mirror of
https://github.com/gnustep/libs-base.git
synced 2025-04-22 16:33:29 +00:00
tweaks
git-svn-id: svn+ssh://svn.gna.org/svn/gnustep/libs/base/trunk@35607 72102866-910b-0410-8b05-ffd578937521
This commit is contained in:
Richard Frith-MacDonald
parent
da52c8df5e
commit
73a67f4920
4 changed files with 58 additions and 38 deletions
|
|
@ -536,8 +536,7 @@ GSTLSPush(gnutls_transport_ptr_t handle, const void *buffer, size_t len)
|
|||
direction: (server ? NO : YES)
|
||||
transport: (void*)self
|
||||
push: GSTLSPush
|
||||
pull: GSTLSPull
|
||||
host: nil];
|
||||
pull: GSTLSPull];
|
||||
initialised = YES;
|
||||
return self;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -42,6 +42,14 @@
|
|||
#include <gcrypt.h>
|
||||
#undef id
|
||||
|
||||
extern NSString * const GSTLSCAFile;
|
||||
extern NSString * const GSTLSCertificateFile;
|
||||
extern NSString * const GSTLSCertificateKeyFile;
|
||||
extern NSString * const GSTLSCertificateKeyPassword;
|
||||
extern NSString * const GSTLSDebug;
|
||||
extern NSString * const GSTLSCAVerify;
|
||||
extern NSString * const GSTLSRemoteHosts;
|
||||
|
||||
/* This class is used to ensure that the GNUTLS system is initialised
|
||||
* and thread-safe.
|
||||
*/
|
||||
|
|
@ -112,13 +120,11 @@ typedef ssize_t (*GSTLSIOW)(gnutls_transport_ptr_t, const void *, size_t);
|
|||
/* This class encapsulates a session to a remote system.
|
||||
* Sessions are created with a direction and an options dictionary,
|
||||
* defining how they will operate. The handle, pushFunc and pullFunc
|
||||
* provide the I/O mechanism, and the host specifies the host that the
|
||||
* session is connected to.
|
||||
* provide the I/O mechanism.
|
||||
*/
|
||||
@interface GSTLSSession : GSTLSObject
|
||||
{
|
||||
NSDictionary *opts;
|
||||
NSHost *host;
|
||||
GSTLSPrivateKey *key;
|
||||
GSTLSCertificateList *list;
|
||||
GSTLSDHParams *dhParams;
|
||||
|
|
@ -134,15 +140,13 @@ typedef ssize_t (*GSTLSIOW)(gnutls_transport_ptr_t, const void *, size_t);
|
|||
direction: (BOOL)isOutgoing
|
||||
transport: (void*)handle
|
||||
push: (GSTLSIOW)pushFunc
|
||||
pull: (GSTLSIOR)pullFunc
|
||||
host: (NSHost*)remote;
|
||||
pull: (GSTLSIOR)pullFunc;
|
||||
|
||||
- (id) initWithOptions: (NSDictionary*)options
|
||||
direction: (BOOL)isOutgoing
|
||||
transport: (void*)handle
|
||||
push: (GSTLSIOW)pushFunc
|
||||
pull: (GSTLSIOR)pullFunc
|
||||
host: (NSHost*)remote;
|
||||
pull: (GSTLSIOR)pullFunc;
|
||||
|
||||
/* Return YES if the session is active (handshake has succeeded and the
|
||||
* session has not been disconnected), NO otherwise.
|
||||
|
|
|
|||
|
|
@ -709,7 +709,6 @@ static NSMutableDictionary *privateKeyCache1 = nil;
|
|||
transport: (void*)handle
|
||||
push: (GSTLSIOW)pushFunc
|
||||
pull: (GSTLSIOR)pullFunc
|
||||
host: (NSHost*)host
|
||||
{
|
||||
GSTLSSession *sess;
|
||||
|
||||
|
|
@ -717,8 +716,7 @@ static NSMutableDictionary *privateKeyCache1 = nil;
|
|||
direction: isOutgoing
|
||||
transport: handle
|
||||
push: pushFunc
|
||||
pull: pullFunc
|
||||
host: host];
|
||||
pull: pullFunc];
|
||||
return [sess autorelease];
|
||||
}
|
||||
|
||||
|
|
@ -731,7 +729,6 @@ static NSMutableDictionary *privateKeyCache1 = nil;
|
|||
{
|
||||
[self finalize];
|
||||
DESTROY(opts);
|
||||
DESTROY(host);
|
||||
DESTROY(list);
|
||||
DESTROY(key);
|
||||
DESTROY(dhParams);
|
||||
|
|
@ -766,7 +763,6 @@ static NSMutableDictionary *privateKeyCache1 = nil;
|
|||
transport: (void*)handle
|
||||
push: (GSTLSIOW)pushFunc
|
||||
pull: (GSTLSIOR)pullFunc
|
||||
host: (NSHost*)remote
|
||||
{
|
||||
if (nil != (self = [super init]))
|
||||
{
|
||||
|
|
@ -779,7 +775,6 @@ static NSMutableDictionary *privateKeyCache1 = nil;
|
|||
BOOL debug = (globalDebug > 0) ? YES : NO;
|
||||
|
||||
opts = [options copy];
|
||||
host = [remote copy];
|
||||
outgoing = isOutgoing ? YES : NO;
|
||||
|
||||
if (NO == debug)
|
||||
|
|
@ -1157,19 +1152,20 @@ static NSMutableDictionary *privateKeyCache1 = nil;
|
|||
if (cert_list_size > 0
|
||||
&& gnutls_certificate_type_get(session) == GNUTLS_CRT_X509)
|
||||
{
|
||||
char dn[128];
|
||||
char serial[40];
|
||||
size_t dn_size = sizeof(dn);
|
||||
size_t serial_size = sizeof(serial);
|
||||
time_t expiret;
|
||||
time_t activet;
|
||||
int algo;
|
||||
unsigned int bits;
|
||||
int i;
|
||||
int cert_num;
|
||||
|
||||
for (cert_num = 0; cert_num < cert_list_size; cert_num++)
|
||||
{
|
||||
char dn[1024];
|
||||
size_t dn_size = sizeof(dn);
|
||||
char serial[40];
|
||||
size_t serial_size = sizeof(serial);
|
||||
time_t expiret;
|
||||
time_t activet;
|
||||
int algo;
|
||||
unsigned int bits;
|
||||
int i;
|
||||
|
||||
gnutls_x509_crt_init(&cert);
|
||||
/* NB. the list of peer certificate is in memory in native
|
||||
* format (DER) rather than the normal file format (PEM).
