[SCM] gpac/master: Remove gnutls conversion patch. Will try again with Mozilla's NSS.

ceros-guest at users.alioth.debian.org ceros-guest at users.alioth.debian.org
Sun May 1 04:12:16 UTC 2011 

The following commit has been merged in the master branch:
commit d485634a2ba7f4abfafa5b69dcd0c90580c955c7
Author: Andres Mejia <mcitadel at gmail.com>
Date:   Sat Apr 30 21:31:42 2011 -0400

    Remove gnutls conversion patch.
    Will try again with Mozilla's NSS.

diff --git a/debian/patches/gnutls-conversion.patch b/debian/patches/gnutls-conversion.patch
deleted file mode 100644
index 0be4a6b..0000000
--- a/debian/patches/gnutls-conversion.patch
+++ /dev/null
@@ -1,468 +0,0 @@
-From: Andres Mejia <mcitadel at gmail.com>
-Subject: Patch to convert from OpenSSL to GnuTLS.
-
-==========================================================================
---- a/applications/mp4box/Makefile
-+++ b/applications/mp4box/Makefile
-@@ -36,7 +36,7 @@
- EXT=
- PROG=MP4Box
- #LINKFLAGS+=-lgpac_static $(EXTRALIBS) $(GPAC_SH_FLAGS) -lz 
--LINKFLAGS+=-lgpac -lz  $(OGL_LIBS)
-+LINKFLAGS+=-lgpac -lz  $(OGL_LIBS) $(GNUTLS_LIBS)
- endif
- 
- 
---- a/applications/mp4client/Makefile
-+++ b/applications/mp4client/Makefile
-@@ -4,7 +4,7 @@
- 
- CFLAGS= $(OPTFLAGS) -I$(SRC_PATH)/include
- 
--LINKLIBS=$(OGL_LIBS)
-+LINKLIBS=$(OGL_LIBS) $(GNUTLS_LIBS)
- 
- ifeq ($(DEBUGBUILD), yes)
- CFLAGS+=-g
---- a/applications/osmo4_wx/Makefile
-+++ b/applications/osmo4_wx/Makefile
-@@ -41,7 +41,7 @@
- all: $(PROG)
- 
- Osmo4$(EXE): $(OBJS)
--	$(CC) $(LDFLAGS) -o ../../bin/gcc/$@ $(OBJS) -L../../bin/gcc -lgpac $(WX_LFLAGS) -lz
-+	$(CC) $(LDFLAGS) -o ../../bin/gcc/$@ $(OBJS) -L../../bin/gcc -lgpac $(WX_LFLAGS) -lz $(GNUTLS_LIBS)
- 
- %.o: %.cpp
- 	$(CXX) $(CFLAGS) $(INSTALL_FLAGS) $(WX_CFLAGS) -c -o $@ $< 
---- a/applications/testapps/mp42ts/Makefile
-+++ b/applications/testapps/mp42ts/Makefile
-@@ -27,7 +27,7 @@
- EXT=
- PROG=mp42ts
- #LINKFLAGS+=-lgpac_static $(EXTRALIBS) $(GPAC_SH_FLAGS) -lz $(OGL_LIBS)
--LINKFLAGS+=-lgpac $(OGL_LIBS)
-+LINKFLAGS+=-lgpac $(OGL_LIBS) $(GNUTLS_LIBS)
- endif
- 
- 
---- a/applications/testapps/mp4_streamer/Makefile
-+++ b/applications/testapps/mp4_streamer/Makefile
-@@ -27,7 +27,7 @@
- EXT=
- PROG=mp4_streamer
- #LINKFLAGS+=-lgpac_static $(EXTRALIBS) $(GPAC_SH_FLAGS) -lz $(OGL_LIBS)
--LINKFLAGS+=-lgpac $(OGL_LIBS)
-+LINKFLAGS+=-lgpac $(OGL_LIBS) $(GNUTLS_LIBS)
- endif
- 
- 
---- a/configure
-+++ b/configure
-@@ -77,7 +77,7 @@
- disable_opengl="no"
- has_tinygl="no"
- enable_tinygl="no"
--has_ssl="no"
-+has_gnutls="no"
- has_ipv6="no"
- has_dvb4linux="no"
- has_xmlrpc="no"
-@@ -162,7 +162,7 @@
- echo "  --enable-tinygl          enable TinyGL support"
