[vlc-devel] [PATCH] gnutls: allow the user to trust all certificates
Ludovic Fauvet
etix at videolan.org
Sun Jun 17 02:55:20 CEST 2012
---
modules/misc/gnutls.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git a/modules/misc/gnutls.c b/modules/misc/gnutls.c
index c9fef1f..364566f 100644
--- a/modules/misc/gnutls.c
+++ b/modules/misc/gnutls.c
@@ -64,6 +64,10 @@ static void CloseClient (vlc_tls_t *);
static int OpenServer (vlc_object_t *);
static void CloseServer (vlc_object_t *);
+#define TLS_TRUSTALL_TEXT N_("Trust all certificates")
+#define TLS_TRUSTALL_LONGTEXT N_("Don't verify the peer certificate " \
+ "and consider it as trusted. Doing so is unsafe, do it wisely.")
+
#define PRIORITIES_TEXT N_("TLS cipher priorities")
#define PRIORITIES_LONGTEXT N_("Ciphers, key exchange methods, " \
"hash functions and compression methods can be selected. " \
@@ -90,6 +94,7 @@ vlc_module_begin ()
set_callbacks( OpenClient, CloseClient )
set_category( CAT_ADVANCED )
set_subcategory( SUBCAT_ADVANCED_MISC )
+ add_bool( "gnutls-trust-all", false, TLS_TRUSTALL_TEXT, TLS_TRUSTALL_LONGTEXT, false )
add_submodule ()
set_description( N_("GNU TLS server") )
@@ -292,15 +297,20 @@ static int gnutls_HandshakeAndValidate (vlc_tls_t *session)
return val;
/* certificates chain verification */
- unsigned status;
+ unsigned status = GNUTLS_E_SUCCESS;
- val = gnutls_certificate_verify_peers2 (sys->session, &status);
- if (val)
+ if (!var_InheritBool(session, "gnutls-trust-all"))
{
- msg_Err (session, "Certificate verification failed: %s",
- gnutls_strerror (val));
- return -1;
+ val = gnutls_certificate_verify_peers2 (sys->session, &status);
+ if (val)
+ {
+ msg_Err (session, "Certificate verification failed: %s",
+ gnutls_strerror (val));
+ return -1;
+ }
}
+ else
+ msg_Warn (session, "Certificate verification is turned off");
if (status)
{
--
1.7.10.4
More information about the vlc-devel
mailing list