[vlc-commits] tls: separate client and server types
Rémi Denis-Courmont
git at videolan.org
Sun Nov 18 16:57:26 CET 2018
vlc | branch: master | Rémi Denis-Courmont <remi at remlab.net> | Sun Nov 18 14:35:41 2018 +0200| [c212795864783b81008292d7868058d12ccfd71d] | committer: Rémi Denis-Courmont
tls: separate client and server types
They are manipulated differently. It makes sense to use the same types
for session, but not so much for credentials.
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=c212795864783b81008292d7868058d12ccfd71d
---
include/vlc_tls.h | 115 ++++++++++++++-------
modules/access/ftp.c | 8 +-
modules/access/http/connmgr.c | 6 +-
modules/access/http/transport.h | 7 +-
modules/access/http/tunnel.c | 2 +-
modules/demux/adaptive/http/Transport.cpp | 4 +-
modules/demux/adaptive/http/Transport.hpp | 2 +-
modules/misc/gnutls.c | 12 +--
modules/misc/securetransport.c | 16 +--
modules/stream_out/chromecast/chromecast.h | 2 +-
.../chromecast/chromecast_communication.cpp | 4 +-
src/libvlccore.sym | 5 +-
src/network/httpd.c | 14 +--
src/network/tls.c | 63 +++++------
test/modules/misc/tls.c | 14 +--
15 files changed, 159 insertions(+), 115 deletions(-)
diff --git a/include/vlc_tls.h b/include/vlc_tls.h
index 66683cea35..258bc5674f 100644
--- a/include/vlc_tls.h
+++ b/include/vlc_tls.h
@@ -125,65 +125,46 @@ struct vlc_tls_operations
/**
* \defgroup tls Transport Layer Security
* @{
+ * \defgroup tls_client TLS client
+ * @{
*/
/**
- * TLS credentials
+ * TLS client-side credentials
*
- * This structure contains the credentials for establishing TLS sessions.
- * This includes root Certificate Authorities (on client side),
- * trust and cryptographic parameters,
- * public certificates and private keys.
+ * This structure contains the credentials for establishing TLS sessions
+ * on client side, essentially the set of trusted root Certificate Authorities
+ * with which to validate certificate chains presented by servers.
*/
-typedef struct vlc_tls_creds
+typedef struct vlc_tls_client
{
struct vlc_common_members obj;
void *sys;
- vlc_tls_t *(*open)(struct vlc_tls_creds *, vlc_tls_t *sock,
+ vlc_tls_t *(*open)(struct vlc_tls_client *, vlc_tls_t *sock,
const char *host, const char *const *alpn);
int (*handshake)(vlc_tls_t *session,
const char *hostname, const char *service,
char ** /*restrict*/ alp);
- void (*destroy)(struct vlc_tls_creds *);
-} vlc_tls_creds_t;
+ void (*destroy)(struct vlc_tls_client *);
+} vlc_tls_client_t;
/**
- * Allocates TLS credentials for a client.
+ * Allocates TLS client-side credentials.
+ *
* Credentials can be cached and reused across multiple TLS sessions.
*
* @return TLS credentials object, or NULL on error.
**/
-VLC_API vlc_tls_creds_t *vlc_tls_ClientCreate(vlc_object_t *);
-
-/**
- * Allocates server TLS credentials.
- *
- * @param cert path to an x509 certificate (required)
- * @param key path to the PKCS private key for the certificate,
- * or NULL to use cert path
- *
- * @return TLS credentials object, or NULL on error.
- */
-VLC_API vlc_tls_creds_t *vlc_tls_ServerCreate(vlc_object_t *, const char *cert,
- const char *key);
-
-static inline int vlc_tls_SessionHandshake (vlc_tls_creds_t *crd,
- vlc_tls_t *tls)
-{
- return crd->handshake(tls, NULL, NULL, NULL);
-}
+VLC_API vlc_tls_client_t *vlc_tls_ClientCreate(vlc_object_t *);
/**
- * Releases TLS credentials.
