Overview
Comment: | OFTLSSocket: Improved API for easier verification
Verification is done automatically by default now. If more complex verification is needed, automatic verification can be |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
94affb5b295c205e5ea6f215fb0109b0 |
User & Date: | js on 2015-05-24 19:16:41 |
Other Links: | manifest | tags |
Context
2015-05-29
| ||
23:22 | utils/ofhttp: Fix a typo resulting in wrong ETA check-in: 3e5b766b40 user: js tags: trunk | |
2015-05-24
| ||
19:16 | OFTLSSocket: Improved API for easier verification check-in: 94affb5b29 user: js tags: trunk | |
16:19 | OFHTTPClient: Better checking for invalid reply check-in: 692fe63730 user: js tags: trunk | |
Changes
Modified src/OFTLSSocket.h from [7025a98220] to [59dd8c2542].
︙ | ︙ | |||
13 14 15 16 17 18 19 | * LICENSE.GPLv2 or LICENSE.GPLv3 respectively included in the packaging of this * file. */ #import "objfw-defs.h" @class OFString; | | > > > | > > > > > | | < | | | > > > > > | | 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 | * LICENSE.GPLv2 or LICENSE.GPLv3 respectively included in the packaging of this * file. */ #import "objfw-defs.h" @class OFString; @class OFDictionary; @protocol OFTLSSocket; /*! * @protocol OFTLSSocketDelegate OFTLSSocket.h ObjFW/OFTLSSocket.h * * @brief A delegate for classes implementing the OFTLSSocket protocol. */ @protocol OFTLSSocketDelegate #ifdef OF_HAVE_OPTIONAL_PROTOCOLS @optional #endif /*! * @brief This callback is called when the TLS socket wants to know if it * should accept the received certificate. * * @note This is only used to verify certain fields of a certificate to allow * for protocol specific verification. The certificate chain is verified * using the specified CAs, or the system's CAs if no CAs have been * specified. * * @param socket The socket which wants to know if it should accept the received * certificate * @param certificate A dictionary with the fields of the received certificate * @return Whether the TLS socket should accept the received certificatechain */ - (bool)socket: (id <OFTLSSocket>)socket shouldAcceptCertificate: (OFDictionary*)certificate; @end /*! * @protocol OFTLSSocket OFTLSSocket.h ObjFW/OFTLSSocket.h * * @brief A protocol that should be implemented by 3rd-party libraries * implementing TLS. */ @protocol OFTLSSocket #ifdef OF_HAVE_PROPERTIES @property (assign) id <OFTLSSocketDelegate> delegate; @property (copy) OFString *certificateFile, *privateKeyFile; @property const char *privateKeyPassphrase; @property (getter=isCertificateVerificationEnabled) bool certificateVerificationEnabled; #endif /*! * @brief Initializes the TLS socket with the specified TCP socket as its * underlying socket. * * @param socket The TCP socket to use as underlying socket */ - initWithSocket: (OFTCPSocket*)socket; /*! * @brief Initiates the TLS handshake. * * @note This is only useful if you used @ref initWithSocket: to start TLS on * a TCP socket which is already connected! * * @param host The host to expect for certificate verification. * May be nil if certificate verification is disabled. */ - (void)startTLSWithExpectedHost: (OFString*)host; /*! * @brief Sets a delegate for the TLS socket. * * @param delegate The delegate to use */ - (void)setDelegate: (id <OFTLSSocketDelegate>)delegate; |
︙ | ︙ | |||
203 204 205 206 207 208 209 210 | * @param SNIHost The SNI host for which the passphrase to decrypt the PKCS#8 * private key file should be returned * * @return The passphrase to decrypt the PKCS#8 private key file for the * specified SNI host */ - (const char*)privateKeyPassphraseForSNIHost: (OFString*)SNIHost; @end | > > > > > > > > > > > > > > > > | 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 | * @param SNIHost The SNI host for which the passphrase to decrypt the PKCS#8 * private key file should be returned * * @return The passphrase to decrypt the PKCS#8 private key file for the * specified SNI host */ - (const char*)privateKeyPassphraseForSNIHost: (OFString*)SNIHost; /** * @brief Enable or disable certificate verification. * * The default is enabled. * * @param enabled Whether to enable or disable certificate verification */ - (void)setCertificateVerificationEnabled: (bool)enabled; /** * @brief Returns whether certificate verification is enabled. * * @return Whether certificate verification is enabled */ - (bool)isCertificateVerificationEnabled; @end |