ObjFW/ObjOpenSSL
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Adjust to ObjFW changes

Browse source
This commit is contained in:
Jonathan Schleifer 2020-05-06 02:37:29 +02:00
parent 86ced1769a
commit ab66f12bfe
No known key found for this signature in database
GPG key ID: E2BCCE6B35E1AF8B
2 changed files with 14 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/SSLSocket.h
View file

@ -42,16 +42,14 @@ OF_ASSUME_NONNULL_BEGIN
SSL *_SSL; SSL *_SSL;
OFString *_certificateFile, *_privateKeyFile; OFString *_certificateFile, *_privateKeyFile;
const char *_privateKeyPassphrase; const char *_privateKeyPassphrase;
bool _certificateVerificationEnabled; bool _verifiesCertificates, _requestsClientCertificates;
bool _requestClientCertificatesEnabled;
} }
@property (nonatomic, getter=isRequestClientCertificatesEnabled) @property (nonatomic) bool requestsClientCertificates;
bool requestClientCertificatesEnabled;
@property OF_NULLABLE_PROPERTY (readonly, nonatomic) @property OF_NULLABLE_PROPERTY (readonly, nonatomic)
X509Certificate *peerCertificate; X509Certificate *peerCertificate;
- initWithSocket: (OFTCPSocket *)socket; - (instancetype)initWithSocket: (OFTCPSocket *)socket;
- (OFData *)channelBindingDataWithType: (OFString *)type; - (OFData *)channelBindingDataWithType: (OFString *)type;
- (nullable X509Certificate *)peerCertificate; - (nullable X509Certificate *)peerCertificate;
- (void)verifyPeerCertificate; - (void)verifyPeerCertificate;

25
src/SSLSocket.m
View file

@ -171,9 +171,8 @@ lockingCallback(int mode, int n, const char *file, int line)
@synthesize certificateFile = _certificateFile; @synthesize certificateFile = _certificateFile;
@synthesize privateKeyFile = _privateKeyFile; @synthesize privateKeyFile = _privateKeyFile;
@synthesize privateKeyPassphrase = _privateKeyPassphrase; @synthesize privateKeyPassphrase = _privateKeyPassphrase;
@synthesize certificateVerificationEnabled = _certificateVerificationEnabled; @synthesize verifiesCertificates = _verifiesCertificates;
@synthesize requestClientCertificatesEnabled = @synthesize requestsClientCertificates = _requestsClientCertificates;
_requestClientCertificatesEnabled;
+ (void)load + (void)load
{ {
@ -218,16 +217,16 @@ lockingCallback(int mode, int n, const char *file, int line)
exceptionWithClass: self]; exceptionWithClass: self];
} }
- init - (instancetype)init
{ {
self = [super init]; self = [super init];
_certificateVerificationEnabled = true; _verifiesCertificates = true;
return self; return self;
} }
- initWithSocket: (OFTCPSocket *)socket - (instancetype)initWithSocket: (OFTCPSocket *)socket
{ {
self = [self init]; self = [self init];
@ -283,7 +282,7 @@ lockingCallback(int mode, int n, const char *file, int line)
SSLError: error]; SSLError: error];
} }
if (_certificateVerificationEnabled) { if (_verifiesCertificates) {
X509_VERIFY_PARAM *param = SSL_get0_param(_SSL); X509_VERIFY_PARAM *param = SSL_get0_param(_SSL);
X509_VERIFY_PARAM_set_hostflags(param, X509_VERIFY_PARAM_set_hostflags(param,
@ -380,20 +379,18 @@ lockingCallback(int mode, int n, const char *file, int line)
[super asyncConnectToHost: host [super asyncConnectToHost: host
port: port port: port
runLoopMode: runLoopMode runLoopMode: runLoopMode
block: ^ (OFTCPSocket *sock_, id exception) { block: ^ (id exception) {
SSLSocket *sock = (SSLSocket *)sock_;
if (exception == nil) { if (exception == nil) {
@try { @try {
[sock SSL_startTLSWithExpectedHost: host [self SSL_startTLSWithExpectedHost: host
port: port]; port: port];
} @catch (id e) { } @catch (id e) {
block(sock, e); block(e);
return; return;
} }
} }
block(sock, exception); block(exception);
}]; }];
} }
#endif #endif
@ -411,7 +408,7 @@ lockingCallback(int mode, int n, const char *file, int line)
errNo: 0]; errNo: 0];
} }
if (_requestClientCertificatesEnabled) if (_requestsClientCertificates)
SSL_set_verify(client->_SSL, SSL_VERIFY_PEER, NULL); SSL_set_verify(client->_SSL, SSL_VERIFY_PEER, NULL);
SSL_set_accept_state(client->_SSL); SSL_set_accept_state(client->_SSL);