+ * Releases TLS client-side credentials.
*
- * Releases data allocated with vlc_tls_ClientCreate() or
- * vlc_tls_ServerCreate().
- *
- * @param srv object to be destroyed (or NULL)
+ * Releases data allocated with vlc_tls_ClientCreate().
*/
-VLC_API void vlc_tls_Delete(vlc_tls_creds_t *);
+VLC_API void vlc_tls_ClientDelete(vlc_tls_client_t *);
/**
* Initiates a client TLS session.
@@ -209,7 +190,7 @@ VLC_API void vlc_tls_Delete(vlc_tls_creds_t *);
*
* @return TLS session, or NULL on error.
**/
-VLC_API vlc_tls_t *vlc_tls_ClientSessionCreate(vlc_tls_creds_t *creds,
+VLC_API vlc_tls_t *vlc_tls_ClientSessionCreate(vlc_tls_client_t *creds,
vlc_tls_t *sock,
const char *host,
const char *service,
@@ -217,6 +198,53 @@ VLC_API vlc_tls_t *vlc_tls_ClientSessionCreate(vlc_tls_creds_t *creds,
char **alp);
/**
+ * @}
+ * \defgroup tls_server TLS server
+ * @{
+ */
+
+/**
+ * TLS server-side credentials
+ *
+ * This structure contains the credentials for establishing TLS sessions.
+ * This includes root Certificate Authorities (on client side),
+ * trust and cryptographic parameters,
+ * public certificates and private keys.
+ */
+typedef struct vlc_tls_server
+{
+ struct vlc_common_members obj;
+
+ void *sys;
+
+ vlc_tls_t *(*open)(struct vlc_tls_server *, vlc_tls_t *sock,
+ const char *host, const char *const *alpn);
+ int (*handshake)(vlc_tls_t *session,
+ const char *hostname, const char *service,
+ char ** /*restrict*/ alp);
+ void (*destroy)(struct vlc_tls_server *);
+} vlc_tls_server_t;
+
+/**
+ * Allocates server TLS credentials.
+ *
+ * @param cert path to an x509 certificate (required)
+ * @param key path to the PKCS private key for the certificate,
+ * or NULL to use cert path
+ *
+ * @return TLS credentials object, or NULL on error.
+ */
+VLC_API vlc_tls_server_t *vlc_tls_ServerCreate(vlc_object_t *,
+ const char *cert,
+ const char *key);
+
+static inline int vlc_tls_SessionHandshake(vlc_tls_server_t *crd,
+ vlc_tls_t *tls)
+{
+ return crd->handshake(tls, NULL, NULL, NULL);
+}
+
+/**
* Creates a TLS server session.
*
* Allocates a Transport Layer Security (TLS) session as the server side, using
@@ -235,10 +263,19 @@ VLC_API vlc_tls_t *vlc_tls_ClientSessionCreate(vlc_tls_creds_t *creds,
*
* @return TLS session, or NULL on error.
*/
-VLC_API vlc_tls_t *vlc_tls_ServerSessionCreate(vlc_tls_creds_t *creds,
+VLC_API vlc_tls_t *vlc_tls_ServerSessionCreate(vlc_tls_server_t *creds,
vlc_tls_t *sock,
const char *const *alpn);
+/**
+ * Releases server-side TLS credentials.
+ *
+ * Releases data allocated with vlc_tls_ServerCreate().
+ */
+VLC_API void vlc_tls_ServerDelete(vlc_tls_server_t *);
+
+/** @} */
+
/** @} */
/**
@@ -430,9 +467,9 @@ VLC_API vlc_tls_t *vlc_tls_SocketOpenTCP(vlc_object_t *obj,
* connection to the specified host and port number, and finally attempts to
* establish a TLS session over the TCP/IP stream.
*
- * See also vlc_tls_SocketOpenTCP() and vlc_tls_SessionCreate().
+ * See also vlc_tls_SocketOpenTCP() and vlc_tls_ClientSessionCreate().
