[SCM] gpac packaging branch, master, updated. debian/0.4.5-1-7-g2220fe3

Fri Aug 6 02:14:27 UTC 2010

The following commit has been merged in the master branch:
commit 212eff980670e893f22a73dacb99653662200fa5
Author: Andres Mejia <mcitadel at gmail.com>
Date:   Thu Aug 5 22:05:14 2010 -0400

    Supply patch to converts gpac from using openssl to using gnutls.
    Currently builds but untested otherwise and thus remains disabled during build.

diff --git a/debian/patches/gnutls-conversion.patch b/debian/patches/gnutls-conversion.patch
new file mode 100644
index 0000000..5ecdc71
--- /dev/null
+++ b/debian/patches/gnutls-conversion.patch
@@ -0,0 +1,484 @@
+Patch to convert from OpenSSL to GnuTLS.
+==========================================================================
+diff --git a/applications/mp4box/Makefile b/applications/mp4box/Makefile
+index d3c03fa..9d1ddfa 100644
+--- a/applications/mp4box/Makefile
++++ b/applications/mp4box/Makefile
+@@ -36,7 +36,7 @@ else
+ EXT=
+ PROG=MP4Box
+ #LINKFLAGS+=-lgpac_static $(EXTRALIBS) $(GPAC_SH_FLAGS) -lz 
+-LINKFLAGS+=-lgpac -lz  $(OGL_LIBS)
++LINKFLAGS+=-lgpac -lz  $(OGL_LIBS) $(GNUTLS_LIBS)
+ endif
+ 
+ 
+diff --git a/applications/mp4client/Makefile b/applications/mp4client/Makefile
+index 688d328..67a910c 100644
+--- a/applications/mp4client/Makefile
++++ b/applications/mp4client/Makefile
+@@ -4,7 +4,7 @@ vpath %.c $(SRC_PATH)/applications/mp4client
+ 
+ CFLAGS= $(OPTFLAGS) -I$(SRC_PATH)/include
+ 
+-LINKLIBS=$(OGL_LIBS)
++LINKLIBS=$(OGL_LIBS) $(GNUTLS_LIBS)
+ 
+ ifeq ($(DEBUGBUILD), yes)
+ CFLAGS+=-g
+diff --git a/applications/osmo4_wx/Makefile b/applications/osmo4_wx/Makefile
+index a0841d7..3430c2d 100644
+--- a/applications/osmo4_wx/Makefile
++++ b/applications/osmo4_wx/Makefile
+@@ -41,7 +41,7 @@ SRCS := $(OBJS:.o=.cpp)
+ all: $(PROG)
+ 
+ Osmo4$(EXE): $(OBJS)
+-	$(CC) $(LDFLAGS) -o ../../bin/gcc/$@ $(OBJS) -L../../bin/gcc -lgpac $(WX_LFLAGS) -lz
++	$(CC) $(LDFLAGS) -o ../../bin/gcc/$@ $(OBJS) -L../../bin/gcc -lgpac $(WX_LFLAGS) -lz $(GNUTLS_LIBS)
+ 
+ %.o: %.cpp
+ 	$(CXX) $(CFLAGS) $(INSTALL_FLAGS) $(WX_CFLAGS) -c -o $@ $< 
+diff --git a/applications/testapps/mp42ts/Makefile b/applications/testapps/mp42ts/Makefile
+index 53c5fb1..9b2b9f8 100644
+--- a/applications/testapps/mp42ts/Makefile
++++ b/applications/testapps/mp42ts/Makefile
+@@ -27,7 +27,7 @@ else
+ EXT=
+ PROG=mp42ts
+ #LINKFLAGS+=-lgpac_static $(EXTRALIBS) $(GPAC_SH_FLAGS) -lz $(OGL_LIBS)
+-LINKFLAGS+=-lgpac $(OGL_LIBS)
++LINKFLAGS+=-lgpac $(OGL_LIBS) $(GNUTLS_LIBS)
+ endif
+ 
+ 
+diff --git a/applications/testapps/mp4_streamer/Makefile b/applications/testapps/mp4_streamer/Makefile
+index 2628096..25af208 100644
+--- a/applications/testapps/mp4_streamer/Makefile
++++ b/applications/testapps/mp4_streamer/Makefile
+@@ -27,7 +27,7 @@ else
+ EXT=
+ PROG=mp4_streamer
+ #LINKFLAGS+=-lgpac_static $(EXTRALIBS) $(GPAC_SH_FLAGS) -lz $(OGL_LIBS)
+-LINKFLAGS+=-lgpac $(OGL_LIBS)
++LINKFLAGS+=-lgpac $(OGL_LIBS) $(GNUTLS_LIBS)
