Index: src/OFTLSSocket.h ================================================================== --- src/OFTLSSocket.h +++ src/OFTLSSocket.h @@ -52,10 +52,41 @@ * * @brief A protocol that should be implemented by 3rd-party libraries * implementing TLS. */ @protocol OFTLSSocket +/*! + * The delegate for the TLS socket. + */ +@property OF_NULLABLE_PROPERTY (assign) id delegate; + +/*! + * The path to the X.509 certificate file to use. + */ +@property OF_NULLABLE_PROPERTY (copy) OFString *certificateFile; + +/*! + * The path to the PKCS#8 private key file to use. + */ +@property OF_NULLABLE_PROPERTY (copy) OFString *privateKeyFile; + +/*! + * The passphrase to decrypt the PKCS#8 private key file. + * + * @warning You have to ensure that this is in secure memory protected from + * swapping! This is also the reason why this is not an OFString. + */ +@property OF_NULLABLE_PROPERTY (assign) const char *privateKeyPassphrase; + +/** + * Whether certificate verification is enabled. + * + * The default is enabled. + */ +@property (getter=isCertificateVerificationEnabled) + bool certificateVerificationEnabled; + /*! * @brief Initializes the TLS socket with the specified TCP socket as its * underlying socket. * * @param socket The TCP socket to use as underlying socket @@ -71,31 +102,10 @@ * @param host The host to expect for certificate verification. * May be `nil` if certificate verification is disabled. */ - (void)startTLSWithExpectedHost: (nullable OFString*)host; -/*! - * @brief Sets a delegate for the TLS socket. - * - * @param delegate The delegate to use - */ -- (void)setDelegate: (nullable id )delegate; - -/*! - * @brief Returns the delegate used by the TLS socket. - * - * @return The delegate used by the TLS socket - */ -- (nullable id )delegate; - -/*! - * @brief Sets the path to the X.509 certificate file to use. - * - * @param certificateFile The path to the X.509 certificate file - */ -- (void)setCertificateFile: (nullable OFString*)certificateFile; - /*! * @brief Sets the path to the X.509 certificate file to use for the specified * SNI host. * * @param SNIHost The SNI host for which the path of the X.509 certificate file @@ -104,17 +114,10 @@ * @param certificateFile The path to the X.509 certificate file */ - (void)setCertificateFile: (OFString*)certificateFile forSNIHost: (OFString*)SNIHost; -/*! - * @brief Returns the path of the X.509 certificate file used by the TLS socket. - * - * @return The path of the X.509 certificate file used by the TLS socket - */ -- (nullable OFString*)certificateFile; - /*! * @brief Returns the path of the X.509 certificate file used by the TLS socket * for the specified SNI host. * * @param SNIHost The SNI host for which the path of the X.509 certificate file @@ -123,17 +126,10 @@ * @return The path of the X.509 certificate file used by the TLS socket for * the specified SNI host */ - (nullable OFString*)certificateFileForSNIHost: (OFString*)SNIHost; -/*! - * @brief Sets the path to the PKCS#8 private key file to use. - * - * @param privateKeyFile The path to the PKCS#8 private key file - */ -- (void)setPrivateKeyFile: (nullable OFString*)privateKeyFile; - /*! * @brief Sets the path to the PKCS#8 private key file to use for the specified * SNI host. * * @param privateKeyFile The path to the PKCS#8 private key file @@ -141,18 +137,10 @@ * file should be set */ - (void)setPrivateKeyFile: (OFString*)privateKeyFile forSNIHost: (OFString*)SNIHost; -/*! - * @brief Returns the path of the PKCS#8 private key file used by the TLS - * socket. - * - * @return The path of the PKCS#8 private key file used by the TLS socket - */ -- (nullable OFString*)privateKeyFile; - /*! * @brief Returns the path of the PKCS#8 private key file used by the TLS * socket for the specified SNI host. * * @param SNIHost The SNI host for which the path of the PKCS#8 private key @@ -161,21 +149,10 @@ * @return The path of the PKCS#8 private key file used by the TLS socket for * the specified SNI host */ - (nullable OFString*)privateKeyFileForSNIHost: (OFString*)SNIHost; -/*! - * @brief Sets the passphrase to decrypt the PKCS#8 private key file. - * - * @warning You have to ensure that this is in secure memory protected from - * swapping! This is also the reason why this is not an OFString. - * - * @param privateKeyPassphrase The passphrase to decrypt the PKCS#8 private - * key file - */ -- (void)setPrivateKeyPassphrase: (nullable const char*)privateKeyPassphrase; - /*! * @brief Sets the passphrase to decrypt the PKCS#8 private key file for the * specified SNI host. * * @warning You have to ensure that this is in secure memory protected from @@ -187,19 +164,10 @@ * private key file should be set */ - (void)setPrivateKeyPassphrase: (const char*)privateKeyPassphrase forSNIHost: (OFString*)SNIHost; -/*! - * @brief Returns the passphrase to decrypt the PKCS#8 private key file. - * - * @warning You should not copy this to insecure memory which is swappable! - * - * @return The passphrase to decrypt the PKCS#8 private key file - */ -- (nullable const char*)privateKeyPassphrase; - /*! * @brief Returns the passphrase to decrypt the PKCS#8 private key file for the * specified SNI host. * * @warning You should not copy this to insecure memory which is swappable! @@ -209,24 +177,8 @@ * * @return The passphrase to decrypt the PKCS#8 private key file for the * specified SNI host */ - (nullable const char*)privateKeyPassphraseForSNIHost: (OFString*)SNIHost; - -/** - * @brief Enable or disable certificate verification. - * - * The default is enabled. - * - * @param enabled Whether to enable or disable certificate verification - */ -- (void)setCertificateVerificationEnabled: (bool)enabled; - -/** - * @brief Returns whether certificate verification is enabled. - * - * @return Whether certificate verification is enabled - */ -- (bool)isCertificateVerificationEnabled; @end OF_ASSUME_NONNULL_END