Overview
| Comment: | Modernize the code a little |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
9355649e3a41416e4781a6500e649673 |
| User & Date: | js on 2017-05-14 00:33:26 |
| Other Links: | manifest | tags |
Context
|
2017-06-21
| ||
| 21:04 | Adjust to ObjFW changes check-in: 2ee844508a user: js tags: trunk | |
|
2017-05-14
| ||
| 00:33 | Modernize the code a little check-in: 9355649e3a user: js tags: trunk | |
|
2017-05-08
| ||
| 00:31 | Adjust to recent ObjFW changes check-in: 897afb173c user: js tags: trunk | |
Changes
Modified src/SSLConnectionFailedException.h from [6a80ad2a18] to [9ce0b3fc0f].
| ︙ | ︙ | |||
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#import <ObjFW/OFConnectionFailedException.h>
@class SSLSocket;
@interface SSLConnectionFailedException: OFConnectionFailedException
{
unsigned long _SSLError;
long _verifyResult;
}
| > > | | > > > > > > > > > > > > > > | > > | 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 |
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#import <ObjFW/OFConnectionFailedException.h>
OF_ASSUME_NONNULL_BEGIN
@class SSLSocket;
@interface SSLConnectionFailedException: OFConnectionFailedException
{
unsigned long _SSLError;
long _verifyResult;
}
@property (readonly, nonatomic) unsigned long SSLError;
@property (readonly, nonatomic) long verifyResult;
+ (instancetype)exceptionWithHost: (OFString *)host
port: (uint16_t)port
socket: (id)socket OF_UNAVAILABLE;
+ (instancetype)exceptionWithHost: (OFString *)host
port: (uint16_t)port
socket: (id)socket
errNo: (int)errNo OF_UNAVAILABLE;
+ (instancetype)exceptionWithHost: (OFString *)host
port: (uint16_t)port
socket: (SSLSocket *)socket
SSLError: (unsigned long)SSLError;
+ (instancetype)exceptionWithHost: (OFString *)host
port: (uint16_t)port
socket: (SSLSocket *)socket
SSLError: (unsigned long)SSLError
verifyResult: (long)verifyResult;
- initWithHost: (OFString *)host
port: (uint16_t)port
socket: (SSLSocket *)socket OF_UNAVAILABLE;
- initWithHost: (OFString *)host
port: (uint16_t)port
socket: (SSLSocket *)socket
errNo: (int)errNo OF_UNAVAILABLE;
- initWithHost: (OFString *)host
port: (uint16_t)port
socket: (SSLSocket *)socket
SSLError: (unsigned long)SSLError;
- initWithHost: (OFString *)host
port: (uint16_t)port
socket: (SSLSocket *)socket
SSLError: (unsigned long)SSLError
verifyResult: (long)verifyResult OF_DESIGNATED_INITIALIZER;
@end
OF_ASSUME_NONNULL_END
|
Modified src/SSLConnectionFailedException.m from [8a6d63315e] to [d8975e7b34].
| ︙ | ︙ | |||
40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
#endif
@implementation SSLConnectionFailedException
@synthesize SSLError = _SSLError, verifyResult = _verifyResult;
+ (instancetype)exceptionWithHost: (OFString *)host
port: (uint16_t)port
socket: (SSLSocket *)socket
SSLError: (unsigned long)SSLError
{
return [[[self alloc] initWithHost: host
port: port
socket: socket
SSLError: SSLError] autorelease];
| > > > > > > > > > > > > > > > | 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
#endif
@implementation SSLConnectionFailedException
@synthesize SSLError = _SSLError, verifyResult = _verifyResult;
+ (instancetype)exceptionWithHost: (OFString *)host
port: (uint16_t)port
socket: (id)socket
{
OF_UNRECOGNIZED_SELECTOR
}
+ (instancetype)exceptionWithHost: (OFString *)host
port: (uint16_t)port
socket: (id)socket
errNo: (int)errNo
{
OF_UNRECOGNIZED_SELECTOR
}
+ (instancetype)exceptionWithHost: (OFString *)host
port: (uint16_t)port
socket: (SSLSocket *)socket
SSLError: (unsigned long)SSLError
{
return [[[self alloc] initWithHost: host
port: port
socket: socket
SSLError: SSLError] autorelease];
|
| ︙ | ︙ | |||
65 66 67 68 69 70 71 72 73 74 |
socket: socket
SSLError: SSLError
verifyResult: verifyResult] autorelease];
}
- initWithHost: (OFString *)host
port: (uint16_t)port
socket: (SSLSocket *)socket
SSLError: (unsigned long)SSLError
{
| > > > > > > > > > > > > > > > | | | < | | < | 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 |
socket: socket
SSLError: SSLError
verifyResult: verifyResult] autorelease];
}
- initWithHost: (OFString *)host
port: (uint16_t)port
socket: (id)socket
{
OF_INVALID_INIT_METHOD
}
- initWithHost: (OFString *)host
port: (uint16_t)port
socket: (id)socket
errNo: (int)errNo
{
OF_INVALID_INIT_METHOD
}
- initWithHost: (OFString *)host
port: (uint16_t)port
socket: (SSLSocket *)socket
SSLError: (unsigned long)SSLError
{
return [self initWithHost: host
port: port
socket: socket
SSLError: SSLError
verifyResult: 0];
}
- initWithHost: (OFString *)host
port: (uint16_t)port
socket: (SSLSocket *)socket
SSLError: (unsigned long)SSLError
verifyResult: (long)verifyResult
|
| ︙ | ︙ |
Modified src/SSLInvalidCertificateException.h from [f008217145] to [12457e0743].
