ObjOpenSSL  Check-in [7fa9a01744]

Overview
Comment:Add methods enabling certificate verification
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 7fa9a017444ca95d82085ccf5e22765a9e09ace9b2fc69049e2d47b02d0282a4
User & Date: florob@babelmonkeys.de on 2011-10-23 23:39:48
Other Links: manifest | tags
Context
2011-10-24
00:04
Add missing autorelease call check-in: 7a08940b40 user: florob@babelmonkeys.de tags: trunk
2011-10-23
23:39
Add methods enabling certificate verification check-in: 7fa9a01744 user: florob@babelmonkeys.de tags: trunk
2011-10-22
16:36
Register helpers for thread-safety with OpenSSL. check-in: 54c783b25f user: jos@kuijpersvof.nl tags: trunk
Changes

Added src/SSLInvalidCertificateException.h version [6ee3f9f04b].

Added src/SSLInvalidCertificateException.m version [c95f2e562f].

Modified src/SSLSocket.h from [22a8ddfe80] to [224515dd9a].

19
20
21
22
23
24
25


26
27
28
29
30
31
32
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#include <openssl/ssl.h>

#import <ObjFW/OFTCPSocket.h>



@interface SSLSocket: OFTCPSocket
{
	SSL *ssl;
	OFString *privateKeyFile;
	OFString *certificateFile;
}







>
>







19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#include <openssl/ssl.h>

#import <ObjFW/OFTCPSocket.h>

@class X509Certificate;

@interface SSLSocket: OFTCPSocket
{
	SSL *ssl;
	OFString *privateKeyFile;
	OFString *certificateFile;
}
40
41
42
43
44
45
46


47
/* Change the return type */
- (SSLSocket*)accept;
- (void)setPrivateKeyFile: (OFString*)file;
- (OFString*)privateKeyFile;
- (void)setCertificateFile: (OFString*)file;
- (OFString*)certificateFile;
- (OFDataArray*)channelBindingDataWithType: (OFString*)type;


@end







>
>

42
43
44
45
46
47
48
49
50
51
/* Change the return type */
- (SSLSocket*)accept;
- (void)setPrivateKeyFile: (OFString*)file;
- (OFString*)privateKeyFile;
- (void)setCertificateFile: (OFString*)file;
- (OFString*)certificateFile;
- (OFDataArray*)channelBindingDataWithType: (OFString*)type;
- (X509Certificate*)peerCertificate;
- (void)verifyPeerCertificate;
@end

Modified src/SSLSocket.m from [c5200f606f] to [a3a5b1090c].

24
25
26
27
28
29
30

31
32


33
34
35
36
37
38
39
#include <errno.h>
#include <assert.h>

#import <ObjFW/OFHTTPRequest.h>
#import <ObjFW/OFDataArray.h>

#include <openssl/crypto.h>


#import "SSLSocket.h"



#import <ObjFW/OFAcceptFailedException.h>
#import <ObjFW/OFConnectionFailedException.h>
#import <ObjFW/OFInitializationFailedException.h>
#import <ObjFW/OFInvalidArgumentException.h>
#import <ObjFW/OFNotConnectedException.h>
#import <ObjFW/OFOutOfRangeException.h>







>


>
>







24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#include <errno.h>
#include <assert.h>

#import <ObjFW/OFHTTPRequest.h>
#import <ObjFW/OFDataArray.h>

#include <openssl/crypto.h>
#include <openssl/err.h>

#import "SSLSocket.h"
#import "SSLInvalidCertificateException.h"
#import "X509Certificate.h"

#import <ObjFW/OFAcceptFailedException.h>
#import <ObjFW/OFConnectionFailedException.h>
#import <ObjFW/OFInitializationFailedException.h>
#import <ObjFW/OFInvalidArgumentException.h>
#import <ObjFW/OFNotConnectedException.h>
#import <ObjFW/OFOutOfRangeException.h>
91
92
93
94
95
96
97




98
99
100
101
102
103
104
	if ((ctx = SSL_CTX_new(SSLv23_method())) == NULL)
		@throw [OFInitializationFailedException
		    exceptionWithClass: self];

	if ((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) == 0)
		@throw [OFInitializationFailedException
		    exceptionWithClass: self];




}

- initWithSocket: (OFTCPSocket*)socket
{
	self = [self init];

	@try {







>
>
>
>







94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
	if ((ctx = SSL_CTX_new(SSLv23_method())) == NULL)
		@throw [OFInitializationFailedException
		    exceptionWithClass: self];

	if ((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) == 0)
		@throw [OFInitializationFailedException
		    exceptionWithClass: self];

	if (SSL_CTX_set_default_verify_paths(ctx) == 0)
		@throw [OFInitializationFailedException
		    exceptionWithClass: self];
}

- initWithSocket: (OFTCPSocket*)socket
{
	self = [self init];

	@try {
339
340
341
342
343
344
345























346

	data = [OFDataArray dataArray];
	[data addNItems: length
	     fromCArray: buffer];

	return data;
}























@end







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376

	data = [OFDataArray dataArray];
	[data addNItems: length
	     fromCArray: buffer];

	return data;
}

- (X509Certificate*)peerCertificate
{
	X509 *certificate = SSL_get_peer_certificate(ssl);
	if (!certificate)
		return nil;

	return [[[X509Certificate alloc]
		initWithStruct: certificate] autorelease];
}

- (void)verifyPeerCertificate
{
	unsigned long ret;
	if ((SSL_get_peer_certificate(ssl) == NULL)
	    || ((ret = SSL_get_verify_result(ssl)) != X509_V_OK)) {
		const char *reason = X509_verify_cert_error_string(ret);
		@throw [SSLInvalidCertificateException
			exceptionWithClass: isa
				    reason: [OFString
						stringWithUTF8String: reason]];
	}
}
@end