ObjOpenSSL  Check-in [74db1e8212]

Overview
Comment:Add SSLConnectionFailedException

This way, when an SSLSocket is passed where an OFTCPSocket is expected,
the description will still contain the error and no special code for
SSLSocket is necessary.

Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 74db1e82125bf29a4495e1dc88c640066b2cf9119025808bf25f89a426f2f22e
User & Date: js on 2016-07-09 21:24:03
Other Links: manifest | tags
Context
2016-07-09
21:31
Move some files to build-aux check-in: 0649158fd6 user: js tags: trunk
21:24
Add SSLConnectionFailedException check-in: 74db1e8212 user: js tags: trunk
20:19
Change webkeks.org -> heap.zone check-in: 0326ada0ff user: js tags: trunk
Changes

Modified Info.plist from [a5f154578c] to [6c8a566c29].

1
2
3
4
5
6
7
8

9
10
11
12
13
14
15
1
2
3
4
5
6
7

8
9
10
11
12
13
14
15







-
+







<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>CFBundleExecutable</key>
	<string>${EXECUTABLE_NAME}</string>
	<key>CFBundleIdentifier</key>
	<string>zone.heap.${PRODUCT_NAME:rfc1034identifier}</string>
	<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
	<key>CFBundleInfoDictionaryVersion</key>
	<string>6.0</string>
	<key>CFBundleName</key>
	<string>${PRODUCT_NAME}</string>
	<key>CFBundlePackageType</key>
	<string>FMWK</string>
	<key>CFBundleShortVersionString</key>

Modified ObjOpenSSL.xcodeproj/project.pbxproj from [2bc3756224] to [3fed43f8c2].

11
12
13
14
15
16
17


18
19
20
21
22
23
24
25
26
27
28
29
30


31
32
33
34
35
36
37
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41







+
+













+
+







		4B19F58C14D17250005D52DC /* SSLInvalidCertificateException.m in Sources */ = {isa = PBXBuildFile; fileRef = 4B19F58814D17250005D52DC /* SSLInvalidCertificateException.m */; };
		4B19F58D14D17250005D52DC /* X509Certificate.h in Headers */ = {isa = PBXBuildFile; fileRef = 4B19F58914D17250005D52DC /* X509Certificate.h */; settings = {ATTRIBUTES = (Public, ); }; };
		4B19F58E14D17250005D52DC /* X509Certificate.m in Sources */ = {isa = PBXBuildFile; fileRef = 4B19F58A14D17250005D52DC /* X509Certificate.m */; };
		4B4F087813A01EEF00B60C3F /* ObjOpenSSL.h in Headers */ = {isa = PBXBuildFile; fileRef = 4B4F087713A01EEF00B60C3F /* ObjOpenSSL.h */; settings = {ATTRIBUTES = (Public, ); }; };
		4B9671B6193E55C800F9F80D /* ObjFW.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4B9671B5193E55C800F9F80D /* ObjFW.framework */; };
		4BD0AAEC1341289500445289 /* SSLSocket.h in Headers */ = {isa = PBXBuildFile; fileRef = 4BD0AAEA1341289500445289 /* SSLSocket.h */; settings = {ATTRIBUTES = (Public, ); }; };
		4BD0AAED1341289500445289 /* SSLSocket.m in Sources */ = {isa = PBXBuildFile; fileRef = 4BD0AAEB1341289500445289 /* SSLSocket.m */; };
		4BDE04741D319BFC0051EDB8 /* SSLConnectionFailedException.h in Headers */ = {isa = PBXBuildFile; fileRef = 4BDE04721D319BFC0051EDB8 /* SSLConnectionFailedException.h */; settings = {ATTRIBUTES = (Public, ); }; };
		4BDE04751D319BFC0051EDB8 /* SSLConnectionFailedException.m in Sources */ = {isa = PBXBuildFile; fileRef = 4BDE04731D319BFC0051EDB8 /* SSLConnectionFailedException.m */; };
/* End PBXBuildFile section */

