[vlc-devel] [PATCH] gnutls: search CA in every known locations.
Francois Cartegnie
fcvlcdev at free.fr
Tue Jun 29 14:31:23 CEST 2010
---
modules/misc/gnutls.c | 38 +++++++++++++++++++++++++++++++++-----
1 files changed, 33 insertions(+), 5 deletions(-)
diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c
index 5b7a82b..016e29a 100644
--- a/modules/misc/gnutls.c
+++ b/modules/misc/gnutls.c
@@ -694,13 +694,41 @@ static int OpenClient (vlc_object_t *obj)
}
const char *confdir = config_GetConfDir ();
+#ifdef WIN32
+ /** FIXME: Use crytoapi to fetch system's CA certificates **/
+#else
{
- char path[strlen (confdir)
- + sizeof ("/ssl/certs/ca-certificates.crt")];
- sprintf (path, "%s/ssl/certs/ca-certificates.crt", confdir);
- gnutls_Addx509File (VLC_OBJECT (p_session),
- p_sys->x509_cred, path, false);
+ /* CA locations listed in reverse priority */
+ const char* const stdcafiles[] = {
+#ifdef __SunOS
+ "/crypto/certs/CA",
+ "/crypto/certs/SUNWobjectCA",
+#endif
+ "/ssl/certs/ca-bundle.crt",
+ "/ssl/certs/ca-certificates.crt"
+ };
+ int i_length = sizeof (stdcafiles) / sizeof (const char *);
+ struct stat t_stat_lstat;
+ char *psz_path;
+ while(i_length-- > 0)
+ {
+ psz_path = calloc ( sizeof (char), 1 + strlen (confdir)
+ + strlen (stdcafiles[i_length]) );
+ if (psz_path != NULL)
+ {
+ sprintf (psz_path, "%s%s", confdir, stdcafiles[i_length]);
+ if (!vlc_stat (psz_path, &t_stat_lstat))
+ {
+ gnutls_Addx509File (VLC_OBJECT (p_session),
+ p_sys->x509_cred, psz_path, false);
+ free (psz_path);
+ break;
+ }
+ free (psz_path);
+ }
+ }
}
+#endif
p_session->pf_handshake = gnutls_HandshakeAndValidate;
/*p_session->pf_handshake = gnutls_ContinueHandshake;*/
--
1.6.4.4
More information about the vlc-devel
mailing list