- echo "  --enable-joystick        enable joystick support"
- echo "  --enable-renoir          enable renoir 3D support"
--echo "  --disable-ssl            disable OpenSSL support"
-+echo "  --disable-gnutls         disable GnuTLS support"
- echo "  --enable-amr-nb-fixed    enable AMR NB fixed-point decoder"
- echo "  --enable-amr-nb          enable AMR NB library"
- echo "  --enable-amr-wb          enable AMR WB library"
-@@ -559,23 +559,18 @@
- 
- 
- 
--#look for OpenSSL support
-+#look for GnuTLS support
- cat > $TMPC << EOF
--#include <openssl/ssl.h>
--#include <openssl/x509.h>
--#include <openssl/err.h>
--#include <openssl/rand.h>
-+#include <gnutls/gnutls.h>
-+#include <gnutls/x509.h>
-+#include <gcrypt.h>
- int main( void ) { return 0; }
- EOF
- 
--if test "$win32" = "yes" ; then
--LINK_SSL="-lssleay32 -leay32"
--else
--LINK_SSL="-lssl -lcrypto"
--fi
-+LINK_GNUTLS="-lgnutls"
- 
--if $cc -o $TMPO $TMPC $LINK_SSL 2> /dev/null  ; then
--has_ssl="yes"
-+if $cc -o $TMPO $TMPC $LINK_GNUTLS 2> /dev/null  ; then
-+has_gnutls="yes"
- fi
- 
- 
-@@ -1044,7 +1039,7 @@
-   ;;
-   --enable-tinygl) enable_tinygl="yes"
-   ;;
--  --disable-ssl) has_ssl="no"
-+  --disable-gnutls) has_gnutls="no"
-   ;;
-   --use-faad=*) has_faad=${opt#--use-faad=}
-   ;;
-@@ -1347,7 +1342,7 @@
- fi
- echo "OpenGL support: $has_opengl"
- echo "TinyGL support: $has_tinygl"
--echo "OpenSSL support: $has_ssl"
-+echo "GnuTLS support: $has_gnutls"
- 
- echo "Mozilla XUL/GECKO support: $has_xul"
- 
-@@ -1598,10 +1593,10 @@
- echo "#define GPAC_USE_TINYGL" >> $TMPH
- fi
- 
--echo "HAS_OPENSSL=$has_ssl" >> config.mak
--if test "$has_ssl" = "yes" ; then
--  echo "SSL_LIBS=$LINK_SSL" >> config.mak
--  echo "#define GPAC_HAS_SSL" >> $TMPH
-+echo "HAS_GNUTLS=$has_gnutls" >> config.mak
-+if test "$has_gnutls" = "yes" ; then
-+  echo "GNUTLS_LIBS=$LINK_GNUTLS" >> config.mak
-+  echo "#define GPAC_HAS_GNUTLS" >> $TMPH
- fi
- 
- echo "CONFIG_SDL=$has_sdl" >> config.mak
---- a/include/gpac/download.h
-+++ b/include/gpac/download.h
-@@ -36,7 +36,7 @@
-  *	\brief File Downloader objects
-  *
-  *	This section documents the file downloading tools the GPAC framework. Currently HTTP is supported, HTTPS is under testing but may not be supported
-- *depending on GPAC compilation options (HTTPS in GPAC needs OpenSSL installed on the system).
-+ *depending on GPAC compilation options (HTTPS in GPAC needs GnuTLS installed on the system).
-  *
-  *	@{
-  */
---- a/include/gpac/network.h
-+++ b/include/gpac/network.h
-@@ -348,7 +348,7 @@
- /*!
-  *\brief gets socket handle
-  *
-- *Gets the socket low-level handle as used by OpenSSL.
-+ *Gets the socket low-level handle as used by GnuTLS.
