ObjOpenSSL  Check-in [944f3dbb18]

Overview
Comment:Adjust to ObjFW changes
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 944f3dbb188e2214aff67436581e6a1c87034e9ae10ece82ea63fe3868b7fe2c
User & Date: js on 2020-05-06 00:37:29
Other Links: manifest | tags
Context
2020-05-31
16:54
Update URL check-in: 66bd0c554f user: js tags: trunk
2020-05-06
00:37
Adjust to ObjFW changes check-in: 944f3dbb18 user: js tags: trunk
2020-04-05
23:10
Fix type mismatch with GCC check-in: 8d32ca35ce user: js tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Modified src/SSLSocket.h from [b1fffa112d] to [f131b16758]. 

38
39
40
41
42
43
44
45
46

47
48
49
50

51
52
53
54

55
56
57
58
59
60

38
39
40
41
42
43
44


45
46
47


48
49
50
51

52
53
54
55
56
57
58








-
-
+


-
-
+



-
+







@class X509Certificate;

@interface SSLSocket: OFTCPSocket <OFTLSSocket>
{
	SSL *_SSL;
	OFString *_certificateFile, *_privateKeyFile;
	const char *_privateKeyPassphrase;
	bool _certificateVerificationEnabled;
	bool _requestClientCertificatesEnabled;
	bool _verifiesCertificates, _requestsClientCertificates;
}

@property (nonatomic, getter=isRequestClientCertificatesEnabled)
    bool requestClientCertificatesEnabled;
@property (nonatomic) bool requestsClientCertificates;
@property OF_NULLABLE_PROPERTY (readonly, nonatomic)
    X509Certificate *peerCertificate;

- initWithSocket: (OFTCPSocket *)socket;
- (instancetype)initWithSocket: (OFTCPSocket *)socket;
- (OFData *)channelBindingDataWithType: (OFString *)type;
- (nullable X509Certificate *)peerCertificate;
- (void)verifyPeerCertificate;
@end

OF_ASSUME_NONNULL_END

Modified src/SSLSocket.m from [4db12c8daa] to [dd561157a7]. 

167
168
169
170
171
172
173
174
175
176


177
178
179
180
181
182
183

167
168
169
170
171
172
173



174
175
176
177
178
179
180
181
182








-
-
-
+
+








@end

@implementation SSLSocket
@dynamic delegate;
@synthesize certificateFile = _certificateFile;
@synthesize privateKeyFile = _privateKeyFile;
@synthesize privateKeyPassphrase = _privateKeyPassphrase;
@synthesize certificateVerificationEnabled = _certificateVerificationEnabled;
@synthesize requestClientCertificatesEnabled =
    _requestClientCertificatesEnabled;
@synthesize verifiesCertificates = _verifiesCertificates;
@synthesize requestsClientCertificates = _requestsClientCertificates;

+ (void)load
{
	of_tls_socket_class = self;
}

+ (void)initialize

214
215
216
217
218
219
220
221

222
223
224
225

226
227
228
229
230

231
232
233
234
235
236
237

213
214
215
216
217
218
219

220
221
222
223

224
225
226
227
228

229
230
231
232
233
234
235
236








-
+



-
+




-
+








#endif

	if (SSL_CTX_set_default_verify_paths(ctx) == 0)
		@throw [OFInitializationFailedException
		    exceptionWithClass: self];
}

- init
- (instancetype)init
{
	self = [super init];

	_certificateVerificationEnabled = true;
	_verifiesCertificates = true;

	return self;
}

- initWithSocket: (OFTCPSocket *)socket
- (instancetype)initWithSocket: (OFTCPSocket *)socket
{
	self = [self init];

	@try {
		if ((_socket = dup(socket->_socket)) < 0)
			@throw [OFInitializationFailedException exception];
	} @catch (id e) {

279
280
281
282
283
284
285
286

287
288
289
290
291
292
293

278
279
280
281
282
283
284

285
286
287
288
289
290
291
292








-
+









		@throw [SSLConnectionFailedException exceptionWithHost: host
								  port: port
								socket: self
							      SSLError: error];
	}

	if (_certificateVerificationEnabled) {
	if (_verifiesCertificates) {
		X509_VERIFY_PARAM *param = SSL_get0_param(_SSL);

		X509_VERIFY_PARAM_set_hostflags(param,
		    X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);

		if (X509_VERIFY_PARAM_set1_host(param,
		    host.UTF8String, host.UTF8StringLength) != 1) {

376
377
378
379
380
381
382
383

384
385
386
387
388

389
390
391

392
393
394
395
396

397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414

415
416
417
418
419
420
421

375
376
377
378
379
380
381

382


383
384

385
386
387

388
389
390
391
392

393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410

411
412
413
414
415
416
417
418








-
+
-
-


-
+


-
+




-
+

















-
+








		      port: (uint16_t)port
	       runLoopMode: (of_run_loop_mode_t)runLoopMode
		     block: (of_tcp_socket_async_connect_block_t)block
{
	[super asyncConnectToHost: host
			     port: port
		      runLoopMode: runLoopMode
			    block: ^ (OFTCPSocket *sock_, id exception) {
			    block: ^ (id exception) {
		SSLSocket *sock = (SSLSocket *)sock_;

		if (exception == nil) {
			@try {
				[sock SSL_startTLSWithExpectedHost: host
				[self SSL_startTLSWithExpectedHost: host
							      port: port];
			} @catch (id e) {
				block(sock, e);
				block(e);
				return;
			}
		}

		block(sock, exception);
		block(exception);
	}];
}
#endif

- (instancetype)accept
{
	SSLSocket *client = (SSLSocket *)[super accept];
	of_string_encoding_t encoding;

	if ((client->_SSL = SSL_new(ctx)) == NULL ||
	    !SSL_set_fd(client->_SSL, client->_socket)) {
		[client SSL_super_close];
		/* FIXME: Get a proper errno */
		@throw [OFAcceptFailedException exceptionWithSocket: self
							      errNo: 0];
	}

	if (_requestClientCertificatesEnabled)
	if (_requestsClientCertificates)
		SSL_set_verify(client->_SSL, SSL_VERIFY_PEER, NULL);

	SSL_set_accept_state(client->_SSL);

	encoding = [OFLocale encoding];

	if (!SSL_use_PrivateKey_file(client->_SSL, [_privateKeyFile