/* Begin PBXFileReference section */
		4B1918EA1341272300D82152 /* ObjOpenSSL.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = ObjOpenSSL.framework; sourceTree = BUILT_PRODUCTS_DIR; };
		4B19F58714D17250005D52DC /* SSLInvalidCertificateException.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SSLInvalidCertificateException.h; path = src/SSLInvalidCertificateException.h; sourceTree = SOURCE_ROOT; };
		4B19F58814D17250005D52DC /* SSLInvalidCertificateException.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = SSLInvalidCertificateException.m; path = src/SSLInvalidCertificateException.m; sourceTree = SOURCE_ROOT; };
		4B19F58914D17250005D52DC /* X509Certificate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = X509Certificate.h; path = src/X509Certificate.h; sourceTree = SOURCE_ROOT; };
		4B19F58A14D17250005D52DC /* X509Certificate.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = X509Certificate.m; path = src/X509Certificate.m; sourceTree = SOURCE_ROOT; };
		4B4F087713A01EEF00B60C3F /* ObjOpenSSL.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ObjOpenSSL.h; path = src/ObjOpenSSL.h; sourceTree = SOURCE_ROOT; };
		4B9671B5193E55C800F9F80D /* ObjFW.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = ObjFW.framework; path = /Library/Frameworks/ObjFW.framework; sourceTree = "<absolute>"; };
		4BD0AAE91341286B00445289 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = SOURCE_ROOT; };
		4BD0AAEA1341289500445289 /* SSLSocket.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SSLSocket.h; path = src/SSLSocket.h; sourceTree = SOURCE_ROOT; };
		4BD0AAEB1341289500445289 /* SSLSocket.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = SSLSocket.m; path = src/SSLSocket.m; sourceTree = SOURCE_ROOT; };
		4BDE04721D319BFC0051EDB8 /* SSLConnectionFailedException.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SSLConnectionFailedException.h; path = src/SSLConnectionFailedException.h; sourceTree = SOURCE_ROOT; };
		4BDE04731D319BFC0051EDB8 /* SSLConnectionFailedException.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = SSLConnectionFailedException.m; path = src/SSLConnectionFailedException.m; sourceTree = SOURCE_ROOT; };
/* End PBXFileReference section */

/* Begin PBXFrameworksBuildPhase section */
		4B1918E61341272300D82152 /* Frameworks */ = {
			isa = PBXFrameworksBuildPhase;
			buildActionMask = 2147483647;
			files = (
68
69
70
71
72
73
74


75
76
77
78
79
80
81
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87







+
+







			sourceTree = "<group>";
		};
		4B1918F31341272300D82152 /* ObjOpenSSL */ = {
			isa = PBXGroup;
			children = (
				4B1918F41341272300D82152 /* Supporting Files */,
				4B4F087713A01EEF00B60C3F /* ObjOpenSSL.h */,
				4BDE04721D319BFC0051EDB8 /* SSLConnectionFailedException.h */,
				4BDE04731D319BFC0051EDB8 /* SSLConnectionFailedException.m */,
				4B19F58714D17250005D52DC /* SSLInvalidCertificateException.h */,
				4B19F58814D17250005D52DC /* SSLInvalidCertificateException.m */,
				4BD0AAEA1341289500445289 /* SSLSocket.h */,
				4BD0AAEB1341289500445289 /* SSLSocket.m */,
				4B19F58914D17250005D52DC /* X509Certificate.h */,
				4B19F58A14D17250005D52DC /* X509Certificate.m */,
			);
94
95
96
97
98
99
100

101
102
103
104
105
106
107
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114







+








/* Begin PBXHeadersBuildPhase section */
		4B1918E71341272300D82152 /* Headers */ = {
			isa = PBXHeadersBuildPhase;
			buildActionMask = 2147483647;
			files = (
				4B4F087813A01EEF00B60C3F /* ObjOpenSSL.h in Headers */,
				4BDE04741D319BFC0051EDB8 /* SSLConnectionFailedException.h in Headers */,
				4B19F58B14D17250005D52DC /* SSLInvalidCertificateException.h in Headers */,
				4BD0AAEC1341289500445289 /* SSLSocket.h in Headers */,
				4B19F58D14D17250005D52DC /* X509Certificate.h in Headers */,
			);
			runOnlyForDeploymentPostprocessing = 0;
		};
/* End PBXHeadersBuildPhase section */
127
128
129
130
131
132
133
134

135
136
137
138
139
140
141
134
135
136
137
138
139
140

141
142
143
144
145
146
147
148







-
+







		};
/* End PBXNativeTarget section */

/* Begin PBXProject section */
		4B1918E01341272300D82152 /* Project object */ = {
			isa = PBXProject;
			attributes = {
				LastUpgradeCheck = 0510;
				LastUpgradeCheck = 0730;
			};
			buildConfigurationList = 4B1918E31341272300D82152 /* Build configuration list for PBXProject "ObjOpenSSL" */;
			compatibilityVersion = "Xcode 3.2";
			developmentRegion = English;
			hasScannedForEncodings = 0;
			knownRegions = (
				en,
161
162
163
164
165
166
167