-  *\param sock the socket object
-  *\return the socket handle
-  */
---- a/src/utils/downloader.c
-+++ b/src/utils/downloader.c
-@@ -33,11 +33,13 @@
- #include <gpac/crypt.h>
- 
- 
--#ifdef GPAC_HAS_SSL
--#include <openssl/ssl.h>
--#include <openssl/x509.h>
--#include <openssl/err.h>
--#include <openssl/rand.h>
-+#ifdef GPAC_HAS_GNUTLS
-+#include <gnutls/gnutls.h>
-+#include <gnutls/x509.h>
-+#include <gcrypt.h>
-+#include <errno.h>
-+#include <pthread.h>
-+GCRY_THREAD_OPTION_PTHREAD_IMPL;
- #endif
- 
- 
-@@ -49,7 +51,7 @@
- /*internal flags*/
- enum
- {
--	GF_DOWNLOAD_SESSION_USE_SSL		=	1<<10,
-+	GF_DOWNLOAD_SESSION_USE_GNUTLS	=	1<<10,
- 	GF_DOWNLOAD_SESSION_THREAD_DEAD	=	1<<11,
- 	GF_DOWNLOAD_IS_ICY				=	1<<12,
- };
-@@ -99,8 +101,8 @@
- 	char *init_data;
- 	u32 init_data_size;
- 
--#ifdef GPAC_HAS_SSL
--	SSL *ssl;
-+#ifdef GPAC_HAS_GNUTLS
-+	gnutls_session_t gnutls_session;
- #endif
- 
- 	void (*do_requests)(struct __gf_download_session *);
-@@ -124,86 +126,29 @@
- 	GF_Config *cfg;
- 	GF_List *sessions;
- 
--#ifdef GPAC_HAS_SSL
--	SSL_CTX *ssl_ctx;
-+#ifdef GPAC_HAS_GNUTLS
-+	int gnutls_initialized;
- #endif
- 
- };
- 
--#ifdef GPAC_HAS_SSL
-+#ifdef GPAC_HAS_GNUTLS
- 
--static void init_prng (void)
-+static int gnutls_lib_init(GF_DownloadManager *dm, u32 mode)
- {
--	char namebuf[256];
--	const char *random_file;
--	
--	if (RAND_status ()) return;
-+	if (!dm) return 0;
- 
--	namebuf[0] = '\0';
--	random_file = RAND_file_name (namebuf, sizeof (namebuf));
-+	/* The GnuTLS library has already been initialized. */
-+	if (dm->gnutls_initialized) return 1;
- 
--	if (random_file && *random_file)
--		RAND_load_file(random_file, 16384);
--	
--	if (RAND_status ()) return;
-+  /* Activate multi-thread support in libgcrypt via pthread */
-+	gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
- 
--#ifdef WIN32
--	RAND_screen ();
--	if (RAND_status ())
--	return;
--#endif
--}
-+	/* Initialize the library */
-+	gnutls_global_init();
-+	dm->gnutls_initialized = 1;
- 
--static int ssl_init(GF_DownloadManager *dm, u32 mode)
--{
--	SSL_METHOD *meth;
--	
--	if (!dm) return 0;
--    /* The SSL has already been initialized. */
--	if (dm->ssl_ctx) return 1;
--	/* Init the PRNG.  If that fails, bail out.  */
--	init_prng();
--	if (RAND_status() != 1) goto error;
--	SSL_library_init();
--	SSL_load_error_strings();
--	SSLeay_add_all_algorithms();
--	SSLeay_add_ssl_algorithms();
--	
--	switch (mode) {
--	case 0:
--		meth = SSLv23_client_method();
--		break;
--	case 1:
--		meth = SSLv2_client_method();
--		break;
--	case 2:
--		meth = SSLv3_client_method();
--		break;
--	case 3:
--		meth = TLSv1_client_method();
--		break;
--	default:
--		goto error;
--	}
--	
--	dm->ssl_ctx = SSL_CTX_new(meth);
--	if (!dm->ssl_ctx) goto error;
--	SSL_CTX_set_default_verify_paths(dm->ssl_ctx);
