Index: src/SSLInvalidCertificateException.m ================================================================== --- src/SSLInvalidCertificateException.m +++ src/SSLInvalidCertificateException.m @@ -18,17 +18,17 @@ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ + +#include #import "SSLInvalidCertificateException.h" #import -#import - @implementation SSLInvalidCertificateException + exceptionWithClass: (Class)class reason: (OFString*)reason { return [[[self alloc] initWithClass: class @@ -35,14 +35,18 @@ reason: reason] autorelease]; } - initWithClass: (Class)class { - Class c = [self class]; - [self release]; - @throw [OFNotImplementedException exceptionWithClass: c - selector: _cmd]; + @try { + [self doesNotRecognizeSelector: _cmd]; + } @catch (id e) { + [self release]; + @throw e; + } + + abort(); } - initWithClass: (Class)class reason: (OFString*)reason { Index: src/SSLSocket.h ================================================================== --- src/SSLSocket.h +++ src/SSLSocket.h @@ -22,36 +22,29 @@ */ #include #import +#import @class X509Certificate; -@interface SSLSocket: OFTCPSocket +@interface SSLSocket: OFTCPSocket { SSL *_SSL; - OFString *_privateKeyFile, *_certificateFile; + OFString *_certificateFile, *_privateKeyFile; + const char *_privateKeyPassphrase; bool _requestsClientCertificates; } #ifdef OF_HAVE_PROPERTIES -@property (copy) OFString *privateKeyFile, *certificateFile; @property bool requestsClientCertificates; #endif - initWithSocket: (OFTCPSocket*)socket; -- initWithSocket: (OFTCPSocket*)socket - privateKeyFile: (OFString*)privateKeyFile - certificateFile: (OFString*)certificateFile; - (void)SSL_super_close; -- (SSLSocket*)accept; /* Changes the return type */ -- (void)setPrivateKeyFile: (OFString*)file; -- (OFString*)privateKeyFile; -- (void)setCertificateFile: (OFString*)file; -- (OFString*)certificateFile; - (void)setRequestsClientCertificates: (bool)enabled; - (bool)requestsClientCertificates; - (OFDataArray*)channelBindingDataWithType: (OFString*)type; - (X509Certificate*)peerCertificate; - (void)verifyPeerCertificate; @end Index: src/SSLSocket.m ================================================================== --- src/SSLSocket.m +++ src/SSLSocket.m @@ -113,55 +113,13 @@ exceptionWithClass: self]; } - initWithSocket: (OFTCPSocket*)socket { - return [self initWithSocket: socket - privateKeyFile: nil - certificateFile: nil]; -} - -- initWithSocket: (OFTCPSocket*)socket - privateKeyFile: (OFString*)privateKeyFile - certificateFile: (OFString*)certificateFile -{ self = [self init]; - @try { - /* FIXME: Also allow with accepted sockets */ - - _privateKeyFile = [privateKeyFile copy]; - _certificateFile = [certificateFile copy]; - - _socket = dup(socket->_socket); - - if ((_SSL = SSL_new(ctx)) == NULL || - !SSL_set_fd(_SSL, _socket)) { - close(_socket); - _socket = INVALID_SOCKET; - @throw [OFInitializationFailedException - exceptionWithClass: [self class]]; - } - - SSL_set_connect_state(_SSL); - - if ((_privateKeyFile != nil && !SSL_use_PrivateKey_file(_SSL, - [_privateKeyFile cStringWithEncoding: - OF_STRING_ENCODING_NATIVE], SSL_FILETYPE_PEM)) || - (_certificateFile != nil && !SSL_use_certificate_file(_SSL, - [_certificateFile cStringWithEncoding: - OF_STRING_ENCODING_NATIVE], SSL_FILETYPE_PEM)) || - SSL_connect(_SSL) != 1) { - close(_socket); - _socket = INVALID_SOCKET; - @throw [OFInitializationFailedException - exceptionWithClass: [self class]]; - } - } @catch (id e) { - [self release]; - @throw e; - } + _socket = dup(socket->_socket); return self; } - (void)dealloc @@ -175,23 +133,19 @@ if (SSL_ != NULL) SSL_free(SSL_); } -- (void)connectToHost: (OFString*)host - port: (uint16_t)port +- (void)startTLS { - [super connectToHost: host - port: port]; - if ((_SSL = SSL_new(ctx)) == NULL || !SSL_set_fd(_SSL, _socket)) { [super close]; @throw [OFConnectionFailedException exceptionWithClass: [self class] socket: self - host: host - port: port]; + host: nil + port: 0]; } SSL_set_connect_state(_SSL); if ((_privateKeyFile != nil && !SSL_use_PrivateKey_file(_SSL, @@ -202,16 +156,33 @@ SSL_FILETYPE_PEM)) || SSL_connect(_SSL) != 1) { [super close]; @throw [OFConnectionFailedException exceptionWithClass: [self class] socket: self + host: nil + port: 0]; + } +} + +- (void)connectToHost: (OFString*)host + port: (uint16_t)port +{ + [super connectToHost: host + port: port]; + + @try { + [self startTLS]; + } @catch (OFConnectionFailedException *e) { + @throw [OFConnectionFailedException + exceptionWithClass: [self class] + socket: self host: host port: port]; } } -- (SSLSocket*)accept +- (instancetype)accept { SSLSocket *client = (SSLSocket*)[super accept]; if ((client->_SSL = SSL_new(ctx)) == NULL || !SSL_set_fd(client->_SSL, client->_socket)) { @@ -331,18 +302,21 @@ return [super numberOfBytesInReadBuffer]; return [super numberOfBytesInReadBuffer] + SSL_pending(_SSL); } -- (void)setPrivateKeyFile: (OFString*)privateKeyFile +- (void)setDelegate: (id )delegate { - OF_SETTER(_privateKeyFile, privateKeyFile, true, 1) + /* FIXME */ + [self doesNotRecognizeSelector: _cmd]; + abort(); } -- (OFString*)privateKeyFile +- (id )delegate { - OF_GETTER(_privateKeyFile, true) + /* FIXME */ + return nil; } - (void)setCertificateFile: (OFString*)certificateFile { OF_SETTER(_certificateFile, certificateFile, true, 1) @@ -350,10 +324,31 @@ - (OFString*)certificateFile { OF_GETTER(_certificateFile, true) } + +- (void)setPrivateKeyFile: (OFString*)privateKeyFile +{ + OF_SETTER(_privateKeyFile, privateKeyFile, true, 1) +} + +- (OFString*)privateKeyFile +{ + OF_GETTER(_privateKeyFile, true) +} + +- (void)setPrivateKeyPassphrase: (const char*)privateKeyPassphrase +{ + /* FIXME */ +} + +- (const char*)privateKeyPassphrase +{ + /* FIXME */ + return NULL; +} - (void)setRequestsClientCertificates: (bool)enabled { _requestsClientCertificates = enabled; }