*/
-VLC_API vlc_tls_t *vlc_tls_SocketOpenTLS(vlc_tls_creds_t *crd,
+VLC_API vlc_tls_t *vlc_tls_SocketOpenTLS(vlc_tls_client_t *crd,
const char *hostname, unsigned port,
const char *service,
const char *const *alpn, char **alp);
diff --git a/modules/access/ftp.c b/modules/access/ftp.c
index d6a5404367..6a7ba56595 100644
--- a/modules/access/ftp.c
+++ b/modules/access/ftp.c
@@ -142,7 +142,7 @@ struct access_sys_t
vlc_url_t url;
ftp_features_t features;
- vlc_tls_creds_t *p_creds;
+ vlc_tls_client_t *p_creds;
enum tls_mode_e tlsmode;
vlc_tls_t *cmd;
vlc_tls_t *data;
@@ -763,7 +763,7 @@ error:
exit_error:
vlc_UrlClean( &p_sys->url );
- vlc_tls_Delete( p_sys->p_creds );
+ vlc_tls_ClientDelete( p_sys->p_creds );
return VLC_EGENERIC;
}
@@ -811,7 +811,7 @@ static int OutOpen( vlc_object_t *p_this )
exit_error:
vlc_UrlClean( &p_sys->url );
- vlc_tls_Delete( p_sys->p_creds );
+ vlc_tls_ClientDelete( p_sys->p_creds );
return VLC_EGENERIC;
}
#endif
@@ -837,7 +837,7 @@ static void Close( vlc_object_t *p_access, access_sys_t *p_sys )
/* free memory */
vlc_UrlClean( &p_sys->url );
- vlc_tls_Delete( p_sys->p_creds );
+ vlc_tls_ClientDelete( p_sys->p_creds );
}
static void InClose( vlc_object_t *p_this )
diff --git a/modules/access/http/connmgr.c b/modules/access/http/connmgr.c
index 11229f8d36..5f527106a7 100644
--- a/modules/access/http/connmgr.c
+++ b/modules/access/http/connmgr.c
@@ -52,7 +52,7 @@ void vlc_http_dbg(void *ctx, const char *fmt, ...)
va_end(ap);
}
-vlc_tls_t *vlc_https_connect(vlc_tls_creds_t *creds, const char *name,
+vlc_tls_t *vlc_https_connect(vlc_tls_client_t *creds, const char *name,
unsigned port, bool *restrict two)
{
if (port == 0)
@@ -95,7 +95,7 @@ static char *vlc_http_proxy_find(const char *hostname, unsigned port,
struct vlc_http_mgr
{
vlc_object_t *obj;
- vlc_tls_creds_t *creds;
+ vlc_tls_client_t *creds;
struct vlc_http_cookie_jar_t *jar;
struct vlc_http_conn *conn;
};
@@ -282,6 +282,6 @@ void vlc_http_mgr_destroy(struct vlc_http_mgr *mgr)
if (mgr->conn != NULL)
vlc_http_mgr_release(mgr, mgr->conn);
if (mgr->creds != NULL)
- vlc_tls_Delete(mgr->creds);
+ vlc_tls_ClientDelete(mgr->creds);
free(mgr);
}
diff --git a/modules/access/http/transport.h b/modules/access/http/transport.h
index 2bfe1a3102..455f424931 100644
--- a/modules/access/http/transport.h
+++ b/modules/access/http/transport.h
@@ -25,12 +25,13 @@
#include <stdbool.h>
struct vlc_tls;
-struct vlc_tls_creds;
+struct vlc_tls_client;
-struct vlc_tls *vlc_https_connect(struct vlc_tls_creds *creds,
+struct vlc_tls *vlc_https_connect(struct vlc_tls_client *creds,
const char *name, unsigned port,
bool *restrict two);
-struct vlc_tls *vlc_https_connect_proxy(void *ctx, struct vlc_tls_creds *creds,
+struct vlc_tls *vlc_https_connect_proxy(void *ctx,
+ struct vlc_tls_client *creds,
const char *name, unsigned port,
bool *restrict two, const char *proxy);
#endif
diff --git a/modules/access/http/tunnel.c b/modules/access/http/tunnel.c
