[vlc-commits] tls: Add a way to ignore CA check.
Thomas Guillem
git at videolan.org
Fri Feb 2 17:31:10 CET 2018
vlc/vlc-3.0 | branch: master | Thomas Guillem <thomas at gllm.fr> | Thu Jan 18 11:25:32 2018 +0100| [0d8b5004b5df9b235a945da00eec50163a5e8e5c] | committer: Thomas Guillem
tls: Add a way to ignore CA check.
Without breaking ABI.
> http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=0d8b5004b5df9b235a945da00eec50163a5e8e5c
---
include/vlc_objects.h | 1 +
modules/misc/gnutls.c | 7 +++++++
2 files changed, 8 insertions(+)
diff --git a/include/vlc_objects.h b/include/vlc_objects.h
index a5b5dc21dc..4a2814187a 100644
--- a/include/vlc_objects.h
+++ b/include/vlc_objects.h
@@ -31,6 +31,7 @@
/* Object flags */
#define OBJECT_FLAGS_QUIET 0x0002
#define OBJECT_FLAGS_NOINTERACT 0x0004
+#define OBJECT_FLAGS_INSECURE 0x1000 /* VLC 3.0 only, will be removed */
/*****************************************************************************
* The vlc_object_t type. Yes, it's that simple :-)
diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c
index 1cca9c14a7..57429a0b99 100644
--- a/modules/misc/gnutls.c
+++ b/modules/misc/gnutls.c
@@ -445,6 +445,13 @@ static int gnutls_ClientHandshake(vlc_tls_creds_t *creds, vlc_tls_t *tls,
gnutls_free (desc.data);
}
+ if (status == (GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID) &&
+ (creds->obj.flags & OBJECT_FLAGS_INSECURE))
+ {
+ msg_Info( creds, "Accepting self-signed/untrusted CA certificate." );
+ return 0;
+ }
+
status &= ~GNUTLS_CERT_INVALID; /* always set / catch-all error */
status &= ~GNUTLS_CERT_SIGNER_NOT_FOUND; /* unknown CA */
status &= ~GNUTLS_CERT_UNEXPECTED_OWNER; /* mismatched hostname */
More information about the vlc-commits
mailing list