[vlc-commits] gnutls: add option to load CAs from a directory

Rémi Denis-Courmont git at videolan.org
Sun Feb 26 18:51:05 CET 2017 

vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Sun Feb 26 19:08:15 2017 +0200| [dfadf3eccbea63e879877e0f704e1a8582d47e26] | committer: Rémi Denis-Courmont

gnutls: add option to load CAs from a directory

This is useful at least in automated testing.

> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=dfadf3eccbea63e879877e0f704e1a8582d47e26
---

 modules/misc/gnutls.c                            | 20 ++++++++++++++++++++
 test/{modules/misc => samples/certs}/certkey.pem |  0
 2 files changed, 20 insertions(+)

diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c
index 9373537..3b83a9b 100644
--- a/modules/misc/gnutls.c
+++ b/modules/misc/gnutls.c
@@ -566,6 +566,19 @@ static int OpenClient (vlc_tls_creds_t *crd)
             msg_Dbg(crd, "loaded %d trusted CAs from %s", val, "system");
     }
 
+    char *dir = var_InheritString(crd, "gnutls-dir-trust");
+    if (dir != NULL)
+    {
+        val = gnutls_certificate_set_x509_trust_dir(x509, dir,
+                                                    GNUTLS_X509_FMT_PEM);
+        if (val < 0)
+            msg_Err(crd, "cannot load trusted Certificate Authorities "
+                    "from %s: %s", dir, gnutls_strerror(val));
+        else
+            msg_Dbg(crd, "loaded %d trusted CAs from %s", val, dir);
+        free(dir);
+    }
+
     gnutls_certificate_set_verify_flags (x509,
                                          GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
 
@@ -732,6 +745,11 @@ static void CloseServer (vlc_tls_creds_t *crd)
     "Trust the root certificates of Certificate Authorities stored in " \
     "the operating system trust database to authenticate TLS sessions.")
 
+#define DIR_TRUST_TEXT N_("Trust directory")
+#define DIR_TRUST_LONGTEXT N_( \
+    "Trust the root certificates of Certificate Authorities stored in " \
+    "the specified directory to authenticate TLS sessions.")
+
 #define PRIORITIES_TEXT N_("TLS cipher priorities")
 #define PRIORITIES_LONGTEXT N_("Ciphers, key exchange methods, " \
     "hash functions and compression methods can be selected. " \
@@ -760,6 +778,8 @@ vlc_module_begin ()
     set_subcategory( SUBCAT_ADVANCED_NETWORK )
     add_bool("gnutls-system-trust", true, SYSTEM_TRUST_TEXT,
              SYSTEM_TRUST_LONGTEXT, true)
+    add_string("gnutls-dir-trust", NULL, DIR_TRUST_TEXT,
+               DIR_TRUST_TEXT, true)
     add_string ("gnutls-priorities", "NORMAL", PRIORITIES_TEXT,
                 PRIORITIES_LONGTEXT, false)
         change_string_list (priorities_values, priorities_text)
diff --git a/test/modules/misc/certkey.pem b/test/samples/certs/certkey.pem
similarity index 100%
rename from test/modules/misc/certkey.pem
rename to test/samples/certs/certkey.pem

More information about the vlc-commits mailing list