| ︙ | ︙ | |||
19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#import <ObjFW/OFString.h>
#import <ObjFW/OFException.h>
@interface SSLInvalidCertificateException: OFException
{
OFString *_reason;
}
@property (readonly, nonatomic) OFString *reason;
| > > > | > | > > | 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#import <ObjFW/OFString.h>
#import <ObjFW/OFException.h>
OF_ASSUME_NONNULL_BEGIN
@interface SSLInvalidCertificateException: OFException
{
OFString *_reason;
}
@property (readonly, nonatomic) OFString *reason;
+ (instancetype)exception;
+ (instancetype)exceptionWithReason: (OFString *)reason;
- init OF_UNAVAILABLE;
- initWithReason: (OFString *)reason OF_DESIGNATED_INITIALIZER;
@end
OF_ASSUME_NONNULL_END
|
Modified src/SSLInvalidCertificateException.m from [35a1cf06ce] to [8b98c5bd7a].
| ︙ | ︙ | |||
26 27 28 29 30 31 32 | #import "SSLInvalidCertificateException.h" #import <ObjFW/macros.h> @implementation SSLInvalidCertificateException @synthesize reason = _reason; | > > > > > | < < < < < < | < | 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
#import "SSLInvalidCertificateException.h"
#import <ObjFW/macros.h>
@implementation SSLInvalidCertificateException
@synthesize reason = _reason;
+ (instancetype)exception
{
OF_UNRECOGNIZED_SELECTOR
}
+ (instancetype)exceptionWithReason: (OFString *)reason
{
return [[[self alloc] initWithReason: reason] autorelease];
}
- init
{
OF_INVALID_INIT_METHOD
}
- initWithReason: (OFString *)reason
{
self = [super init];
@try {
|
| ︙ | ︙ |
Modified src/SSLSocket.h from [f13e02580e] to [b846ea7d60].
| ︙ | ︙ | |||
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
*/
#include <openssl/ssl.h>
#import <ObjFW/OFTCPSocket.h>
#import <ObjFW/OFTLSSocket.h>
@class X509Certificate;
@interface SSLSocket: OFTCPSocket <OFTLSSocket>
{
SSL *_SSL;
OFString *_certificateFile, *_privateKeyFile;
const char *_privateKeyPassphrase;
bool _certificateVerificationEnabled;
bool _requestClientCertificatesEnabled;
}
| > > | > > < | < > > | 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
*/
#include <openssl/ssl.h>
#import <ObjFW/OFTCPSocket.h>
#import <ObjFW/OFTLSSocket.h>
OF_ASSUME_NONNULL_BEGIN
@class X509Certificate;
@interface SSLSocket: OFTCPSocket <OFTLSSocket>
{
SSL *_SSL;
OFString *_certificateFile, *_privateKeyFile;
const char *_privateKeyPassphrase;
bool _certificateVerificationEnabled;
bool _requestClientCertificatesEnabled;
}
@property (nonatomic, getter=isRequestClientCertificatesEnabled)
bool requestClientCertificatesEnabled;
@property OF_NULLABLE_PROPERTY (readonly, nonatomic)
X509Certificate *peerCertificate;
- initWithSocket: (OFTCPSocket *)socket;
- (OFDataArray *)channelBindingDataWithType: (OFString *)type;
- (nullable X509Certificate *)peerCertificate;
@end
OF_ASSUME_NONNULL_END
|
Modified src/SSLSocket.m from [4bda3d1898] to [4e8d75c76a].