+ endif
+ 
+ 
+diff --git a/configure b/configure
+index 3dce906..397e60c 100755
+--- a/configure
++++ b/configure
+@@ -77,7 +77,7 @@ has_opengl="no"
+ disable_opengl="no"
+ has_tinygl="no"
+ enable_tinygl="no"
+-has_ssl="no"
++has_gnutls="no"
+ has_ipv6="no"
+ has_dvb4linux="no"
+ has_xmlrpc="no"
+@@ -162,7 +162,7 @@ echo "  --disable-opengl         disable OpenGL support"
+ echo "  --enable-tinygl          enable TinyGL support"
+ echo "  --enable-joystick        enable joystick support"
+ echo "  --enable-renoir          enable renoir 3D support"
+-echo "  --disable-ssl            disable OpenSSL support"
++echo "  --disable-gnutls         disable GnuTLS support"
+ echo "  --enable-amr-nb-fixed    enable AMR NB fixed-point decoder"
+ echo "  --enable-amr-nb          enable AMR NB library"
+ echo "  --enable-amr-wb          enable AMR WB library"
+@@ -559,23 +559,18 @@ fi
+ 
+ 
+ 
+-#look for OpenSSL support
++#look for GnuTLS support
+ cat > $TMPC << EOF
+-#include <openssl/ssl.h>
+-#include <openssl/x509.h>
+-#include <openssl/err.h>
+-#include <openssl/rand.h>
++#include <gnutls/gnutls.h>
++#include <gnutls/x509.h>
++#include <gcrypt.h>
+ int main( void ) { return 0; }
+ EOF
+ 
+-if test "$win32" = "yes" ; then
+-LINK_SSL="-lssleay32 -leay32"
+-else
+-LINK_SSL="-lssl -lcrypto"
+-fi
++LINK_GNUTLS="-lgnutls"
+ 
+-if $cc -o $TMPO $TMPC $LINK_SSL 2> /dev/null  ; then
+-has_ssl="yes"
++if $cc -o $TMPO $TMPC $LINK_GNUTLS 2> /dev/null  ; then
++has_gnutls="yes"
+ fi
+ 
+ 
+@@ -1044,7 +1039,7 @@ for opt do
+   ;;
+   --enable-tinygl) enable_tinygl="yes"
+   ;;
+-  --disable-ssl) has_ssl="no"
++  --disable-gnutls) has_gnutls="no"
+   ;;
+   --use-faad=*) has_faad=${opt#--use-faad=}
+   ;;
+@@ -1347,7 +1342,7 @@ echo "SDL Version too old - please upgrade for SDL support"
+ fi
+ echo "OpenGL support: $has_opengl"
+ echo "TinyGL support: $has_tinygl"
+-echo "OpenSSL support: $has_ssl"
++echo "GnuTLS support: $has_gnutls"
+ 
+ echo "Mozilla XUL/GECKO support: $has_xul"
+ 
+@@ -1598,10 +1593,10 @@ if test "$has_tinygl" = "yes" ; then
+ echo "#define GPAC_USE_TINYGL" >> $TMPH
+ fi
+ 
+-echo "HAS_OPENSSL=$has_ssl" >> config.mak
+-if test "$has_ssl" = "yes" ; then
+-  echo "SSL_LIBS=$LINK_SSL" >> config.mak
+-  echo "#define GPAC_HAS_SSL" >> $TMPH
++echo "HAS_GNUTLS=$has_gnutls" >> config.mak
++if test "$has_gnutls" = "yes" ; then
++  echo "GNUTLS_LIBS=$LINK_GNUTLS" >> config.mak
++  echo "#define GPAC_HAS_GNUTLS" >> $TMPH
+ fi
+ 
+ echo "CONFIG_SDL=$has_sdl" >> config.mak
+diff --git a/include/gpac/download.h b/include/gpac/download.h
+index 89ccf6e..cb4dd76 100644
+--- a/include/gpac/download.h
++++ b/include/gpac/download.h
+@@ -36,7 +36,7 @@
+  *	\brief File Downloader objects
+  *
+  *	This section documents the file downloading tools the GPAC framework. Currently HTTP is supported, HTTPS is under testing but may not be supported
+- *depending on GPAC compilation options (HTTPS in GPAC needs OpenSSL installed on the system).