--	SSL_CTX_load_verify_locations (dm->ssl_ctx, NULL, NULL);
--	/* SSL_VERIFY_NONE instructs OpenSSL not to abort SSL_connect if the
--     certificate is invalid.  We verify the certificate separately in
--     ssl_check_certificate, which provides much better diagnostics
--     than examining the error stack after a failed SSL_connect.  */
--	SSL_CTX_set_verify(dm->ssl_ctx, SSL_VERIFY_NONE, NULL);
--
--	/* Since fd_write unconditionally assumes partial writes (and handles them correctly), 
--	allow them in OpenSSL.  */
--	SSL_CTX_set_mode(dm->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
- 	return 1;
--error:
--	if (dm->ssl_ctx) SSL_CTX_free(dm->ssl_ctx);
--	dm->ssl_ctx = NULL;
--	return 0;
- }
- 
- #endif
-@@ -220,7 +165,7 @@
- static Bool gf_dm_can_handle_url(GF_DownloadManager *dm, const char *url)
- {
- 	if (!strnicmp(url, "http://", 7)) return 1;
--#ifdef GPAC_HAS_SSL
-+#ifdef GPAC_HAS_GNUTLS
- 	if (!strnicmp(url, "https://", 8)) return 1;
- #endif
- 	return 0;
-@@ -292,11 +237,10 @@
- 
- static void gf_dm_disconnect(GF_DownloadSession *sess)
- {
--#ifdef GPAC_HAS_SSL
--	if (sess->ssl) {
--		SSL_shutdown(sess->ssl);
--		SSL_free(sess->ssl);
--		sess->ssl = NULL;
-+#ifdef GPAC_HAS_GNUTLS
-+	if (sess->gnutls_session) {
-+		gnutls_bye(sess->gnutls_session, GNUTLS_SHUT_RDWR);
-+		sess->gnutls_session = NULL;
- 	}
- #endif
- 	if (sess->sock) {
-@@ -385,10 +329,10 @@
- 	else if (!strnicmp(url, "https://", 8)) {
- 		url += 8;
- 		sess->port = 443;
--#ifndef GPAC_HAS_SSL
-+#ifndef GPAC_HAS_GNUTLS
- 		return GF_NOT_SUPPORTED;
- #endif
--		sess->flags |= GF_DOWNLOAD_SESSION_USE_SSL;
-+		sess->flags |= GF_DOWNLOAD_SESSION_USE_GNUTLS;
- 		sess->do_requests = http_do_requests;
- 	}
- 	else if (!strnicmp(url, "ftp://", 6)) {
-@@ -539,9 +483,9 @@
- {
- 	GF_Err e;
- 	
--#ifdef GPAC_HAS_SSL
--	if (sess->ssl) {
--		u32 size = SSL_read(sess->ssl, data, data_size);
-+#ifdef GPAC_HAS_GNUTLS
-+	if (sess->gnutls_session) {
-+		u32 size = gnutls_record_recv(sess->gnutls_session, data, data_size);
- 		e = GF_OK;
- 		data[size] = 0;
- 		if (!size) e = GF_IP_NETWORK_EMPTY;
-@@ -554,7 +498,7 @@
- }
- 
- 
--#ifdef GPAC_HAS_SSL
-+#ifdef GPAC_HAS_GNUTLS
- /*pattern comp taken from wget*/
- #define ASTERISK_EXCLUDES_DOT	/* mandated by rfc2818 */
- 
-@@ -650,32 +594,30 @@
- 	gf_sk_set_buffer_size(sess->sock, 0, GF_DOWNLOAD_BUFFER_SIZE);
- 	gf_dm_configure_cache(sess);
- 
--#ifdef GPAC_HAS_SSL
-+#ifdef GPAC_HAS_GNUTLS
- 	/*socket is connected, configure SSL layer*/
--	if (!sess->ssl && sess->dm->ssl_ctx && (sess->flags & GF_DOWNLOAD_SESSION_USE_SSL)) {
-+	if (!sess->gnutls_session && sess->dm->gnutls_initialized &&
-+		(sess->flags & GF_DOWNLOAD_SESSION_USE_GNUTLS)) {
- 		int ret;
- 		long vresult;
--		char common_name[256];
--	    X509 *cert;
