ObjFW  Check-in [33dbefb035]

Overview
Comment:OFSecureTransportTLSStream: Use more error codes
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 33dbefb0356f07a7703283961fa4c1c1f1aae8c401844f632657ea8e02125717
User & Date: js on 2024-11-16 14:17:26
Other Links: manifest | tags
Context
2024-11-18
00:51
OFGnuTLSTLSStream: Improve error codes Leaf check-in: f2e96ebd9a user: js tags: trunk
2024-11-16
22:36
OFTLSStream: Add API for server mode check-in: 43864736e7 user: js tags: tls-server
14:17
OFSecureTransportTLSStream: Use more error codes check-in: 33dbefb035 user: js tags: trunk
13:31
Don't build test plugin as bundle and plugin check-in: 50dce32144 user: js tags: trunk
Changes

Modified src/tls/OFGnuTLSTLSStream.m from [49ed6aa948] to [84d62d35d3].

34
35
36
37
38
39
40















41
42
43
44
45
46
47
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62







+
+
+
+
+
+
+
+
+
+
+
+
+
+
+







int _ObjFWTLS_reference;
static gnutls_certificate_credentials_t systemTrustCreds;

#ifndef GNUTLS_SAFE_PADDING_CHECK
/* Some older versions don't have it. */
# define GNUTLS_SAFE_PADDING_CHECK 0
#endif

static OFTLSStreamErrorCode
certificateStatusToErrorCode(gnutls_certificate_status_t status)
{
	if (status & GNUTLS_CERT_UNEXPECTED_OWNER)
		return OFTLSStreamErrorCodeCertificateNameMismatch;
	if (status & GNUTLS_CERT_REVOKED)
		return OFTLSStreamErrorCodeCertificateRevoked;
	if (status & (GNUTLS_CERT_EXPIRED | GNUTLS_CERT_NOT_ACTIVATED))
		return OFTLSStreamErrorCodeCertificatedExpired;
	if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
		return OFTLSStreamErrorCodeCertificateIssuerUntrusted;

	return OFTLSStreamErrorCodeCertificateVerificationFailed;
}

@implementation OFGnuTLSTLSStream
static ssize_t
readFunc(gnutls_transport_ptr_t transport, void *buffer, size_t length)
{
	OFGnuTLSTLSStream *stream = (OFGnuTLSTLSStream *)transport;

76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
91
92
93
94
95
96
97















98
99
100
101
102
103
104







-
-
-
-
-
-
-
-
-
-
-
-
-
-
-








		return -1;
	}

	return length;
}

static OFTLSStreamErrorCode
certificateStatusToErrorCode(gnutls_certificate_status_t status)
{
	if (status & GNUTLS_CERT_UNEXPECTED_OWNER)
		return OFTLSStreamErrorCodeCertificateNameMismatch;
	if (status & GNUTLS_CERT_REVOKED)
		return OFTLSStreamErrorCodeCertificateRevoked;
	if (status & (GNUTLS_CERT_EXPIRED | GNUTLS_CERT_NOT_ACTIVATED))
		return OFTLSStreamErrorCodeCertificatedExpired;
	if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
		return OFTLSStreamErrorCodeCertificateIssuerUntrusted;

	return OFTLSStreamErrorCodeCertificateVerificationFailed;
}

+ (void)load
{
	if (OFTLSStreamImplementation == Nil)
		OFTLSStreamImplementation = self;
}

+ (void)initialize

Modified src/tls/OFSecureTransportTLSStream.m from [cc272524b9] to [9e3e0c47ad].

26
27
28
29
30
31
32











33
34
35
36
37
38
39
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50







+
+
+
+
+
+
+
+
+
+
+







#import "OFAlreadyOpenException.h"
#import "OFNotOpenException.h"
#import "OFReadFailedException.h"
#import "OFTLSHandshakeFailedException.h"
#import "OFWriteFailedException.h"

int _ObjFWTLS_reference;

static OFTLSStreamErrorCode
statusToErrorCode(OSStatus status)
{
	switch (status) {
	case errSSLXCertChainInvalid:
		return OFTLSStreamErrorCodeCertificateVerificationFailed;
	}

	return OFTLSStreamErrorCodeUnknown;
}

static OSStatus
readFunc(SSLConnectionRef connection, void *data, size_t *dataLength)
{
	bool incomplete;
	size_t length;

241
242
243
244
245
246
247
248

249
250
251
252
253
254
255
252
253
254
255
256
257
258

259
260
261
262
263
264
265
266







-
+







	}

	if (status != noErr)
		/* FIXME: Map to better errors */
		exception = [OFTLSHandshakeFailedException
		    exceptionWithStream: self
				   host: _host
			      errorCode: OFTLSStreamErrorCodeUnknown];
			      errorCode: statusToErrorCode(status)];

	if ([_delegate respondsToSelector:
	    @selector(stream:didPerformClientHandshakeWithHost:exception:)])
		[_delegate		       stream: self
		    didPerformClientHandshakeWithHost: _host
					    exception: exception];

267
268
269
270
271
272
273
274

275
276
277
278
279
280
281
282
283
284
285
286
287
278
279
280
281
282
283
284

285
286
287
288
289
290
291
292
293
294
295
296
297
298







-
+













		if (status == errSSLWouldBlock)
			return true;

		if (status != noErr)
			exception = [OFTLSHandshakeFailedException
			    exceptionWithStream: self
					   host: _host
				      errorCode: OFTLSStreamErrorCodeUnknown];
				      errorCode: statusToErrorCode(status)];
	}

	if ([_delegate respondsToSelector:
	    @selector(stream:didPerformClientHandshakeWithHost:exception:)])
		[_delegate		       stream: self
		    didPerformClientHandshakeWithHost: _host
					    exception: exception];

	[_delegate release];

	return false;
}
@end