE
++#endif
+ #else
+ 
+ #define add_system_trust(x,y,z) GNUTLS_E_UNIMPLEMENTED_FEATURE
diff --git a/contrib/src/gnutls/rules.mak b/contrib/src/gnutls/rules.mak
index 48369fd..210c0ec 100644
--- a/contrib/src/gnutls/rules.mak
+++ b/contrib/src/gnutls/rules.mak
@@ -26,6 +26,9 @@ endif
 	$(APPLY) $(SRC)/gnutls/gnutls-no-egd.patch
 	$(APPLY) $(SRC)/gnutls/read-file-limits.h.patch
 	$(APPLY) $(SRC)/gnutls/downgrade-automake-requirement.patch
+ifdef HAVE_MACOSX
+	$(APPLY) $(SRC)/gnutls/mac-keychain-lookup.patch
+endif
 	$(call pkg_static,"lib/gnutls.pc.in")
 	$(UPDATE_AUTOCONFIG)
 	$(MOVE)



More information about the vlc-commits mailing list