- 		Bool success = 1;
--
--		sess->ssl = SSL_new(sess->dm->ssl_ctx);
--		SSL_set_fd(sess->ssl, gf_sk_get_handle(sess->sock));
--		SSL_set_connect_state(sess->ssl);
--		ret = SSL_connect(sess->ssl);
-+		const gnutls_datum_t *cert_list;
-+		int cert_list_size = 0;
-+		gnutls_x509_crt_t x509_cert;
-+		gnutls_x509_dn_t *x509_dn;
-+
-+		gnutls_init(sess->gnutls_session, GNUTLS_CLIENT);
-+		gnutls_transport_set_ptr(sess->gnutls_session, gf_sk_get_handle(sess->sock));
-+		ret = gnutls_handshake(sess->gnutls_session);
- 		assert(ret>0);
- 
--		cert = SSL_get_peer_certificate(sess->ssl);       
-+		cert_list = gnutls_certificate_get_peers(sess->gnutls_session, &cert_list_size);
- 		/*if we have a cert, check it*/
--		if (cert) {
--			vresult = SSL_get_verify_result(sess->ssl);
--			if (vresult != X509_V_OK) success = 0;
--			else {
--				common_name[0] = 0;
--				X509_NAME_get_text_by_NID(X509_get_subject_name(cert), NID_commonName, common_name, sizeof (common_name));
--				if (!pattern_match(common_name, sess->server_name)) success = 0;
--			}
--			X509_free(cert);
-+		if (cert_list) {
-+			gnutls_x509_crt_init(&x509_cert);
-+			gnutls_x509_crt_import(x509_cert, &cert_list[0], GNUTLS_X509_FMT_DER);
-+			if (!gnutls_x509_crt_check_hostname(x509_cert, sess->server_name)) success = 0;
-+			gnutls_x509_crt_deinit(x509_cert);
- 
- 			if (!success) {
- 				gf_dm_disconnect(sess);
-@@ -741,8 +683,8 @@
- 			dm->cache_directory = strdup(opt);
- 		}
- 	}
--#ifdef GPAC_HAS_SSL
--	ssl_init(dm, 0);
-+#ifdef GPAC_HAS_GNUTLS
-+	gnutls_lib_init(dm, 0);
- #endif
- 	return dm;
- }
-@@ -768,8 +710,11 @@
- 
- 	free(dm->cache_directory);
- 
--#ifdef GPAC_HAS_SSL
--	if (dm->ssl_ctx) SSL_CTX_free(dm->ssl_ctx);
-+#ifdef GPAC_HAS_GNUTLS
-+	if (dm->gnutls_initialized) {
-+		gnutls_global_deinit;
-+		dm->gnutls_initialized = 0;
-+	}
- #endif
- 
- 	free(dm);
-@@ -1162,10 +1107,10 @@
- 				fclose(profile);
- 			}
- 
--#ifdef GPAC_HAS_SSL
--			if (sess->ssl) {
-+#ifdef GPAC_HAS_GNUTLS
-+			if (sess->gnutls_session) {
- 				e = GF_IP_NETWORK_FAILURE;
--				if (!SSL_write(sess->ssl, tmp_buf, len+par.size)) e = GF_OK;
-+				if (!gnutls_record_send(sess->gnutls_session, tmp_buf, len+par.size)) e = GF_OK;
- 			} else 
- #endif
- 				e = gf_sk_send(sess->sock, tmp_buf, len+par.size);
-@@ -1174,10 +1119,10 @@
- 			free(tmp_buf);
- 		} else {
- 
--#ifdef GPAC_HAS_SSL
--			if (sess->ssl) {
-+#ifdef GPAC_HAS_GNUTLS
-+			if (sess->gnutls_session) {
- 				e = GF_IP_NETWORK_FAILURE;
--				if (!SSL_write(sess->ssl, sHTTP, strlen(sHTTP))) e = GF_OK;
-+				if (!gnutls_record_send(sess->gnutls_session, sHTTP, strlen(sHTTP))) e = GF_OK;
- 			} else 
- #endif
- 				e = gf_sk_send(sess->sock, sHTTP, strlen(sHTTP));

-- 
gpac packaging

More information about the pkg-multimedia-commits mailing list