+++ /dev/null
-From: Andres Mejia <mcitadel@gmail.com>
-Subject: Patch to convert from OpenSSL to GnuTLS.
-
-==========================================================================
---- a/applications/mp4box/Makefile
-+++ b/applications/mp4box/Makefile
-@@ -36,7 +36,7 @@
- EXT=
- PROG=MP4Box
- #LINKFLAGS+=-lgpac_static $(EXTRALIBS) $(GPAC_SH_FLAGS) -lz
--LINKFLAGS+=-lgpac -lz $(OGL_LIBS)
-+LINKFLAGS+=-lgpac -lz $(OGL_LIBS) $(GNUTLS_LIBS)
- endif
-
-
---- a/applications/mp4client/Makefile
-+++ b/applications/mp4client/Makefile
-@@ -4,7 +4,7 @@
-
- CFLAGS= $(OPTFLAGS) -I$(SRC_PATH)/include
-
--LINKLIBS=$(OGL_LIBS)
-+LINKLIBS=$(OGL_LIBS) $(GNUTLS_LIBS)
-
- ifeq ($(DEBUGBUILD), yes)
- CFLAGS+=-g
---- a/applications/osmo4_wx/Makefile
-+++ b/applications/osmo4_wx/Makefile
-@@ -41,7 +41,7 @@
- all: $(PROG)
-
- Osmo4$(EXE): $(OBJS)
-- $(CC) $(LDFLAGS) -o ../../bin/gcc/$@ $(OBJS) -L../../bin/gcc -lgpac $(WX_LFLAGS) -lz
-+ $(CC) $(LDFLAGS) -o ../../bin/gcc/$@ $(OBJS) -L../../bin/gcc -lgpac $(WX_LFLAGS) -lz $(GNUTLS_LIBS)
-
- %.o: %.cpp
- $(CXX) $(CFLAGS) $(INSTALL_FLAGS) $(WX_CFLAGS) -c -o $@ $<
---- a/applications/testapps/mp42ts/Makefile
-+++ b/applications/testapps/mp42ts/Makefile
-@@ -27,7 +27,7 @@
- EXT=
- PROG=mp42ts
- #LINKFLAGS+=-lgpac_static $(EXTRALIBS) $(GPAC_SH_FLAGS) -lz $(OGL_LIBS)
--LINKFLAGS+=-lgpac $(OGL_LIBS)
-+LINKFLAGS+=-lgpac $(OGL_LIBS) $(GNUTLS_LIBS)
- endif
-
-
---- a/applications/testapps/mp4_streamer/Makefile
-+++ b/applications/testapps/mp4_streamer/Makefile
-@@ -27,7 +27,7 @@
- EXT=
- PROG=mp4_streamer
- #LINKFLAGS+=-lgpac_static $(EXTRALIBS) $(GPAC_SH_FLAGS) -lz $(OGL_LIBS)
--LINKFLAGS+=-lgpac $(OGL_LIBS)
-+LINKFLAGS+=-lgpac $(OGL_LIBS) $(GNUTLS_LIBS)
- endif
-
-
---- a/configure
-+++ b/configure
-@@ -77,7 +77,7 @@
- disable_opengl="no"
- has_tinygl="no"
- enable_tinygl="no"
--has_ssl="no"
-+has_gnutls="no"
- has_ipv6="no"
- has_dvb4linux="no"
- has_xmlrpc="no"
-@@ -162,7 +162,7 @@
- echo " --enable-tinygl enable TinyGL support"
- echo " --enable-joystick enable joystick support"
- echo " --enable-renoir enable renoir 3D support"
--echo " --disable-ssl disable OpenSSL support"
-+echo " --disable-gnutls disable GnuTLS support"
- echo " --enable-amr-nb-fixed enable AMR NB fixed-point decoder"
- echo " --enable-amr-nb enable AMR NB library"
- echo " --enable-amr-wb enable AMR WB library"
-@@ -559,23 +559,18 @@
-
-
-
--#look for OpenSSL support
-+#look for GnuTLS support
- cat > $TMPC << EOF
--#include <openssl/ssl.h>
--#include <openssl/x509.h>
--#include <openssl/err.h>
--#include <openssl/rand.h>
-+#include <gnutls/gnutls.h>
-+#include <gnutls/x509.h>
-+#include <gcrypt.h>
- int main( void ) { return 0; }
- EOF
-
--if test "$win32" = "yes" ; then
--LINK_SSL="-lssleay32 -leay32"
--else
--LINK_SSL="-lssl -lcrypto"
--fi
-+LINK_GNUTLS="-lgnutls"
-
--if $cc -o $TMPO $TMPC $LINK_SSL 2> /dev/null ; then
--has_ssl="yes"
-+if $cc -o $TMPO $TMPC $LINK_GNUTLS 2> /dev/null ; then
-+has_gnutls="yes"
- fi
-
-
-@@ -1044,7 +1039,7 @@
- ;;
- --enable-tinygl) enable_tinygl="yes"
- ;;
-- --disable-ssl) has_ssl="no"
-+ --disable-gnutls) has_gnutls="no"
- ;;
- --use-faad=*) has_faad=${opt#--use-faad=}
