| ︙ | | |
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
|
#include <mbedtls/ctr_drbg.h>
#include <mbedtls/entropy.h>
int _ObjFWTLS_reference;
static mbedtls_entropy_context entropy;
static mbedtls_ctr_drbg_context CTRDRBG;
static OFTLSStreamErrorCode
verifyResultToErrorCode(const mbedtls_ssl_context *SSL)
{
switch (mbedtls_ssl_get_verify_result(SSL)) {
case MBEDTLS_X509_BADCERT_NOT_TRUSTED:
return OFTLSStreamErrorCodeCertificateIssuerUntrusted;
case MBEDTLS_X509_BADCERT_CN_MISMATCH:
return OFTLSStreamErrorCodeCertificateNameMismatch;
case MBEDTLS_X509_BADCERT_EXPIRED:
case MBEDTLS_X509_BADCERT_FUTURE:
return OFTLSStreamErrorCodeCertificatedExpired;
case MBEDTLS_X509_BADCERT_REVOKED:
return OFTLSStreamErrorCodeCertificateRevoked;
}
return OFTLSStreamErrorCodeCertificateVerificationFailed;
}
static OFTLSStreamErrorCode
statusToErrorCode(const mbedtls_ssl_context *SSL, int status)
{
switch (status) {
case MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:
return verifyResultToErrorCode(SSL);
}
return OFTLSStreamErrorCodeUnknown;
}
@implementation OFMbedTLSTLSStream
static int
readFunc(void *ctx, unsigned char *buffer, size_t length)
{
OFMbedTLSTLSStream *stream = (OFMbedTLSTLSStream *)ctx;
|
| ︙ | | |
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
|
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
|
-
-
+
|
objc_autoreleasePoolPop(pool);
return;
}
if (status == 0)
_handshakeDone = true;
else
/* FIXME: Map to better errors */
errorCode: OFTLSStreamErrorCodeUnknown];
errorCode: statusToErrorCode(&_SSL, status)];
if ([_delegate respondsToSelector:
@selector(stream:didPerformClientHandshakeWithHost:exception:)])
[_delegate stream: self
didPerformClientHandshakeWithHost: host
exception: exception];
|
| ︙ | | |
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
|
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
|
-
+
+
|
if (status == 0)
_handshakeDone = true;
else
exception = [OFTLSHandshakeFailedException
exceptionWithStream: self
host: _host
errorCode: OFTLSStreamErrorCodeUnknown];
errorCode: statusToErrorCode(
&_SSL, status)];
}
if ([_delegate respondsToSelector:
@selector(stream:didPerformClientHandshakeWithHost:exception:)])
[_delegate stream: self
didPerformClientHandshakeWithHost: _host
exception: exception];
|
| ︙ | | |
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
|
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
|
-
+
+
|
if (status == 0)
_handshakeDone = true;
else
exception = [OFTLSHandshakeFailedException
exceptionWithStream: self
host: _host
errorCode: OFTLSStreamErrorCodeUnknown];
errorCode: statusToErrorCode(
&_SSL, status)];
}
if ([_delegate respondsToSelector:
@selector(stream:didPerformClientHandshakeWithHost:exception:)])
[_delegate stream: self
didPerformClientHandshakeWithHost: _host
exception: exception];
[_delegate release];
return nil;
}
@end
|