ObjOpenSSL  Check-in [4192ab66c8]

Overview
Comment:Conform to OFTLSSocket.

Still a few FIXMEs / TODOs.

Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 4192ab66c81c4730a9b5721d2bf1f8b1066507a6267b106fc26e545ccd45b4cd
User & Date: js on 2013-03-31 10:04:53
Other Links: manifest | tags
Context
2013-04-03
21:26
Disable -Werror until we fully conform to OFTLSSocket again check-in: 51a0e4d05b user: florob@babelmonkeys.de tags: trunk
2013-03-31
10:04
Conform to OFTLSSocket. check-in: 4192ab66c8 user: js tags: trunk
2013-03-04
17:37
Replace BOOL with bool. check-in: 09e348c39a user: js tags: trunk
Changes

Modified src/SSLInvalidCertificateException.m from [25bd35d91a] to [55bf9206f9].

16
17
18
19
20
21
22


23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

40

41
42

43

44
45
46
47
48
49
50
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */



#import "SSLInvalidCertificateException.h"

#import <ObjFW/macros.h>

#import <ObjFW/OFNotImplementedException.h>

@implementation SSLInvalidCertificateException
+ exceptionWithClass: (Class)class
	      reason: (OFString*)reason
{
	return [[[self alloc] initWithClass: class
				     reason: reason] autorelease];
}

- initWithClass: (Class)class
{

	Class c = [self class];

	[self release];
	@throw [OFNotImplementedException exceptionWithClass: c

						    selector: _cmd];

}

- initWithClass: (Class)class
	 reason: (OFString*)reason
{
	self = [super initWithClass: class];








>
>





<
<










>
|
>
|
|
>
|
>







16
17
18
19
20
21
22
23
24
25
26
27
28
29


30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#include <stdlib.h>

#import "SSLInvalidCertificateException.h"

#import <ObjFW/macros.h>



@implementation SSLInvalidCertificateException
+ exceptionWithClass: (Class)class
	      reason: (OFString*)reason
{
	return [[[self alloc] initWithClass: class
				     reason: reason] autorelease];
}

- initWithClass: (Class)class
{
	@try {
		[self doesNotRecognizeSelector: _cmd];
	} @catch (id e) {
		[self release];
		@throw e;
	}

	abort();
}

- initWithClass: (Class)class
	 reason: (OFString*)reason
{
	self = [super initWithClass: class];

Modified src/SSLSocket.h from [40186b2917] to [127e317cb2].

20
21
22
23
24
25
26

27
28
29
30
31
32
33

34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#include <openssl/ssl.h>

#import <ObjFW/OFTCPSocket.h>


@class X509Certificate;

@interface SSLSocket: OFTCPSocket
{
	SSL *_SSL;
	OFString *_privateKeyFile, *_certificateFile;

	bool _requestsClientCertificates;
}

#ifdef OF_HAVE_PROPERTIES
@property (copy) OFString *privateKeyFile, *certificateFile;
@property bool requestsClientCertificates;
#endif

- initWithSocket: (OFTCPSocket*)socket;
-  initWithSocket: (OFTCPSocket*)socket
   privateKeyFile: (OFString*)privateKeyFile
  certificateFile: (OFString*)certificateFile;
- (void)SSL_super_close;
- (SSLSocket*)accept;	/* Changes the return type */
- (void)setPrivateKeyFile: (OFString*)file;
- (OFString*)privateKeyFile;
- (void)setCertificateFile: (OFString*)file;
- (OFString*)certificateFile;
- (void)setRequestsClientCertificates: (bool)enabled;
- (bool)requestsClientCertificates;
- (OFDataArray*)channelBindingDataWithType: (OFString*)type;
- (X509Certificate*)peerCertificate;
- (void)verifyPeerCertificate;
@end







>



|


|
>




<




<
<
<

<
<
<
<
<






20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

40
41
42
43



44





45
46
47
48
49
50
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#include <openssl/ssl.h>

#import <ObjFW/OFTCPSocket.h>
#import <ObjFW/OFTLSSocket.h>

@class X509Certificate;

@interface SSLSocket: OFTCPSocket <OFTLSSocket>
{
	SSL *_SSL;
	OFString *_certificateFile, *_privateKeyFile;
	const char *_privateKeyPassphrase;
	bool _requestsClientCertificates;
}

#ifdef OF_HAVE_PROPERTIES

@property bool requestsClientCertificates;
#endif

- initWithSocket: (OFTCPSocket*)socket;



- (void)SSL_super_close;





- (void)setRequestsClientCertificates: (bool)enabled;
- (bool)requestsClientCertificates;
- (OFDataArray*)channelBindingDataWithType: (OFString*)type;
- (X509Certificate*)peerCertificate;
- (void)verifyPeerCertificate;
@end

Modified src/SSLSocket.m from [72b1fab442] to [20965632b7].

