ObjFW  Check-in [94affb5b29]

Overview
Comment:OFTLSSocket: Improved API for easier verification

Verification is done automatically by default now.

If more complex verification is needed, automatic verification can be
disabled and done manually.

Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 94affb5b295c205e5ea6f215fb0109b010f9a3c43b3056fe2a31efd0eb630551
User & Date: js on 2015-05-24 19:16:41
Other Links: manifest | tags
Context
2015-05-29
23:22
utils/ofhttp: Fix a typo resulting in wrong ETA check-in: 3e5b766b40 user: js tags: trunk
2015-05-24
19:16
OFTLSSocket: Improved API for easier verification check-in: 94affb5b29 user: js tags: trunk
16:19
OFHTTPClient: Better checking for invalid reply check-in: 692fe63730 user: js tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Modified src/OFTLSSocket.h from [7025a98220] to [59dd8c2542]. 

13
14
15
16
17
18
19
20

21
22
23
24
25
26
27
28



29
30
31

32





33
34
35


36
37

38
39
40


41
42
43
44
45
46
47
48
49
50
51
52
53


54
55
56
57
58
59
60
61
62
63
64
65
66
67
68



69
70

71
72
73
74
75
76
77

13
14
15
16
17
18
19

20
21
22
23
24
25
26
27
28
29
30
31
32
33

34
35
36
37
38
39
40
41


42
43


44
45


46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

82
83
84
85
86
87
88
89








-
+








+
+
+


-
+

+
+
+
+
+

-
-
+
+
-
-
+

-
-
+
+













+
+















+
+
+

-
+








 * LICENSE.GPLv2 or LICENSE.GPLv3 respectively included in the packaging of this
 * file.
 */

#import "objfw-defs.h"

@class OFString;
@class OFArray;
@class OFDictionary;
@protocol OFTLSSocket;

/*!
 * @protocol OFTLSSocketDelegate OFTLSSocket.h ObjFW/OFTLSSocket.h
 *
 * @brief A delegate for classes implementing the OFTLSSocket protocol.
 */
@protocol OFTLSSocketDelegate
#ifdef OF_HAVE_OPTIONAL_PROTOCOLS
@optional
#endif
/*!
 * @brief This callback is called when the TLS socket wants to know if it
 *	  should accept the received keychain.
 *	  should accept the received certificate.
 *
 * @note This is only used to verify certain fields of a certificate to allow
 *	 for protocol specific verification. The certificate chain is verified
 *	 using the specified CAs, or the system's CAs if no CAs have been
 *	 specified.
 *
 * @param socket The socket which wants to know if it should accept the received
 *		 keychain
 * @param keychain An array of objects implementing the OFX509Certificate
 *		 certificate
 * @param certificate A dictionary with the fields of the received certificate
 *		   protocol
 * @return Whether the TLS socket should accept the received keychain
 * @return Whether the TLS socket should accept the received certificatechain
 */
-	  (bool)socket: (id <OFTLSSocket>)socket
  shouldAcceptKeychain: (OFArray*)keychain;
-	     (bool)socket: (id <OFTLSSocket>)socket
  shouldAcceptCertificate: (OFDictionary*)certificate;
@end

/*!
 * @protocol OFTLSSocket OFTLSSocket.h ObjFW/OFTLSSocket.h
 *
 * @brief A protocol that should be implemented by 3rd-party libraries
 *	  implementing TLS.
 */
@protocol OFTLSSocket
#ifdef OF_HAVE_PROPERTIES
@property (assign) id <OFTLSSocketDelegate> delegate;
@property (copy) OFString *certificateFile, *privateKeyFile;
@property const char *privateKeyPassphrase;
@property (getter=isCertificateVerificationEnabled)
    bool certificateVerificationEnabled;
#endif

/*!
 * @brief Initializes the TLS socket with the specified TCP socket as its
 *	  underlying socket.
 *
 * @param socket The TCP socket to use as underlying socket
 */
- initWithSocket: (OFTCPSocket*)socket;

/*!
 * @brief Initiates the TLS handshake.
 *
 * @note This is only useful if you used @ref initWithSocket: to start TLS on
 *	 a TCP socket which is already connected!
 *
 * @param host The host to expect for certificate verification.
 *	       May be nil if certificate verification is disabled.
 */
- (void)startTLS;
- (void)startTLSWithExpectedHost: (OFString*)host;

/*!
 * @brief Sets a delegate for the TLS socket.
 *
 * @param delegate The delegate to use
 */
- (void)setDelegate: (id <OFTLSSocketDelegate>)delegate;

203
204
205
206
207
208
209
















210

215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238








+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+


 * @param SNIHost The SNI host for which the passphrase to decrypt the PKCS#8
 *		  private key file should be returned
 *
 * @return The passphrase to decrypt the PKCS#8 private key file for the
 *	   specified SNI host
 */
- (const char*)privateKeyPassphraseForSNIHost: (OFString*)SNIHost;

/**
 * @brief Enable or disable certificate verification.
 *
 * The default is enabled.
 *
 * @param enabled Whether to enable or disable certificate verification
 */
- (void)setCertificateVerificationEnabled: (bool)enabled;

/**
 * @brief Returns whether certificate verification is enabled.
 *
 * @return Whether certificate verification is enabled
 */
- (bool)isCertificateVerificationEnabled;
@end

Fossil 2.23 [47362306a7] 2023-11-01 18:56:47
This page was generated in about 0.014s