| ︙ | ︙ | |||
85 86 87 88 89 90 91 92 93 94 95 96 97 98 | * release it otherwise. */ if (mode & CRYPTO_LOCK) of_mutex_lock(&ssl_mutexes[n]); else of_mutex_unlock(&ssl_mutexes[n]); } @implementation SSLSocket @synthesize delegate = _delegate, certificateFile = _certificateFile; @synthesize privateKeyFile = _privateKeyFile; @synthesize privateKeyPassphrase = privateKeyPassphrase; @synthesize certificateVerificationEnabled = _certificateVerificationEnabled; @synthesize requestClientCertificatesEnabled = | > > > > | 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 | * release it otherwise. */ if (mode & CRYPTO_LOCK) of_mutex_lock(&ssl_mutexes[n]); else of_mutex_unlock(&ssl_mutexes[n]); } @interface SSLSocket () - (void)SSL_super_close; @end @implementation SSLSocket @synthesize delegate = _delegate, certificateFile = _certificateFile; @synthesize privateKeyFile = _privateKeyFile; @synthesize privateKeyPassphrase = privateKeyPassphrase; @synthesize certificateVerificationEnabled = _certificateVerificationEnabled; @synthesize requestClientCertificatesEnabled = |
| ︙ | ︙ | |||
440 441 442 443 444 445 446 |
return data;
}
- (X509Certificate *)peerCertificate
{
X509 *certificate = SSL_get_peer_certificate(_SSL);
| | | 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 |
return data;
}
- (X509Certificate *)peerCertificate
{
X509 *certificate = SSL_get_peer_certificate(_SSL);
if (certificate == NULL)
return nil;
return [[[X509Certificate alloc]
initWithX509Struct: certificate] autorelease];
}
- (void)verifyPeerCertificate
|
| ︙ | ︙ |
Modified src/X509Certificate.h from [cfee049047] to [4c448ff73c].
| ︙ | ︙ | |||
22 23 24 25 26 27 28 | */ #include <openssl/x509.h> #import <ObjFW/OFObject.h> #import <ObjFW/OFString.h> | | > > > | > > > > > < < < < < < < < > > | 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
*/
#include <openssl/x509.h>
#import <ObjFW/OFObject.h>
#import <ObjFW/OFString.h>
OF_ASSUME_NONNULL_BEGIN
/* OIDs: */
#define OID_commonName @"2.5.4.3"
#define OID_surname @"2.5.4.4"
#define OID_serialNumber @"2.5.4.5"
#define OID_countryName @"2.5.4.6"
#define ID_localityName @"2.5.4.7"
#define OID_stateOrProvinceName @"2.5.4.8"
#define OID_streetAddress @"2.5.4.9"
#define OID_organizationName @"2.5.4.10"
#define OID_organizationalUnitName @"2.5.4.11"
#define OID_SRVName @"1.3.6.1.5.5.7.8.7"
@class OFDictionary;
@interface X509OID: OFObject <OFCopying>
{
OFString *_string;
}
- init OF_UNAVAILABLE;
- initWithUTF8String: (const char *)string OF_DESIGNATED_INITIALIZER;
@end
@interface X509Certificate: OFObject
{
X509 *_certificate;
OFDictionary *_issuer;
OFDictionary *_subject;
OFDictionary *_subjectAlternativeName;
}
@property (readonly, nonatomic) OFDictionary *issuer;
@property (readonly, nonatomic) OFDictionary *subject;
@property (readonly, nonatomic) OFDictionary *subjectAlternateName;
- init OF_UNAVAILABLE;
- initWithFile: (OFString *)file;
- initWithX509Struct: (X509 *)cert;
- (bool)hasCommonNameMatchingDomain: (OFString *)domain;
- (bool)hasDNSNameMatchingDomain: (OFString *)domain;
- (bool)hasSRVNameMatchingDomain: (OFString *)domain
service: (OFString *)service;
@end
OF_ASSUME_NONNULL_END
|
Modified src/X509Certificate.m from [9a2b71b6f1] to [ed578c75c6].
