ObjOpenSSL  Diff

	if (mode & CRYPTO_LOCK)
		of_mutex_lock(&ssl_mutexes[n]);
	else
		of_mutex_unlock(&ssl_mutexes[n]);
}

@interface SSLSocket ()
- (void)SSL_startTLSWithExpectedHost: (OFString *)host
- (void)SSL_startTLSWithExpectedHost: (OFString *)host port: (uint16_t)port;
				port: (uint16_t)port;
- (void)SSL_super_close;
@end

@interface SSLSocket_ConnectDelegate: OFObject <OFTLSSocketDelegate>
{
	SSLSocket *_socket;
	OFString *_host;

	[super dealloc];

	if (SSL_ != NULL)
		SSL_free(SSL_);
}

- (void)SSL_startTLSWithExpectedHost: (OFString *)host
- (void)SSL_startTLSWithExpectedHost: (OFString *)host port: (uint16_t)port
				port: (uint16_t)port
{
	of_string_encoding_t encoding;

	if ((_SSL = SSL_new(ctx)) == NULL || SSL_set_fd(_SSL, _socket) != 1) {
		unsigned long error = ERR_get_error();

		[super close];

				       socket: self
				     SSLError: error];
	}
}

- (void)startTLSWithExpectedHost: (OFString *)host
{
	[self SSL_startTLSWithExpectedHost: host
	[self SSL_startTLSWithExpectedHost: host port: 0];
				      port: 0];
}

- (void)asyncConnectToHost: (OFString *)host
		      port: (uint16_t)port
	       runLoopMode: (of_run_loop_mode_t)runLoopMode
{
	void *pool = objc_autoreleasePoolPush();

	[[[SSLSocket_ConnectDelegate alloc]
	    initWithSocket: self
		      host: host
		      port: port
		  delegate: _delegate] autorelease];
	[super asyncConnectToHost: host
	[super asyncConnectToHost: host port: port runLoopMode: runLoopMode];
			     port: port
		      runLoopMode: runLoopMode];

	objc_autoreleasePoolPop(pool);
}

#ifdef OF_HAVE_BLOCKS
- (void)asyncConnectToHost: (OFString *)host
		      port: (uint16_t)port

}

- (void)SSL_super_close
{
	[super close];
}

- (size_t)lowlevelReadIntoBuffer: (void *)buffer
- (size_t)lowlevelReadIntoBuffer: (void *)buffer length: (size_t)length
			  length: (size_t)length
{
	ssize_t ret;

	/*
	 * There is no SSL session yet. However, it might be necessary to read
	 * from and write to the socket before negotiating an SSL session: For
	 * example, the socket might be connected to a SOCKS5 proxy and needs
	 * to establish a SOCKS5 connection before negotiating an SSL session.
	 */
	if (_SSL == NULL)
		return [super lowlevelReadIntoBuffer: buffer
		return [super lowlevelReadIntoBuffer: buffer length: length];
					      length: length];

	if (length > INT_MAX)
		@throw [OFOutOfRangeException exception];

	if (_socket == INVALID_SOCKET)
		@throw [OFNotOpenException exceptionWithObject: self];

	if (ret == 0)
		_atEndOfStream = true;

	return ret;
}

- (size_t)lowlevelWriteBuffer: (const void *)buffer
- (size_t)lowlevelWriteBuffer: (const void *)buffer length: (size_t)length
		       length: (size_t)length
{
	int bytesWritten;

	/*
	 * There is no SSL session yet. However, it might be necessary to read
	 * from and write to the socket before negotiating an SSL session: For
	 * example, the socket might be connected to a SOCKS5 proxy and needs
	 * to establish a SOCKS5 connection before negotiating an SSL session.
	 *
	 * TODO: Think of a way to make this safer, so that it's impossible to
	 * forget to establish an SSL session and then send unencrypted data by
	 * accident.
	 */
	if (_SSL == NULL)
		return [super lowlevelWriteBuffer: buffer
		return [super lowlevelWriteBuffer: buffer length: length];
					   length: length];

	if (_socket == INVALID_SOCKET)
		@throw [OFNotOpenException exceptionWithObject: self];

	if (length > INT_MAX)
		@throw [OFOutOfRangeException exception];

		 */
		length = SSL_get_finished(_SSL, buffer, 64);
	} else {
		/* peer sent the finished message */
		length = SSL_get_peer_finished(_SSL, buffer, 64);
	}

	return [OFData dataWithItems: buffer
	return [OFData dataWithItems: buffer count: length];
			       count: length];
}

- (X509Certificate *)peerCertificate
{
	X509 *certificate = SSL_get_peer_certificate(_SSL);

	if (certificate == NULL)