Make it possible to request client certificates.
This commit is contained in:
parent
9ce891d19b
commit
380d99c7dc
2 changed files with 17 additions and 0 deletions
|
|
@ -32,11 +32,13 @@
|
||||||
SSL *ssl;
|
SSL *ssl;
|
||||||
OFString *privateKeyFile;
|
OFString *privateKeyFile;
|
||||||
OFString *certificateFile;
|
OFString *certificateFile;
|
||||||
|
BOOL requestsClientCertificates;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef OF_HAVE_PROPERTIES
|
#ifdef OF_HAVE_PROPERTIES
|
||||||
@property (copy) OFString *privateKeyFile;
|
@property (copy) OFString *privateKeyFile;
|
||||||
@property (copy) OFString *certificateFile;
|
@property (copy) OFString *certificateFile;
|
||||||
|
@property BOOL requestsClientCertificates;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
- initWithSocket: (OFTCPSocket*)socket;
|
- initWithSocket: (OFTCPSocket*)socket;
|
||||||
|
|
@ -49,6 +51,8 @@
|
||||||
- (OFString*)privateKeyFile;
|
- (OFString*)privateKeyFile;
|
||||||
- (void)setCertificateFile: (OFString*)file;
|
- (void)setCertificateFile: (OFString*)file;
|
||||||
- (OFString*)certificateFile;
|
- (OFString*)certificateFile;
|
||||||
|
- (void)setRequestsClientCertificates: (BOOL)enabled;
|
||||||
|
- (BOOL)requestsClientCertificates;
|
||||||
- (OFDataArray*)channelBindingDataWithType: (OFString*)type;
|
- (OFDataArray*)channelBindingDataWithType: (OFString*)type;
|
||||||
- (X509Certificate*)peerCertificate;
|
- (X509Certificate*)peerCertificate;
|
||||||
- (void)verifyPeerCertificate;
|
- (void)verifyPeerCertificate;
|
||||||
|
|
|
||||||
|
|
@ -223,6 +223,9 @@ locking_callback(int mode, int n, const char *file, int line)
|
||||||
socket: self];
|
socket: self];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (requestsClientCertificates)
|
||||||
|
SSL_set_verify(newSocket->ssl, SSL_VERIFY_PEER, NULL);
|
||||||
|
|
||||||
SSL_set_accept_state(newSocket->ssl);
|
SSL_set_accept_state(newSocket->ssl);
|
||||||
|
|
||||||
if (!SSL_use_PrivateKey_file(newSocket->ssl, [privateKeyFile
|
if (!SSL_use_PrivateKey_file(newSocket->ssl, [privateKeyFile
|
||||||
|
|
@ -352,6 +355,16 @@ locking_callback(int mode, int n, const char *file, int line)
|
||||||
OF_GETTER(certificateFile, YES)
|
OF_GETTER(certificateFile, YES)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
- (void)setRequestsClientCertificates: (BOOL)enabled
|
||||||
|
{
|
||||||
|
requestsClientCertificates = enabled;
|
||||||
|
}
|
||||||
|
|
||||||
|
- (BOOL)requestsClientCertificates
|
||||||
|
{
|
||||||
|
return requestsClientCertificates;
|
||||||
|
}
|
||||||
|
|
||||||
- (OFDataArray*)channelBindingDataWithType: (OFString*)type
|
- (OFDataArray*)channelBindingDataWithType: (OFString*)type
|
||||||
{
|
{
|
||||||
size_t length;
|
size_t length;
|
||||||
|
|
|
||||||
Reference in a new issue