index 570b6a9dca..60c724a3c0 100644
--- a/modules/access/http/tunnel.c
+++ b/modules/access/http/tunnel.c
@@ -142,7 +142,7 @@ static const struct vlc_tls_operations vlc_tls_proxy_ops =
vlc_tls_ProxyClose,
};
-vlc_tls_t *vlc_https_connect_proxy(void *ctx, vlc_tls_creds_t *creds,
+vlc_tls_t *vlc_https_connect_proxy(void *ctx, vlc_tls_client_t *creds,
const char *hostname, unsigned port,
bool *restrict two, const char *proxy)
{
diff --git a/modules/demux/adaptive/http/Transport.cpp b/modules/demux/adaptive/http/Transport.cpp
index b827a69a31..bcb65a93d9 100644
--- a/modules/demux/adaptive/http/Transport.cpp
+++ b/modules/demux/adaptive/http/Transport.cpp
@@ -52,7 +52,7 @@ bool Transport::connect(vlc_object_t *p_object, const std::string &hostname, int
NULL, NULL );
if(!tls)
{
- vlc_tls_Delete(creds);
+ vlc_tls_ClientDelete(creds);
creds = NULL;
}
}
@@ -79,7 +79,7 @@ void Transport::disconnect()
if(creds)
{
- vlc_tls_Delete(creds);
+ vlc_tls_ClientDelete(creds);
creds = NULL;
}
}
diff --git a/modules/demux/adaptive/http/Transport.hpp b/modules/demux/adaptive/http/Transport.hpp
index c06db0e23f..eb5149a2b9 100644
--- a/modules/demux/adaptive/http/Transport.hpp
+++ b/modules/demux/adaptive/http/Transport.hpp
@@ -41,7 +41,7 @@ namespace adaptive
void disconnect ();
protected:
- vlc_tls_creds_t *creds;
+ vlc_tls_client_t *creds;
vlc_tls_t *tls;
bool b_secure;
};
diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c
index 99eebcf686..4d47951337 100644
--- a/modules/misc/gnutls.c
+++ b/modules/misc/gnutls.c
@@ -386,7 +386,7 @@ done:
return 0;
}
-static vlc_tls_t *gnutls_ClientSessionOpen(vlc_tls_creds_t *crd,
+static vlc_tls_t *gnutls_ClientSessionOpen(vlc_tls_client_t *crd,
vlc_tls_t *sk, const char *hostname,
const char *const *alpn)
{
@@ -542,7 +542,7 @@ error:
return -1;
}
-static void gnutls_ClientDestroy(vlc_tls_creds_t *crd)
+static void gnutls_ClientDestroy(vlc_tls_client_t *crd)
{
gnutls_certificate_credentials_t x509 = crd->sys;
@@ -552,7 +552,7 @@ static void gnutls_ClientDestroy(vlc_tls_creds_t *crd)
/**
* Initializes a client-side TLS credentials.
*/
-static int OpenClient (vlc_tls_creds_t *crd)
+static int OpenClient(vlc_tls_client_t *crd)
{
gnutls_certificate_credentials_t x509;
@@ -613,7 +613,7 @@ typedef struct vlc_tls_creds_sys
/**
* Initializes a server-side TLS session.
*/
-static vlc_tls_t *gnutls_ServerSessionOpen(vlc_tls_creds_t *crd,
+static vlc_tls_t *gnutls_ServerSessionOpen(vlc_tls_server_t *crd,
vlc_tls_t *sk, const char *hostname,
const char *const *alpn)
{
@@ -635,7 +635,7 @@ static int gnutls_ServerHandshake(vlc_tls_t *tls,
return gnutls_ContinueHandshake(priv, alp);
}
-static void gnutls_ServerDestroy(vlc_tls_creds_t *crd)
+static void gnutls_ServerDestroy(vlc_tls_server_t *crd)
{
vlc_tls_creds_sys_t *sys = crd->sys;
@@ -648,7 +648,7 @@ static void gnutls_ServerDestroy(vlc_tls_creds_t *crd)
/**
* Allocates a whole server's TLS credentials.
