Overview
| Comment: | Add methods enabling certificate verification |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
7fa9a017444ca95d82085ccf5e22765a |
| User & Date: | florob@babelmonkeys.de on 2011-10-23 23:39:48 |
| Other Links: | manifest | tags |
Context
|
2011-10-24
| ||
| 00:04 | Add missing autorelease call check-in: 7a08940b40 user: florob@babelmonkeys.de tags: trunk | |
|
2011-10-23
| ||
| 23:39 | Add methods enabling certificate verification check-in: 7fa9a01744 user: florob@babelmonkeys.de tags: trunk | |
|
2011-10-22
| ||
| 16:36 | Register helpers for thread-safety with OpenSSL. check-in: 54c783b25f user: jos@kuijpersvof.nl tags: trunk | |
Changes
Added src/SSLInvalidCertificateException.h version [6ee3f9f04b].
Added src/SSLInvalidCertificateException.m version [c95f2e562f].
Modified src/SSLSocket.h from [22a8ddfe80] to [224515dd9a].
| ︙ | |||
19 20 21 22 23 24 25 26 27 28 29 30 31 32 | 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | + + |
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <openssl/ssl.h>
#import <ObjFW/OFTCPSocket.h>
@class X509Certificate;
@interface SSLSocket: OFTCPSocket
{
SSL *ssl;
OFString *privateKeyFile;
OFString *certificateFile;
}
|
| ︙ | |||
40 41 42 43 44 45 46 47 | 42 43 44 45 46 47 48 49 50 51 | + + | /* Change the return type */ - (SSLSocket*)accept; - (void)setPrivateKeyFile: (OFString*)file; - (OFString*)privateKeyFile; - (void)setCertificateFile: (OFString*)file; - (OFString*)certificateFile; - (OFDataArray*)channelBindingDataWithType: (OFString*)type; - (X509Certificate*)peerCertificate; - (void)verifyPeerCertificate; @end |
Modified src/SSLSocket.m from [c5200f606f] to [a3a5b1090c].
| ︙ | |||
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 | 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 | + + + | #include <errno.h> #include <assert.h> #import <ObjFW/OFHTTPRequest.h> #import <ObjFW/OFDataArray.h> #include <openssl/crypto.h> #include <openssl/err.h> #import "SSLSocket.h" #import "SSLInvalidCertificateException.h" #import "X509Certificate.h" #import <ObjFW/OFAcceptFailedException.h> #import <ObjFW/OFConnectionFailedException.h> #import <ObjFW/OFInitializationFailedException.h> #import <ObjFW/OFInvalidArgumentException.h> #import <ObjFW/OFNotConnectedException.h> #import <ObjFW/OFOutOfRangeException.h> |
| ︙ | |||
91 92 93 94 95 96 97 98 99 100 101 102 103 104 | 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 | + + + + |
if ((ctx = SSL_CTX_new(SSLv23_method())) == NULL)
@throw [OFInitializationFailedException
exceptionWithClass: self];
if ((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) == 0)
@throw [OFInitializationFailedException
exceptionWithClass: self];
if (SSL_CTX_set_default_verify_paths(ctx) == 0)
@throw [OFInitializationFailedException
exceptionWithClass: self];
}
- initWithSocket: (OFTCPSocket*)socket
{
self = [self init];
@try {
|
| ︙ | |||
339 340 341 342 343 344 345 346 | 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 | + + + + + + + + + + + + + + + + + + + + + + + |
data = [OFDataArray dataArray];
[data addNItems: length
fromCArray: buffer];
return data;
}
- (X509Certificate*)peerCertificate
{
X509 *certificate = SSL_get_peer_certificate(ssl);
if (!certificate)
return nil;
return [[[X509Certificate alloc]
initWithStruct: certificate] autorelease];
}
- (void)verifyPeerCertificate
{
unsigned long ret;
if ((SSL_get_peer_certificate(ssl) == NULL)
|| ((ret = SSL_get_verify_result(ssl)) != X509_V_OK)) {
const char *reason = X509_verify_cert_error_string(ret);
@throw [SSLInvalidCertificateException
exceptionWithClass: isa
reason: [OFString
stringWithUTF8String: reason]];
}
}
@end
|