++ *depending on GPAC compilation options (HTTPS in GPAC needs GnuTLS installed on the system).
+  *
+  *	@{
+  */
+diff --git a/include/gpac/network.h b/include/gpac/network.h
+index 0e2bb23..65c6765 100644
+--- a/include/gpac/network.h
++++ b/include/gpac/network.h
+@@ -348,7 +348,7 @@ GF_Err gf_sk_receive_wait(GF_Socket *sock, char *buffer, u32 length, u32 start_f
+ /*!
+  *\brief gets socket handle
+  *
+- *Gets the socket low-level handle as used by OpenSSL.
++ *Gets the socket low-level handle as used by GnuTLS.
+  *\param sock the socket object
+  *\return the socket handle
+  */
+diff --git a/src/utils/downloader.c b/src/utils/downloader.c
+index dcb8b13..9692853 100644
+--- a/src/utils/downloader.c
++++ b/src/utils/downloader.c
+@@ -33,11 +33,13 @@
+ #include <gpac/crypt.h>
+ 
+ 
+-#ifdef GPAC_HAS_SSL
+-#include <openssl/ssl.h>
+-#include <openssl/x509.h>
+-#include <openssl/err.h>
+-#include <openssl/rand.h>
++#ifdef GPAC_HAS_GNUTLS
++#include <gnutls/gnutls.h>
++#include <gnutls/x509.h>
++#include <gcrypt.h>
++#include <errno.h>
++#include <pthread.h>
++GCRY_THREAD_OPTION_PTHREAD_IMPL;
+ #endif
+ 
+ 
+@@ -49,7 +51,7 @@ static void gf_dm_connect(GF_DownloadSession *sess);
+ /*internal flags*/
+ enum
+ {
+-	GF_DOWNLOAD_SESSION_USE_SSL		=	1<<10,
++	GF_DOWNLOAD_SESSION_USE_GNUTLS	=	1<<10,
+ 	GF_DOWNLOAD_SESSION_THREAD_DEAD	=	1<<11,
+ 	GF_DOWNLOAD_IS_ICY				=	1<<12,
+ };
+@@ -99,8 +101,8 @@ struct __gf_download_session
+ 	char *init_data;
+ 	u32 init_data_size;
+ 
+-#ifdef GPAC_HAS_SSL
+-	SSL *ssl;
++#ifdef GPAC_HAS_GNUTLS
++	gnutls_session_t gnutls_session;
+ #endif
+ 
+ 	void (*do_requests)(struct __gf_download_session *);
+@@ -124,86 +126,29 @@ struct __gf_download_manager
+ 	GF_Config *cfg;
+ 	GF_List *sessions;
+ 
+-#ifdef GPAC_HAS_SSL
+-	SSL_CTX *ssl_ctx;
++#ifdef GPAC_HAS_GNUTLS
++	int gnutls_initialized;
+ #endif
+ 
+ };
+ 
+-#ifdef GPAC_HAS_SSL
++#ifdef GPAC_HAS_GNUTLS
+ 
+-static void init_prng (void)
++static int gnutls_lib_init(GF_DownloadManager *dm, u32 mode)
+ {
+-	char namebuf[256];
+-	const char *random_file;
+-	
+-	if (RAND_status ()) return;
++	if (!dm) return 0;
+ 
+-	namebuf[0] = '\0';
+-	random_file = RAND_file_name (namebuf, sizeof (namebuf));
++	/* The GnuTLS library has already been initialized. */
++	if (dm->gnutls_initialized) return 1;
+ 
+-	if (random_file && *random_file)
+-		RAND_load_file(random_file, 16384);
+-	
