ObjFW  Check-in [418f8b3fbf]

Overview
Comment:OFMbedTLSTLSStream: Use more error codes
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 418f8b3fbf6567f6a8e5cf8badb63d765ea15e9279603b0ccdb78e5e3ce3f1ea
User & Date: js on 2024-11-16 11:40:34
Other Links: manifest | tags
Context
2024-11-16
13:31
Update buildsys check-in: 89ca6c7896 user: js tags: trunk
11:40
OFMbedTLSTLSStream: Use more error codes check-in: 418f8b3fbf user: js tags: trunk
2024-11-14
01:58
Increase ObjFW library version check-in: 73af26b775 user: js tags: trunk
Changes

Modified src/tls/OFMbedTLSTLSStream.m from [85da4c8b35] to [dc83f1d9b9].

37
38
39
40
41
42
43





























44
45
46
47
48
49
50

#include <mbedtls/ctr_drbg.h>
#include <mbedtls/entropy.h>

int _ObjFWTLS_reference;
static mbedtls_entropy_context entropy;
static mbedtls_ctr_drbg_context CTRDRBG;






























@implementation OFMbedTLSTLSStream
static int
readFunc(void *ctx, unsigned char *buffer, size_t length)
{
	OFMbedTLSTLSStream *stream = (OFMbedTLSTLSStream *)ctx;








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

#include <mbedtls/ctr_drbg.h>
#include <mbedtls/entropy.h>

int _ObjFWTLS_reference;
static mbedtls_entropy_context entropy;
static mbedtls_ctr_drbg_context CTRDRBG;

static OFTLSStreamErrorCode
verifyResultToErrorCode(const mbedtls_ssl_context *SSL)
{
	switch (mbedtls_ssl_get_verify_result(SSL)) {
	case MBEDTLS_X509_BADCERT_NOT_TRUSTED:
		return OFTLSStreamErrorCodeCertificateIssuerUntrusted;
	case MBEDTLS_X509_BADCERT_CN_MISMATCH:
		return OFTLSStreamErrorCodeCertificateNameMismatch;
	case MBEDTLS_X509_BADCERT_EXPIRED:
	case MBEDTLS_X509_BADCERT_FUTURE:
		return OFTLSStreamErrorCodeCertificatedExpired;
	case MBEDTLS_X509_BADCERT_REVOKED:
		return OFTLSStreamErrorCodeCertificateRevoked;
	}

	return OFTLSStreamErrorCodeCertificateVerificationFailed;
}

static OFTLSStreamErrorCode
statusToErrorCode(const mbedtls_ssl_context *SSL, int status)
{
	switch (status) {
	case MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:
		return verifyResultToErrorCode(SSL);
	}

	return OFTLSStreamErrorCodeUnknown;
}

@implementation OFMbedTLSTLSStream
static int
readFunc(void *ctx, unsigned char *buffer, size_t length)
{
	OFMbedTLSTLSStream *stream = (OFMbedTLSTLSStream *)ctx;

285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
		objc_autoreleasePoolPop(pool);
		return;
	}

	if (status == 0)
		_handshakeDone = true;
	else
		/* FIXME: Map to better errors */
		exception = [OFTLSHandshakeFailedException
		    exceptionWithStream: self
				   host: host
			      errorCode: OFTLSStreamErrorCodeUnknown];

	if ([_delegate respondsToSelector:
	    @selector(stream:didPerformClientHandshakeWithHost:exception:)])
		[_delegate		       stream: self
		    didPerformClientHandshakeWithHost: host
					    exception: exception];








<



|







314
315
316
317
318
319
320

321
322
323
324
325
326
327
328
329
330
331
		objc_autoreleasePoolPop(pool);
		return;
	}

	if (status == 0)
		_handshakeDone = true;
	else

		exception = [OFTLSHandshakeFailedException
		    exceptionWithStream: self
				   host: host
			      errorCode: statusToErrorCode(&_SSL, status)];

	if ([_delegate respondsToSelector:
	    @selector(stream:didPerformClientHandshakeWithHost:exception:)])
		[_delegate		       stream: self
		    didPerformClientHandshakeWithHost: host
					    exception: exception];

324
325
326
327
328
329
330
331

332
333
334
335
336
337
338

		if (status == 0)
			_handshakeDone = true;
		else
			exception = [OFTLSHandshakeFailedException
			    exceptionWithStream: self
					   host: _host
				      errorCode: OFTLSStreamErrorCodeUnknown];

	}

	if ([_delegate respondsToSelector:
	    @selector(stream:didPerformClientHandshakeWithHost:exception:)])
		[_delegate		       stream: self
		    didPerformClientHandshakeWithHost: _host
					    exception: exception];







|
>







352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367

		if (status == 0)
			_handshakeDone = true;
		else
			exception = [OFTLSHandshakeFailedException
			    exceptionWithStream: self
					   host: _host
				      errorCode: statusToErrorCode(
						     &_SSL, status)];
	}

	if ([_delegate respondsToSelector:
	    @selector(stream:didPerformClientHandshakeWithHost:exception:)])
		[_delegate		       stream: self
		    didPerformClientHandshakeWithHost: _host
					    exception: exception];
363
364
365
366
367
368
369
370

371
372
373
374
375
376
377
378
379
380
381
382
383

		if (status == 0)
			_handshakeDone = true;
		else
			exception = [OFTLSHandshakeFailedException
			    exceptionWithStream: self
					   host: _host
				      errorCode: OFTLSStreamErrorCodeUnknown];

	}

	if ([_delegate respondsToSelector:
	    @selector(stream:didPerformClientHandshakeWithHost:exception:)])
		[_delegate		       stream: self
		    didPerformClientHandshakeWithHost: _host
					    exception: exception];

	[_delegate release];

	return nil;
}
@end







|
>













392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413

		if (status == 0)
			_handshakeDone = true;
		else
			exception = [OFTLSHandshakeFailedException
			    exceptionWithStream: self
					   host: _host
				      errorCode: statusToErrorCode(
						     &_SSL, status)];
	}

	if ([_delegate respondsToSelector:
	    @selector(stream:didPerformClientHandshakeWithHost:exception:)])
		[_delegate		       stream: self
		    didPerformClientHandshakeWithHost: _host
					    exception: exception];

	[_delegate release];

	return nil;
}
@end