27 #include <gnutls/gnutls.h>
28 #define TLS_read(c, buf, size) gnutls_record_recv(c->session, buf, size)
29 #define TLS_write(c, buf, size) gnutls_record_send(c->session, buf, size)
30 #define TLS_shutdown(c) gnutls_bye(c->session, GNUTLS_SHUT_RDWR)
31 #define TLS_free(c) do { \
33 gnutls_deinit(c->session); \
35 gnutls_certificate_free_credentials(c->cred); \
38 #include <openssl/bio.h>
39 #include <openssl/ssl.h>
40 #include <openssl/err.h>
41 #define TLS_read(c, buf, size) SSL_read(c->ssl, buf, size)
42 #define TLS_write(c, buf, size) SSL_write(c->ssl, buf, size)
43 #define TLS_shutdown(c) SSL_shutdown(c->ssl)
44 #define TLS_free(c) do { \
48 SSL_CTX_free(c->ctx); \
62 gnutls_session_t session;
63 gnutls_certificate_credentials_t cred;
74 struct pollfd p = { c->
fd, 0, 0 };
76 if (ret != GNUTLS_E_AGAIN && ret != GNUTLS_E_INTERRUPTED) {
80 if (gnutls_record_get_direction(c->session))
85 ret = SSL_get_error(c->ssl, ret);
86 if (ret == SSL_ERROR_WANT_READ) {
88 }
else if (ret == SSL_ERROR_WANT_WRITE) {
98 int n = poll(&p, 1, 100);
110 char buf[1024], key[1024];
111 int has_cert, has_key, verify = 0;
115 const char *p = strchr(uri,
'?');
121 ret = gnutls_certificate_set_x509_trust_file(c->cred, buf, GNUTLS_X509_FMT_PEM);
125 if (!SSL_CTX_load_verify_locations(c->ctx, buf, NULL))
126 av_log(h,
AV_LOG_ERROR,
"SSL_CTX_load_verify_locations %s\n", ERR_error_string(ERR_get_error(), NULL));
132 verify = strtol(buf, &endptr, 10);
140 if (has_cert && has_key) {
141 ret = gnutls_certificate_set_x509_key_file(c->cred, buf, key, GNUTLS_X509_FMT_PEM);
144 }
else if (has_cert ^ has_key) {
147 gnutls_certificate_set_verify_flags(c->cred, verify);
149 if (has_cert && !SSL_CTX_use_certificate_chain_file(c->ctx, buf))
150 av_log(h,
AV_LOG_ERROR,
"SSL_CTX_use_certificate_chain_file %s\n", ERR_error_string(ERR_get_error(), NULL));
151 if (has_key && !SSL_CTX_use_PrivateKey_file(c->ctx, key, SSL_FILETYPE_PEM))
152 av_log(h,
AV_LOG_ERROR,
"SSL_CTX_use_PrivateKey_file %s\n", ERR_error_string(ERR_get_error(), NULL));
154 SSL_CTX_set_verify(c->ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
163 char buf[200], host[200], path[1024];
165 struct addrinfo hints = { 0 }, *ai = NULL;
166 const char *proxy_path;
169 const char *p = strchr(uri,
'?');
175 av_url_split(NULL, 0, NULL, 0, host,
sizeof(host), &port, path,
sizeof(path), uri);
176 ff_url_join(buf,
sizeof(buf),
"tcp", NULL, host, port,
"%s", path);
184 proxy_path = getenv(
"http_proxy");
186 proxy_path != NULL &&
av_strstart(proxy_path,
"http://", NULL);
189 char proxy_host[200], proxy_auth[200], dest[200];
192 proxy_host,
sizeof(proxy_host), &proxy_port, NULL, 0,
194 ff_url_join(dest,
sizeof(dest), NULL, NULL, host, port, NULL);
195 ff_url_join(buf,
sizeof(buf),
"httpproxy", proxy_auth, proxy_host,
196 proxy_port,
"/%s", dest);
206 gnutls_init(&c->session, server ? GNUTLS_SERVER : GNUTLS_CLIENT);
208 gnutls_server_name_set(c->session, GNUTLS_NAME_DNS, host, strlen(host));
209 gnutls_certificate_allocate_credentials(&c->cred);
211 gnutls_credentials_set(c->session, GNUTLS_CRD_CERTIFICATE, c->cred);
212 gnutls_transport_set_ptr(c->session, (gnutls_transport_ptr_t)
214 gnutls_priority_set_direct(c->session,
"NORMAL", NULL);
216 ret = gnutls_handshake(c->session);
223 c->ctx = SSL_CTX_new(server ? TLSv1_server_method() : TLSv1_client_method());
230 c->ssl = SSL_new(c->ctx);
236 SSL_set_fd(c->ssl, c->
fd);
237 if (!server && !numerichost)
238 SSL_set_tlsext_host_name(c->ssl, host);
240 ret = server ? SSL_accept(c->ssl) : SSL_connect(c->ssl);
265 int ret = TLS_read(c, buf, size);
280 int ret = TLS_write(c, buf, size);