*/
-static int OpenServer (vlc_tls_creds_t *crd, const char *cert, const char *key)
+static int OpenServer(vlc_tls_server_t *crd, const char *cert, const char *key)
{
gnutls_Banner(VLC_OBJECT(crd));
diff --git a/modules/misc/securetransport.c b/modules/misc/securetransport.c
index 0f02460b0f..acc2b44e98 100644
--- a/modules/misc/securetransport.c
+++ b/modules/misc/securetransport.c
@@ -86,10 +86,10 @@ static char* CFArrayALPNCopyFirst(CFArrayRef alpnArray)
/*****************************************************************************
* Module descriptor
*****************************************************************************/
-static int OpenClient (vlc_tls_creds_t *);
+static int OpenClient (vlc_tls_client_t *);
#if !TARGET_OS_IPHONE
- static int OpenServer (vlc_tls_creds_t *crd, const char *cert, const char *key);
+ static int OpenServer (vlc_tls_server_t *crd, const char *cert, const char *key);
#endif
vlc_module_begin ()
@@ -722,7 +722,7 @@ error:
return NULL;
}
-static vlc_tls_t *st_ClientSessionOpen(vlc_tls_creds_t *crd, vlc_tls_t *sock,
+static vlc_tls_t *st_ClientSessionOpen(vlc_tls_client_t *crd, vlc_tls_t *sock,
const char *hostname, const char *const *alpn)
{
msg_Dbg(crd, "open TLS session for %s", hostname);
@@ -807,7 +807,7 @@ error:
return NULL;
}
-static void st_ClientDestroy (vlc_tls_creds_t *crd) {
+static void st_ClientDestroy (vlc_tls_client_t *crd) {
msg_Dbg(crd, "close secure transport client");
vlc_tls_creds_sys_t *sys = crd->sys;
@@ -821,7 +821,7 @@ static void st_ClientDestroy (vlc_tls_creds_t *crd) {
/**
* Initializes a client-side TLS credentials.
*/
-static int OpenClient (vlc_tls_creds_t *crd) {
+static int OpenClient (vlc_tls_client_t *crd) {
msg_Dbg(crd, "open st client");
@@ -846,7 +846,7 @@ static int OpenClient (vlc_tls_creds_t *crd) {
/**
* Initializes a server-side TLS session.
*/
-static vlc_tls_t *st_ServerSessionOpen (vlc_tls_creds_t *crd, vlc_tls_t *sock,
+static vlc_tls_t *st_ServerSessionOpen (vlc_tls_server_t *crd, vlc_tls_t *sock,
const char *hostname, const char *const *alpn) {
VLC_UNUSED(hostname);
@@ -875,7 +875,7 @@ error:
return NULL;
}
-static void st_ServerDestroy (vlc_tls_creds_t *crd) {
+static void st_ServerDestroy (vlc_tls_server_t *crd) {
msg_Dbg(crd, "close secure transport server");
vlc_tls_creds_sys_t *sys = crd->sys;
@@ -889,7 +889,7 @@ static void st_ServerDestroy (vlc_tls_creds_t *crd) {
/**
* Initializes server-side TLS credentials.
