[vlc-commits] contrib/gnutls: add patch adding keychain root certificate lookups on OS X ( not supported on iOS)
Felix Paul Kühne
git at videolan.org
Sun Nov 10 13:24:21 CET 2013
vlc | branch: master | Felix Paul Kühne <fkuehne at videolan.org> | Sun Nov 10 13:23:17 2013 +0100| [a06e7f27acef85631f7c748f568993de7f5023a1] | committer: Felix Paul Kühne
contrib/gnutls: add patch adding keychain root certificate lookups on OS X (not supported on iOS)
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=a06e7f27acef85631f7c748f568993de7f5023a1
---
contrib/src/gnutls/mac-keychain-lookup.patch | 80 ++++++++++++++++++++++++++
contrib/src/gnutls/rules.mak | 3 +
2 files changed, 83 insertions(+)
diff --git a/contrib/src/gnutls/mac-keychain-lookup.patch b/contrib/src/gnutls/mac-keychain-lookup.patch
new file mode 100644
index 0000000..b42bb41
--- /dev/null
+++ b/contrib/src/gnutls/mac-keychain-lookup.patch
@@ -0,0 +1,80 @@
+diff -ru gnutls-plain/lib/Makefile.am gnutls/lib/Makefile.am
+--- gnutls-plain/lib/Makefile.am 2013-06-02 19:33:57.000000000 +0200
++++ gnutls/lib/Makefile.am 2013-11-10 13:04:36.000000000 +0100
+@@ -152,6 +152,10 @@
+ DISTCLEANFILES += $(defexec_DATA)
+ endif
+
++if MACOSX
++libgnutls_la_LDFLAGS += -Wl,-framework,Security,-framework,CoreFoundation
++endif
++
+ if WINDOWS
+ thirdparty_libadd += -lcrypt32
+ endif
+diff -ru gnutls-plain/lib/system.c gnutls/lib/system.c
+--- gnutls-plain/lib/system.c 2013-04-10 22:25:51.000000000 +0200
++++ gnutls/lib/system.c 2013-11-10 13:01:47.000000000 +0100
+@@ -57,6 +57,15 @@
+ #undef send
+ #undef select
+
++#ifdef __APPLE__
++#include "TargetConditionals.h"
++#ifdef TARGET_OS_MAC
++#define _UINT64
++#include <Security/Security.h>
++#include <Security/SecCertificate.h>
++#endif
++#endif
++
+ /* System specific function wrappers.
+ */
+
+@@ -550,6 +559,46 @@
+
+ return r;
+ }
++#elif defined(__APPLE__)
++#if TARGET_OS_MAC
++static
++int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags, unsigned int tl_vflags)
++{
++ CFArrayRef anchors;
++ int ret = 0;
++ printf("add_system_trust\n");
++ if (SecTrustCopyAnchorCertificates(&anchors) != 0) {
++ printf("failure one\n");
++ return -1;
++ }
++
++ CFIndex count = CFArrayGetCount(anchors);
++ for (int i = 0; i < count; i++) {
++ printf("looping %i\n", i);
++ SecCertificateRef certref = (SecCertificateRef)CFArrayGetValueAtIndex(anchors, i);
++
++ CSSM_DATA certData;
++ SecCertificateGetData(certref, &certData);
++ gnutls_datum data = {
++ .data = certData.Data,
++ .size = certData.Length,
++ };
++
++ if (!gnutls_x509_trust_list_add_trust_mem(list, &data, NULL, GNUTLS_X509_FMT_DER, tl_flags, tl_vflags))
++ printf("cannot add x509 credentials\n");
++ else
++ ret++;
++ }
++ CFRelease(anchors);
++
++ printf("will return %i\n", ret);
++
++ return ret;
++}
++
++#else
++#define add_system_trust(x,y,z) GNUTLS_E_UNIMPLEMENTED_FEATURE
++#endif
+ #else
+
+ #define add_system_trust(x,y,z) GNUTLS_E_UNIMPLEMENTED_FEATURE
diff --git a/contrib/src/gnutls/rules.mak b/contrib/src/gnutls/rules.mak
index 48369fd..210c0ec 100644
--- a/contrib/src/gnutls/rules.mak
+++ b/contrib/src/gnutls/rules.mak
@@ -26,6 +26,9 @@ endif
$(APPLY) $(SRC)/gnutls/gnutls-no-egd.patch
$(APPLY) $(SRC)/gnutls/read-file-limits.h.patch
$(APPLY) $(SRC)/gnutls/downgrade-automake-requirement.patch
+ifdef HAVE_MACOSX
+ $(APPLY) $(SRC)/gnutls/mac-keychain-lookup.patch
+endif
$(call pkg_static,"lib/gnutls.pc.in")
$(UPDATE_AUTOCONFIG)
$(MOVE)
More information about the vlc-commits
mailing list