111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206

















207
208
209
210
211
212
213
214
215
216
217
218
219
	if (SSL_CTX_set_default_verify_paths(ctx) == 0)
		@throw [OFInitializationFailedException
		    exceptionWithClass: self];
}

- initWithSocket: (OFTCPSocket*)socket
{
	return [self initWithSocket: socket
		     privateKeyFile: nil
		    certificateFile: nil];
}

-  initWithSocket: (OFTCPSocket*)socket
   privateKeyFile: (OFString*)privateKeyFile
  certificateFile: (OFString*)certificateFile
{
	self = [self init];

	@try {
		/* FIXME: Also allow with accepted sockets */

		_privateKeyFile = [privateKeyFile copy];
		_certificateFile = [certificateFile copy];

		_socket = dup(socket->_socket);

		if ((_SSL = SSL_new(ctx)) == NULL ||
		    !SSL_set_fd(_SSL, _socket)) {
			close(_socket);
			_socket = INVALID_SOCKET;
			@throw [OFInitializationFailedException
			    exceptionWithClass: [self class]];
		}

		SSL_set_connect_state(_SSL);

		if ((_privateKeyFile != nil && !SSL_use_PrivateKey_file(_SSL,
		    [_privateKeyFile cStringWithEncoding:
		    OF_STRING_ENCODING_NATIVE], SSL_FILETYPE_PEM)) ||
		    (_certificateFile != nil && !SSL_use_certificate_file(_SSL,
		    [_certificateFile cStringWithEncoding:
		    OF_STRING_ENCODING_NATIVE], SSL_FILETYPE_PEM)) ||
		    SSL_connect(_SSL) != 1) {
			close(_socket);
			_socket = INVALID_SOCKET;
			@throw [OFInitializationFailedException
			    exceptionWithClass: [self class]];
		}
	} @catch (id e) {
		[self release];
		@throw e;
	}

	return self;
}

- (void)dealloc
{
	SSL *SSL_ = _SSL;

	[_privateKeyFile release];
	[_certificateFile release];

	[super dealloc];

	if (SSL_ != NULL)
		SSL_free(SSL_);
}

- (void)connectToHost: (OFString*)host
		 port: (uint16_t)port
{
	[super connectToHost: host
			port: port];

	if ((_SSL = SSL_new(ctx)) == NULL || !SSL_set_fd(_SSL, _socket)) {
		[super close];
		@throw [OFConnectionFailedException
		    exceptionWithClass: [self class]
				socket: self
				  host: host
				  port: port];
	}

	SSL_set_connect_state(_SSL);

	if ((_privateKeyFile != nil && !SSL_use_PrivateKey_file(_SSL,
	    [_privateKeyFile cStringWithEncoding: OF_STRING_ENCODING_NATIVE],
	    SSL_FILETYPE_PEM)) || (_certificateFile != nil &&
	    !SSL_use_certificate_file(_SSL, [_certificateFile
	    cStringWithEncoding: OF_STRING_ENCODING_NATIVE],
	    SSL_FILETYPE_PEM)) || SSL_connect(_SSL) != 1) {
		[super close];
		@throw [OFConnectionFailedException
		    exceptionWithClass: [self class]
				socket: self

















				  host: host
				  port: port];
	}
}

- (SSLSocket*)accept
{
	SSLSocket *client = (SSLSocket*)[super accept];

	if ((client->_SSL = SSL_new(ctx)) == NULL ||
	    !SSL_set_fd(client->_SSL, client->_socket)) {
		[client SSL_super_close];
		@throw [OFAcceptFailedException exceptionWithClass: [self class]







<
<
<
<
<
<
<
<
<


<
<
<
<
<
<
|
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<

















|
<

<
<
<





|
|














>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>





|







111
112
113
114
115
116
117









118
119






120



























121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

139



140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
	if (SSL_CTX_set_default_verify_paths(ctx) == 0)
		@throw [OFInitializationFailedException
		    exceptionWithClass: self];
}