*/
-static int OpenServer (vlc_tls_creds_t *crd, const char *cert, const char *key) {
+static int OpenServer (vlc_tls_server_t *crd, const char *cert, const char *key) {
/*
* This function expects the label of the certificate in "cert", stored
diff --git a/modules/stream_out/chromecast/chromecast.h b/modules/stream_out/chromecast/chromecast.h
index 502ce3ceb0..4e6fb2ebb2 100644
--- a/modules/stream_out/chromecast/chromecast.h
+++ b/modules/stream_out/chromecast/chromecast.h
@@ -151,7 +151,7 @@ private:
private:
vlc_object_t* m_module;
- vlc_tls_creds_t *m_creds;
+ vlc_tls_client_t *m_creds;
vlc_tls_t *m_tls;
unsigned m_receiver_requestId;
unsigned m_requestId;
diff --git a/modules/stream_out/chromecast/chromecast_communication.cpp b/modules/stream_out/chromecast/chromecast_communication.cpp
index 263cfc5af6..952e4691ea 100644
--- a/modules/stream_out/chromecast/chromecast_communication.cpp
+++ b/modules/stream_out/chromecast/chromecast_communication.cpp
@@ -55,7 +55,7 @@ ChromecastCommunication::ChromecastCommunication( vlc_object_t* p_module,
NULL, NULL );
if (m_tls == NULL)
{
- vlc_tls_Delete(m_creds);
+ vlc_tls_ClientDelete(m_creds);
throw std::runtime_error( "Failed to create client session" );
}
@@ -76,7 +76,7 @@ void ChromecastCommunication::disconnect()
if ( m_tls != NULL )
{
vlc_tls_Close(m_tls);
- vlc_tls_Delete(m_creds);
+ vlc_tls_ClientDelete(m_creds);
m_tls = NULL;
}
}
diff --git a/src/libvlccore.sym b/src/libvlccore.sym
index a8f71c2a13..c72ce7208d 100644
--- a/src/libvlccore.sym
+++ b/src/libvlccore.sym
@@ -435,9 +435,10 @@ text_segment_FromRuby
text_segment_ruby_New
text_segment_ruby_ChainDelete
vlc_tls_ClientCreate
-vlc_tls_ServerCreate
-vlc_tls_Delete
+vlc_tls_ClientDelete
vlc_tls_ClientSessionCreate
+vlc_tls_ServerCreate
+vlc_tls_ServerDelete
vlc_tls_ServerSessionCreate
vlc_tls_SessionDelete
vlc_tls_Read
diff --git a/src/network/httpd.c b/src/network/httpd.c
index e0f24d7db6..fbab3980bc 100644
--- a/src/network/httpd.c
+++ b/src/network/httpd.c
@@ -100,7 +100,7 @@ struct httpd_host_t
struct vlc_list clients;
/* TLS data */
- vlc_tls_creds_t *p_tls;
+ vlc_tls_server_t *p_tls;
};
@@ -861,7 +861,7 @@ void httpd_StreamDelete(httpd_stream_t *stream)
*****************************************************************************/
static void* httpd_HostThread(void *);
static httpd_host_t *httpd_HostCreate(vlc_object_t *, const char *,
- const char *, vlc_tls_creds_t *);
+ const char *, vlc_tls_server_t *);
/* create a new host */
httpd_host_t *vlc_http_HostNew(vlc_object_t *p_this)
@@ -878,7 +878,7 @@ httpd_host_t *vlc_https_HostNew(vlc_object_t *obj)
}
char *key = var_InheritString(obj, "http-key");
- vlc_tls_creds_t *tls = vlc_tls_ServerCreate(obj, cert, key);
+ vlc_tls_server_t *tls = vlc_tls_ServerCreate(obj, cert, key);
if (!tls) {
msg_Err(obj, "HTTP/TLS certificate error (%s and %s)",
@@ -907,7 +907,7 @@ static struct httpd
static httpd_host_t *httpd_HostCreate(vlc_object_t *p_this,
const char *hostvar,