|
||||
|
|
@ -1177,6 +1173,7 @@ static NSMutableDictionary *privateKeyCache1 = nil;
|
|||
gnutls_x509_crt_import(cert,
|
||||
&cert_list[cert_num], GNUTLS_X509_FMT_DER);
|
||||
|
||||
[str appendString: @"\n"];
|
||||
[str appendFormat: _(@"- Certificate %d info:\n"), cert_num];
|
||||
|
||||
expiret = gnutls_x509_crt_get_expiration_time(cert);
|
||||
|
|
@ -1233,11 +1230,17 @@ static NSMutableDictionary *privateKeyCache1 = nil;
|
|||
[str appendFormat: _(@"- Certificate version: #%d\n"),
|
||||
gnutls_x509_crt_get_version(cert)];
|
||||
|
||||
dn_size = sizeof(dn);
|
||||
gnutls_x509_crt_get_dn(cert, dn, &dn_size);
|
||||
[str appendFormat: @"- Certificate DN: %s\n", dn];
|
||||
dn[dn_size - 1] = '\0';
|
||||
[str appendFormat: @"- Certificate DN: %@\n",
|
||||
[NSString stringWithUTF8String: dn]];
|
||||
|
||||
dn_size = sizeof(dn);
|
||||
gnutls_x509_crt_get_issuer_dn(cert, dn, &dn_size);
|
||||
[str appendFormat: _(@"- Certificate Issuer's DN: %s\n"), dn];
|
||||
dn[dn_size - 1] = '\0';
|
||||
[str appendFormat: _(@"- Certificate Issuer's DN: %@\n"),
|
||||
[NSString stringWithUTF8String: dn]];
|
||||
|
||||
gnutls_x509_crt_deinit(cert);
|
||||
}
|
||||
|
|
@ -1371,15 +1374,6 @@ static NSMutableDictionary *privateKeyCache1 = nil;
|
|||
str = [opts objectForKey: GSTLSRemoteHosts];
|
||||
if (nil == str)
|
||||
{
|
||||
/* No names specified ... use all known names for the host we are
|
||||
* connecting to.
|
||||
*/
|
||||
names = [host names];
|
||||
}
|
||||
else if ([str length] == 0)
|
||||
{
|
||||
/* Empty name ... disable host name checking.
|
||||
*/
|
||||
names = nil;
|
||||
}
|
||||
else
|
||||
|
|
|
|||
|
|
@ -28,10 +28,12 @@
|
|||
#import "common.h"
|
||||
#define EXPOSE_NSFileHandle_IVARS 1
|
||||
#import "Foundation/NSData.h"
|
||||
#import "Foundation/NSFileHandle.h"
|
||||
#import "Foundation/NSException.h"
|
||||
#import "Foundation/NSHost.h"
|
||||
#import "Foundation/NSFileHandle.h"
|
||||
#import "Foundation/NSPathUtilities.h"
|
||||
#import "GNUstepBase/NSObject+GNUstepBase.h"
|
||||
#import "GNUstepBase/NSString+GNUstepBase.h"
|
||||
#import "GSPrivate.h"
|
||||
#import "GSNetwork.h"
|
||||
|
||||
|
|
@ -991,12 +993,33 @@ GSTLSHandlePush(gnutls_transport_ptr_t handle, const void *buffer, size_t len)
|
|||
*/
|
||||
if (nil == session)
|
||||
{
|
||||
/* If No value is specified for GSTLSRemoteHosts, make a comma separated
|
||||
* list of all known names for the remote host and use that.
|
||||
*/
|
||||
if (nil == [opts objectForKey: GSTLSRemoteHosts])
|
||||
{
|
||||
NSHost *host = [NSHost hostWithAddress: [self socketAddress]];
|
||||
NSString *s = [[host names] description];
|
||||
|
||||
s = [s stringByReplacingString: @"\"" withString: @""];
|
||||
if ([s length] > 1)
|
||||
{
|
||||
s = [s substringWithRange: NSMakeRange(1, [s length] - 2)];
|
||||
}
|
||||
if ([s length] > 0)
|
||||
{
|
||||
NSMutableDictionary *d = [opts mutableCopy];
|
||||
|
||||
[d setObject:s forKey: GSTLSRemoteHosts];
|
||||
ASSIGNCOPY(opts, d);
|
||||
[d release];
|
||||
}
|
||||
}
|
||||
session = [[GSTLSSession alloc] initWithOptions: opts
|
||||
direction: isOutgoing
|
||||
transport: (void*)self
|
||||
push: GSTLSHandlePush
|
||||
pull: GSTLSHandlePull
|
||||
host: nil];
|
||||
pull: GSTLSHandlePull];
|
||||
}
|
||||
|
||||
if (NO == [session handshake])
|
||||
|
|
|
|||
Loading…
Reference in a new issue