- initWithSocket: (OFTCPSocket*)socket
{









	self = [self init];







	_socket = dup(socket->_socket);




























	return self;
}

- (void)dealloc
{
	SSL *SSL_ = _SSL;

	[_privateKeyFile release];
	[_certificateFile release];

	[super dealloc];

	if (SSL_ != NULL)
		SSL_free(SSL_);
}

- (void)startTLS

{



	if ((_SSL = SSL_new(ctx)) == NULL || !SSL_set_fd(_SSL, _socket)) {
		[super close];
		@throw [OFConnectionFailedException
		    exceptionWithClass: [self class]
				socket: self
				  host: nil
				  port: 0];
	}

	SSL_set_connect_state(_SSL);

	if ((_privateKeyFile != nil && !SSL_use_PrivateKey_file(_SSL,
	    [_privateKeyFile cStringWithEncoding: OF_STRING_ENCODING_NATIVE],
	    SSL_FILETYPE_PEM)) || (_certificateFile != nil &&
	    !SSL_use_certificate_file(_SSL, [_certificateFile
	    cStringWithEncoding: OF_STRING_ENCODING_NATIVE],
	    SSL_FILETYPE_PEM)) || SSL_connect(_SSL) != 1) {
		[super close];
		@throw [OFConnectionFailedException
		    exceptionWithClass: [self class]
				socket: self
				  host: nil
				  port: 0];
	}
}

- (void)connectToHost: (OFString*)host
		 port: (uint16_t)port
{
	[super connectToHost: host
			port: port];

	@try {
		[self startTLS];
	} @catch (OFConnectionFailedException *e) {
		@throw [OFConnectionFailedException
		    exceptionWithClass: [self class]
				socket: self
				  host: host
				  port: port];
	}
}

- (instancetype)accept
{
	SSLSocket *client = (SSLSocket*)[super accept];

	if ((client->_SSL = SSL_new(ctx)) == NULL ||
	    !SSL_set_fd(client->_SSL, client->_socket)) {
		[client SSL_super_close];
		@throw [OFAcceptFailedException exceptionWithClass: [self class]
329
330
331
332
333
334
335
336
337
338


339
340
341
342

343
344
345
346
347
348
349
350
351
352
353
354





















355
356
357
358
359
360
361
{
	if (_SSL == NULL)
		return [super numberOfBytesInReadBuffer];

	return [super numberOfBytesInReadBuffer] + SSL_pending(_SSL);
}

- (void)setPrivateKeyFile: (OFString*)privateKeyFile
{
	OF_SETTER(_privateKeyFile, privateKeyFile, true, 1)


}

- (OFString*)privateKeyFile
{

	OF_GETTER(_privateKeyFile, true)
}

- (void)setCertificateFile: (OFString*)certificateFile
{
	OF_SETTER(_certificateFile, certificateFile, true, 1)
}

- (OFString*)certificateFile
{
	OF_GETTER(_certificateFile, true)
}






















- (void)setRequestsClientCertificates: (bool)enabled
{
	_requestsClientCertificates = enabled;
}

- (bool)requestsClientCertificates







|

|
>
>


|

>
|











>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
{
	if (_SSL == NULL)
		return [super numberOfBytesInReadBuffer];

	return [super numberOfBytesInReadBuffer] + SSL_pending(_SSL);
}

- (void)setDelegate: (id <OFTLSSocketDelegate>)delegate
{
	/* FIXME */
	[self doesNotRecognizeSelector: _cmd];
	abort();
}

- (id <OFTLSSocketDelegate>)delegate
{
	/* FIXME */
	return nil;
}

- (void)setCertificateFile: (OFString*)certificateFile
{
	OF_SETTER(_certificateFile, certificateFile, true, 1)
}

- (OFString*)certificateFile
{
	OF_GETTER(_certificateFile, true)
}

- (void)setPrivateKeyFile: (OFString*)privateKeyFile
{
	OF_SETTER(_privateKeyFile, privateKeyFile, true, 1)
}

- (OFString*)privateKeyFile
{
	OF_GETTER(_privateKeyFile, true)
}

- (void)setPrivateKeyPassphrase: (const char*)privateKeyPassphrase
{
	/* FIXME */
}

- (const char*)privateKeyPassphrase
{
	/* FIXME */
	return NULL;
}

- (void)setRequestsClientCertificates: (bool)enabled
{
	_requestsClientCertificates = enabled;
}

- (bool)requestsClientCertificates