24 #include <gnutls/gnutls.h>
25 #include <gnutls/x509.h>
38 #ifndef GNUTLS_VERSION_NUMBER
39 #define GNUTLS_VERSION_NUMBER LIBGNUTLS_VERSION_NUMBER
42 #if HAVE_THREADS && GNUTLS_VERSION_NUMBER <= 0x020b00
45 GCRY_THREAD_OPTION_PTHREAD_IMPL;
52 gnutls_certificate_credentials_t
cred;
59 #if HAVE_THREADS && GNUTLS_VERSION_NUMBER < 0x020b00
60 if (gcry_control(GCRYCTL_ANY_INITIALIZATION_P) == 0)
61 gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
70 gnutls_global_deinit();
79 case GNUTLS_E_INTERRUPTED:
80 #ifdef GNUTLS_E_PREMATURE_TERMINATION
81 case GNUTLS_E_PREMATURE_TERMINATION:
84 case GNUTLS_E_WARNING_ALERT_RECEIVED:
98 gnutls_bye(
c->session, GNUTLS_SHUT_WR);
100 gnutls_deinit(
c->session);
102 gnutls_certificate_free_credentials(
c->cred);
109 void *buf,
size_t len)
125 const void *buf,
size_t len)
151 gnutls_init(&p->
session,
c->listen ? GNUTLS_SERVER : GNUTLS_CLIENT);
152 if (!
c->listen && !
c->numerichost)
153 gnutls_server_name_set(p->
session, GNUTLS_NAME_DNS,
c->host, strlen(
c->host));
154 gnutls_certificate_allocate_credentials(&p->
cred);
156 ret = gnutls_certificate_set_x509_trust_file(p->
cred,
c->ca_file, GNUTLS_X509_FMT_PEM);
160 #if GNUTLS_VERSION_NUMBER >= 0x030020
162 gnutls_certificate_set_x509_system_trust(p->
cred);
164 gnutls_certificate_set_verify_flags(p->
cred,
c->verify ?
165 GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT : 0);
166 if (
c->cert_file &&
c->key_file) {
167 ret = gnutls_certificate_set_x509_key_file(p->
cred,
168 c->cert_file,
c->key_file,
169 GNUTLS_X509_FMT_PEM);
172 "Unable to set cert/key files %s and %s: %s\n",
173 c->cert_file,
c->key_file, gnutls_strerror(ret));
177 }
else if (
c->cert_file ||
c->key_file)
179 gnutls_credentials_set(p->
session, GNUTLS_CRD_CERTIFICATE, p->
cred);
182 gnutls_transport_set_ptr(p->
session,
c->tcp);
183 gnutls_priority_set_direct(p->
session,
"NORMAL",
NULL);
190 ret = gnutls_handshake(p->
session);
191 if (gnutls_error_is_fatal(ret)) {
198 unsigned int status, cert_list_size;
199 gnutls_x509_crt_t cert;
200 const gnutls_datum_t *cert_list;
201 if ((ret = gnutls_certificate_verify_peers2(p->
session, &status)) < 0) {
203 gnutls_strerror(ret));
207 if (status & GNUTLS_CERT_INVALID) {
212 if (gnutls_certificate_type_get(p->
session) != GNUTLS_CRT_X509) {
217 gnutls_x509_crt_init(&cert);
218 cert_list = gnutls_certificate_get_peers(p->
session, &cert_list_size);
219 gnutls_x509_crt_import(cert, cert_list, GNUTLS_X509_FMT_DER);
220 ret = gnutls_x509_crt_check_hostname(cert,
c->host);
221 gnutls_x509_crt_deinit(cert);
224 "The certificate's owner does not match hostname %s\n",
c->host);
243 ret = gnutls_record_recv(
c->session, buf,
size);
258 ret = gnutls_record_send(
c->session, buf,
size);
int ffurl_read(URLContext *h, unsigned char *buf, int size)
Read up to size bytes from the resource accessed by h, and store the read bytes in buf.
int ff_check_interrupt(AVIOInterruptCB *cb)
Check if the user has requested to interrupt a blocking function associated with cb.
int ffurl_get_short_seek(URLContext *h)
Return the current short seek threshold value for this URL.
int ffurl_closep(URLContext **hh)
Close the resource accessed by the URLContext h, and free the memory used by it.
int ffurl_write(URLContext *h, const unsigned char *buf, int size)
Write size bytes from buf to the resource accessed by h.
int ffurl_get_file_handle(URLContext *h)
Return the file descriptor associated with this URL.
#define AVIO_FLAG_NONBLOCK
Use non-blocking mode.
#define flags(name, subs,...)
#define AVERROR_EXIT
Immediate exit was requested; the called function should not be restarted.
#define AVERROR_EOF
End of file.
#define AV_LOG_WARNING
Something somehow does not look correct.
#define AV_LOG_ERROR
Something went wrong and cannot losslessly be recovered.
const char * av_default_item_name(void *ptr)
Return the context name.
#define LIBAVUTIL_VERSION_INT
common internal api header.
common internal API header
miscellaneous OS support macros and functions.
Describe the class of an AVClass context structure.
const char * class_name
The name of the class; usually it is the same name as the context structure type to which the AVClass...
gnutls_certificate_credentials_t cred
int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AVDictionary **options)
#define TLS_COMMON_OPTIONS(pstruct, options_field)
void ff_gnutls_deinit(void)
static int tls_close(URLContext *h)
static const AVClass tls_class
const URLProtocol ff_tls_protocol
static ssize_t gnutls_url_push(gnutls_transport_ptr_t transport, const void *buf, size_t len)
void ff_gnutls_init(void)
static const AVOption options[]
static ssize_t gnutls_url_pull(gnutls_transport_ptr_t transport, void *buf, size_t len)
static int tls_read(URLContext *h, uint8_t *buf, int size)
static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options)
static int tls_get_short_seek(URLContext *h)
static int tls_write(URLContext *h, const uint8_t *buf, int size)
static int print_tls_error(URLContext *h, int ret)
static int tls_get_file_handle(URLContext *h)
unbuffered private I/O API
#define URL_PROTOCOL_FLAG_NETWORK