| ︙ | ︙ | |||
43 44 45 46 47 48 49 50 51 52 53 |
#import <ObjFW/OFInitializationFailedException.h>
#import <ObjFW/OFInvalidEncodingException.h>
#import <ObjFW/OFList.h>
#import <ObjFW/OFMutableDictionary.h>
#import <ObjFW/OFString.h>
#import <ObjFW/macros.h>
@implementation X509Certificate
- initWithFile: (OFString *)path
{
| > > > > > > > > > > > > > > > > > | | 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
#import <ObjFW/OFInitializationFailedException.h>
#import <ObjFW/OFInvalidEncodingException.h>
#import <ObjFW/OFList.h>
#import <ObjFW/OFMutableDictionary.h>
#import <ObjFW/OFString.h>
#import <ObjFW/macros.h>
OF_ASSUME_NONNULL_BEGIN
@interface X509Certificate ()
- (bool)X509_isAssertedDomain: (OFString *)asserted
equalDomain: (OFString *)domain;
- (OFDictionary *)X509_dictionaryFromX509Name: (X509_NAME *)name;
- (X509OID *)X509_stringFromASN1Object: (ASN1_OBJECT *)obj;
- (OFString *)X509_stringFromASN1String: (ASN1_STRING *)str;
@end
OF_ASSUME_NONNULL_END
@implementation X509Certificate
- init
{
OF_INVALID_INIT_METHOD
}
- initWithFile: (OFString *)path
{
self = [super init];
@try {
OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init];
OFDataArray *data = [OFDataArray
dataArrayWithContentsOfFile: path];
const unsigned char *dataCArray = [data items];
|
| ︙ | ︙ | |||
71 72 73 74 75 76 77 |
}
return self;
}
- initWithX509Struct: (X509 *)certificate
{
| | | 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 |
}
return self;
}
- initWithX509Struct: (X509 *)certificate
{
self = [super init];
@try {
_certificate = X509_dup(certificate);
if (_certificate == NULL)
@throw [OFInitializationFailedException
exceptionWithClass: [self class]];
} @catch (id e) {
|
| ︙ | ︙ | |||
261 262 263 264 265 266 267 |
_subjectAlternativeName = [ret retain];
return ret;
}
- (bool)hasCommonNameMatchingDomain: (OFString *)domain
{
| < < < | < < < < | > < < | | 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 |
_subjectAlternativeName = [ret retain];
return ret;
}
- (bool)hasCommonNameMatchingDomain: (OFString *)domain
{
OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init];
for (OFString *name in [[self subject] objectForKey: OID_commonName]) {
if ([self X509_isAssertedDomain: name
equalDomain: domain]) {
[pool release];
return true;
}
}
[pool release];
return false;
}
- (bool)hasDNSNameMatchingDomain: (OFString *)domain
{
OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init];
for (OFString *name in
[[self subjectAlternativeName] objectForKey: @"dNSName"]) {
if ([self X509_isAssertedDomain: name
equalDomain: domain]) {
[pool release];
return true;
}
}
[pool release];
return false;
}
- (bool)hasSRVNameMatchingDomain: (OFString *)domain
service: (OFString *)service
{
size_t serviceLength;
OFAutoreleasePool *pool = [[OFAutoreleasePool alloc] init];
OFDictionary *SANs = [self subjectAlternativeName];
OFList *assertedNames = [[SANs objectForKey: @"otherName"]
objectForKey: OID_SRVName];
if (![service hasPrefix: @"_"])
service = [service stringByPrependingString: @"_"];
service = [service stringByAppendingString: @"."];
serviceLength = [service length];
for (OFString *name in assertedNames) {
if ([name hasPrefix: service]) {
OFString *asserted;
asserted = [name substringWithRange: of_range(
serviceLength, [name length] - serviceLength)];
if ([self X509_isAssertedDomain: asserted
equalDomain: domain]) {
[pool release];
|
| ︙ | ︙ | |||
439 440 441 442 443 444 445 446 447 |
}
return ret;
}
@end
@implementation X509OID
- initWithUTF8String: (const char *)string
{
| > > > > > | | 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 |
}
return ret;
}
@end
@implementation X509OID
- init
{
OF_INVALID_INIT_METHOD
}
- initWithUTF8String: (const char *)string
{
self = [super init];
@try {
_string = [[OFString alloc] initWithUTF8String: string];
} @catch (id e) {
[self release];
@throw e;
}
|
| ︙ | ︙ |