Index: src/SSLSocket.h ================================================================== --- src/SSLSocket.h +++ src/SSLSocket.h @@ -40,21 +40,19 @@ @interface SSLSocket: OFTCPSocket { SSL *_SSL; OFString *_certificateFile, *_privateKeyFile; const char *_privateKeyPassphrase; - bool _certificateVerificationEnabled; - bool _requestClientCertificatesEnabled; + bool _verifiesCertificates, _requestsClientCertificates; } -@property (nonatomic, getter=isRequestClientCertificatesEnabled) - bool requestClientCertificatesEnabled; +@property (nonatomic) bool requestsClientCertificates; @property OF_NULLABLE_PROPERTY (readonly, nonatomic) X509Certificate *peerCertificate; -- initWithSocket: (OFTCPSocket *)socket; +- (instancetype)initWithSocket: (OFTCPSocket *)socket; - (OFData *)channelBindingDataWithType: (OFString *)type; - (nullable X509Certificate *)peerCertificate; - (void)verifyPeerCertificate; @end OF_ASSUME_NONNULL_END Index: src/SSLSocket.m ================================================================== --- src/SSLSocket.m +++ src/SSLSocket.m @@ -169,13 +169,12 @@ @implementation SSLSocket @dynamic delegate; @synthesize certificateFile = _certificateFile; @synthesize privateKeyFile = _privateKeyFile; @synthesize privateKeyPassphrase = _privateKeyPassphrase; -@synthesize certificateVerificationEnabled = _certificateVerificationEnabled; -@synthesize requestClientCertificatesEnabled = - _requestClientCertificatesEnabled; +@synthesize verifiesCertificates = _verifiesCertificates; +@synthesize requestsClientCertificates = _requestsClientCertificates; + (void)load { of_tls_socket_class = self; } @@ -216,20 +215,20 @@ if (SSL_CTX_set_default_verify_paths(ctx) == 0) @throw [OFInitializationFailedException exceptionWithClass: self]; } -- init +- (instancetype)init { self = [super init]; - _certificateVerificationEnabled = true; + _verifiesCertificates = true; return self; } -- initWithSocket: (OFTCPSocket *)socket +- (instancetype)initWithSocket: (OFTCPSocket *)socket { self = [self init]; @try { if ((_socket = dup(socket->_socket)) < 0) @@ -281,11 +280,11 @@ port: port socket: self SSLError: error]; } - if (_certificateVerificationEnabled) { + if (_verifiesCertificates) { X509_VERIFY_PARAM *param = SSL_get0_param(_SSL); X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); @@ -378,24 +377,22 @@ block: (of_tcp_socket_async_connect_block_t)block { [super asyncConnectToHost: host port: port runLoopMode: runLoopMode - block: ^ (OFTCPSocket *sock_, id exception) { - SSLSocket *sock = (SSLSocket *)sock_; - + block: ^ (id exception) { if (exception == nil) { @try { - [sock SSL_startTLSWithExpectedHost: host + [self SSL_startTLSWithExpectedHost: host port: port]; } @catch (id e) { - block(sock, e); + block(e); return; } } - block(sock, exception); + block(exception); }]; } #endif - (instancetype)accept @@ -409,11 +406,11 @@ /* FIXME: Get a proper errno */ @throw [OFAcceptFailedException exceptionWithSocket: self errNo: 0]; } - if (_requestClientCertificatesEnabled) + if (_requestsClientCertificates) SSL_set_verify(client->_SSL, SSL_VERIFY_PEER, NULL); SSL_set_accept_state(client->_SSL); encoding = [OFLocale encoding];