@@ -12,11 +12,13 @@
  * Public License, either version 2 or 3, which can be found in the file
  * LICENSE.GPLv2 or LICENSE.GPLv3 respectively included in the packaging of this
  * file.
  */
 
-#import "objfw-defs.h"
+#import "OFObject.h"
+
+OF_ASSUME_NONNULL_BEGIN
 
 @class OFString;
 @class OFDictionary OF_GENERIC(KeyType, ObjectType);
 @protocol OFTLSSocket;
 
@@ -53,13 +55,13 @@
  * @brief A protocol that should be implemented by 3rd-party libraries
  *	  implementing TLS.
  */
 @protocol OFTLSSocket
 #ifdef OF_HAVE_PROPERTIES
-@property (assign) id <OFTLSSocketDelegate> delegate;
-@property (copy) OFString *certificateFile, *privateKeyFile;
-@property const char *privateKeyPassphrase;
+@property (assign, nullable) id <OFTLSSocketDelegate> delegate;
+@property (copy, nullable) OFString *certificateFile, *privateKeyFile;
+@property (assign, nullable) const char *privateKeyPassphrase;
 @property (getter=isCertificateVerificationEnabled)
     bool certificateVerificationEnabled;
 #endif
 
 /*!
@@ -84,25 +86,25 @@
 /*!
  * @brief Sets a delegate for the TLS socket.
  *
  * @param delegate The delegate to use
  */
-- (void)setDelegate: (id <OFTLSSocketDelegate>)delegate;
+- (void)setDelegate: (nullable id <OFTLSSocketDelegate>)delegate;
 
 /*!
  * @brief Returns the delegate used by the TLS socket.
  *
  * @return The delegate used by the TLS socket
  */
-- (id <OFTLSSocketDelegate>)delegate;
+- (nullable id <OFTLSSocketDelegate>)delegate;
 
 /*!
  * @brief Sets the path to the X.509 certificate file to use.
  *
  * @param certificateFile The path to the X.509 certificate file
  */
-- (void)setCertificateFile: (OFString*)certificateFile;
+- (void)setCertificateFile: (nullable OFString*)certificateFile;
 
 /*!
  * @brief Sets the path to the X.509 certificate file to use for the specified
  *	  SNI host.
  *
@@ -117,11 +119,11 @@
 /*!
  * @brief Returns the path of the X.509 certificate file used by the TLS socket.
  *
  * @return The path of the X.509 certificate file used by the TLS socket
  */
-- (OFString*)certificateFile;
+- (nullable OFString*)certificateFile;
 
 /*!
  * @brief Returns the path of the X.509 certificate file used by the TLS socket
  *	  for the specified SNI host.
  *
@@ -129,18 +131,18 @@
  *		  should be returned
  *
  * @return The path of the X.509 certificate file used by the TLS socket for
  *	   the specified SNI host
  */
-- (OFString*)certificateFileForSNIHost: (OFString*)SNIHost;
+- (nullable OFString*)certificateFileForSNIHost: (OFString*)SNIHost;
 
 /*!
  * @brief Sets the path to the PKCS#8 private key file to use.
  *
  * @param privateKeyFile The path to the PKCS#8 private key file
  */
-- (void)setPrivateKeyFile: (OFString*)privateKeyFile;
+- (void)setPrivateKeyFile: (nullable OFString*)privateKeyFile;
 
 /*!
  * @brief Sets the path to the PKCS#8 private key file to use for the specified
  *	  SNI host.
  *
@@ -155,11 +157,11 @@
  * @brief Returns the path of the PKCS#8 private key file used by the TLS
  *	  socket.
  *
  * @return The path of the PKCS#8 private key file used by the TLS socket
  */
-- (OFString*)privateKeyFile;
+- (nullable OFString*)privateKeyFile;
 
 /*!
  * @brief Returns the path of the PKCS#8 private key file used by the TLS
  *	  socket for the specified SNI host.
  *
@@ -167,11 +169,11 @@
  *		  file should be returned
  *
  * @return The path of the PKCS#8 private key file used by the TLS socket for
  *	   the specified SNI host
  */
-- (OFString*)privateKeyFileForSNIHost: (OFString*)SNIHost;
+- (nullable OFString*)privateKeyFileForSNIHost: (OFString*)SNIHost;
 
 /*!
  * @brief Sets the passphrase to decrypt the PKCS#8 private key file.
  *
  * @warning You have to ensure that this is in secure memory protected from
@@ -178,11 +180,11 @@
  *	    swapping! This is also the reason why this is not an OFString.
  *
  * @param privateKeyPassphrase The passphrase to decrypt the PKCS#8 private
  *			       key file
  */
-- (void)setPrivateKeyPassphrase: (const char*)privateKeyPassphrase;
+- (void)setPrivateKeyPassphrase: (nullable const char*)privateKeyPassphrase;
 
 /*!
  * @brief Sets the passphrase to decrypt the PKCS#8 private key file for the
  *	  specified SNI host.
  *
@@ -202,11 +204,11 @@
  *
  * @warning You should not copy this to insecure memory which is swappable!
  *
  * @return The passphrase to decrypt the PKCS#8 private key file
  */
-- (const char*)privateKeyPassphrase;
+- (nullable const char*)privateKeyPassphrase;
 
 /*!
  * @brief Returns the passphrase to decrypt the PKCS#8 private key file for the
  *	  specified SNI host.
  *
@@ -216,11 +218,11 @@
  *		  private key file should be returned
  *
  * @return The passphrase to decrypt the PKCS#8 private key file for the
  *	   specified SNI host
  */
-- (const char*)privateKeyPassphraseForSNIHost: (OFString*)SNIHost;
+- (nullable const char*)privateKeyPassphraseForSNIHost: (OFString*)SNIHost;
 
 /**
  * @brief Enable or disable certificate verification.
  *
  * The default is enabled.
@@ -234,5 +236,7 @@
  *
  * @return Whether certificate verification is enabled
  */
 - (bool)isCertificateVerificationEnabled;
 @end
+
+OF_ASSUME_NONNULL_END