From d485634a2ba7f4abfafa5b69dcd0c90580c955c7 Mon Sep 17 00:00:00 2001 From: Andres Mejia Date: Sat, 30 Apr 2011 21:31:42 -0400 Subject: [PATCH] Remove gnutls conversion patch. Will try again with Mozilla's NSS. --- debian/patches/gnutls-conversion.patch | 468 ------------------------- 1 file changed, 468 deletions(-) delete mode 100644 debian/patches/gnutls-conversion.patch diff --git a/debian/patches/gnutls-conversion.patch b/debian/patches/gnutls-conversion.patch deleted file mode 100644 index 0be4a6b..0000000 --- a/debian/patches/gnutls-conversion.patch +++ /dev/null @@ -1,468 +0,0 @@ -From: Andres Mejia -Subject: Patch to convert from OpenSSL to GnuTLS. - -========================================================================== ---- a/applications/mp4box/Makefile -+++ b/applications/mp4box/Makefile -@@ -36,7 +36,7 @@ - EXT= - PROG=MP4Box - #LINKFLAGS+=-lgpac_static $(EXTRALIBS) $(GPAC_SH_FLAGS) -lz --LINKFLAGS+=-lgpac -lz $(OGL_LIBS) -+LINKFLAGS+=-lgpac -lz $(OGL_LIBS) $(GNUTLS_LIBS) - endif - - ---- a/applications/mp4client/Makefile -+++ b/applications/mp4client/Makefile -@@ -4,7 +4,7 @@ - - CFLAGS= $(OPTFLAGS) -I$(SRC_PATH)/include - --LINKLIBS=$(OGL_LIBS) -+LINKLIBS=$(OGL_LIBS) $(GNUTLS_LIBS) - - ifeq ($(DEBUGBUILD), yes) - CFLAGS+=-g ---- a/applications/osmo4_wx/Makefile -+++ b/applications/osmo4_wx/Makefile -@@ -41,7 +41,7 @@ - all: $(PROG) - - Osmo4$(EXE): $(OBJS) -- $(CC) $(LDFLAGS) -o ../../bin/gcc/$@ $(OBJS) -L../../bin/gcc -lgpac $(WX_LFLAGS) -lz -+ $(CC) $(LDFLAGS) -o ../../bin/gcc/$@ $(OBJS) -L../../bin/gcc -lgpac $(WX_LFLAGS) -lz $(GNUTLS_LIBS) - - %.o: %.cpp - $(CXX) $(CFLAGS) $(INSTALL_FLAGS) $(WX_CFLAGS) -c -o $@ $< ---- a/applications/testapps/mp42ts/Makefile -+++ b/applications/testapps/mp42ts/Makefile -@@ -27,7 +27,7 @@ - EXT= - PROG=mp42ts - #LINKFLAGS+=-lgpac_static $(EXTRALIBS) $(GPAC_SH_FLAGS) -lz $(OGL_LIBS) --LINKFLAGS+=-lgpac $(OGL_LIBS) -+LINKFLAGS+=-lgpac $(OGL_LIBS) $(GNUTLS_LIBS) - endif - - ---- a/applications/testapps/mp4_streamer/Makefile -+++ b/applications/testapps/mp4_streamer/Makefile -@@ -27,7 +27,7 @@ - EXT= - PROG=mp4_streamer - #LINKFLAGS+=-lgpac_static $(EXTRALIBS) $(GPAC_SH_FLAGS) -lz $(OGL_LIBS) --LINKFLAGS+=-lgpac $(OGL_LIBS) -+LINKFLAGS+=-lgpac $(OGL_LIBS) $(GNUTLS_LIBS) - endif - - ---- a/configure -+++ b/configure -@@ -77,7 +77,7 @@ - disable_opengl="no" - has_tinygl="no" - enable_tinygl="no" --has_ssl="no" -+has_gnutls="no" - has_ipv6="no" - has_dvb4linux="no" - has_xmlrpc="no" -@@ -162,7 +162,7 @@ - echo " --enable-tinygl enable TinyGL support" - echo " --enable-joystick enable joystick support" - echo " --enable-renoir enable renoir 3D support" --echo " --disable-ssl disable OpenSSL support" -+echo " --disable-gnutls disable GnuTLS support" - echo " --enable-amr-nb-fixed enable AMR NB fixed-point decoder" - echo " --enable-amr-nb enable AMR NB library" - echo " --enable-amr-wb enable AMR WB library" -@@ -559,23 +559,18 @@ - - - --#look for OpenSSL support -+#look for GnuTLS support - cat > $TMPC << EOF --#include --#include --#include --#include -+#include -+#include -+#include - int main( void ) { return 0; } - EOF - --if test "$win32" = "yes" ; then --LINK_SSL="-lssleay32 -leay32" --else --LINK_SSL="-lssl -lcrypto" --fi -+LINK_GNUTLS="-lgnutls" - --if $cc -o $TMPO $TMPC $LINK_SSL 2> /dev/null ; then --has_ssl="yes" -+if $cc -o $TMPO $TMPC $LINK_GNUTLS 2> /dev/null ; then -+has_gnutls="yes" - fi - - -@@ -1044,7 +1039,7 @@ - ;; - --enable-tinygl) enable_tinygl="yes" - ;; -- --disable-ssl) has_ssl="no" -+ --disable-gnutls) has_gnutls="no" - ;; - --use-faad=*) has_faad=${opt#--use-faad=} - ;; -@@ -1347,7 +1342,7 @@ - fi - echo "OpenGL support: $has_opengl" - echo "TinyGL support: $has_tinygl" --echo "OpenSSL support: $has_ssl" -+echo "GnuTLS support: $has_gnutls" - - echo "Mozilla XUL/GECKO support: $has_xul" - -@@ -1598,10 +1593,10 @@ - echo "#define GPAC_USE_TINYGL" >> $TMPH - fi - --echo "HAS_OPENSSL=$has_ssl" >> config.mak --if test "$has_ssl" = "yes" ; then -- echo "SSL_LIBS=$LINK_SSL" >> config.mak -- echo "#define GPAC_HAS_SSL" >> $TMPH -+echo "HAS_GNUTLS=$has_gnutls" >> config.mak -+if test "$has_gnutls" = "yes" ; then -+ echo "GNUTLS_LIBS=$LINK_GNUTLS" >> config.mak -+ echo "#define GPAC_HAS_GNUTLS" >> $TMPH - fi - - echo "CONFIG_SDL=$has_sdl" >> config.mak ---- a/include/gpac/download.h -+++ b/include/gpac/download.h -@@ -36,7 +36,7 @@ - * \brief File Downloader objects - * - * This section documents the file downloading tools the GPAC framework. Currently HTTP is supported, HTTPS is under testing but may not be supported -- *depending on GPAC compilation options (HTTPS in GPAC needs OpenSSL installed on the system). -+ *depending on GPAC compilation options (HTTPS in GPAC needs GnuTLS installed on the system). - * - * @{ - */ ---- a/include/gpac/network.h -+++ b/include/gpac/network.h -@@ -348,7 +348,7 @@ - /*! - *\brief gets socket handle - * -- *Gets the socket low-level handle as used by OpenSSL. -+ *Gets the socket low-level handle as used by GnuTLS. - *\param sock the socket object - *\return the socket handle - */ ---- a/src/utils/downloader.c -+++ b/src/utils/downloader.c -@@ -33,11 +33,13 @@ - #include - - --#ifdef GPAC_HAS_SSL --#include --#include --#include --#include -+#ifdef GPAC_HAS_GNUTLS -+#include -+#include -+#include -+#include -+#include -+GCRY_THREAD_OPTION_PTHREAD_IMPL; - #endif - - -@@ -49,7 +51,7 @@ - /*internal flags*/ - enum - { -- GF_DOWNLOAD_SESSION_USE_SSL = 1<<10, -+ GF_DOWNLOAD_SESSION_USE_GNUTLS = 1<<10, - GF_DOWNLOAD_SESSION_THREAD_DEAD = 1<<11, - GF_DOWNLOAD_IS_ICY = 1<<12, - }; -@@ -99,8 +101,8 @@ - char *init_data; - u32 init_data_size; - --#ifdef GPAC_HAS_SSL -- SSL *ssl; -+#ifdef GPAC_HAS_GNUTLS -+ gnutls_session_t gnutls_session; - #endif - - void (*do_requests)(struct __gf_download_session *); -@@ -124,86 +126,29 @@ - GF_Config *cfg; - GF_List *sessions; - --#ifdef GPAC_HAS_SSL -- SSL_CTX *ssl_ctx; -+#ifdef GPAC_HAS_GNUTLS -+ int gnutls_initialized; - #endif - - }; - --#ifdef GPAC_HAS_SSL -+#ifdef GPAC_HAS_GNUTLS - --static void init_prng (void) -+static int gnutls_lib_init(GF_DownloadManager *dm, u32 mode) - { -- char namebuf[256]; -- const char *random_file; -- -- if (RAND_status ()) return; -+ if (!dm) return 0; - -- namebuf[0] = '\0'; -- random_file = RAND_file_name (namebuf, sizeof (namebuf)); -+ /* The GnuTLS library has already been initialized. */ -+ if (dm->gnutls_initialized) return 1; - -- if (random_file && *random_file) -- RAND_load_file(random_file, 16384); -- -- if (RAND_status ()) return; -+ /* Activate multi-thread support in libgcrypt via pthread */ -+ gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); - --#ifdef WIN32 -- RAND_screen (); -- if (RAND_status ()) -- return; --#endif --} -+ /* Initialize the library */ -+ gnutls_global_init(); -+ dm->gnutls_initialized = 1; - --static int ssl_init(GF_DownloadManager *dm, u32 mode) --{ -- SSL_METHOD *meth; -- -- if (!dm) return 0; -- /* The SSL has already been initialized. */ -- if (dm->ssl_ctx) return 1; -- /* Init the PRNG. If that fails, bail out. */ -- init_prng(); -- if (RAND_status() != 1) goto error; -- SSL_library_init(); -- SSL_load_error_strings(); -- SSLeay_add_all_algorithms(); -- SSLeay_add_ssl_algorithms(); -- -- switch (mode) { -- case 0: -- meth = SSLv23_client_method(); -- break; -- case 1: -- meth = SSLv2_client_method(); -- break; -- case 2: -- meth = SSLv3_client_method(); -- break; -- case 3: -- meth = TLSv1_client_method(); -- break; -- default: -- goto error; -- } -- -- dm->ssl_ctx = SSL_CTX_new(meth); -- if (!dm->ssl_ctx) goto error; -- SSL_CTX_set_default_verify_paths(dm->ssl_ctx); -- SSL_CTX_load_verify_locations (dm->ssl_ctx, NULL, NULL); -- /* SSL_VERIFY_NONE instructs OpenSSL not to abort SSL_connect if the -- certificate is invalid. We verify the certificate separately in -- ssl_check_certificate, which provides much better diagnostics -- than examining the error stack after a failed SSL_connect. */ -- SSL_CTX_set_verify(dm->ssl_ctx, SSL_VERIFY_NONE, NULL); -- -- /* Since fd_write unconditionally assumes partial writes (and handles them correctly), -- allow them in OpenSSL. */ -- SSL_CTX_set_mode(dm->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); - return 1; --error: -- if (dm->ssl_ctx) SSL_CTX_free(dm->ssl_ctx); -- dm->ssl_ctx = NULL; -- return 0; - } - - #endif -@@ -220,7 +165,7 @@ - static Bool gf_dm_can_handle_url(GF_DownloadManager *dm, const char *url) - { - if (!strnicmp(url, "http://", 7)) return 1; --#ifdef GPAC_HAS_SSL -+#ifdef GPAC_HAS_GNUTLS - if (!strnicmp(url, "https://", 8)) return 1; - #endif - return 0; -@@ -292,11 +237,10 @@ - - static void gf_dm_disconnect(GF_DownloadSession *sess) - { --#ifdef GPAC_HAS_SSL -- if (sess->ssl) { -- SSL_shutdown(sess->ssl); -- SSL_free(sess->ssl); -- sess->ssl = NULL; -+#ifdef GPAC_HAS_GNUTLS -+ if (sess->gnutls_session) { -+ gnutls_bye(sess->gnutls_session, GNUTLS_SHUT_RDWR); -+ sess->gnutls_session = NULL; - } - #endif - if (sess->sock) { -@@ -385,10 +329,10 @@ - else if (!strnicmp(url, "https://", 8)) { - url += 8; - sess->port = 443; --#ifndef GPAC_HAS_SSL -+#ifndef GPAC_HAS_GNUTLS - return GF_NOT_SUPPORTED; - #endif -- sess->flags |= GF_DOWNLOAD_SESSION_USE_SSL; -+ sess->flags |= GF_DOWNLOAD_SESSION_USE_GNUTLS; - sess->do_requests = http_do_requests; - } - else if (!strnicmp(url, "ftp://", 6)) { -@@ -539,9 +483,9 @@ - { - GF_Err e; - --#ifdef GPAC_HAS_SSL -- if (sess->ssl) { -- u32 size = SSL_read(sess->ssl, data, data_size); -+#ifdef GPAC_HAS_GNUTLS -+ if (sess->gnutls_session) { -+ u32 size = gnutls_record_recv(sess->gnutls_session, data, data_size); - e = GF_OK; - data[size] = 0; - if (!size) e = GF_IP_NETWORK_EMPTY; -@@ -554,7 +498,7 @@ - } - - --#ifdef GPAC_HAS_SSL -+#ifdef GPAC_HAS_GNUTLS - /*pattern comp taken from wget*/ - #define ASTERISK_EXCLUDES_DOT /* mandated by rfc2818 */ - -@@ -650,32 +594,30 @@ - gf_sk_set_buffer_size(sess->sock, 0, GF_DOWNLOAD_BUFFER_SIZE); - gf_dm_configure_cache(sess); - --#ifdef GPAC_HAS_SSL -+#ifdef GPAC_HAS_GNUTLS - /*socket is connected, configure SSL layer*/ -- if (!sess->ssl && sess->dm->ssl_ctx && (sess->flags & GF_DOWNLOAD_SESSION_USE_SSL)) { -+ if (!sess->gnutls_session && sess->dm->gnutls_initialized && -+ (sess->flags & GF_DOWNLOAD_SESSION_USE_GNUTLS)) { - int ret; - long vresult; -- char common_name[256]; -- X509 *cert; - Bool success = 1; -- -- sess->ssl = SSL_new(sess->dm->ssl_ctx); -- SSL_set_fd(sess->ssl, gf_sk_get_handle(sess->sock)); -- SSL_set_connect_state(sess->ssl); -- ret = SSL_connect(sess->ssl); -+ const gnutls_datum_t *cert_list; -+ int cert_list_size = 0; -+ gnutls_x509_crt_t x509_cert; -+ gnutls_x509_dn_t *x509_dn; -+ -+ gnutls_init(sess->gnutls_session, GNUTLS_CLIENT); -+ gnutls_transport_set_ptr(sess->gnutls_session, gf_sk_get_handle(sess->sock)); -+ ret = gnutls_handshake(sess->gnutls_session); - assert(ret>0); - -- cert = SSL_get_peer_certificate(sess->ssl); -+ cert_list = gnutls_certificate_get_peers(sess->gnutls_session, &cert_list_size); - /*if we have a cert, check it*/ -- if (cert) { -- vresult = SSL_get_verify_result(sess->ssl); -- if (vresult != X509_V_OK) success = 0; -- else { -- common_name[0] = 0; -- X509_NAME_get_text_by_NID(X509_get_subject_name(cert), NID_commonName, common_name, sizeof (common_name)); -- if (!pattern_match(common_name, sess->server_name)) success = 0; -- } -- X509_free(cert); -+ if (cert_list) { -+ gnutls_x509_crt_init(&x509_cert); -+ gnutls_x509_crt_import(x509_cert, &cert_list[0], GNUTLS_X509_FMT_DER); -+ if (!gnutls_x509_crt_check_hostname(x509_cert, sess->server_name)) success = 0; -+ gnutls_x509_crt_deinit(x509_cert); - - if (!success) { - gf_dm_disconnect(sess); -@@ -741,8 +683,8 @@ - dm->cache_directory = strdup(opt); - } - } --#ifdef GPAC_HAS_SSL -- ssl_init(dm, 0); -+#ifdef GPAC_HAS_GNUTLS -+ gnutls_lib_init(dm, 0); - #endif - return dm; - } -@@ -768,8 +710,11 @@ - - free(dm->cache_directory); - --#ifdef GPAC_HAS_SSL -- if (dm->ssl_ctx) SSL_CTX_free(dm->ssl_ctx); -+#ifdef GPAC_HAS_GNUTLS -+ if (dm->gnutls_initialized) { -+ gnutls_global_deinit; -+ dm->gnutls_initialized = 0; -+ } - #endif - - free(dm); -@@ -1162,10 +1107,10 @@ - fclose(profile); - } - --#ifdef GPAC_HAS_SSL -- if (sess->ssl) { -+#ifdef GPAC_HAS_GNUTLS -+ if (sess->gnutls_session) { - e = GF_IP_NETWORK_FAILURE; -- if (!SSL_write(sess->ssl, tmp_buf, len+par.size)) e = GF_OK; -+ if (!gnutls_record_send(sess->gnutls_session, tmp_buf, len+par.size)) e = GF_OK; - } else - #endif - e = gf_sk_send(sess->sock, tmp_buf, len+par.size); -@@ -1174,10 +1119,10 @@ - free(tmp_buf); - } else { - --#ifdef GPAC_HAS_SSL -- if (sess->ssl) { -+#ifdef GPAC_HAS_GNUTLS -+ if (sess->gnutls_session) { - e = GF_IP_NETWORK_FAILURE; -- if (!SSL_write(sess->ssl, sHTTP, strlen(sHTTP))) e = GF_OK; -+ if (!gnutls_record_send(sess->gnutls_session, sHTTP, strlen(sHTTP))) e = GF_OK; - } else - #endif - e = gf_sk_send(sess->sock, sHTTP, strlen(sHTTP)); -- 2.30.2