+-	if (RAND_status ()) return;
++  /* Activate multi-thread support in libgcrypt via pthread */
++	gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+ 
+-#ifdef WIN32
+-	RAND_screen ();
+-	if (RAND_status ())
+-	return;
+-#endif
+-}
++	/* Initialize the library */
++	gnutls_global_init();
++	dm->gnutls_initialized = 1;
+ 
+-static int ssl_init(GF_DownloadManager *dm, u32 mode)
+-{
+-	SSL_METHOD *meth;
+-	
+-	if (!dm) return 0;
+-    /* The SSL has already been initialized. */
+-	if (dm->ssl_ctx) return 1;
+-	/* Init the PRNG.  If that fails, bail out.  */
+-	init_prng();
+-	if (RAND_status() != 1) goto error;
+-	SSL_library_init();
+-	SSL_load_error_strings();
+-	SSLeay_add_all_algorithms();
+-	SSLeay_add_ssl_algorithms();
+-	
+-	switch (mode) {
+-	case 0:
+-		meth = SSLv23_client_method();
+-		break;
+-	case 1:
+-		meth = SSLv2_client_method();
+-		break;
+-	case 2:
+-		meth = SSLv3_client_method();
+-		break;
+-	case 3:
+-		meth = TLSv1_client_method();
+-		break;
+-	default:
+-		goto error;
+-	}
+-	
+-	dm->ssl_ctx = SSL_CTX_new(meth);
+-	if (!dm->ssl_ctx) goto error;
+-	SSL_CTX_set_default_verify_paths(dm->ssl_ctx);
+-	SSL_CTX_load_verify_locations (dm->ssl_ctx, NULL, NULL);
+-	/* SSL_VERIFY_NONE instructs OpenSSL not to abort SSL_connect if the
+-     certificate is invalid.  We verify the certificate separately in
+-     ssl_check_certificate, which provides much better diagnostics
+-     than examining the error stack after a failed SSL_connect.  */
+-	SSL_CTX_set_verify(dm->ssl_ctx, SSL_VERIFY_NONE, NULL);
+-
+-	/* Since fd_write unconditionally assumes partial writes (and handles them correctly), 
+-	allow them in OpenSSL.  */
+-	SSL_CTX_set_mode(dm->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
+ 	return 1;
+-error:
+-	if (dm->ssl_ctx) SSL_CTX_free(dm->ssl_ctx);
+-	dm->ssl_ctx = NULL;
+-	return 0;
+ }
+ 
+ #endif
+@@ -220,7 +165,7 @@ static Bool gf_dm_is_local(GF_DownloadManager *dm, const char *url)
+ static Bool gf_dm_can_handle_url(GF_DownloadManager *dm, const char *url)
+ {
+ 	if (!strnicmp(url, "http://", 7)) return 1;
+-#ifdef GPAC_HAS_SSL
++#ifdef GPAC_HAS_GNUTLS
+ 	if (!strnicmp(url, "https://", 8)) return 1;
+ #endif
+ 	return 0;
+@@ -292,11 +237,10 @@ void gf_dm_configure_cache(GF_DownloadSession *sess)
+ 
+ static void gf_dm_disconnect(GF_DownloadSession *sess)
+ {
+-#ifdef GPAC_HAS_SSL
+-	if (sess->ssl) {
+-		SSL_shutdown(sess->ssl);