- ;;
-@@ -1347,7 +1342,7 @@
- fi
- echo "OpenGL support: $has_opengl"
- echo "TinyGL support: $has_tinygl"
--echo "OpenSSL support: $has_ssl"
-+echo "GnuTLS support: $has_gnutls"
-
- echo "Mozilla XUL/GECKO support: $has_xul"
-
-@@ -1598,10 +1593,10 @@
- echo "#define GPAC_USE_TINYGL" >> $TMPH
- fi
-
--echo "HAS_OPENSSL=$has_ssl" >> config.mak
--if test "$has_ssl" = "yes" ; then
-- echo "SSL_LIBS=$LINK_SSL" >> config.mak
-- echo "#define GPAC_HAS_SSL" >> $TMPH
-+echo "HAS_GNUTLS=$has_gnutls" >> config.mak
-+if test "$has_gnutls" = "yes" ; then
-+ echo "GNUTLS_LIBS=$LINK_GNUTLS" >> config.mak
-+ echo "#define GPAC_HAS_GNUTLS" >> $TMPH
- fi
-
- echo "CONFIG_SDL=$has_sdl" >> config.mak
---- a/include/gpac/download.h
-+++ b/include/gpac/download.h
-@@ -36,7 +36,7 @@
- * \brief File Downloader objects
- *
- * This section documents the file downloading tools the GPAC framework. Currently HTTP is supported, HTTPS is under testing but may not be supported
-- *depending on GPAC compilation options (HTTPS in GPAC needs OpenSSL installed on the system).
-+ *depending on GPAC compilation options (HTTPS in GPAC needs GnuTLS installed on the system).
- *
- * @{
- */
---- a/include/gpac/network.h
-+++ b/include/gpac/network.h
-@@ -348,7 +348,7 @@
- /*!
- *\brief gets socket handle
- *
-- *Gets the socket low-level handle as used by OpenSSL.
-+ *Gets the socket low-level handle as used by GnuTLS.
- *\param sock the socket object
- *\return the socket handle
- */
---- a/src/utils/downloader.c
-+++ b/src/utils/downloader.c
-@@ -33,11 +33,13 @@
- #include <gpac/crypt.h>
-
-
--#ifdef GPAC_HAS_SSL
--#include <openssl/ssl.h>
--#include <openssl/x509.h>
--#include <openssl/err.h>
--#include <openssl/rand.h>
-+#ifdef GPAC_HAS_GNUTLS
-+#include <gnutls/gnutls.h>
-+#include <gnutls/x509.h>
-+#include <gcrypt.h>
-+#include <errno.h>
-+#include <pthread.h>
-+GCRY_THREAD_OPTION_PTHREAD_IMPL;
- #endif
-
-
-@@ -49,7 +51,7 @@
- /*internal flags*/
- enum
- {
-- GF_DOWNLOAD_SESSION_USE_SSL = 1<<10,
-+ GF_DOWNLOAD_SESSION_USE_GNUTLS = 1<<10,
- GF_DOWNLOAD_SESSION_THREAD_DEAD = 1<<11,
- GF_DOWNLOAD_IS_ICY = 1<<12,
- };
-@@ -99,8 +101,8 @@
- char *init_data;
- u32 init_data_size;
-
--#ifdef GPAC_HAS_SSL
-- SSL *ssl;
-+#ifdef GPAC_HAS_GNUTLS
-+ gnutls_session_t gnutls_session;
- #endif
-
- void (*do_requests)(struct __gf_download_session *);
-@@ -124,86 +126,29 @@
- GF_Config *cfg;
- GF_List *sessions;
-
--#ifdef GPAC_HAS_SSL
-- SSL_CTX *ssl_ctx;
-+#ifdef GPAC_HAS_GNUTLS
-+ int gnutls_initialized;
- #endif
-
- };
-
--#ifdef GPAC_HAS_SSL
-+#ifdef GPAC_HAS_GNUTLS
-
--static void init_prng (void)
-+static int gnutls_lib_init(GF_DownloadManager *dm, u32 mode)
- {
-- char namebuf[256];
-- const char *random_file;
--
-- if (RAND_status ()) return;
-+ if (!dm) return 0;
-
-- namebuf[0] = '\0';
-- random_file = RAND_file_name (namebuf, sizeof (namebuf));
-+ /* The GnuTLS library has already been initialized. */
-+ if (dm->gnutls_initialized) return 1;
-
-- if (random_file && *random_file)
-- RAND_load_file(random_file, 16384);
--
-- if (RAND_status ()) return;
-+ /* Activate multi-thread support in libgcrypt via pthread */