const char *portvar,
- vlc_tls_creds_t *p_tls)
+ vlc_tls_server_t *p_tls)
{
httpd_host_t *host;
unsigned port = var_InheritInteger(p_this, portvar);
@@ -926,7 +926,7 @@ static httpd_host_t *httpd_HostCreate(vlc_object_t *p_this,
atomic_fetch_add_explicit(&host->ref, 1, memory_order_relaxed);
vlc_mutex_unlock(&httpd.mutex);
- vlc_tls_Delete(p_tls);
+ vlc_tls_ServerDelete(p_tls);
return host;
}
@@ -980,7 +980,7 @@ error:
vlc_object_release(host);
}
- vlc_tls_Delete(p_tls);
+ vlc_tls_ServerDelete(p_tls);
return NULL;
}
@@ -1010,7 +1010,7 @@ void httpd_HostDelete(httpd_host_t *host)
}
assert(vlc_list_is_empty(&host->urls));
- vlc_tls_Delete(host->p_tls);
+ vlc_tls_ServerDelete(host->p_tls);
net_ListenClose(host->fds);
vlc_cond_destroy(&host->wait);
vlc_mutex_destroy(&host->lock);
diff --git a/src/network/tls.c b/src/network/tls.c
index 5b86f00718..1fabdd3b42 100644
--- a/src/network/tls.c
+++ b/src/network/tls.c
@@ -49,8 +49,8 @@
static int tls_server_load(void *func, va_list ap)
{
- int (*activate) (vlc_tls_creds_t *, const char *, const char *) = func;
- vlc_tls_creds_t *crd = va_arg (ap, vlc_tls_creds_t *);
+ int (*activate)(vlc_tls_server_t *, const char *, const char *) = func;
+ vlc_tls_server_t *crd = va_arg(ap, vlc_tls_server_t *);
const char *cert = va_arg (ap, const char *);
const char *key = va_arg (ap, const char *);
@@ -59,17 +59,17 @@ static int tls_server_load(void *func, va_list ap)
static int tls_client_load(void *func, va_list ap)
{
- int (*activate) (vlc_tls_creds_t *) = func;
- vlc_tls_creds_t *crd = va_arg (ap, vlc_tls_creds_t *);
+ int (*activate)(vlc_tls_client_t *) = func;
+ vlc_tls_client_t *crd = va_arg(ap, vlc_tls_client_t *);
return activate (crd);
}
-vlc_tls_creds_t *
+vlc_tls_server_t *
vlc_tls_ServerCreate (vlc_object_t *obj, const char *cert_path,
const char *key_path)
{
- vlc_tls_creds_t *srv = vlc_custom_create (obj, sizeof (*srv),
+ vlc_tls_server_t *srv = vlc_custom_create(obj, sizeof (*srv),
"tls server");
if (unlikely(srv == NULL))
return NULL;
@@ -88,9 +88,19 @@ vlc_tls_ServerCreate (vlc_object_t *obj, const char *cert_path,
return srv;
}
-vlc_tls_creds_t *vlc_tls_ClientCreate (vlc_object_t *obj)
+void vlc_tls_ServerDelete(vlc_tls_server_t *crd)
{
- vlc_tls_creds_t *crd = vlc_custom_create (obj, sizeof (*crd),
+ if (crd == NULL)
+ return;
+
+ crd->destroy(crd);
+ vlc_objres_clear(VLC_OBJECT(crd));
+ vlc_object_release(crd);
+}
+
+vlc_tls_client_t *vlc_tls_ClientCreate(vlc_object_t *obj)
+{
+ vlc_tls_client_t *crd = vlc_custom_create(obj, sizeof (*crd),
"tls client");
if (unlikely(crd == NULL))
return NULL;
@@ -106,7 +116,7 @@ vlc_tls_creds_t *vlc_tls_ClientCreate (vlc_object_t *obj)
return crd;
}
-void vlc_tls_Delete (vlc_tls_creds_t *crd)
+void vlc_tls_ClientDelete(vlc_tls_client_t *crd)
{
if (crd == NULL)
return;
@@ -119,20 +129,6 @@ void vlc_tls_Delete (vlc_tls_creds_t *crd)
/*** TLS session ***/
-static vlc_tls_t *vlc_tls_SessionCreate(vlc_tls_creds_t *crd,
- vlc_tls_t *sock,
- const char *host,
