From 380d99c7dc9adfaba148ce88061d01052ef63662 Mon Sep 17 00:00:00 2001
From: Jonathan Schleifer <js@webkeks.org>
Date: Sat, 19 Jan 2013 00:01:38 +0100
Subject: [PATCH] Make it possible to request client certificates.

---
 src/SSLSocket.h |  4 ++++
 src/SSLSocket.m | 13 +++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/src/SSLSocket.h b/src/SSLSocket.h
index 8f9bf91..4f0c8ad 100644
--- a/src/SSLSocket.h
+++ b/src/SSLSocket.h
@@ -32,11 +32,13 @@
 	SSL *ssl;
 	OFString *privateKeyFile;
 	OFString *certificateFile;
+	BOOL requestsClientCertificates;
 }
 
 #ifdef OF_HAVE_PROPERTIES
 @property (copy) OFString *privateKeyFile;
 @property (copy) OFString *certificateFile;
+@property BOOL requestsClientCertificates;
 #endif
 
 - initWithSocket: (OFTCPSocket*)socket;
@@ -49,6 +51,8 @@
 - (OFString*)privateKeyFile;
 - (void)setCertificateFile: (OFString*)file;
 - (OFString*)certificateFile;
+- (void)setRequestsClientCertificates: (BOOL)enabled;
+- (BOOL)requestsClientCertificates;
 - (OFDataArray*)channelBindingDataWithType: (OFString*)type;
 - (X509Certificate*)peerCertificate;
 - (void)verifyPeerCertificate;
diff --git a/src/SSLSocket.m b/src/SSLSocket.m
index e73dd4e..162303f 100644
--- a/src/SSLSocket.m
+++ b/src/SSLSocket.m
@@ -223,6 +223,9 @@ locking_callback(int mode, int n, const char *file, int line)
 							    socket: self];
 	}
 
+	if (requestsClientCertificates)
+		SSL_set_verify(newSocket->ssl, SSL_VERIFY_PEER, NULL);
+
 	SSL_set_accept_state(newSocket->ssl);
 
 	if (!SSL_use_PrivateKey_file(newSocket->ssl, [privateKeyFile
@@ -352,6 +355,16 @@ locking_callback(int mode, int n, const char *file, int line)
 	OF_GETTER(certificateFile, YES)
 }
 
+- (void)setRequestsClientCertificates: (BOOL)enabled
+{
+	requestsClientCertificates = enabled;
+}
+
+- (BOOL)requestsClientCertificates
+{
+	return requestsClientCertificates;
+}
+
 - (OFDataArray*)channelBindingDataWithType: (OFString*)type
 {
 	size_t length;