+-		SSL_free(sess->ssl);
+-		sess->ssl = NULL;
++#ifdef GPAC_HAS_GNUTLS
++	if (sess->gnutls_session) {
++		gnutls_bye(sess->gnutls_session, GNUTLS_SHUT_RDWR);
++		sess->gnutls_session = NULL;
+ 	}
+ #endif
+ 	if (sess->sock) {
+@@ -385,10 +329,10 @@ static GF_Err gf_dm_setup_from_url(GF_DownloadSession *sess, char *url)
+ 	else if (!strnicmp(url, "https://", 8)) {
+ 		url += 8;
+ 		sess->port = 443;
+-#ifndef GPAC_HAS_SSL
++#ifndef GPAC_HAS_GNUTLS
+ 		return GF_NOT_SUPPORTED;
+ #endif
+-		sess->flags |= GF_DOWNLOAD_SESSION_USE_SSL;
++		sess->flags |= GF_DOWNLOAD_SESSION_USE_GNUTLS;
+ 		sess->do_requests = http_do_requests;
+ 	}
+ 	else if (!strnicmp(url, "ftp://", 6)) {
+@@ -539,9 +483,9 @@ static GF_Err gf_dm_read_data(GF_DownloadSession *sess, char *data, u32 data_siz
+ {
+ 	GF_Err e;
+ 	
+-#ifdef GPAC_HAS_SSL
+-	if (sess->ssl) {
+-		u32 size = SSL_read(sess->ssl, data, data_size);
++#ifdef GPAC_HAS_GNUTLS
++	if (sess->gnutls_session) {
++		u32 size = gnutls_record_recv(sess->gnutls_session, data, data_size);
+ 		e = GF_OK;
+ 		data[size] = 0;
+ 		if (!size) e = GF_IP_NETWORK_EMPTY;
+@@ -554,7 +498,7 @@ static GF_Err gf_dm_read_data(GF_DownloadSession *sess, char *data, u32 data_siz
+ }
+ 
+ 
+-#ifdef GPAC_HAS_SSL
++#ifdef GPAC_HAS_GNUTLS
+ /*pattern comp taken from wget*/
+ #define ASTERISK_EXCLUDES_DOT	/* mandated by rfc2818 */
+ 
+@@ -650,32 +594,30 @@ static void gf_dm_connect(GF_DownloadSession *sess)
+ 	gf_sk_set_buffer_size(sess->sock, 0, GF_DOWNLOAD_BUFFER_SIZE);
+ 	gf_dm_configure_cache(sess);
+ 
+-#ifdef GPAC_HAS_SSL
++#ifdef GPAC_HAS_GNUTLS
+ 	/*socket is connected, configure SSL layer*/
+-	if (!sess->ssl && sess->dm->ssl_ctx && (sess->flags & GF_DOWNLOAD_SESSION_USE_SSL)) {
++	if (!sess->gnutls_session && sess->dm->gnutls_initialized &&
++		(sess->flags & GF_DOWNLOAD_SESSION_USE_GNUTLS)) {
+ 		int ret;
+ 		long vresult;
+-		char common_name[256];
+-	    X509 *cert;
+ 		Bool success = 1;
+-
+-		sess->ssl = SSL_new(sess->dm->ssl_ctx);
+-		SSL_set_fd(sess->ssl, gf_sk_get_handle(sess->sock));
+-		SSL_set_connect_state(sess->ssl);
+-		ret = SSL_connect(sess->ssl);
++		const gnutls_datum_t *cert_list;
++		int cert_list_size = 0;
++		gnutls_x509_crt_t x509_cert;
++		gnutls_x509_dn_t *x509_dn;
++
++		gnutls_init(sess->gnutls_session, GNUTLS_CLIENT);
++		gnutls_transport_set_ptr(sess->gnutls_session, gf_sk_get_handle(sess->sock));
++		ret = gnutls_handshake(sess->gnutls_session);
