Index: src/OFHTTPServer.h ================================================================== --- src/OFHTTPServer.h +++ src/OFHTTPServer.h @@ -91,13 +91,10 @@ OF_SUBCLASSING_RESTRICTED @interface OFHTTPServer: OFObject { OFString *_Nullable _host; uint16_t _port; - bool _usesTLS; - OFString *_Nullable _certificateFile, *_Nullable _privateKeyFile; - const char *_Nullable _privateKeyPassphrase; id _Nullable _delegate; OFString *_Nullable _name; OFTCPSocket *_Nullable _listeningSocket; #ifdef OF_HAVE_THREADS size_t _numberOfThreads, _nextThreadIndex; @@ -119,46 +116,10 @@ * Setting this after @ref start has been called raises an * @ref OFAlreadyConnectedException. */ @property (nonatomic) uint16_t port; -/** - * @brief Whether the HTTP server uses TLS. - * - * Setting this after @ref start has been called raises an - * @ref OFAlreadyConnectedException. - */ -@property (nonatomic) bool usesTLS; - -/** - * @brief The path to the X.509 certificate file to use for TLS. - * - * Setting this after @ref start has been called raises an - * @ref OFAlreadyConnectedException. - */ -@property OF_NULLABLE_PROPERTY (copy, nonatomic) OFString *certificateFile; - -/** - * @brief The path to the PKCS#8 private key file to use for TLS. - * - * Setting this after @ref start has been called raises an - * @ref OFAlreadyConnectedException. - */ -@property OF_NULLABLE_PROPERTY (copy, nonatomic) OFString *privateKeyFile; - -/** - * @brief The passphrase to decrypt the PKCS#8 private key file for TLS. - * - * @warning You have to ensure that this is in secure memory protected from - * swapping! This is also the reason why this is not an OFString. - * - * Setting this after @ref start has been called raises an - * @ref OFAlreadyConnectedException. - */ -@property OF_NULLABLE_PROPERTY (assign, nonatomic) - const char *privateKeyPassphrase; - /** * @brief The delegate for the HTTP server. */ @property OF_NULLABLE_PROPERTY (assign, nonatomic) id delegate; Index: src/OFHTTPServer.m ================================================================== --- src/OFHTTPServer.m +++ src/OFHTTPServer.m @@ -809,70 +809,10 @@ - (uint16_t)port { return _port; } -- (void)setUsesTLS: (bool)usesTLS -{ - if (_listeningSocket != nil) - @throw [OFAlreadyConnectedException exception]; - - _usesTLS = usesTLS; -} - -- (bool)usesTLS -{ - return _usesTLS; -} - -- (void)setCertificateFile: (OFString *)certificateFile -{ - OFString *old; - - if (_listeningSocket != nil) - @throw [OFAlreadyConnectedException exception]; - - old = _certificateFile; - _certificateFile = [certificateFile copy]; - [old release]; -} - -- (OFString *)certificateFile -{ - return _certificateFile; -} - -- (void)setPrivateKeyFile: (OFString *)privateKeyFile -{ - OFString *old; - - if (_listeningSocket != nil) - @throw [OFAlreadyConnectedException exception]; - - old = _privateKeyFile; - _privateKeyFile = [privateKeyFile copy]; - [old release]; -} - -- (OFString *)privateKeyFile -{ - return _privateKeyFile; -} - -- (void)setPrivateKeyPassphrase: (const char *)privateKeyPassphrase -{ - if (_listeningSocket != nil) - @throw [OFAlreadyConnectedException exception]; - - _privateKeyPassphrase = privateKeyPassphrase; -} - -- (const char *)privateKeyPassphrase -{ - return _privateKeyPassphrase; -} - #ifdef OF_HAVE_THREADS - (void)setNumberOfThreads: (size_t)numberOfThreads { if (numberOfThreads == 0) @throw [OFInvalidArgumentException exception]; @@ -897,25 +837,11 @@ @throw [OFInvalidArgumentException exception]; if (_listeningSocket != nil) @throw [OFAlreadyConnectedException exception]; - if (_usesTLS) { - OFTCPSocket *TLSSocket; - - if (OFTLSSocketClass == Nil) - @throw [OFUnsupportedProtocolException exception]; - - TLSSocket = [[OFTLSSocketClass alloc] init]; - _listeningSocket = TLSSocket; - - TLSSocket.certificateFile = _certificateFile; - TLSSocket.privateKeyFile = _privateKeyFile; - TLSSocket.privateKeyPassphrase = _privateKeyPassphrase; - } else - _listeningSocket = [[OFTCPSocket alloc] init]; - + _listeningSocket = [[OFTCPSocket alloc] init]; _port = [_listeningSocket bindToHost: _host port: _port]; [_listeningSocket listen]; #ifdef OF_HAVE_THREADS if (_numberOfThreads > 1) { Index: src/OFTLSSocket.h ================================================================== --- src/OFTLSSocket.h +++ src/OFTLSSocket.h @@ -15,71 +15,17 @@ #import "OFObject.h" OF_ASSUME_NONNULL_BEGIN -@class OFString; -@class OFDictionary OF_GENERIC(KeyType, ObjectType); -@protocol OFTLSSocket; - -/** - * @protocol OFTLSSocketDelegate OFTLSSocket.h ObjFW/OFTLSSocket.h - * - * @brief A delegate for classes implementing the OFTLSSocket protocol. - */ -@protocol OFTLSSocketDelegate -@optional -/** - * @brief This callback is called when the TLS socket wants to know if it - * should accept the received certificate. - * - * @note