168
169
170
171
172
173
174
175
176
177
178
179

180
181
182
183
184
185
186
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195







+












+







/* End PBXResourcesBuildPhase section */

/* Begin PBXSourcesBuildPhase section */
		4B1918E51341272300D82152 /* Sources */ = {
			isa = PBXSourcesBuildPhase;
			buildActionMask = 2147483647;
			files = (
				4BDE04751D319BFC0051EDB8 /* SSLConnectionFailedException.m in Sources */,
				4B19F58C14D17250005D52DC /* SSLInvalidCertificateException.m in Sources */,
				4BD0AAED1341289500445289 /* SSLSocket.m in Sources */,
				4B19F58E14D17250005D52DC /* X509Certificate.m in Sources */,
			);
			runOnlyForDeploymentPostprocessing = 0;
		};
/* End PBXSourcesBuildPhase section */

/* Begin XCBuildConfiguration section */
		4B1918FA1341272300D82152 /* Debug */ = {
			isa = XCBuildConfiguration;
			buildSettings = {
				ENABLE_TESTABILITY = YES;
				GCC_C_LANGUAGE_STANDARD = gnu99;
				GCC_OPTIMIZATION_LEVEL = 0;
				GCC_PREPROCESSOR_DEFINITIONS = DEBUG;
				GCC_SYMBOLS_PRIVATE_EXTERN = NO;
				GCC_WARN_64_TO_32_BIT_CONVERSION = YES;
				GCC_WARN_ABOUT_RETURN_TYPE = YES;
				GCC_WARN_UNUSED_VARIABLE = YES;
220
221
222
223
224
225
226

227
228
229
230
231
232
233
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243







+







					"-fno-constant-cfstrings",
				);
				OTHER_LDFLAGS = (
					"-lssl",
					"-lcrypto",
					"-lz",
				);
				PRODUCT_BUNDLE_IDENTIFIER = "zone.heap.${PRODUCT_NAME:rfc1034identifier}";
				PRODUCT_NAME = "$(TARGET_NAME)";
				WARNING_CFLAGS = (
					"-Wall",
					"-Wshorten-64-to-32",
					"-Wwrite-strings",
					"-Wcast-align",
					"-Wpointer-arith",
259
260
261
262
263
264
265

266
267
268
269
270
271
272
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283







+







					"-fno-constant-cfstrings",
				);
				OTHER_LDFLAGS = (
					"-lssl",
					"-lcrypto",
					"-lz",
				);
				PRODUCT_BUNDLE_IDENTIFIER = "zone.heap.${PRODUCT_NAME:rfc1034identifier}";
				PRODUCT_NAME = "$(TARGET_NAME)";
				WARNING_CFLAGS = (
					"-Wall",
					"-Wshorten-64-to-32",
					"-Wwrite-strings",
					"-Wcast-align",
					"-Wpointer-arith",

Modified src/Makefile from [df6bd47288] to [d578e34b05].

1
2
3
4
5
6
7

8

9
10
11
12
13
14
15
1
2
3
4
5
6
7
8

9
10
11
12
13
14
15
16







+
-
+







include ../extra.mk

SHARED_LIB = ${OBJOPENSSL_SHARED_LIB}
STATIC_LIB = ${OBJOPENSSL_STATIC_LIB}
LIB_MAJOR = 0
LIB_MINOR = 0

SRCS = SSLConnectionFailedException.m	\
SRCS = SSLInvalidCertificateException.m	\
       SSLInvalidCertificateException.m	\
       SSLSocket.m			\
       X509Certificate.m

INCLUDES = ${SRCS:.m=.h}	\
	   ObjOpenSSL.h

include ../buildsys.mk

Added src/SSLConnectionFailedException.h version [f0918678a5].

Added src/SSLConnectionFailedException.m version [1abbf360e9].

Modified src/SSLSocket.m from [96271aec1e] to [3b375c6852].

