From d8095cf71414d930b8764a0aefe7fbc8e4b4a27f Mon Sep 17 00:00:00 2001
From: Jonathan Schleifer <js@webkeks.org>
Date: Tue, 29 Mar 2011 00:23:32 +0200
Subject: [PATCH] Implement setting the private key and certificate.

---
 src/SSLSocket.h | 12 +++++++++++-
 src/SSLSocket.m | 49 ++++++++++++++++++++++++++++++++++++++++++++-----
 2 files changed, 55 insertions(+), 6 deletions(-)

diff --git a/src/SSLSocket.h b/src/SSLSocket.h
index b7f494d..9f0a583 100644
--- a/src/SSLSocket.h
+++ b/src/SSLSocket.h
@@ -5,10 +5,20 @@
 @interface SSLSocket: OFTCPSocket
 {
 	SSL *ssl;
+	OFString *privateKeyFile;
+	OFString *certificateFile;
 }
 
-- initWithSocket: (OFTCPSocket*)socket;
+#ifdef OF_HAVE_PROPERTIES
+@property (copy) OFString *privateKeyFile;
+@property (copy) OFString *certificateFile;
+#endif
 
+- initWithSocket: (OFTCPSocket*)socket;
 /* Change the return type */
 - (SSLSocket*)accept;
+- (void)setPrivateKeyFile: (OFString*)file;
+- (OFString*)privateKeyFile;
+- (void)setCertificateFile: (OFString*)file;
+- (OFString*)certificateFile;
 @end
diff --git a/src/SSLSocket.m b/src/SSLSocket.m
index 732a4fb..7acc0d0 100644
--- a/src/SSLSocket.m
+++ b/src/SSLSocket.m
@@ -75,6 +75,9 @@ static SSL_CTX *ctx;
 	SSL_CTX *ctx_ = ctx;
 	SSL *ssl_ = ssl;
 
+	[privateKeyFile release];
+	[certificateFile release];
+
 	[super dealloc];
 
 	if (ssl_ != NULL)
@@ -112,16 +115,28 @@ static SSL_CTX *ctx;
 {
 	SSLSocket *newsock = (SSLSocket*)[super accept];
 
-	if ((ssl = SSL_new(ctx)) == NULL || !SSL_set_fd(ssl, sock)) {
-		[super close];
+	if ((newsock->ssl = SSL_new(ctx)) == NULL ||
+	    !SSL_set_fd(newsock->ssl, newsock->sock)) {
+		/* We only want to close the OFTCPSocket */
+		newsock->isa = [OFTCPSocket class];
+		[newsock close];
+		newsock->isa = isa;
+
 		@throw [OFAcceptFailedException newWithClass: isa
 						      socket: self];
 	}
 
-	SSL_set_accept_state(ssl);
+	SSL_set_accept_state(newsock->ssl);
+
+	if (!SSL_use_PrivateKey_file(newsock->ssl, [privateKeyFile cString],
+	    SSL_FILETYPE_PEM) || !SSL_use_certificate_file(newsock->ssl,
+	    [certificateFile cString], SSL_FILETYPE_PEM) ||
+	    SSL_accept(newsock->ssl) != 1) {
+		/* We only want to close the OFTCPSocket */
+		newsock->isa = [OFTCPSocket class];
+		[newsock close];
+		newsock->isa = isa;
 
-	if (SSL_connect(ssl) != 1) {
-		[super close];
 		@throw [OFAcceptFailedException newWithClass: isa
 						      socket: self];
 	}
@@ -209,4 +224,28 @@ static SSL_CTX *ctx;
 
 	return ret;
 }
+
+- (void)setPrivateKeyFile: (OFString*)file
+{
+	OFString *old = privateKeyFile;
+	privateKeyFile = [file copy];
+	[old release];
+}
+
+- (OFString*)privateKeyFile
+{
+	return [[privateKeyFile copy] autorelease];
+}
+
+- (void)setCertificateFile: (OFString*)file
+{
+	OFString *old = certificateFile;
+	certificateFile = [file copy];
+	[old release];
+}
+
+- (OFString*)certificateFile
+{
+	return [[certificateFile copy] autorelease];
+}
 @end