+ 		assert(ret>0);
+ 
+-		cert = SSL_get_peer_certificate(sess->ssl);       
++		cert_list = gnutls_certificate_get_peers(sess->gnutls_session, &cert_list_size);
+ 		/*if we have a cert, check it*/
+-		if (cert) {
+-			vresult = SSL_get_verify_result(sess->ssl);
+-			if (vresult != X509_V_OK) success = 0;
+-			else {
+-				common_name[0] = 0;
+-				X509_NAME_get_text_by_NID(X509_get_subject_name(cert), NID_commonName, common_name, sizeof (common_name));
+-				if (!pattern_match(common_name, sess->server_name)) success = 0;
+-			}
+-			X509_free(cert);
++		if (cert_list) {
++			gnutls_x509_crt_init(&x509_cert);
++			gnutls_x509_crt_import(x509_cert, &cert_list[0], GNUTLS_X509_FMT_DER);
++			if (!gnutls_x509_crt_check_hostname(x509_cert, sess->server_name)) success = 0;
++			gnutls_x509_crt_deinit(x509_cert);
+ 
+ 			if (!success) {
+ 				gf_dm_disconnect(sess);
+@@ -741,8 +683,8 @@ GF_DownloadManager *gf_dm_new(GF_Config *cfg)
+ 			dm->cache_directory = strdup(opt);
+ 		}
+ 	}
+-#ifdef GPAC_HAS_SSL
+-	ssl_init(dm, 0);
++#ifdef GPAC_HAS_GNUTLS
++	gnutls_lib_init(dm, 0);
+ #endif
+ 	return dm;
+ }
+@@ -768,8 +710,11 @@ void gf_dm_del(GF_DownloadManager *dm)
+ 
+ 	free(dm->cache_directory);
+ 
+-#ifdef GPAC_HAS_SSL
+-	if (dm->ssl_ctx) SSL_CTX_free(dm->ssl_ctx);
++#ifdef GPAC_HAS_GNUTLS
++	if (dm->gnutls_initialized) {
++		gnutls_global_deinit;
++		dm->gnutls_initialized = 0;
++	}
+ #endif
+ 
+ 	free(dm);
+@@ -1162,10 +1107,10 @@ void http_do_requests(GF_DownloadSession *sess)
+ 				fclose(profile);
+ 			}
+ 
+-#ifdef GPAC_HAS_SSL
+-			if (sess->ssl) {
++#ifdef GPAC_HAS_GNUTLS
++			if (sess->gnutls_session) {
+ 				e = GF_IP_NETWORK_FAILURE;
+-				if (!SSL_write(sess->ssl, tmp_buf, len+par.size)) e = GF_OK;
++				if (!gnutls_record_send(sess->gnutls_session, tmp_buf, len+par.size)) e = GF_OK;
+ 			} else 
+ #endif
+ 				e = gf_sk_send(sess->sock, tmp_buf, len+par.size);
+@@ -1174,10 +1119,10 @@ void http_do_requests(GF_DownloadSession *sess)
+ 			free(tmp_buf);
+ 		} else {
+ 
+-#ifdef GPAC_HAS_SSL
+-			if (sess->ssl) {
++#ifdef GPAC_HAS_GNUTLS
++			if (sess->gnutls_session) {
+ 				e = GF_IP_NETWORK_FAILURE;
+-				if (!SSL_write(sess->ssl, sHTTP, strlen(sHTTP))) e = GF_OK;
++				if (!gnutls_record_send(sess->gnutls_session, sHTTP, strlen(sHTTP))) e = GF_OK;
+ 			} else 
+ #endif
+ 				e = gf_sk_send(sess->sock, sHTTP, strlen(sHTTP));

-- 
gpac packaging