30
31
32
33
34
35
36

37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63



64
65
66
67
68
69
70
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

50
51
52
53
54
55
56
57
58
59
60

61
62
63
64
65
66
67
68
69
70
71
72







+












-











-


+
+
+







#if defined(__clang__)
# pragma clang diagnostic push
# pragma clang diagnostic ignored "-Wdocumentation"
#endif

#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/x509v3.h>

#if defined(__clang__)
# pragma clang diagnostic pop
#endif

#import <ObjFW/OFThread.h>
#import <ObjFW/OFHTTPRequest.h>
#import <ObjFW/OFDataArray.h>
#import <ObjFW/OFSystemInfo.h>

#import <ObjFW/OFAcceptFailedException.h>
#import <ObjFW/OFConnectionFailedException.h>
#import <ObjFW/OFInitializationFailedException.h>
#import <ObjFW/OFInvalidArgumentException.h>
#import <ObjFW/OFNotOpenException.h>
#import <ObjFW/OFOutOfRangeException.h>
#import <ObjFW/OFReadFailedException.h>
#import <ObjFW/OFWriteFailedException.h>

#import <ObjFW/macros.h>
#import <ObjFW/threading.h>

#import "SSLSocket.h"
#import "SSLInvalidCertificateException.h"
#import "X509Certificate.h"

#import "SSLConnectionFailedException.h"
#import "SSLInvalidCertificateException.h"

#ifndef INVALID_SOCKET
# define INVALID_SOCKET -1
#endif

static SSL_CTX *ctx;
static of_mutex_t *ssl_mutexes;

171
172
173
174
175
176
177
178



179

180

181
182
183


184
185
186
187
188
189
190
191
192
193
194






195
196
197



198
199
200
201
202
203
204
205
206
207
208
209
210
211



212

213

214
215
216























217
218
219
220
221
222
223
173
174
175
176
177
178
179

180
181
182
183
184

185
186
187

188
189
190
191
192
193
194
195
196
197
198


199
200
201
202
203
204
205
206

207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222

223
224
225
226
227

228
229
230

231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260







-
+
+
+

+
-
+


-
+
+









-
-
+
+
+
+
+
+


-
+
+
+













-
+
+
+

+
-
+


-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+







}

- (void)SSL_startTLSWithExpectedHost: (OFString*)host
				port: (uint16_t)port
{
	of_string_encoding_t encoding;

	if ((_SSL = SSL_new(ctx)) == NULL || !SSL_set_fd(_SSL, _socket)) {
	if ((_SSL = SSL_new(ctx)) == NULL || SSL_set_fd(_SSL, _socket) != 1) {
		unsigned long error = ERR_get_error();

		[super close];

		@throw [OFConnectionFailedException
		@throw [SSLConnectionFailedException
		    exceptionWithHost: host
				 port: port
			       socket: self];
			       socket: self
			     SSLError: error];
	}

	if (_certificateVerificationEnabled) {
		X509_VERIFY_PARAM *param = SSL_get0_param(_SSL);

		X509_VERIFY_PARAM_set_hostflags(param,
		    X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);

		if (X509_VERIFY_PARAM_set1_host(param,
		    [host UTF8String], [host UTF8StringLength]) == 0)
			@throw [OFConnectionFailedException
		    [host UTF8String], [host UTF8StringLength]) != 1) {
			unsigned long error = ERR_get_error();

			[self close];

			@throw [SSLConnectionFailedException
			    exceptionWithHost: host
					 port: port
				       socket: self];
				       socket: self
				     SSLError: error];
		}

		SSL_set_verify(_SSL, SSL_VERIFY_PEER, NULL);
	}

	SSL_set_connect_state(_SSL);

	encoding = [OFSystemInfo native8BitEncoding];

	if ((_privateKeyFile != nil && !SSL_use_PrivateKey_file(_SSL,
	    [_privateKeyFile cStringWithEncoding: encoding],
	    SSL_FILETYPE_PEM)) || (_certificateFile != nil &&
	    !SSL_use_certificate_file(_SSL, [_certificateFile
	    cStringWithEncoding: encoding],
	    SSL_FILETYPE_PEM)) || SSL_connect(_SSL) != 1) {
	    SSL_FILETYPE_PEM))) {
		unsigned long error = ERR_get_error();

		[super close];

		@throw [OFConnectionFailedException
		@throw [SSLConnectionFailedException
		    exceptionWithHost: host
				 port: port
			       socket: self];
			       socket: self
			     SSLError: error];
	}

	if (SSL_connect(_SSL) != 1) {
		unsigned long error = ERR_get_error();
		long res;

		[super close];

		if ((res = SSL_get_verify_result(_SSL)) != X509_V_OK)
			@throw [SSLConnectionFailedException
			    exceptionWithHost: host
					 port: port
				       socket: self
				     SSLError: error
				 verifyResult: res];
		else
			@throw [SSLConnectionFailedException
			    exceptionWithHost: host
					 port: port
				       socket: self
				     SSLError: error];
	}
}

- (void)startTLSWithExpectedHost: (OFString*)host
{
	[self SSL_startTLSWithExpectedHost: host
				      port: 0];