- const char *const *alpn)
-{
- vlc_tls_t *session;
- int canc = vlc_savecancel();
- session = crd->open(crd, sock, host, alpn);
- vlc_restorecancel(canc);
- if (session != NULL)
- session->p = sock;
- return session;
-}
-
void vlc_tls_SessionDelete (vlc_tls_t *session)
{
int canc = vlc_savecancel();
@@ -147,17 +143,21 @@ static void cleanup_tls(void *data)
vlc_tls_SessionDelete (session);
}
-vlc_tls_t *vlc_tls_ClientSessionCreate(vlc_tls_creds_t *crd, vlc_tls_t *sock,
+vlc_tls_t *vlc_tls_ClientSessionCreate(vlc_tls_client_t *crd, vlc_tls_t *sock,
const char *host, const char *service,
const char *const *alpn, char **alp)
{
int val;
+ int canc = vlc_savecancel();
+ vlc_tls_t *session = crd->open(crd, sock, host, alpn);
+ vlc_restorecancel(canc);
- vlc_tls_t *session = vlc_tls_SessionCreate(crd, sock, host, alpn);
if (session == NULL)
return NULL;
- int canc = vlc_savecancel();
+ session->p = sock;
+
+ canc = vlc_savecancel();
vlc_tick_t deadline = vlc_tick_now ();
deadline += VLC_TICK_FROM_MS( var_InheritInteger (crd, "ipv4-timeout") );
@@ -199,14 +199,19 @@ error:
return session;
}
-vlc_tls_t *vlc_tls_ServerSessionCreate(vlc_tls_creds_t *crd,
+vlc_tls_t *vlc_tls_ServerSessionCreate(vlc_tls_server_t *crd,
vlc_tls_t *sock,
const char *const *alpn)
{
- return vlc_tls_SessionCreate(crd, sock, NULL, alpn);
+ int canc = vlc_savecancel();
+ vlc_tls_t *session = crd->open(crd, sock, NULL, alpn);
+ vlc_restorecancel(canc);
+ if (session != NULL)
+ session->p = sock;
+ return session;
}
-vlc_tls_t *vlc_tls_SocketOpenTLS(vlc_tls_creds_t *creds, const char *name,
+vlc_tls_t *vlc_tls_SocketOpenTLS(vlc_tls_client_t *creds, const char *name,
unsigned port, const char *service,
const char *const *alpn, char **alp)
{
diff --git a/test/modules/misc/tls.c b/test/modules/misc/tls.c
index 9ade43560b..8005c5dc86 100644
--- a/test/modules/misc/tls.c
+++ b/test/modules/misc/tls.c
@@ -41,8 +41,8 @@
#include <vlc/vlc.h>
-static vlc_tls_creds_t *server_creds;
-static vlc_tls_creds_t *client_creds;
+static vlc_tls_server_t *server_creds;
+static vlc_tls_client_t *client_creds;
static void *tls_echo(void *data)
{
@@ -149,7 +149,7 @@ int main(void)
libvlc_release(vlc);
return 77;
}
- vlc_tls_Delete(server_creds);
+ vlc_tls_ServerDelete(server_creds);
server_creds = vlc_tls_ServerCreate(obj, CERTFILE, CERTFILE);
assert(server_creds != NULL);
@@ -162,8 +162,8 @@ int main(void)
tls = securepair(&th, alpn, alpn, NULL);
assert(tls == NULL);
- vlc_tls_Delete(client_creds);
- vlc_tls_Delete(server_creds);
+ vlc_tls_ClientDelete(client_creds);
+ vlc_tls_ServerDelete(server_creds);
libvlc_release(vlc);
/*** Tests with test certs database - server cert accepted. ***/
@@ -290,8 +290,8 @@ int main(void)
vlc_tls_Close(tls);
vlc_join(th, NULL);
- vlc_tls_Delete(client_creds);
- vlc_tls_Delete(server_creds);
+ vlc_tls_ClientDelete(client_creds);
+ vlc_tls_ServerDelete(server_creds);
libvlc_release(vlc);
return 0;
More information about the vlc-commits
mailing list