-+ gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
-
--#ifdef WIN32
-- RAND_screen ();
-- if (RAND_status ())
-- return;
--#endif
--}
-+ /* Initialize the library */
-+ gnutls_global_init();
-+ dm->gnutls_initialized = 1;
-
--static int ssl_init(GF_DownloadManager *dm, u32 mode)
--{
-- SSL_METHOD *meth;
--
-- if (!dm) return 0;
-- /* The SSL has already been initialized. */
-- if (dm->ssl_ctx) return 1;
-- /* Init the PRNG. If that fails, bail out. */
-- init_prng();
-- if (RAND_status() != 1) goto error;
-- SSL_library_init();
-- SSL_load_error_strings();
-- SSLeay_add_all_algorithms();
-- SSLeay_add_ssl_algorithms();
--
-- switch (mode) {
-- case 0:
-- meth = SSLv23_client_method();
-- break;
-- case 1:
-- meth = SSLv2_client_method();
-- break;
-- case 2:
-- meth = SSLv3_client_method();
-- break;
-- case 3:
-- meth = TLSv1_client_method();
-- break;
-- default:
-- goto error;
-- }
--
-- dm->ssl_ctx = SSL_CTX_new(meth);
-- if (!dm->ssl_ctx) goto error;
-- SSL_CTX_set_default_verify_paths(dm->ssl_ctx);
-- SSL_CTX_load_verify_locations (dm->ssl_ctx, NULL, NULL);
-- /* SSL_VERIFY_NONE instructs OpenSSL not to abort SSL_connect if the
-- certificate is invalid. We verify the certificate separately in
-- ssl_check_certificate, which provides much better diagnostics
-- than examining the error stack after a failed SSL_connect. */
-- SSL_CTX_set_verify(dm->ssl_ctx, SSL_VERIFY_NONE, NULL);
--
-- /* Since fd_write unconditionally assumes partial writes (and handles them correctly),
-- allow them in OpenSSL. */
-- SSL_CTX_set_mode(dm->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
- return 1;
--error:
-- if (dm->ssl_ctx) SSL_CTX_free(dm->ssl_ctx);
-- dm->ssl_ctx = NULL;
-- return 0;
- }
-
- #endif
-@@ -220,7 +165,7 @@
- static Bool gf_dm_can_handle_url(GF_DownloadManager *dm, const char *url)
- {
- if (!strnicmp(url, "http://", 7)) return 1;
--#ifdef GPAC_HAS_SSL
-+#ifdef GPAC_HAS_GNUTLS
- if (!strnicmp(url, "https://", 8)) return 1;
- #endif
- return 0;
-@@ -292,11 +237,10 @@
-
- static void gf_dm_disconnect(GF_DownloadSession *sess)
- {
--#ifdef GPAC_HAS_SSL
-- if (sess->ssl) {
-- SSL_shutdown(sess->ssl);
-- SSL_free(sess->ssl);
-- sess->ssl = NULL;
-+#ifdef GPAC_HAS_GNUTLS
-+ if (sess->gnutls_session) {
-+ gnutls_bye(sess->gnutls_session, GNUTLS_SHUT_RDWR);
-+ sess->gnutls_session = NULL;
- }
- #endif
- if (sess->sock) {
-@@ -385,10 +329,10 @@
- else if (!strnicmp(url, "https://", 8)) {
- url += 8;
- sess->port = 443;
--#ifndef GPAC_HAS_SSL
-+#ifndef GPAC_HAS_GNUTLS
- return GF_NOT_SUPPORTED;
- #endif
-- sess->flags |= GF_DOWNLOAD_SESSION_USE_SSL;
-+ sess->flags |= GF_DOWNLOAD_SESSION_USE_GNUTLS;
- sess->do_requests = http_do_requests;
- }
- else if (!strnicmp(url, "ftp://", 6)) {
-@@ -539,9 +483,9 @@
- {
- GF_Err e;
-
--#ifdef GPAC_HAS_SSL
-- if (sess->ssl) {
-- u32 size = SSL_read(sess->ssl, data, data_size);
-+#ifdef GPAC_HAS_GNUTLS
-+ if (sess->gnutls_session) {
-+ u32 size = gnutls_record_recv(sess->gnutls_session, data, data_size);
- e = GF_OK;
- data[size] = 0;
- if (!size) e = GF_IP_NETWORK_EMPTY;
-@@ -554,7 +498,7 @@
- }
-
-
--#ifdef GPAC_HAS_SSL
-+#ifdef GPAC_HAS_GNUTLS
- /*pattern comp taken from wget*/
