Differences From Artifact [7025a98220]:
- File src/OFTLSSocket.h — part of check-in [cfd374b906] at 2015-01-03 20:57:18 on branch trunk — Update copyright (user: js, size: 6468) [annotate] [blame] [check-ins using]
To Artifact [59dd8c2542]:
- File
src/OFTLSSocket.h
— part of check-in
[94affb5b29]
at
2015-05-24 19:16:41
on branch trunk
— OFTLSSocket: Improved API for easier verification
Verification is done automatically by default now.
If more complex verification is needed, automatic verification can be
disabled and done manually. (user: js, size: 7433) [annotate] [blame] [check-ins using]
︙ | ︙ | |||
13 14 15 16 17 18 19 | * LICENSE.GPLv2 or LICENSE.GPLv3 respectively included in the packaging of this * file. */ #import "objfw-defs.h" @class OFString; | | > > > | > > > > > | | < | | | > > > > > | | 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 | * LICENSE.GPLv2 or LICENSE.GPLv3 respectively included in the packaging of this * file. */ #import "objfw-defs.h" @class OFString; @class OFDictionary; @protocol OFTLSSocket; /*! * @protocol OFTLSSocketDelegate OFTLSSocket.h ObjFW/OFTLSSocket.h * * @brief A delegate for classes implementing the OFTLSSocket protocol. */ @protocol OFTLSSocketDelegate #ifdef OF_HAVE_OPTIONAL_PROTOCOLS @optional #endif /*! * @brief This callback is called when the TLS socket wants to know if it * should accept the received certificate. * * @note This is only used to verify certain fields of a certificate to allow * for protocol specific verification. The certificate chain is verified * using the specified CAs, or the system's CAs if no CAs have been * specified. * * @param socket The socket which wants to know if it should accept the received * certificate * @param certificate A dictionary with the fields of the received certificate * @return Whether the TLS socket should accept the received certificatechain */ - (bool)socket: (id <OFTLSSocket>)socket shouldAcceptCertificate: (OFDictionary*)certificate; @end /*! * @protocol OFTLSSocket OFTLSSocket.h ObjFW/OFTLSSocket.h * * @brief A protocol that should be implemented by 3rd-party libraries * implementing TLS. */ @protocol OFTLSSocket #ifdef OF_HAVE_PROPERTIES @property (assign) id <OFTLSSocketDelegate> delegate; @property (copy) OFString *certificateFile, *privateKeyFile; @property const char *privateKeyPassphrase; @property (getter=isCertificateVerificationEnabled) bool certificateVerificationEnabled; #endif /*! * @brief Initializes the TLS socket with the specified TCP socket as its * underlying socket. * * @param socket The TCP socket to use as underlying socket */ - initWithSocket: (OFTCPSocket*)socket; /*! * @brief Initiates the TLS handshake. * * @note This is only useful if you used @ref initWithSocket: to start TLS on * a TCP socket which is already connected! * * @param host The host to expect for certificate verification. * May be nil if certificate verification is disabled. */ - (void)startTLSWithExpectedHost: (OFString*)host; /*! * @brief Sets a delegate for the TLS socket. * * @param delegate The delegate to use */ - (void)setDelegate: (id <OFTLSSocketDelegate>)delegate; |
︙ | ︙ | |||
203 204 205 206 207 208 209 210 | * @param SNIHost The SNI host for which the passphrase to decrypt the PKCS#8 * private key file should be returned * * @return The passphrase to decrypt the PKCS#8 private key file for the * specified SNI host */ - (const char*)privateKeyPassphraseForSNIHost: (OFString*)SNIHost; @end | > > > > > > > > > > > > > > > > | 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 | * @param SNIHost The SNI host for which the passphrase to decrypt the PKCS#8 * private key file should be returned * * @return The passphrase to decrypt the PKCS#8 private key file for the * specified SNI host */ - (const char*)privateKeyPassphraseForSNIHost: (OFString*)SNIHost; /** * @brief Enable or disable certificate verification. * * The default is enabled. * * @param enabled Whether to enable or disable certificate verification */ - (void)setCertificateVerificationEnabled: (bool)enabled; /** * @brief Returns whether certificate verification is enabled. * * @return Whether certificate verification is enabled */ - (bool)isCertificateVerificationEnabled; @end |