ObjOpenSSL  Check-in [f0a40268e4]

Overview
Comment:Make it possible to request client certificates.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: f0a40268e4eca5f1e8fd4f418b854f64cf9888649aebdd85907be974832ea7ae
User & Date: js on 2013-01-18 23:33:51
Other Links: manifest | tags
Context
2013-01-19
00:36
Update copyright. check-in: 6bcaf2d54a user: js tags: trunk
2013-01-18
23:33
Make it possible to request client certificates. check-in: f0a40268e4 user: js tags: trunk
2013-01-12
22:46
Adjust to recent ObjFW changes. check-in: 41b938d357 user: florob@babelmonkeys.de tags: trunk
Changes

Modified src/SSLSocket.h from [ea5e6f0579] to [be07cf18c1].

28
29
30
31
32
33
34

35
36
37
38
39

40
41
42
43
44
45
46
47
48
49
50
51


52
53
54
55
@class X509Certificate;

@interface SSLSocket: OFTCPSocket
{
	SSL *ssl;
	OFString *privateKeyFile;
	OFString *certificateFile;

}

#ifdef OF_HAVE_PROPERTIES
@property (copy) OFString *privateKeyFile;
@property (copy) OFString *certificateFile;

#endif

- initWithSocket: (OFTCPSocket*)socket;
-  initWithSocket: (OFTCPSocket*)socket
   privateKeyFile: (OFString*)privateKeyFile
  certificateFile: (OFString*)certificateFile;
/* Change the return type */
- (SSLSocket*)accept;
- (void)setPrivateKeyFile: (OFString*)file;
- (OFString*)privateKeyFile;
- (void)setCertificateFile: (OFString*)file;
- (OFString*)certificateFile;


- (OFDataArray*)channelBindingDataWithType: (OFString*)type;
- (X509Certificate*)peerCertificate;
- (void)verifyPeerCertificate;
@end







>





>












>
>




28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
@class X509Certificate;

@interface SSLSocket: OFTCPSocket
{
	SSL *ssl;
	OFString *privateKeyFile;
	OFString *certificateFile;
	BOOL requestsClientCertificates;
}

#ifdef OF_HAVE_PROPERTIES
@property (copy) OFString *privateKeyFile;
@property (copy) OFString *certificateFile;
@property BOOL requestsClientCertificates;
#endif

- initWithSocket: (OFTCPSocket*)socket;
-  initWithSocket: (OFTCPSocket*)socket
   privateKeyFile: (OFString*)privateKeyFile
  certificateFile: (OFString*)certificateFile;
/* Change the return type */
- (SSLSocket*)accept;
- (void)setPrivateKeyFile: (OFString*)file;
- (OFString*)privateKeyFile;
- (void)setCertificateFile: (OFString*)file;
- (OFString*)certificateFile;
- (void)setRequestsClientCertificates: (BOOL)enabled;
- (BOOL)requestsClientCertificates;
- (OFDataArray*)channelBindingDataWithType: (OFString*)type;
- (X509Certificate*)peerCertificate;
- (void)verifyPeerCertificate;
@end

Modified src/SSLSocket.m from [28c8d23958] to [a14da586b7].

219
220
221
222
223
224
225



226
227
228
229
230
231
232
		[newSocket close];
		object_setClass(newSocket, object_getClass(self));

		@throw [OFAcceptFailedException exceptionWithClass: [self class]
							    socket: self];
	}




	SSL_set_accept_state(newSocket->ssl);

	if (!SSL_use_PrivateKey_file(newSocket->ssl, [privateKeyFile
	    cStringWithEncoding: OF_STRING_ENCODING_NATIVE],
	    SSL_FILETYPE_PEM) || !SSL_use_certificate_file(newSocket->ssl,
	    [certificateFile cStringWithEncoding: OF_STRING_ENCODING_NATIVE],
	    SSL_FILETYPE_PEM) || SSL_accept(newSocket->ssl) != 1) {







>
>
>







219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
		[newSocket close];
		object_setClass(newSocket, object_getClass(self));

		@throw [OFAcceptFailedException exceptionWithClass: [self class]
							    socket: self];
	}

	if (requestsClientCertificates)
		SSL_set_verify(newSocket->ssl, SSL_VERIFY_PEER, NULL);

	SSL_set_accept_state(newSocket->ssl);

	if (!SSL_use_PrivateKey_file(newSocket->ssl, [privateKeyFile
	    cStringWithEncoding: OF_STRING_ENCODING_NATIVE],
	    SSL_FILETYPE_PEM) || !SSL_use_certificate_file(newSocket->ssl,
	    [certificateFile cStringWithEncoding: OF_STRING_ENCODING_NATIVE],
	    SSL_FILETYPE_PEM) || SSL_accept(newSocket->ssl) != 1) {
347
348
349
350
351
352
353










354
355
356
357
358
359
360
	OF_SETTER(certificateFile, file, YES, YES)
}

- (OFString*)certificateFile
{
	OF_GETTER(certificateFile, YES)
}











- (OFDataArray*)channelBindingDataWithType: (OFString*)type
{
	size_t length;
	char buffer[64];
	OFDataArray *data;








>
>
>
>
>
>
>
>
>
>







350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
	OF_SETTER(certificateFile, file, YES, YES)
}

- (OFString*)certificateFile
{
	OF_GETTER(certificateFile, YES)
}

- (void)setRequestsClientCertificates: (BOOL)enabled
{
	requestsClientCertificates = enabled;
}

- (BOOL)requestsClientCertificates
{
	return requestsClientCertificates;
}

- (OFDataArray*)channelBindingDataWithType: (OFString*)type
{
	size_t length;
	char buffer[64];
	OFDataArray *data;