- #define ASTERISK_EXCLUDES_DOT /* mandated by rfc2818 */
-
-@@ -650,32 +594,30 @@
- gf_sk_set_buffer_size(sess->sock, 0, GF_DOWNLOAD_BUFFER_SIZE);
- gf_dm_configure_cache(sess);
-
--#ifdef GPAC_HAS_SSL
-+#ifdef GPAC_HAS_GNUTLS
- /*socket is connected, configure SSL layer*/
-- if (!sess->ssl && sess->dm->ssl_ctx && (sess->flags & GF_DOWNLOAD_SESSION_USE_SSL)) {
-+ if (!sess->gnutls_session && sess->dm->gnutls_initialized &&
-+ (sess->flags & GF_DOWNLOAD_SESSION_USE_GNUTLS)) {
- int ret;
- long vresult;
-- char common_name[256];
-- X509 *cert;
- Bool success = 1;
--
-- sess->ssl = SSL_new(sess->dm->ssl_ctx);
-- SSL_set_fd(sess->ssl, gf_sk_get_handle(sess->sock));
-- SSL_set_connect_state(sess->ssl);
-- ret = SSL_connect(sess->ssl);
-+ const gnutls_datum_t *cert_list;
-+ int cert_list_size = 0;
-+ gnutls_x509_crt_t x509_cert;
-+ gnutls_x509_dn_t *x509_dn;
-+
-+ gnutls_init(sess->gnutls_session, GNUTLS_CLIENT);
-+ gnutls_transport_set_ptr(sess->gnutls_session, gf_sk_get_handle(sess->sock));
-+ ret = gnutls_handshake(sess->gnutls_session);
- assert(ret>0);
-
-- cert = SSL_get_peer_certificate(sess->ssl);
-+ cert_list = gnutls_certificate_get_peers(sess->gnutls_session, &cert_list_size);
- /*if we have a cert, check it*/
-- if (cert) {
-- vresult = SSL_get_verify_result(sess->ssl);
-- if (vresult != X509_V_OK) success = 0;
-- else {
-- common_name[0] = 0;
-- X509_NAME_get_text_by_NID(X509_get_subject_name(cert), NID_commonName, common_name, sizeof (common_name));
-- if (!pattern_match(common_name, sess->server_name)) success = 0;
-- }
-- X509_free(cert);
-+ if (cert_list) {
-+ gnutls_x509_crt_init(&x509_cert);
-+ gnutls_x509_crt_import(x509_cert, &cert_list[0], GNUTLS_X509_FMT_DER);
-+ if (!gnutls_x509_crt_check_hostname(x509_cert, sess->server_name)) success = 0;
-+ gnutls_x509_crt_deinit(x509_cert);
-
- if (!success) {
- gf_dm_disconnect(sess);
-@@ -741,8 +683,8 @@
- dm->cache_directory = strdup(opt);
- }
- }
--#ifdef GPAC_HAS_SSL
-- ssl_init(dm, 0);
-+#ifdef GPAC_HAS_GNUTLS
-+ gnutls_lib_init(dm, 0);
- #endif
- return dm;
- }
-@@ -768,8 +710,11 @@
-
- free(dm->cache_directory);
-
--#ifdef GPAC_HAS_SSL
-- if (dm->ssl_ctx) SSL_CTX_free(dm->ssl_ctx);
-+#ifdef GPAC_HAS_GNUTLS
-+ if (dm->gnutls_initialized) {
-+ gnutls_global_deinit;
-+ dm->gnutls_initialized = 0;
-+ }
- #endif
-
- free(dm);
-@@ -1162,10 +1107,10 @@
- fclose(profile);
- }
-
--#ifdef GPAC_HAS_SSL
-- if (sess->ssl) {
-+#ifdef GPAC_HAS_GNUTLS
-+ if (sess->gnutls_session) {
- e = GF_IP_NETWORK_FAILURE;
-- if (!SSL_write(sess->ssl, tmp_buf, len+par.size)) e = GF_OK;
-+ if (!gnutls_record_send(sess->gnutls_session, tmp_buf, len+par.size)) e = GF_OK;
- } else
- #endif
- e = gf_sk_send(sess->sock, tmp_buf, len+par.size);
-@@ -1174,10 +1119,10 @@
- free(tmp_buf);
- } else {
-
--#ifdef GPAC_HAS_SSL
-- if (sess->ssl) {
-+#ifdef GPAC_HAS_GNUTLS
-+ if (sess->gnutls_session) {
- e = GF_IP_NETWORK_FAILURE;
-- if (!SSL_write(sess->ssl, sHTTP, strlen(sHTTP))) e = GF_OK;
-+ if (!gnutls_record_send(sess->gnutls_session, sHTTP, strlen(sHTTP))) e = GF_OK;
- } else
- #endif
- e = gf_sk_send(sess->sock, sHTTP, strlen(sHTTP));
projects / gpac.git / commitdiff