This is only used to verify certain fields of a certificate to allow - * for protocol specific verification. The certificate chain is verified - * using the specified CAs, or the system's CAs if no CAs have been - * specified. - * - * @param socket The socket which wants to know if it should accept the received - * certificate - * @param certificate A dictionary with the fields of the received certificate - * @return Whether the TLS socket should accept the received certificate chain - */ -- (bool)socket: (id )socket - shouldAcceptCertificate: (OFDictionary *)certificate; -@end - /** * @protocol OFTLSSocket OFTLSSocket.h ObjFW/OFTLSSocket.h * * @brief A protocol that should be implemented by 3rd-party libraries * implementing TLS. */ @protocol OFTLSSocket -/** - * @brief The delegate for the TLS socket. - */ -@property OF_NULLABLE_PROPERTY (assign, nonatomic) - id delegate; - -/** - * @brief The path to the X.509 certificate file to use. - */ -@property OF_NULLABLE_PROPERTY (copy, nonatomic) OFString *certificateFile; - -/** - * @brief The path to the PKCS#8 private key file to use. - */ -@property OF_NULLABLE_PROPERTY (copy, nonatomic) OFString *privateKeyFile; - -/** - * @brief The passphrase to decrypt the PKCS#8 private key file. - * - * @warning You have to ensure that this is in secure memory protected from - * swapping! This is also the reason why this is not an OFString. - */ -@property OF_NULLABLE_PROPERTY (assign, nonatomic) - const char *privateKeyPassphrase; - /** * @brief Whether certificates are verified. * * The default is enabled. */ @@ -90,95 +36,8 @@ * underlying socket. * * @param socket The TCP socket to use as underlying socket */ - (instancetype)initWithSocket: (OFTCPSocket *)socket; - -/** - * @brief Initiates the TLS handshake. - * - * @note This is only useful if you used @ref initWithSocket: to start TLS on - * a TCP socket which is already connected! - * - * @param host The host to expect for certificate verification. - * May be `nil` if certificate verification is disabled. - */ -- (void)startTLSWithExpectedHost: (nullable OFString *)host; - -/** - * @brief Sets the path to the X.509 certificate file to use for the specified - * SNI host. - * - * @param SNIHost The SNI host for which the path of the X.509 certificate file - * should be set - * - * @param certificateFile The path to the X.509 certificate file - */ -- (void)setCertificateFile: (OFString *)certificateFile - forSNIHost: (OFString *)SNIHost; - -/** - * @brief Returns the path of the X.509 certificate file used by the TLS socket - * for the specified SNI host. - * - * @param SNIHost The SNI host for which the path of the X.509 certificate file - * should be returned - * - * @return The path of the X.509 certificate file used by the TLS socket for - * the specified SNI host - */ -- (nullable OFString *)certificateFileForSNIHost: (OFString *)SNIHost; - -/** - * @brief Sets the path to the PKCS#8 private key file to use for the specified - * SNI host. - * - * @param privateKeyFile The path to the PKCS#8 private key file - * @param SNIHost The SNI host for which the path to the PKCS#8 private key - * file should be set - */ -- (void)setPrivateKeyFile: (OFString *)privateKeyFile - forSNIHost: (OFString *)SNIHost; - -/** - * @brief Returns the path of the PKCS#8 private key file used by the TLS - * socket for the specified SNI host. - * - * @param SNIHost The SNI host for which the path of the PKCS#8 private key - * file should be returned - * - * @return The path of the PKCS#8 private key file used by the TLS socket for - * the specified SNI host - */ -- (nullable OFString *)privateKeyFileForSNIHost: (OFString *)SNIHost; - -/** - * @brief Sets the passphrase to decrypt the PKCS#8 private key file for the - * specified SNI host. - * - * @warning You have to ensure that this is in secure memory protected from - * swapping! This is also the reason why this is not an OFString. - * - * @param privateKeyPassphrase The passphrase to decrypt the PKCS#8 private - * key file for the specified SNI host - * @param SNIHost The SNI host for which the passphrase to decrypt the PKCS#8 - * private key file should be set - */ -- (void)setPrivateKeyPassphrase: (const char *)privateKeyPassphrase - forSNIHost: (OFString *)SNIHost; - -/** - * @brief Returns the passphrase to decrypt the PKCS#8 private key file for the - * specified SNI host. - * - * @warning You should not copy this to insecure memory which is swappable! - * - * @param SNIHost The SNI host for which the passphrase to decrypt the PKCS#8 - * private key file should be returned - * - * @return The passphrase to decrypt the PKCS#8 private key file for the - * specified SNI host - */ -- (nullable const char *)privateKeyPassphraseForSNIHost: (OFString *)SNIHost; @end OF_ASSUME_NONNULL_END