Overview
| Comment: | OFTLSSocket: Improved API for easier verification
Verification is done automatically by default now. If more complex verification is needed, automatic verification can be |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
94affb5b295c205e5ea6f215fb0109b0 |
| User & Date: | js on 2015-05-24 19:16:41 |
| Other Links: | manifest | tags |
Context
|
2015-05-29
| ||
| 23:22 | utils/ofhttp: Fix a typo resulting in wrong ETA check-in: 3e5b766b40 user: js tags: trunk | |
|
2015-05-24
| ||
| 19:16 | OFTLSSocket: Improved API for easier verification check-in: 94affb5b29 user: js tags: trunk | |
| 16:19 | OFHTTPClient: Better checking for invalid reply check-in: 692fe63730 user: js tags: trunk | |
Changes
Modified src/OFTLSSocket.h from [7025a98220] to [59dd8c2542].
| ︙ | ︙ | |||
13 14 15 16 17 18 19 | * LICENSE.GPLv2 or LICENSE.GPLv3 respectively included in the packaging of this * file. */ #import "objfw-defs.h" @class OFString; | | > > > | > > > > > | | < | | | > > > > > | | 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 |
* LICENSE.GPLv2 or LICENSE.GPLv3 respectively included in the packaging of this
* file.
*/
#import "objfw-defs.h"
@class OFString;
@class OFDictionary;
@protocol OFTLSSocket;
/*!
* @protocol OFTLSSocketDelegate OFTLSSocket.h ObjFW/OFTLSSocket.h
*
* @brief A delegate for classes implementing the OFTLSSocket protocol.
*/
@protocol OFTLSSocketDelegate
#ifdef OF_HAVE_OPTIONAL_PROTOCOLS
@optional
#endif
/*!
* @brief This callback is called when the TLS socket wants to know if it
* should accept the received certificate.
*
* @note This is only used to verify certain fields of a certificate to allow
* for protocol specific verification. The certificate chain is verified
* using the specified CAs, or the system's CAs if no CAs have been
* specified.
*
* @param socket The socket which wants to know if it should accept the received
* certificate
* @param certificate A dictionary with the fields of the received certificate
* @return Whether the TLS socket should accept the received certificatechain
*/
- (bool)socket: (id <OFTLSSocket>)socket
shouldAcceptCertificate: (OFDictionary*)certificate;
@end
/*!
* @protocol OFTLSSocket OFTLSSocket.h ObjFW/OFTLSSocket.h
*
* @brief A protocol that should be implemented by 3rd-party libraries
* implementing TLS.
*/
@protocol OFTLSSocket
#ifdef OF_HAVE_PROPERTIES
@property (assign) id <OFTLSSocketDelegate> delegate;
@property (copy) OFString *certificateFile, *privateKeyFile;
@property const char *privateKeyPassphrase;
@property (getter=isCertificateVerificationEnabled)
bool certificateVerificationEnabled;
#endif
/*!
* @brief Initializes the TLS socket with the specified TCP socket as its
* underlying socket.
*
* @param socket The TCP socket to use as underlying socket
*/
- initWithSocket: (OFTCPSocket*)socket;
/*!
* @brief Initiates the TLS handshake.
*
* @note This is only useful if you used @ref initWithSocket: to start TLS on
* a TCP socket which is already connected!
*
* @param host The host to expect for certificate verification.
* May be nil if certificate verification is disabled.
*/
- (void)startTLSWithExpectedHost: (OFString*)host;
/*!
* @brief Sets a delegate for the TLS socket.
*
* @param delegate The delegate to use
*/
- (void)setDelegate: (id <OFTLSSocketDelegate>)delegate;
|
| ︙ | ︙ | |||
203 204 205 206 207 208 209 210 | * @param SNIHost The SNI host for which the passphrase to decrypt the PKCS#8 * private key file should be returned * * @return The passphrase to decrypt the PKCS#8 private key file for the * specified SNI host */ - (const char*)privateKeyPassphraseForSNIHost: (OFString*)SNIHost; @end | > > > > > > > > > > > > > > > > | 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 | * @param SNIHost The SNI host for which the passphrase to decrypt the PKCS#8 * private key file should be returned * * @return The passphrase to decrypt the PKCS#8 private key file for the * specified SNI host */ - (const char*)privateKeyPassphraseForSNIHost: (OFString*)SNIHost; /** * @brief Enable or disable certificate verification. * * The default is enabled. * * @param enabled Whether to enable or disable certificate verification */ - (void)setCertificateVerificationEnabled: (bool)enabled; /** * @brief Returns whether certificate verification is enabled. * * @return Whether certificate verification is enabled */ - (bool)isCertificateVerificationEnabled; @end |